Driving continued compliance and risk monitoring remotely

It's a busy year for risk and compliance teams.

Businesses have been managing a raft of challenges they hadn't expected to face in 2020 – mandatory remote working, travel bans, disrupted supply chains, increased cost pressures, and heightened regulatory and fraud risk.

Maintaining workforce and customer welfare has clearly been paramount, but the need to stay on top of controls and compliance has not gone away. And maintaining greater assurance over controls and compliance during times of immense uncertainty remains critical. How can businesses respond effectively?

In part, the answer lies in a remote-site monitoring approach to controls and compliance. Organizations are increasingly adopting a remote working model to maintain confidence for business leaders, audit and risk committees, and business compliance.

In a remote-site model, there are few to no in-person activities. For example, people don't sit together in a physical location to conduct day-to-day risk and compliance monitoring. Risk and compliance teams can collect audit evidence, assess the effectiveness of controls, and interact with clients and teams across functions and geographies while working remotely. When these teams have easy access to collaboration tools and advanced analytics solutions, they can continue to work effectively from anywhere.

A remote-site approach can address various compliance needs. It can effectively help run internal audits, SOX reviews, anti-bribery/anti-corruption assessments, and internal control analytics while also providing wider risk coverage across geographies.

Though this method has become more relevant in today's context, it's not new. Many companies already operate a global risk center of excellence (COE), delivering assurance services to different parts of the organization. The COE provides a unified, integrated view of controls and compliance health across the organization. And it uses a hybrid, flexible operating model (a combination of people working on-site and off-site).

Organizations can adopt a COE approach by building on the following pillars:

• A pool of risk and compliance experts
• Collaboration tools, such as videoconferencing and instant messaging
• Local and regional on-site support
• A mature data analytics program
• IT infrastructure support

But moving to a remote-site model brings its own challenges. Here's how your company can overcome them:

Diluted audit rigor and failure to understand the business context
Maintain rigor by providing process documentation and strong knowledge-retention processes, along with access to a team with relevant experience.

Inadequate data availability and completeness
Online training sessions and data integrity checks can help address the challenges of extracting data accurately and having complete data.

A lack of connection with the business
To avoid project delays and build stakeholder relations, enable teams with collaboration tools, build a strong governance mechanism, and establish well-defined escalation protocols.

What value does a remote-site delivery model deliver?
Adopting a remote-site model offers significant efficiency in terms of speed and cost. This approach also means minimal disruption to the current operating model. Companies can:

• Gain wider risk coverage across more locations
• Cut overall internal compliance and audit costs by about 30–40 %
• Save time for controllers and internal auditors

To drive sustained compliance and provide continued assurance to businesses working in a largely remote environment, risk and compliance teams must adapt too. Though on-site visits will not disappear overnight, technology and skilled teams are available and offer significant returns. It's time to start the journey toward a global risk center of excellence with remote monitoring to enhance compliance today and for the future.

A leading global manufacturer of jet engines with more than 40,000 employees across 50 countries faced resource and time constraints as more than 100 locations required auditing across business processes (such accounts payable, record to report, and inventory) in 12 months. It faced additional challenges because it had disparate systems, language barriers in non-English-speaking locations, and limited interactions with site owners for regions.

By using a remote-site approach, the company could run end-to-end audit reviews for all locations, as well as risk assessments and project planning. The reviews covered critical areas such as accounts payable, accounts receivable, financial statements close process, P-Card, T&E, and inventory.

The controllers took a week to do the review of audits for each site instead of the usual four weeks. Also, the company could cover many locations and business units at once. In addition, the experience gained allowed the company to drive process-improvement initiatives across regions.

For more insights, read how a global controls hub can empower a new era for controllership.