IFRS update December 2005 - Beyond regulation
Joining up the dots with compliance
Joining up the dots with compliance
Most organisations dealing with major
compliance requirements adopt a piecemeal approach. But churning out ‘point
solutions’ is inefficient, according to experts in the field.
‘A piecemeal approach at least doubles the cost of complying with each of the
regulations,’ warns Gartner research vice-president Nigel Rayner. ‘It misses the
economies of scale from systems infrastructure, design and maintenance.’
PricewaterhouseCoopers director Carolyn Clarke agrees that most IFRS and
Sarbanes-Oxley projects are run in ‘silos’ without little interaction between
And Deloitte director Helena Vega-Lozano says she has yet to see a single
combined project team addressing the regulatory agenda as a whole. ‘Companies
have had to do a huge amount of short-term fixes because of the different time
frames, cost, effort and scale.
‘Unfortunately, it is counterproductive, because spending money on a tactical
solution just to meet a deadline means you are not able to develop a more
strategic and robust solution, which would be a much better long-term answer.’
Clarke says that some companies are starting to consider how to bring all
their compliance work together so that they can address it in a more coherent
‘You need to go beyond complying with regulations and develop an internal
control environment that is as efficient and effective as possible, with
standardised and automated processes,’ she says. ‘This will bring all the
elements together, embed them within the finance function and make them business
PwC recommends its clients review all the drivers of the finance function:
establishing the right cost base for both daily tasks and dealing with the new
reporting requirements, adding value for the organisation and for shareholders,
and establishing the best control environment for the organisation.
‘If you have an appropriate control environment, it dictates the appropriate
level of cost,’ Clarke explains. ‘It also frees up finance people to focus on
adding value through analysis and decision-making. But you can only do that if
you have the controls properly embedded within the business.’
Gartner recommends setting up a compliance council to oversee all such
activities consisting of chief finance and information officers, the company
lawyer and any corporate compliance and risk officers.
This approach is supported by a report from the Corporate Research Forum,
entitled The role of the board in creating a high-performance organisation. The
report’s co-author Don Young says that board meetings have been ‘infected’ by
routine compliance matters, which are diverting attention from strategic issues.
‘Compliance should be pushed out from the main strategic work of the board to
committees,’ he says. ‘Companies should make it routine, supported by proper
rules and systems, and the main board should only know about exceptions.
Far greater losses arise through strategic and people mismanagement than
through fraud and malpractice. Diversion of the board from strategy heightens
the risk of corporate failure.’
Developing an integrated compliance environment can bring economies of scale
from standardising on existing workflow, document management and reporting
Sharing common data structures, hardware and software reduces capital,
support and training costs. It also reduces the cost of hiring temporary staff
and consultants, and builds knowledge and skills within the organisation.
‘Functional and technical designs developed to meet one compliance
requirement can anticipate future requirements and be re-used to meet other
regulations,’ says Rayner. ‘This avoids the start-up costs in the design phase
of individual projects.’
Steve Kinsella, head of global product control at ABN Amro, says that
multiple separate projects will ultimately overlap and end up sourcing data from
the same systems: ‘If you are not careful, you end up incurring additional
costs, creating additional data extracts, when with a little bit of forethought
you could avoid duplication and even triplication.’
He also warns of the risk that separate projects develop a life of their own
and become divorced from the line function. Once the project is complete, the
project team walks away. ‘You need to weave the project resource in with the
line,’ he says, ‘so you reap the benefits of their knowledge.’
Compliance with a wide range of legislation and regulation has historically
been handled by various combinations of general ledger, financial consolidation
packages, multi-dimensional reporting tools and ad hoc spreadsheets.
When creating an integrated compliance environment, it is crucial to use
existing systems properly, including workflow, collaboration, document
management and business process management systems. These have strong audit
trails that support the regulatory processes.
Similarly, the multi-dimensional database in a performance management or
business intelligence environment provides a single source of data for multiple
analysis and reporting purposes. It helps to compare actuals with plan in order
to implement the more ‘real-time’ reporting required by Sarbanes-Oxley and,
until its recent demise, the OFR.
It also provides segmental data for the OFR, which companies may still elect
to adopt, and helps to explain changes arising from IFRS to the analyst
Most of these systems are flexible enough to provide for a wide range of
regulatory requirements. But a number of specialist ‘financial compliance
process management’ tools have emerged for process control and document
management. They typically combine workflow, collaboration, security, document
management, business rules, transaction monitoring, alerts, pre-populated
controls, analysis and reporting.
They are developed by existing enterprise content management, enterprise
resource planning, business intelligence and business process management
suppliers, as well as emerging niche players. According to Gartner, visionaries
include 80-20 Software, IBM, OpenPages, Paisley Consulting, Qumas and Stellent.
Niche suppliers include Achiever Business Solutions, Axentis, BWise, Certus,
HandySoft Global, Methodware, Movaris, onProject, Resources Global
Professionals, SAP and Securac.
Clarke points out that processes and systems are only one aspect. ‘Staff have
got to be properly skilled and understand their accountabilities and
responsibilities,’ she says. ‘If you have the right systems and processes in
place but people don’t understand how they are impacting, you are still not
going to have an effective control environment.’
Organisations are facing a continuous stream of new regulations and need an
infrastructure to deal with whatever comes their way. This will dovetail nicely
onto improved corporate performance management.
‘Organisations that take a strategic approach will be able to use their
compliance investments to significantly improve the level of service they
deliver to takeholders,’ concludes Rayner, ‘in terms of the quality, visibility
and responsiveness in the information that they are managing and disclosing.’