Automate Your Internal Controls

BY RICHARD B. LANZA

  

 
 

Overwhelmed by the documentation and testing requirements of the Sarbanes-Oxley Act? Consider these tips to automate your efforts.

  Use a database. Many companies document internal controls with spreadsheets. This process isn’t very secure and can quickly become cumbersome. Put the information underlying the documentation into a database instead to enhance consistency, security and search efficiency.

  Make sure you can get the data out. Institute internal reporting requirements early to ensure the database is configured properly. It’s pointless to keep risk and control data in a central repository if you can’t report on them effectively.

  Think workflow. Before you begin to automate control documentation and testing, you’ll need to carefully define the process. Then the digitized workflows can help uncover problems, such as control gaps, that require corrective action.

  Hit a softball first. Don’t try to automate the entire control process in one pass. Instead, find a small project that will produce immediate cash savings, such as testing controls over duplicate payments.

  Select a vendor with a chance of surviving. Roughly half the software products available in the key-control market have been launched since the Sarbanes-Oxley Act passed in 2002. In the next few years, expect to see a shakeout among vendors as mergers, acquisitions and business failures continue to consolidate the market. To protect yourself, ask vendors for their list of paying customers, excluding free charter clients.

  Get a champion and a backup. Find and support at least two employees in the organization who will act as champions for the automation project by implementing, maintaining and—most important— promoting it.

  Learn to analyze data. Develop techniques such as regression analysis to analyze financial transactions. Regression analysis can be used in a wide range of tests, such as estimating account balances for reasonableness. As a starting point, improve your understanding of Microsoft Excel’s analysis features. You might need to install Excel’s data analysis add-in if it doesn’t appear under the Tools menu (see Technology Q&A, JofA, July 05, page 75). Also, with Excel’s Pivot Table feature, you can quickly categorize data by department or product code. (For more on pivot tables, see “Make Excel an Instant Know-It-All,JofA, Mar.04, page 40.)

  Identify the top manual control tests to be automated. Look at previous years’ efforts or estimate the most time-consuming tests for the current year and automate those first. Often, the best candidates are tests that ensure a control is active. For example, rather than manually reviewing credit limit forms for a sample of customers, generate a computer report that lists customers whose sales exceed their credit limit.

  Make it routine. Successful companies continuously automate testing, analyze data and manage control information in a database. Establish budgets, project plans, training and—most important—staff time throughout the year to ensure success.

Source: Richard B. Lanza, CPA/CITP, is president of Audit Software Professionals and coauthor of The Buyer’s Guide to Audit Software. He can be reached at www.auditsoftware.net .

SPONSORED REPORT

Keeping client information safe in an age of scams and security threats

A look at the Dirty Dozen tax scams and ways to protect taxpayer information.

TAX PRACTICE CORNER

More R&D tax help

"Can I use the R&D credit?" PATH Act enhancements make the credit more attractive to a wider range of taxpayers.

QUIZ

Learn to choose between ‘who’ and ‘whom’

Writers can stumble over who and whom (or whoever and whomever). If you write for business, this quiz can help make your copy above reproach.