FinexGroup Leadership. Execution. Training.

Solutions for Finance Challenges

Services

SOX/CSOX
   - Services
   - Methodology
   - Independent Evaluation
   - Rationalization of Compliance Programs
   - Self Assessment
IFRS Solutions
Interim Finance & IT Leadership Solutions
Information Technology Solutions

Rationalization of Compliance Programs

As many companies faced the pressure of becoming compliant in line with or in anticipation of regulations, the reaction was to implement the program as quickly as possible given budget, staff sufficiency and staff competency constraints. The end result is a compliance program that is characterized by too many “key” controls (particularly at the transaction and IT control levels) and is viewed more as a costly annual “project” rather than an ongoing “program.” Furthermore, the synergies between various control categories, such as IT and Entity level controls, have not been fully realized leaving considerable inefficiencies inherent in the “project” for those responsible for managing the “project” in the future.

FinEx Group has assisted numerous clients with rationalizing their compliance programs. Our Top-Down, Risk-Based approach commences with the development of a “Sustainment Program Roadmap” to identify what needs to be done, internal and external roles, timelines and costs. FinEx Group will perform the following tasks in the development of the Sustainment Program:

  • Review all compliance documentation to identify any existing weaknesses or gaps, as well as opportunities for rationalization
  • Interview key stakeholders to understand details of the compliance program implementation and training plan and its effectiveness
  • Review relevant internal controls evaluation documentation to highlight control enhancement opportunities
  • Review the program control matrix to identify opportunities to reduce/automate/ consolidate existing key controls
  • Develop a checklist of controls for each owner with timelines to ensure that those responsible for managing specific controls know what is expected and when
  • Establish on-going monitoring techniques to continuously evaluate the effectiveness of internal controls
  • Develop and/or rationalize internal control test plans across all control categories including disclosure controls, entity level controls, and transaction and IT level controls
  • Design and recommend integration of compliance programs with daily business activities

The responsibility of management to continue to strengthen and evaluate their internal control program is not an easy task. Management must have an efficient set of controls to manage along with a detailed plan to sustain the required documentation and evaluation criteria.