This Inside SAP exclusive article authored by Claudia Pirko, ANZ Regional Director at financial automation software provider, BlackLine, explores the subject of why centralised compliance is the key to avoiding audit agony.
Been subject to an Australian Tax Office review or audit recently or know a business which has? It can be stressful, time consuming and expensive, especially if it turns out your finance team got something wrong. Centralised compliance is the key to avoiding audit agony.
It’s an increasingly common experience for Australian individuals and enterprises, courtesy of the fact that the ATO continues to improve its capacity to flag irregularities and identify data which is incongruous or falls outside established benchmarks for a sector or industry.
Its analytical models can flag individuals or organisations which regularly make errors or display higher risk behaviour. A string of these screening programs is run on every return lodged each year.
Coming into the ATO’s sights can result in a review or audit. The latter process can consist of anything from a quick document review to forensic analysis of complex arrangements and transactions.
Examination of source documents to verify the accuracy of financial accounting information and the integrity of access controls within internal systems is standard.
Computer assisted verification, or e-audit, methodologies can be deployed to scrutinise electronic records, from the analysis of individual transactions to the broader examination of business and system processes.
Being Prepared: Improving Practices and Processes
Impeccable accounting practices and a rigorous internal audit process are the key to avoiding difficulties and being able to respond promptly and satisfactorily, if your enterprise comes in for closer attention from the ATO or other regulatory authorities.
This can be a challenge for organisations which don’t have a centralised compliance strategy and the digital infrastructure necessary to manage it.
Compliance involves the regulation of multiple intertwined systems, processes and people.
It’s all too easy for errors to creep in and cause gaps in controls unless there’s an overarching framework in place, given the numerous systems, information silos and stakeholders that are in the mix for most organisations.
A centralised compliance function which integrates with an enterprise’s existing automated accounting and operations processes can be the answer.
The BlackLine Compliance tool, for example, comprises four interconnected libraries:
- Its File Cabinet stores documents, policies, walkthroughs and narratives
- Its Risk Library outlines the high-level risks that are mediated by each control, with all risks linking to one or more controls within the Control Library
- Its Control Library lists all controls and provides related information, such as whether controls are key or non-key and their frequency and process areas
- Its Issues Library empowers users to identify issues or problems as they arise and create tasks to manage remediation testing.
BlackLine Compliance also includes a program function to manage and execute compliance programs and audits. This can be configured to ensure all parties who require access to risk management information, from upper management down to frontline employees, are given a customised ‘view’ of the relevant data. From there, they’re able to drill into the specifics that are relevant to their task or role.
Ditching the Ring Binder Method
How does this holistic approach to compliance compare with that taken by many Australian organisations? The answer is favourably.
While accounting software is ubiquitous in all but the tiniest of enterprises, manual compliance measures are still more common than they should be, in small and medium businesses around the country.
A sizeable proportion of organisations remain reliant on old school ring binders, spreadsheets and standalone applications to manage their risk matrices and control documentation.
Such ‘systems’ will be hard pressed to keep up with company growth, the rapid evolution of regulatory requirements and the ad hoc requests for information and accountability that can accompany an ATO review or audit engagement.
Conversely, an ability to ‘control the controls’ makes it possible for enterprises to trust in the integrity of their own systems and processes and to demonstrate their rationale for doing so if called to account.
There’s peace of mind in that, as well as a solid foundation for future growth.