Digital testing and controls automation has been saved
Perspectives
Digital testing and controls automation
A transformative approach to automating your control environment
Our digital testing and control automation (DTCA) solution helps organizations automate their control execution and testing using a thoughtful methodology, analytics, tools, and technology so you can execute controls and evaluate processes in real time rather than waiting for testing results.
Explore content
- The digital testing and intelligent automation approach: An imperative
- Why consider digital testing and control automation?
- Client spotlight
- How to establish a digital testing and controls automation approach
- Contact us
The digital testing and controls automation approach
In a world of increasing risks, regulations, and internal control requirements, transparency into your organization’s control environment is no longer optional—it’s vital—and it affects all three lines of defense.
Imagine being able to access information on demand to enable continuous monitoring and provide insights into your environment beyond control effectiveness. The resulting data would expand the ability for organizations to identify trends, make real-time decisions, and redeploy resources where they add greater value. These possibilities are driving many organizations to rethink the manual nature of their control environments and begin migrating to an increasingly automated state.
As more and more companies embark on a digital journey, transparency into control environments becomes more difficult due to:
- Manual processing or information gathering
- Limited resources
- Competing business priorities
- Decentralized data and disparate technology
Why consider digital testing and controls automation?
Digital testing and controls automation allows organizations to reduce their risk profile, uncover trends and provide valuable insights, increase efficiencies, modernize controls, and foster an environment of continuous monitoring. It does this by evaluating 100 percent of the desired population.
Organizations that fail to identify and address noncompliance face potentially significant financial, compliance, client service, and reputational damage. Manually driven control processes are inefficient and time-consuming, and they use only a small sampling from large data populations. This results in potential sampling risk and makes it difficult to identify anomalies in a population that may be meaningful to management.
But our DTCA methodology extracts, compiles, and evaluates or tests defined aspects of data from multiple systems across an organization. Through automation, it enables 100 percent analysis or testing of the control and identification of anomalies. Having a full view of noncompliance items provides transparency and helps reduce a company’s risk profile.
Companies that lack an integrated and consistent technology platform for risk assessments also lack a single view of risk and reporting for noncompliance. However, digital testing and intelligent automation provide a consolidated view of controls and testing results that can reveal trends and provide valuable insights to management that might not be uncovered using a traditional approach. By uncovering these items, departments and functions are elevating themselves from a cost center to a value driver.
Manual execution and testing processes are inefficient, prone to error, and often time-consuming. Automating the execution or testing of a control reduces the time resources spend gathering data, reconciling information, selecting what to test, and volleying back and forth to obtain the detailed documentation.
DTCA allows an organization to automatically extract and map data from various systems and reconcile it using scripts to execute the control more efficiently. It may also reduce the risk of manual error and improve the quality and speed of the execution and testing of the control. Using DTCA, organizations can redeploy resources to activities with greater value and higher priority.
Digital testing and controls automation enables continuous monitoring, provides oversight, and lays the groundwork to automate the execution of controls. DTCA captures and stores control data in a single electronic format and applies codes and rule sets against data across an entire population, systematically flagging exceptions and reducing the need for manual review.
Business units and control owners can now evaluate the execution of their controls in real time, enabling them to immediately identify fraud and proactively remediate issues. Governance functions can test controls on a repeatable basis throughout the year as opposed to the traditional year-end audits. This creates a more transparent environment across all three lines of defense.
Once a specific automated control test is established, the test itself can become a monitoring control. The future state of controls clearly lies in control modernization through automation and 100 percent evaluation or testing.
Client spotlight
One organization discovered that 80 percent of its invoices were processed by only two of the five individuals within the accounts payable team. This process created backlog and operational delays that impacted its mandated 45-day payment window and resulted in a higher than normal number of manual errors.
How to establish a digital testing and controls automation approach
For companies that want to implement DTCA, it’s important to establish project scope and align key stakeholders (including business, technology, and analytics subject-matter experts), so they understand the necessary changes that will be made to the current processes.
It’s also important to identify processes or controls that are prime for automation—typically those where data is currently in an electronic format (e.g., stored within applications, databases, spreadsheets, etc.). A thoughtful rationalization process helps identify data optimization opportunities to remove or consolidate controls based on the use of common data elements. Developing and executing a proof of concept on a single process or set of controls will keep implementation manageable and help enable success. After successful implementation, the scope of automation can be expanded across multiple processes.
While none of these concepts is new, identifying the best set of controls for a proof of concept and applying the appropriate tools and techniques can be a challenge. To determine which controls offer the greatest opportunity for a proof of concept, start by asking the following questions.
Which cycles or processes:
- Keep me up at night?
- Are costly or inefficient to execute and test?
- Primarily rely on electronic data?
- Could yield the greatest insights for senior management—fraud, risk, operational efficiencies, etc.?
Answering these questions and applying a structured approach can help organizations understand the potential benefits of DTCA and form the basis for a strategy and vision. The next step is to establish a business case for leadership and develop use cases that allow the company to explore current and future opportunities that DTCA offers.
Priority use cases should address critical business issues, such as the organization’s greatest risks or data that should be analyzed more thoughtfully. Once these steps are achieved, the organization can execute a proof of concept that will illustrate the benefits of digital testing and intelligent automation implementation and measure the resulting benefits.
Contact us
Sajeel Kapahi |
Jennifer Gerasimov |
Tushar Sainani |
Brian Liebman |
|
Recommendations
Digital risk management and controllership: The three pillars
DRM and the role of the Controller: Part one
Internal control over financial reporting (ICFR) series
Uncover ICFR insights and guidance
