What Searchlight Consulting did
Searchlight’s regulatory transformation delivery framework enables clients to mobilise business transformations and ensure:
- A clear controls roadmap is established to drive change initiatives
- Control objectives and delivery requirements are understood and adopted within project delivery approaches
- Dedicated resources are mobilised to focus on designing appropriate controls into business processes and operating procedures
- Alignment is achieved to ensure efficient and compliant processes are delivered
Once the programme roadmap, objectives and resources were outlined, Searchlight focused on determining the key areas of control. Rather than launching a business transformation and a second project to focus on compliance, Searchlight designed compliance into the transformation programme. This enabled a streamlined transformation process, which took into account the changing regulatory business landscape. From the outset the impact on the business risk and controls matrix were taken into consideration, as the team noted the increasing need to provide evidence of financial numbers to external parties, within the new world of UK SOX. These also had to be supported by a director statement on the completeness, accuracy, and reliability of the reports.
This work considered the following key areas of control:
- Dependency on third party integrations
- Complexity of integrations
- Level of data transformation to generate accounting entries
- Level of business change needed to implement new ways if working
- Volumes of data being integrated and transformed
- Reporting and audit needs to evidence completeness of integrations
- Use of control accounts to capture key metrics and supporting evidence from third party systems to support the control accounts
Assessing the maturity of the organisation
Searchlight carried out a complete assessment to define the overall organisational maturity with respect to compliance. The outcome from the maturity assessment was then used to create a controls workstream with dedicated resources to confirm control requirements and carry out a risk assessment of the end design.
Establishing a predicated operating model
The team focused on the overall organisation governance, control, and operating procedures to outline how the organisation would design compliance into their ways of working. This allowed the business to move towards a proactive rather than reactive operating model to maintain compliance controls across the business.
Controls highlighted as a key deliverable and critical success factor
It was clear that controls needed to be integrated within the programme, as a key deliverable and critical success factor for the transformation. To do so, the controls team separated the work into three key focus areas:
1. Revised governance and compliance operating procedures
By revising the overall governance and compliance procedures, the team was able to ensure the execution of appropriate SOX risk based operating model. This introduced a periodic reviews process for compliance and operating procedures, to verify how changes to operations, such as joiners, movers, and leavers, were addressed proactively to ensure adherence to the governance framework.
2. Access management and segregation of duties
Access management followed an established process of; identifying users, defining user roles and access, and testing segregation of duties to be managed. Additional reviews ensured a robust movers and leavers process for new joiners was enabled in line with key HR procedures.
3. Financial reporting and resilience
The financials reporting and resilience controls followed a risk-based approach defined based on complexity and materiality. The new business solution relied on a complex integration of a legacy estate to the target cloud solution to produce key financial outcomes. In simple terms, the key trading data (sales, stock, orders etc) were all created outside of the cloud ERP and passed across using an integration that captured and transformed data for onward processing.
The approach looked at which areas of the balance sheet/profit and loss were impacted by the integration and the materiality of the numbers to the financial reporting to establish a controls approach appropriate to the risk associated with any error in the integrations. This then defined thee approach for control verification that was applied.
Searchlight delivered a comprehensive service to ensure a smooth and effective digital transformation strategy was implemented for the client. The transformation was completed over an 18-month period, in line with the cloud solution deployment.
The work involved in this process aligns with the need for robust corporate governance. The honourable Alfred J. Lechner Jy noted, “In today’s climate of current disclosure and fairness, there’s no room for executives to cut corners . . . executives must ‘certify that (the) information is correct’ when ‘they sign their company’s (SEC) filings . . . if their statements contain material misstatements or omissions, they can be exposed not only to civil penalties and lawsuits, but also to criminal prosecution and prison.”
As a result of embedding new processes and technologies, which were planned with new controls and regulations in mind, the client was able to:
- Effectively integrate financial reports to ensure streamlined financial management
- Ensure the traceability of key financial data and confidence in controls to support their production
- Reduce risks of lost data and financial records
- Establish a robust reporting and review process to test controls and ensure they remain current and maintained
- Define accountability for every key processes through to executive sign-off
Interested in learning more about a SOX compliant digital transformation programme? Contact the Searchlight team today