Continuous internal control solution
The 6 criteria of choice to favor
Companies subject to the Sapin 2 law are increasingly tempted by the implementation of an accounting controls automation tool. However, historical players in GRC (Governance, Risk and Compliance) solutions do not necessarily guarantee control automation while the offer of automation solutions is flourishing. It is difficult to see clearly. Discover in this article some ways to make the right choice and effectively equip your risk management approach.
Criteria for choosing a continuous internal control tool
1) Agility and scalability
The first criterion for choosing a continuous process control solution must be its agile and scalable nature. It is essential that the selected tool allows you to adjust the scope of analysis and control. It must be easily adapted to the specific risks and context of the company. By proceeding step by step, you evolve the scope of analysis, you refine your risk mapping and you solidify your approach to secure the scaling and thus promote the adoption of stakeholders.
2) Broad analytical capability
The solution must be able to process a wide range of data, from “consumer” ERP but also from proprietary in-house systems. To do this, the solution must be able to query databases directly and/ or have a large number of connectors. The tool must be able to rely on off-the-shelf control libraries, but it is important to ensure that the chosen tool also allows an ad-hoc development of custom controls, which correspond to the need of the moment.
3) Facilitated implementation
The chosen tool must be able to deploy quickly and without difficulty. For this, it is necessary to ensure its compatibility with your ERP or databases. Some tools offer libraries of controls on shelves of the main ERP, which facilitate deployment. To simplify deployment and adoption, the chosen solution should not modify your existing systems and follow the process defined by your IT teams.
4) Transparency Vector
The continuous internal control tool must promote transparency. The chosen solution must ensure the traceability of the checks carried out, in accordance with the compliance requirements imposed by Sapin 2. It is also important to ensure that the scripts executed by the tool are in a language mastered by your teams, so that they can consult, modify and explain them to as many people as possible. Therefore, you guarantee greater transparency and maintainability of the solution over time.
5) User-friendly
The selected tool, if properly adopted and taken into account - by the audit, internal control or financial and accounting teams - becomes a performance vector for the organization. To facilitate its adoption, it is essential to pay particular attention to its user-friendly character. Data visualization to serve dashboards more easily interpretable, notifications of alerts of controls in real time, the edition of reports or the possibility to document the controls directly on the platform and to affix the parts, are all assets to evaluate in your choice of internal control solution that will facilitate the adoption by your teams.
6) Maintaining control of your data
Some solutions offer a very broad approach to control requests by analyzing a large number of your databases. Two pitfalls can be associated with it: the first is your ability to analyze and process efficiently the feedback of controls. Depending on the volume of information reported, it can take time and a significant investment, and have the effect of drowning you under the controls to be carried out, without these are really strategic for you. The other risk is cyber. Some tools require extraction of all accounting data for analysis, greatly increasing the associated cyber risk. Conversely, by opting for a solution that limits the output of data to atypies or results of executed queries, you limit these risks and you keep control of your data.
Continuous internal control can definitely have a positive impact on the company’s performance. But the choice and implementation of a tool that corresponds to the specific needs and risks of the company are important challenges, which are not necessarily obvious to meet. However, the correct sizing of the tool according to the specific risks of the company is a prerequisite to gain efficiency and visibility, and then extend its risk coverage. Under these conditions, the continuous internal control solution can truly help you make risk management a vector of performance.