New CFO? Make Reviewing the Control Framework a Priority
AUTHOR: KNUT HAUGLAND
SENIOR ASSOCIATE CONSULTANT
Knut is a Senior Finance professional with 22+ years of global experience. He specialises in Finance Transformation and Internal Audit, with particular expertise in Risk & Financial Controls, Process Design & Deployment, and Shared-Services Optimisation.
Whether you have taken a role as CFO, Finance Manager or Controller, your first tasks should include confirming your role’s accountabilities and reviewing your organisation’s control framework.
Simply put, the Controller acts as the company’s lead accountant. They typically oversee accounting activities and ensure that ledgers are accurately reflected, including assurance of financial control points.
The CFO role is broader than that of the Controller, and the primary objectives typically include providing accurate and timely financial reports, monitoring budgets and cost controls, maintaining internal control systems, developing strategies for long-term financial health, and driving decision-making based on value and risk. Depending on your company’s size and complexity, there might be overlaps within the executive finance roles. Nevertheless, the responsibilities of the Finance Manager typically include
- overseeing end-to-end finance operations,
- financial planning and analysis,
- balance sheet reconciliations, and
- improving procedures and controls.
With ESG (Environment-Social-Governance) now falling under a mandatory regulatory framework such as CSRD, it may also sit within Finance and ultimately be a CFO accountability.
Finding Functional Fit
The Finance function in different organisations has a different breadth and depth. For example, suppose you are joining a new organisation when taking on a new position. In that case, it will be worth confirming what exactly you are accountable for – or, as we call it at Loughridge Transformations, your Functional Fit. As part of the Loughridge Transformations‘ Nine Steps to Finance Transformation, we developed a five-part functional model to help you do that. To further explain, our blog article walks through each part of the model and some real-life applications.
Once you are clear on your Functional Fit, it’s crucial to proactively consider a health check of the organisation you have just joined. This task should be done as soon as you are on-seat, with activities tackled by the 90-day mark. In this post, we will focus on the immediate actions – we will return to the subsequent steps in later posts.
Health Check the Function
To be specific about the health check, we are not talking about how much profit or loss the organisation makes. Instead, we are talking about how well your finance processes are performing. Examples include fraud and error prevention, assurance that financial statements are materially correct, segregation of duties, and financial controls. After all, how will you know if that profit or loss is accurate if the underlying processes that determine it are unreliable?
The Importance of a Risk-Based Control Framework
Financial Controls safeguard the organisation’s assets and ensure that Management Information reporting used to make business decisions is correct and valid. They form part of our five-part PROTECT model.
Whether your organisation is publicly listed, privately owned, or has charitable status, a good starting point is to examine the financial control framework closely. A risk-based control framework is for more than publicly listed companies with regulatory requirements, such as SOx404. It applies to all organisations and is a cost-effective way to manage the risk of error or fraud. As a result, such procedures should be fully documented and readily available for all staff as part of your financial working documentation.
Control Framework – Design AND Operating Effectiveness
Furthermore, you must design effective control procedures and ensure your staff applies them. This needs to be led from the top, and senior management needs to support your financial controls. If that is not the norm in your new organisation, you should not underestimate the culture change when introducing that approach. Experience shows that this can often be far more challenging than identifying the procedures to implement.
To mitigate the risk of staff failing to follow the financial control procedures, you should consider implementing a testing regime for financial controls. This regime ensures (and assures management) that the financial controls are design-effective and operating-effective. Any operational control failure needs mitigation. This mitigation could involve further control operator training, change management, and updating control documentation and procedures.
It’s tempting to quote a common phrase that was sometimes heard in the days of the old Soviet Union:
The workers pretend to work, and the State pretends to pay them.
In the world of Financial Controls, it could be:
Control owners pretend to operate the controls, and management pretends to get an assurance of effectiveness.
Control Framework – The Worst-Case Scenario?
Let’s imagine a worst-case scenario – you are a newly appointed CFO. In your first days on the job, you discover that the organisation lacks meaningful financial controls. This discovery begs the question: where to start?
SoD is an overarching principle rather than a specific control. It is about managing the risk that people make mistakes (or defraud the organisation) when buying goods or services or receiving money. It ensures your processes do not allow one person to do everything end-to-end. After all, we have all heard of people re-fitting the bathrooms in their homes with company money, for example.
Bank Reconciliations
These reconciliations are the regular task of checking that the movements you have recorded in your books (for example, the ERP) match the bank statements. Therefore, they are valuable reconciliations, allowing you to check against external records (bank statements).
Review of Performance against Budget
You might not immediately see this as a control activity. However, the monthly/quarterly review of actuals vs budget is critical and requires meaningful analysis, explanations and commentaries. It is also one of the gateways to discovering errors in your accounts. For example, income turns out to be allocated to the wrong project; someone keyed in the wrong amount or used an incorrect currency conversion. The list can go on and on.
Delegation of Authority
You need to ensure that your staff knows which commitments they can make on behalf of the organisation. Far too often, we have witnessed staff being unaware of their personal authority limits or others’ authority limits. Therefore, they cannot perform a meaningful check and control the validity of purchases, sales, manual journals, and other relevant transactions.
How Do I Get Started with the Control Framework?
At Loughridge Transformations, we have developed a five-page guide on critical risk and controls and the immediate follow-up actions that a CFO or Finance Manager should work through in their first days in a new job. Of course, our inventory is not exhaustive – however, it gives a good flavour of what we expect to see in a healthy, well-functioning finance department.
Request Our Five-Page Risk & Control Guide
Need More Support?
If you need support, we can provide as little or as much as you need to get going or dig deeper. We can process the findings and improve your processes and controls, including fit-for-purpose design, testing and implementation. So don’t hesitate to get in touch!
Alternatively, take a look at our most popular blog posts:
Or are you looking for something else? Here’s what we have been blogging about recently:
Agile Analytics Associates Automation Behaviours Building Trust Business-Partnering CFO Remit Change Management Coaching Collaboration Continuous Improvement Control Design Corporate Governance Data Deployment Digital ERP ESG Finance Function Finance Transformation Implementation Migration Off-Shoring Organisation Organisation Design Process Process Design Process Governance Process Performance Productivity Programme Management Office Project Management Readiness Risk & Controls Season's Greetings Skills sponsorship Standard Organisational Model Strategy Systems Systems Design Technology Transformation Virtual Working