Digital transformation initiatives are helping CFOs gain efficiency and lower costs, but failing to address governance, risk and controls while implementing new enterprise resource planning systems is a “common pitfall” that trips up companies, according to a recent report by Deloitte co-authored by Isa Farhat, partner in Deloitte & Touche LLP’s audit & assurance practice, and Courtney Connors, accounting and reporting advisory senior manager for the accounting firm.
Transformations nowadays are much more “multi-dimensional,” covering operations, financial reporting and other such areas as opposed to focusing just on one area of the business.
These efforts encompass more than just the need to implement a new ERP system, and moreover, these types of “prevailing winds around transformation necessitate the need for (a) compliance focused mindset,” Farhat said in an interview.
Putting compliance at the forefront
The need to focus on compliance is not new: most large-scale transformation initiatives occur because companies are looking to either lower costs or boost profitability, Farhat said — meaning “I relieve myself of the monotony and the mundane or...I have a higher clients focus, and I'm reducing risks,” Farhat said.
However, there is “more of a compliance focus as a strategic enabler of business value in these much more complex and what I would call three-or four-dimensional type of transformations than there’s ever been before,” he said.
In part because of changing compliance needs, CFOs are “squarely in the decision-making process” when it comes to transformation efforts, supplanting in some cases the IT team, Farhat said. Certain compliance requirements, especially for public companies like those required under the Sarbanes-Oxley Act, have made CFOs into “very predominant stakeholders in these large scale transformation efforts,” Farhat said.
“A lot of the transformations that I'm seeing, that I'm dealing with right now, are transformations in functional areas like finance [of] which the CFO is the leader,” he said.
CFOs today are facing a changing regulatory environment. New environmental, social and governance (ESG) standards regarding factors like carbon emissions are being proposed, for example, while new disclosure requirements surrounding cyberattacks mandated by the Securities and Exchange Commission took effect Tuesday. Layering on all of these new changes only makes compliance design “more critical and complex,” Farhat said.
That complexity is one of the reasons why GRC issues may be lagging behind, however, the Deloitte report postulates, as the systems required by companies to run those key business practices compliantly grow more complicated and require a growing volume of data.
Getting a grip on data
Looking through one’s transformation efforts with a compliance lens can also help CFOs to approach such implementations more efficiently: another challenge faced by companies when implementing an ERP system is a tendency to “lift and shift” legacy processes over to the new system, according to the Deloitte report, which can cause a lack of connectivity with the finance and accounting departments.
Companies may be keeping these legacy processes because they have worked in the past, which may not always be the case with new systems. Considering one’s operating model and how it might need to change is a key first step to centering GRC into one’s ERP implementation, therefore.
“And so approaching the processes, not just lifting and shifting my legacy processes, but my redesign processes…through the lens of compliance in the design elevates the overall governance and implementation framework, and makes it a very controls conscious transformation,” Farhat said.
Another necessity for successful transformation is to put in place systems that can handle a growing amount of data smoothly and most importantly, compliantly. For these systems to have the ability to function in the way they need to in today’s environment, their implementation “begets a much more deep compliance design than we had seen in the past,” Farhat said.
“The need to be able to use that data as a strategic asset is becoming much more on the forefront of CFOs minds these days,” he said. “And therefore, the way that they intend to use that has to be underpinned by compliance.”
With that in mind, “we're seeing that CFOs are much more compliance-focused in their mindsets, which help their organizations effectively mitigate those control risks and business transformations and ERP implementations,” he said.