Accounting’s Active Role as Businesses and Risks Evolve (Podcast Recap)
A Riveron expert explores how finance and accounting professionals can guide organizations through major transformations and tackle elevated risks.
Businesses are constantly facing change, and, in the last few years, the pace of change has accelerated—driven by everything from a global pandemic to broken supply chains to the rapid adoption of new technology, and more. Organizations can benefit by anticipating these change drivers and acting accordingly, but even today’s most forward-thinking organizations are experiencing new or heightened risks, either from external forces or their internal actions and responses. Riveron’s Drew Niehaus participated in a podcast for the Journal of Accountancy, hosted by Neil Amato, to highlight the role of finance and accounting professionals in navigating change while enhancing internal controls and improving risk management.
Check out the highlights[1] below, or listen to the full episode:
To keep pace with these changes, companies are leveraging new technologies. Risk and controls should be considered in the first discussion when implementing a new system or application.
Neil Amato (NA): What are some of the factors contributing to companies’ concerns with their internal controls?
Drew Niehaus (DN): The challenge of any internal controls or governance risk and compliance function is to stay in lockstep with the changing business environment.
For example, there has been significant capital markets activity in the last few years. Although this year the number of IPOs has subsided in 2022, organizations that went public during the recent IPO boom are still working through the challenges that this type of transformation brings. There’s the obvious increase in regulatory requirements as companies become SOX compliant. But more broadly, IPOs bring capital infusions, which lead to some truly transformational changes. Sometimes this can be deep R&D spend for a new product line. Or perhaps the newly public entity uses part of that capital to fund acquisitions to strengthen their market share or enter new areas.
Inorganic growth strategies continue to be favored among private companies as well as public companies. Despite IPOs tapering off this year, deal volume hasn’t subsided. Business combinations are a significant change event for all companies experiencing these events, and experienced accounting and finance teams work quickly after completing a deal to assess the internal control environment and determine what needs to change.
Importantly, there are controls around business integrations themselves. Beyond that, in a business combination, two organizations with different risk taxonomies and key control definitions must be assimilated. Maybe the acquired organization doesn’t even have a formalized risk and control structure. Significant effort is involved in evaluating the design of existing controls and then closing those gaps and standardizing the control structure to align with the new parent company.
Additionally, the shift to remote and hybrid work environments happened very quickly, and organizations are still changing in this regard. Companies have to think about how controls are being executed and determine the evidence of execution that is available in a remote environment. How is data being protected with the increased use of collaboration tools? Well-prepared organizations are providing considerable levels of training – thinking from the bottom up, not just top down.
In order to keep pace with these changes, companies are leveraging and implementing new technologies. Risk and controls should be considered in the first discussion when implementing a new system or application. Companies should ask themselves: (1) if they have a robust integration plan? (2) which existing processes and controls will be impacted by this new change? and (3) what are the change management processes and controls? Thinking through these questions up front will allow for organizations to experience a smoother transition as they roll out highly impactful new technology.
NA: According to the North Carolina State University’s Enterprise Risk Management (ERM) Initiative, companies face a high amount of risk. How do you advise companies in improving their controls or better managing risk?
DN: A robust enterprise risk assessment is the first step when considering how to manage and mitigate risk. An enterprise risk assessment defines organizational risks, performing broad outreach among company stakeholders to get a holistic perspective on issues that companies face.
A large part of a risk assessment’s value is getting stakeholder perspectives on risks. Many times, these perspectives are obtained through interviews or surveys that are disseminated cross functionally within organizations. These give context around risks, especially those that are most likely to impact the success of the business. That can help the leaders set the company’s strategy and inform the controls an organization has in place.
NA: Is the ability to deal with change and solve problems a service that can set CPAs apart?
DN: Although the perception exists that accounting is static, like taking a picture, in reality accounting is more like painting a picture. You have to interpret and apply guidance to an ever-changing organization.
It’s not just the organizations that change. It’s also the regulatory environment and the accounting rules themselves. Dealing with change is a big part of what CPAs do often and do really well. That’s why CPAs are one of the core groups tapped to lead the charge as organizations engage with these transformational events.
CPAs have this built-in skill set to assess change, evaluate impacts, and deploy the proper structure to ensure companies address change appropriately and sustainably over time.
[1] Excerpts edited for brevity and clarity. Listen to the full episode here.