A global consumer goods company
Business need addressed:
The lack of a standardized and integrated controls framework, and supporting roles and responsibilities in the internal controls organization led to inadequate risk coverage and costly control monitoring
- Redesigned the global operating model for the internal controls function and set up an internal controls center of excellence (IC CoE)
- Designed a risk-based, integrated control framework covering all operational and support processes
- Helped standardize, optimize, and automate internal controls
- Redesigned the Sarbanes-Oxley (SOX) program, including test script standardization, remote testing of controls, and risk-based global scoping
- Designed and implemented advanced control monitoring solutions, including controls self-assessment and continuous controls monitoring, enabled by technology and analytics
- Reduced resource costs by 45%- 50% through process centralization and automation in controls monitoring
- Enhanced control automation by more than 25%, with the possibility of further enhancement
- Rationalized testing of SOX controls by 18% in 2016, and identified opportunities to rationalize another 27% in 2017; overall rationalization of 45% expected
- Reduced overall auditing effort by internal and external auditors through greater reliance on the internal controls team
- Created visibility of internal controls through digital dashboards
To transform its decentralized internal controls function, a global consumer goods company set up an IC CoE enabled by technology and analytics. Consequently, the company created an integrated control framework to cover all types of risks—including financial, operational, and compliance risks— across processes, and paved the way to reduce the cost of compliance with SOX requirements. The IC CoE delivered advanced solutions that enabled the company to manage controls self-assessment (CSA) and continuous controls monitoring (CCM).
Following a series of mergers and acquisitions, the client—a leading global consumer goods company with a presence in 80 countries—needed to realign its global internal controls environment to its changed risk profile. The company faced a number of challenges in managing internal controls, including:
- A fragmented and manual control framework that focused only on SOX compliance and did not address end-to-end risks effectively
- A decentralized internal controls organization with duplicated effort between the control monitoring and management functions resulting in costly control monitoring
- Inefficient SOX testing and duplication of monitoring with multiple assurance providers testing the same controls
- Low awareness of internal controls and ownership by control owners
As part of a broader finance transformation program, the client identified the opportunity to address its fragmented internal controls environment and achieve an integrated, standardized controls framework that would enhance risk coverage at lower compliance costs. The client needed a redesigned operating model with process automation, better governance and transparency, and reduced costs.
Genpact designed, transformed, and ran an integrated IC CoE to strengthen compliance and reduce overall costs. To gain maximum impact from the solutions adopted, the CoE leveraged Genpact's Lean DigitalSM methodology, which combines design thinking—to focus on end-users' needs— with digital technologies and Lean principles, and is underpinned by domain expertise. This unique approach allowed the client to respond to changes in business requirements through incremental and iterative sprints and feedback loops.
Genpact and the client established the IC CoE in just eight months. The project involved:
- Designing a risk-based integrated control framework covering all risks, including financial, operational, and compliance risks—the framework provided a common risk and control language for global operations
- Redesigning the roles and responsibilities of the global IC organization, both in local markets and in the centralized CoE
- Redesigning the SOX program to create an optimized control framework that included risk-based scoping, standardized test scripts, remote testing of controls, and enhanced SOX documentation
- Migrating SOX testing to the IC CoE
- Designing and implementing digital control monitoring solutions like controls selfassessment and continuous controls monitoring
- Setting up dashboards for near-real-time visibility across all work streams for stronger governance
- Creating and implementing change management initiatives, including IC team training around the world, for faster adoption of the new controls framework
The integrated controls framework and the controls self-assessment (CSA) and continuous controls monitoring (CCM) solutions were among over 150 unique design deliverables that were codeveloped by Genpact's 20-member design team and 50 client end users. The solution helped the client go beyond SOX compliance and enhance the coverage of all financial, operational, and compliance risks (see figure 1). Genpact applied digital tools and analytics to the CSA solution to incorporate surveys and remediation tracking. With well-defined key performance indicators and SLAs, the management team also had access to real-time visibility of the impact of its IC CoE activities.
Figure 1: A cost-effective operating model for advanced controls assurance servicing global requirements
Stakeholder engagement in the design of the CoE was critical to this transformation as the sensitive nature of risk management required the buy-in of all relevant leadership and operational teams. Genpact focused change management initiatives at various levels to introduce the concept, seek support from stakeholders, make the CoE's impact transparent, and ensure it aligned with corporate objectives. Training sessions on new processes and technologies were also organized to ensure that the retained organizations and outsourcing partners understood management's vision.
The IC CoE helped the client build robust internal controls enabling business teams to identify risks and take remediation measures in real time. The initial phase of this large and long-term transformation project has helped the client achieve:
- A 45%-50% reduction in resource costs through cost arbitrage and greater productivity. The IC CoE has 35 members, comprising full-time resources and surge resources for peak load work, who have helped the client reap benefits through cost arbitrage and greater productivity
- Enhanced control automation, from 15% to 42%, with the possibility of further improvement
- Rationalized testing of Sarbanes-Oxley controls by 18% in 2016, and identified opportunities to rationalize another 27% in 2017; overall rationalization of 45% expected
- By aligning with external auditors on SOX compliance, the testing methodology, and test script standardization, Genpact identified the opportunity to significantly cut external audit costs, as auditors would have greater reliance on the work done by the CoE
- Significant improvement in control health as key control issues are tracked globally and root causes are resolved through improved collaboration between internal controls, internal audit (IA), and business process excellence teams
- Increased ownership of controls by process owners through the CSA program, and real-time identification of control gaps and fraud indicators through CCM
- Reduced audit fatigue of control owners by integrating the auditing plan of the IC and IA function
- Enhanced governance of, and transparency into, the control environment through dynamic dashboards and metrics
By adopting Genpact's Lean DigitalSM approach to improve its internal controls environment, the client realized its vision to create a best-in-class risk management and control function. The center of excellence allows the company to extend internal controls beyond the role of auditing to enable business teams to proactively identify and manage risks.