ComplianceRisk Management

Documentation Overload: Internal Controls Over Financial Reporting

By January 28, 2021No Comments

A survey of financial executives includes complaints of excessive documentation required by external auditors.

Finance executives at large US companies are finding it increasingly difficult to document internal controls over financial reporting (ICFR) to the satisfaction of their internal and external auditors, according to a study recently published by the Financial Executives International’s research arm.

  • Several of the most difficult controls to design, implement and operate are common in corporate treasury.

Pain points. Controls around non-routine transactions—bond issuances, significant one-off payments and others endemic to treasury—topped the list of challenging ICFR, according to responses from 123 large public companies and interviews with 16 financial executives. Controls over access to data, fraud risk assessment and processing of data also made the top five.

  • “Controls tend to be one-off and the underlying data and structures vary from transaction to transaction and company to company, depending on their systems,” said Jeff Wilks, EY professor of accounting at Brigham Young University and part of the research team that conducted the two-year study.

Excessive documentation. A general complaint emerging from the study is excessive documentation required by external auditors, especially if auditors have recently received negative reviews from the Public Company Accounting Oversight Board (PCAOB).

  • Executives say ICFR guidance in the COSO framework is good, but auditors often make highly specific demands—particularly as it relates to documentation—that the guidance does not address, Mr.  Wilks said, “leaving financial executives with little redress.
    • “And they’re doing it because the PCAOB is hovering over them,” he added.

Technology to the rescue? Study respondents pointed to technology’s help in addressing ICFR challenges, although for cost centers like finance, insufficient funding is an issue. Mr. Wilks noted that in addition to purchasing the technology itself, corporate finance teams’ often ad hoc processes must be cleaned up. 

  • “What treasury may not understand and what we’re hearing from controllers is that if you want to improve the technology around controls you have to first fund improving the controls,” he said. “Once those processes are cleaned up, the technology can automate them.”

Mostly plusses, a few big minuses. Implementing a treasury management system (TMS) to more efficiently track treasury activities may be an early step on the way to reducing ICFR risks, and other, emerging technologies like AI and blockchain may play a role.

  • Some of the ICFR risks that technology could reduce, according to survey respondents, include failures to detect material misstatements, internally and by external auditors; unauthorized alterations of accounting information; and failures to prevent material misstatements.
  • The biggest challenge in adopting new technologies is finding personnel qualified to use the technology. “Executives tell us everyone is looking for people with accounting and IT talent,” Mr. Wilks said.
Justin Jones

Author Justin Jones

More posts by Justin Jones