Combing Compliance, Controls and ERP

Most corporate executives no doubt view their organizations’ recent efforts to comply with the Sarbanes-Oxley Act as one of the more significant management challenges they’ve ever faced. They also know that compliance has come at a high cost.

To assess the effectiveness of internal controls, organizations had to invest an extraordinary commitment of human and financial resources just to achieve compliance. In doing so, a number of corporate leaders found that many key controls had deteriorated over time or were largely manual.

They also discovered monitoring capabilities were either nonexistent or inadequate and, as a result, control failures often went undetected.

Moving forward from these lessons learned, companies are looking to reduce compliance costs and avoid additional remediation work as they work to improve the efficiency and effectiveness of a sustainable compliance program. Such an effort should leverage IT to help drive process and control efficiencies and related cost reductions.

Efficiencies and performance improvements gained from effectively integrating IT into an organization’s compliance program will also help provide a competitive advantage over its competitors.

Today, many corporate leaders are evaluating ways to integrate their internal controls with their enterprise resource planning (ERP) software systems as a way to improve performance. Because of the demand of new regulatory rules, organizations installing or upgrading ERP systems now have the opportunity to establish good controls from the beginning so they can be monitored and sustained throughout the life of the system.

ERP Controls Integration

Historically, risk and control considerations have often been under-funded or overlooked during the implementation of an ERP system. This resulted in decreased organizational benefit and added risk. However, in an environment where companies face numerous and evolving regulations, and are making changes to business controls and operations as a result, consideration of such issues is critical if a company is to implement an effective and efficient internal-control environment to sustain compliance.

System implementations often have a significant impact on the way processes and controls are designed and monitored. As a result of these design changes, new automated and manual controls should be introduced into the control environment, affecting compliance documentation, testing and monitoring plans.

Consequently, system implementations and changes offer opportunities to integrate controls that enable effective use of resources and allow the organization to reconsider the way it does business so that it may derive greater value from the change.

Adding improved controls within ERP systems can result in many tangible benefits including (but not limited to):

  • Lower cost of operation by eliminating less-effective manual controls. Manual controls are subject to human error or neglect, requiring additional supervisory costs. Implementing automated controls improves control performance.
  • Controls are configured and maintained centrally rather than within every operating unit, eliminating duplicate controls.
  • Automated controls require less testing and provide greater assurance. ERP systems can generate reports to help test the performance of certain manual controls.
  • Cost to identify and correct data errors are high; good controls reduce the volume of errors and eliminate the need and cost to correct.
  • Quicker and more reliable information for management enables more precise and responsive business decisions.
  • A Typical Implementation

    Implementing or upgrading an IT system requires aligning the software functionality with business processes and controls along with the organization’s compliance program in a manner that can help realize business value and sustain compliance.

    The documentation from the compliance program. Specifically, a business controls portfolio and related analysis, can be highly leveraged when organizations seek to integrate controls into an ERP implementation.