New CFO? Make Reviewing the Control Framework a Priority

Whether you have taken a role as CFO, Finance Manager or Controller, your first tasks should include confirming your role’s accountabilities and reviewing your organisation’s control framework.

Finding Functional Fit

The Finance function in different organisations has a different breadth and depth. For example, suppose you are joining a new organisation when taking on a new position. In that case, it will be worth confirming what exactly you are accountable for – or, as we call it at Loughridge Transformations, your Functional Fit. As part of the Loughridge Transformations‘ Nine Steps to Finance Transformation, we developed a five-part functional model to help you do that. To further explain, our blog article walks through each part of the model and some real-life applications.

Once you are clear on your Functional Fit, it would be wise to consider a health check of the organisation you have just joined. Consider doing things as soon as you are on-seat while tackling other activities by the 90-day mark. Other things fall into the longer-term category. In this post, we will focus on the immediate actions – we will return to the subsequent steps in later posts.

Health Check the Function

To be specific about the health check, we are not talking about how much profit or loss the organisation makes. Instead, we are talking about how well your finance processes are performing. Examples include fraud and error prevention; assurance that financial statements are materially correct; segregation of duties; financial controls. After all, how will you know if that profit or loss is accurate if the underlying processes that determine it are unreliable?

The Importance of a Risk-Based Control Framework

Financial Controls safeguard the organisation’s assets and ensure that whatever Management Information reporting is used to make business decisions is correct and valid. They form an element of the PROTECT part of our five-part model.

Whether your organisation is publicly listed, privately owned, or has charitable status, a good starting point is to examine the financial control framework closely. A risk-based control framework is not only for publicly-listed companies with regulatory requirements, such as SOx404, to implement a formalised control framework. It applies to all organisations. Internal controls help manage the risk of an error or fraud – for example, segregating duties so that two people approve a payment. Such procedures, as a result, should be fully documented and readily available for all staff as part of your financial working documentation.

Control Framework – Design AND Operating Effectiveness

Furthermore, you must design effective control procedures and ensure that your staff apply them. It needs to be led from the top. Senior management needs to get behind and support your financial controls. If that is not the norm in your new organisation, you should not underestimate the culture change of introducing that approach. Experience shows that this can often be far more challenging than identifying the procedures to put in place.

To mitigate the risk of staff not following the financial control procedures, you should consider implementing a testing regime for financial controls. This regime ensures (and assures management) that the financial controls are design-effective and operating-effective. Any operational control failure needs mitigation. This mitigation could involve further control operator training, change management, and updating control documentation and procedures.

 It’s tempting to quote a common phrase that was sometimes heard in the days of the old Soviet Union:

The workers pretend to work, and the State pretends to pay them.

Control owners pretend to operate the controls, and management pretends to get an assurance of effectiveness.

Control Framework – The Worst-Case Scenario?

Let’s imagine a worst-case scenario – you are a newly appointed CFO. In your first days on the job, you discover that the organisation lacks meaningful financial controls. This discovery begs the question: where to start?

SoD is an overarching principle rather than a specific control. It is about managing the risk that people make mistakes (or defraud the organisation) when buying goods or services or receiving money. It ensures that your processes do not allow one person to do everything end-to-end. After all, we have all heard of people re-fitting the bathrooms in their homes with company money, for example.

These reconciliations are the regular task of checking that the movements you have recorded in your books (for example, the ERP) match the bank statements. Therefore, it is a very valuable reconciliation, as it allows you to check against external records (bank statements).

You might not immediately see this as a control activity. However, the monthly/quarterly review of actuals vs budget is critical and requires meaningful analysis, explanations and commentaries. It is also one of the gateways to discovering errors in your accounts. For example, income turns out to be allocated to the wrong project; someone keyed in the wrong amount or used an incorrect currency conversion. The list can go on and on.

You need to ensure that your staff know which commitments they can make on behalf of the organisation. Far too often, we have witnessed that staff unaware of their personal authority limits or others’ authority limits. Therefore, they cannot perform a meaningful check and control the validity of purchases, sales, manual journals, and other relevant transactions.

How Do I Get Started with the Control Framework?

At Loughridge Transformations, we have developed a five-page guide on critical risk and controls and the immediate follow-up actions that a CFO or Finance Manager should work through in their first days in a new job. Of course, our inventory is not exhaustive – however, it gives a good flavour of what we expect to see in a healthy, well-functioning finance department.

Need More Support?

If you need support, we can provide as little or as much as you need to get going or dig deeper, process your findings and implement improvements to your processes and controls – including fit-for-purpose design, testing and implementation. So don’t hesitate to get in touch by e-mail or arrange a call with us!

Find Out More About Working with Loughridge Transformations

Get the Latest from Loughridge Transformations

Alternatively, take a look at our most popular blog posts:

Looking for something else? Here’s what we have been blogging about recently:

Agile Analytics Associates Automation Behaviours Building Trust Business-Partnering CFO Remit Change Management Coaching Collaboration Continuous Improvement Control Design Corporate Governance Data Deployment Design Principles Digital ERP ESG Finance Function Finance Transformation Implementation Migration Off-Shoring Organisation Organisation Design Process Process Design Process Governance Process Performance Productivity Programme Management Office Project Management Readiness Risk & Controls Skills sponsorship Standard Organisational Model Strategy Systems Systems Design Technology Transformation Virtual Working