In the light of global market developments, companies reach out to Deloitte for inspirations on how to turn first and second line controls into measurable value drivers for their core operational business processes. In current market conditions, control transformations will be scrutinized for immediate and measurable value adds as well as fit and business criticality.
The future of controls is digital. This requires that the companies’ Internal Controls frameworks are revised to keep up with the constant and rapid changes – especially technological changes. To ensure an adaptable and cost-effective Internal Controls framework, we assist our clients in entering unchartered territory and in creating new, enhanced and value-driven frameworks.
Through setting optimal controls standards and making controls smarter, we are helping clients build an effective and strong underlying controls operating model through:
Rationalization: Controls are made more efficient and simpler so that costs are / time use per control is reduced. Many different methods can be used to rationalize controls. Most often, it is also the basis of the actual controls execution that can be streamlined such as clear instructions regarding controls execution. We assist in identifying quick wins, e.g. situations where employees have already expressed that controls are time-consuming or where management knows that repeated errors or deficiencies occur. Rationalization contributes, in particular, to removing and / or consolidating controls and must also be seen in relation to opportunities for optimizing risk analyzes.
Automation: There are various forms of automation, the most obvious being the utilization of existing ERP functionality. Always start with controls in ERP if automating. In addition, you can use other technologies for digitization and automation of controls. We assist with identification and mapping of automatic controls based on Deloitte’s process house and best practice controls.
Formalization: "If the control is not described, it is not present", is a golden rule. This put demands on ‘controls design’ and the way controls are described – in part to be able to properly document that the risk is covered, but also to make it clear what is to be performed and how. Good control also considers accesses and functional separation as a starting point between performer and approver. We assist with fulfillment of best practice controls design principles with a ’desktop’ exercise and/or with subsequent validation with the controls performers.
Example of how we have delivered value can be seen below.