A SOX controllership makeover for a cosmetics giant

Because of its decentralized SOX and controllership program, the beauty products company struggled with ineffective risk management and internal controls monitoring.

Compared to industry peers, the company spent more on controls monitoring due to overlapping tasks carried out by the internal audit, external audit, and controllership teams. Repeated efforts in its SOX program further raised its audit and compliance cost. And without structured, real-time digital dashboards, reporting had to be done manually, consuming more time and effort.

Since the company didn't have standard risk and internal controls processes across locations, its controls management testing could not meet external auditors' expectations. This resulted in multiple walkthroughs, differences in opinion, and audit fatigue.

In addition, control owners lacked proper training, which led to delays in testing and significant oversight issues.

The company partnered with us to make its controls operating model more consistent and focused by creating a controllership CoE. This CoE transformed risk management and improved its SOX and controllership program in three broad steps:

1. Design and transform:

Within 10 weeks, we transitioned global SOX controls monitoring from 13 business units to the CoE, using our SOX transition playbook. Next, we aligned with external auditors on the expectations, testing model, and governance approach.

The new CoE unified the company's approach to SOX compliance across markets and regions. Not only that, but it also managed changes in workload and communicated with teams in several languages, such as Spanish, Portuguese, Polish, and Russian. This gave senior stakeholders a single source of truth to support control management decisions.

Throughout the process, we utilized our expertise in managing integrated SOX COEs for various global clients, as well as insights from our panel of industry leaders, to spearhead the transformation.

2. Stabilize and enhance:

We continued to improve the risk and control matrix by assisting in documenting the information provided by the entity (IPE), managing data requirements, and refining attributes for management reviews – all of which increased compliance and efficiency. Next, we trained control owners on SOX compliance requirements. Then, in the new controls' environment, they reviewed around 300 account reconciliations to test how well the balance sheet reconciliation performed from a controllership standpoint. Following this assessment, newly designed risk and control matrices now identified high-priority issues based on risk severity. This, combined with an enhanced governance model, reduced any unexpected issues while driving engagement.

With a central data hub and near-real-time reporting on Tableau, the controls team could now streamline their monitoring, cutting the time process owners spend on control activities.

3. Co-innovate:

Using Genpact's proprietary framework asset – Internal Controls Cockpit – we benchmarked the company's internal controls against those from industry peers. This helped us identify how to improve business processes and IT controls performance, including automating and simplifying controls.

Working collaboratively with our client, we designed an integrated, data analytics-driven SOX control monitoring approach. By leveraging Genpact's Analytical Scripts Store, we established a sustainable controls environment that emphasizes line-of-defense accountability and population-based transaction testing, as opposed to sample-based transactions.

We also helped the company implement AuditBoard, a software platform designed to connect and automate the SOX controls monitoring life cycle, including efficient data sharing, streamlined reviews, and seamless dashboards updates. This also included analytics to better monitor high-risk transactions.

Completely transformed with the new CoE, the company's SOX and controllership programs now power the insights needed to make faster and more effective decisions. They also help the team drive compliance and ethical actions throughout their entire internal and external ecosystems. In addition, through our partnership, the company was able to:

• Achieve over a 95% reduction in control weaknesses, thanks to control owner engagement and awareness, as well as proactive monitoring of risk remediation and trends
• Cut control monitoring costs by 30% by streamlining and rationalizing controls, as well as centralizing control monitoring activities in the CoE
• Increase external auditor reliance on internal controls by 47% (from 20% to 67%), slashing time spent internally and externally on audit and control activities
• Enhance risk coverage by monitoring 100% of the population with data analytics for some of the controls
• Enable quicker business decisions around controls health through Tableau and AuditBoard digital reporting

We're now in our sixth year of partnership with the cosmetics giant. And the company's continued confidence in our ability to drive change led it to expand our SOX compliance services to its sister company in the same group that was experiencing issues with SOX testing quality, documentation, and timeliness. Within a year, we streamlined the process, reduced deficiencies by a staggering 90%, and completed all planned SOX testing activities with external auditors. Furthermore, we managed to rationalize the number of controls by 30%, which reduced testing costs and improved auditor reliance.