The Compliance Challenge: Four Key Concerns for CFOs
The Compliance Challenge: Four Key Concerns for CFOs
Almost two decades have passed since the US government signed the Sarbanes Oxley Act into law. Since then, authorities and governments around the world have followed suit, setting increasingly higher standards of corporate accountability.
In parallel, the strategic role of the CFO has evolved within most companies and now encompasses guardianship of risk management. With governance a higher priority than ever, CFOs face compounding challenges in avoiding the severe consequences of non-compliance.
Here are four front-of-mind compliance concerns for today’s CFO:
1. Rising costs of compliance
Among the many responsibilities of the CFO is allocating sufficient funds and resources to compliance controls to minimise financial and reputational risk. Logically, most firms direct their compliance budget to IT systems that hold and organise data and personnel to manage them. However, the more complex compliance regulations become, the higher the cost of internal and external audits. A compliance budget is not a bottomless well, so it makes sense that many companies prioritise mitigating the highest risks. While this strategy might prevent costs from escalating, the challenge is in ensuring your organisation is not left vulnerable to risk blind spots through a lack of funding.
2. Fines, sanctions, or reputational damage
The financial and reputational risks of non-compliance are enough to cause a CFO to lose sleep. A breach of the EU’s General Data Protection Regulation (GDPR) alone could result in eye-watering penalties of up to €20 million or four percent of annual revenue, whichever is larger. With diversity data an increasingly important subject for organisations, failing to meet regulations can also result in revenue and productivity loss, and catastrophic damage to brand and reputation. Remember Enron? No company wants its name to become synonymous with fraud.
3. Fraud
With companies facing overwhelming volumes of data generated by corporate systems, auditors could miss something important. Moreover, if there’s a gap in internal controls, then there’s an opportunity for inappropriate activity that can result in fraud. For example, a Segregation of Duties (SoD) vulnerability can spark a chain reaction that might begin with deliberate or accidental misappropriation of funds, but result in misstatement of financial records, impacting trading, shareholders, and ending in serious consequences for the CFO. Where an organisation’s structure is large and complex, it would be easy to overlook a simple process error that can wreak havoc if left unchallenged.
4. Audit fatigue
Even with the most sophisticated ERPs in place, evidence gathering can be arduous, time-consuming and resource-draining. Once teams have pulled together various sources of data, consolidated and analysed them for the right information, and finally produced proof of controls, business activity has moved on and the information is already out of date. Manual auditing can lead to fatigue among key staff caught up in these administrative tasks when they could better spend their time on higher-value activities.
With costs and workloads spiralling out of control, CFOs and their teams need a fresh approach to compliance auditing. That’s why we’ve launched Smart Audit. Smart Audit is a continuous, automated auditing tool for Workday that simplifies internal controls, cuts risks of non-compliance and reduces auditing costs. Automation eliminates the need for teams and internal experts to manually analyse complex data sets, saving businesses valuable resources and budget and freeing up key personnel to focus on more productive tasks.
By driving the auditing process with automation, companies can easily expand their audit coverage to ensure they cover all Workday tenants and capture every potential issue. Ultimately, Smart Audit enables the CFO to be confident of better audit outcomes. With more data protection, privacy laws and financial regulations on the horizon, adding automation to the auditing process is the most efficient and reliable way to manage risk and assure the board of corporate compliance. You can read more in this whitepaper.