Companies are migrating toward automating their internal control over financial reporting, according to a recent survey by Financial Executives Research Foundation.
In a poll of nearly 200 senior-level executives, more than half of the larger companies in the sample (those with at least 10,000 employees) said they had plans in the near future or on the horizon to invest in automation of their internal control environment. More than half said they would automate at some point in the next year to 18 months, and one-fourth plan to automate in the next six to 12 months. Only one-in-five said they had no plans to automate controls.
Smaller companies are less likely to automate controls in the next 18 months, according to the poll. Among companies with less than 10,000 employees, 60 percent said they had no plans to automate ICFR, but nearly 30 percent planned to automate in the next 12 to 18 months, and 11 percent planned to automated in the coming six to 12 months.
As auditors have struggled to satisfy the Public Company Accounting Oversight Board in recent years in their audit work around internal controls, auditors have pushed lots of scrutiny down to business environments to address control issues. Focus has been particularly heavy in the audit inspection process specific areas of internal controls, like controls over reports and data, or management review controls.
“The biggest concern from the financial executive perspective is around deficiencies and material weaknesses,” said James Rice, vice president at Greenlight Technologies in an online video regarding the survey results. “Is my control process good? Is it sound? Do I have any issues that need to be reported?”
Underlying all of that control scrutiny is a great deal of manual activity, which requires a lot of time and effort, said Rice. “That manual activity is prone to error, to weaknesses,” he said. “Things can go wrong. So they’re trying to make sure they are confident in their reporting, but are they really confident in all of that process that is underlying all of that reporting?”
Increasingly, companies are looking not just at preventive controls to minimize the risk of material errors, but detective measures that will give greater levels of assurance, said Rice. “It’s not about something that could go wrong,” he said. “It’s not about a bad thing that could happen. It’s about here are the actual instances where material violations, material weaknesses, material deficiencies across my control processes have actually happened.”