, ,

Red flags in the finance org: The one simple question every new CFO should ask

So you just walked through the doors as the new CFO. You’ve already met the key players, you understand your role, and you have a pretty good understanding of the company. Only when you become part of the company can you get a real picture of what goes on in the finance organization.

While you have many responsibilities in front of you — which can include IT, facilities and possibly HR — your primary focus should be on the finance team and getting to know its inner workings. This is the team that is vital to the greater organization, and you need to understand its ins and outs.

Here’s how to get a grip on your new finance organization without wasting another minute. Ask this question: How long does the finance organization take to close the books? The answer reveals a lot.

Seems like a simple question, right? But there will be no simple answer, despite what the first person you come across tries to tell you. Most likely, after some digging, you will discover some issues related to the close process. A slow-to-close team will reflect poorly on your leadership if you don’t find a way to speed things up, but it’s also a key way for you to see where the skills deficiencies lie within your new team. They could be with just one person or a few, or there could be something that needs to be fixed — or significantly updated — within the systems and processes the organization has been using. The real answer to the question — based not only on what people tell you but what you can see for yourself — will go a long way toward letting you know exactly how strong a team you have, their ability to get things done and their level of commitment toward getting things done right.

Ask for details
Let’s say you have a five-day close, but your team is working 18-hour work days to get it done. That’s a  clear warning sign something is amiss. Or you have a 20-day close, and you wonder what the heck everyone is doing all day. Under either scenario, you may discover inefficiencies related to process flow, duplication of effort or lack of skills. Just one person who doesn’t have the requisite training to execute a task can make the entire team suffer from this inefficiency, either because of effects of dependency or errors that need to be fixed.

Your discovery of deficiencies should also have you looking down the path of technology. Are the current systems effective for the task, do they help the team or hinder the team in getting the job done? Your team may be suffering with a system that is older than they are. Or your team may have the latest and greatest but still don’t know how to use it effectively one year after the go-live date.

Use your early days in the new job to interview the team members individually, to get to know them and the details behind how the books get closed. As you listen to others walking you through the process, you will likely hear inconsistencies and questions about who is responsible for what. Ask about when things have gone right and when they haven’t, and how issues get resolved. Who is monitoring these issues for resolution? Are the issues being resolved based on how critical they are to the organization? Someone needs to be accountable, and if it’s not you, then who should it be?

Beyond helming the finances, your role as CFO includes the staff’s morale and motivation. It’s not always top of mind, but when it’s done well, you will see the effects. If you can get the month-end close process down to a well-oiled, repeatable process, then you have created an environment where the day to day becomes smooth sailing and the adventure of growing the business can then be enjoyed by all finance employees as they become true business partners within the company.

Salena Oppus has been a member of the RoseRyan dream team for over 15 years. Her specialties are system planning and implementation, cost accounting and forecasting. 

/by
, , ,

What to do if you’ve been in denial about the new COSO framework

Regulators are not requiring companies to follow the new COSO framework even though the 1992 version is being retired later this year. While we encourage companies to adopt the new internal control framework and most of them have begun the process, the lack of an explicit mandate still has some dragging their feet.

For now, the Securities and Exchange Commission staff have said they are keeping a close watch on which framework companies will be following. During this upcoming transitional year of reporting, they won’t be questioning companies that haven’t migrated to the new framework even after the old one is superseded as of December 15, 2014. As it is, the Committee of Sponsoring Organizations of the Treadway Commission has given organizations a fair amount of time to make the move before the preceding 20-year-old guidance is no longer available.

Still, some companies delayed starting their transition until after their 2013 10K and 2014 first quarter 10Q were filed. By the time fiscal year-end 2014 filings are submitted, not all public companies will have been able to say they follow the more modern framework, as COSO had hoped they would.

If you fall into that camp, it might be too late to make the transition for fiscal year 2014. Making the move is different for each company. Let’s say you’ve followed best practices for internal controls, then you may only need to map your existing internal controls to the new framework. In that situation, your internal controls have been effective for the year and can be relied upon, and your transition is done. However, if you don’t fall into this category, there will be more time involved (how much time and resources will be required depends on the current state of your internal controls). At this point, it also means that the new controls put in place for the new framework have not been effective for the first eight months of the year, and therefore, reliance on these controls will be in question.

We’re not trying to make you feel bad. Procrastination—for whatever reason—happens. What really matters is what you do now. While the ideal path would have been to make your COSO transition sooner rather than later, this could also be the time if you haven’t started at all to begin the evaluation of the new COSO framework for fiscal year 2015.

Where to begin
If you have read the new framework, you will have noticed that it has 17 new principles for internal control, and within each of those principles, there are specific points of focus. The points of focus do help with identifying controls within your organization. Most of these internal controls will exist in your entity level controls. Entity level controls address those controls that apply across the organization, and most of the new principles are aimed at those internal controls that reside at the organizational level.

If you haven’t reviewed the 17 new principles and their corresponding points of focus, you should really start to familiarize yourself with them. Any controls identified that only need to be documented, improvements to existing controls, or the addition of new controls do need to be in place and working in order to be able to rely on them. Any of the controls you add or modify under the new framework should be in place and in working order. Otherwise, they cannot be relied upon.

Based on those companies that have already mapped their entity level controls to the new framework, here’s what will likely happen. We have seen our clients experience a combination of three possible outcomes:

  1. They need to take credit for what they already do, as their latest evaluation shows the control is already in place but not currently identified as an internal control. This involves formalizing the control and documenting it.
  2. They work on improving a control that already exists in order to make sure it covers the points of focus within the framework.
  3. They add a new control. This is the one that requires more time. You will need to get agreement from the organization that the control needs to be added, confirm that the control is documented accurately and will be performed, and then be able to test early enough to allow time to remediate the control in case something goes wrong.

If your company has been following best practices with identifying internal controls within its entity level controls, then you will likely see the transition to the new framework follows items 1 and 2 above. This will take time for documentation, but the controls are already being performed and additional training will not be needed.

However, if you haven’t been following best practices for internal controls as closely as you could have been, then you might find yourself working with all three points above. Item 3 does entail additional time and training that could go beyond the finance department. The sooner you start this process, the sooner you will position yourself to be prepared to make the switch.

With all of this said, if you are choosing to not migrate to the new COSO framework now, you will at the very least have to document your reasoning as to why you think your internal controls are sufficient as is. In addition, you will have to make sure your external auditors are in agreement with your rationale. In my opinion, it would be prudent to keep in mind that at some point, the new COSO framework will be required. Nobody wants to be caught without the time, resources, or remediation runway when that requirement is made.

Tracy Thames has been a member of the RoseRyan dream team since 2008. She excels at SOX, internal audit, accounting management and project management.

/by