Process Automation - Are We All Becoming Control Freaks?

As customers and consumers, none of us want to feel like we’re just another number being processed. However, in business, organizations are under increasing pressure to reduce their vulnerability to human error, inconsistency and fraud. IT industry journalist, Liz Warren, explains how many are embracing automation and more carefully defined working practices to take control of the way that their core processes are carried out.

In the past, it was often only after things had actually gone wrong, that organizations would focus their attention on the processes behind the failure.
But now, in finance, process control is fast becoming the new mantra. Senior managers increasingly want transactions to be handled consistently and to have better control and oversight of the activities in their businesses. They also want to be able to achieve more but with fewer resources. Process control looks like offering at least some of the help that organizations need.
Diversification, globalization and an increasing emphasis on compliance and risk management are all posing significant challenges for commercial organizations. These factors are making it hard for them to keep a lid on costs, while at the same time trying to manage risk and maintain agility in the face of changing demands from customers, regulators and other stakeholders. For the public sector, efficiency, productivity, accountability, sustainable procurement, and e-Government have become terms to aspire to – and to fear, in a climate intolerant of weak leadership and poor governance.
For both the private and public sectors, the key to cost control and risk management is process automation. Manual processes are typically labor intensive and, therefore, costly in terms of manpower. At the same time, every new transaction initiated in a process relies on the effective operation of internal controls, in order for its successful completion. Momentary lapses of control are inevitable in even the best-run organizations. But, depending on the process, even a single failure in control can have dire consequences.
“In theory, every single manual transaction exposes the organization to the risk of human error and as volumes increase, so does the likelihood of a mistake,” says Gary Simon, former partner in Deloitte and now publisher of FSN Newswire. “Repairing processing errors after the event by unwinding transactions that have gone wrong can be time consuming and costly. If they affect customers directly, say the delivery of the wrong goods, then reputations can also be irreparably damaged.”
Automation can deliver operational processes that are controlled, repeatable, visible and auditable. Well-designed and automated processes provide a perfect platform for planning and implementing appropriate controls to meet the needs of external regulation – such as Sarbanes-Oxley in the United States, the Code Tabaksblat in the Netherlands, and the new International Financial Reporting Standards, Basel II and the EU Accounts Modernization Directive – as well as internally-driven moves towards improved risk management. “Unlike manual controls, which are susceptible to failure at any time, automatic controls (once properly established, tested and refined) can be relied upon to deliver consistent levels of assurance,” adds Simon.
Moreover – as well as providing better risk management and control – automating tedious, repetitive tasks lets you do more with fewer people, freeing up time for “adding value”. That could be in the form of improved financial reporting, business analysis and intelligence – to help organizations better achieve their core objectives. Research by Mintel (commissioned by CODA in late 2005), showed that finance professionals throughout the UK, Europe and the US say they are overworked, under-resourced and struggling to keep up with the increasingly complex regulatory environment. More than 80 per cent of respondents said they were spending more time on risk-, control- and assurance-related tasks, with 63 per cent increasing headcount to cope. While responses varied by country, most admitted to a high degree of manual re-keying of data for reporting, and many agreed that they would benefit from increased automation across their business.
Once business processes have been streamlined and automation applied to them across an organization, they can more readily be amalgamated into shared service centers or regional data processing centers, to deliver further control and economies of scale. However, some organizations are using process automation as an alternative means of reducing headcount and improving efficiency, but with much lower risk.
For many organizations, the capabilities of application software have been the limiting factor in reaping the full benefits of process automation. Such systems have concentrated on processing accounting entries completely and accurately rather than providing complete process support. Master file maintenance activities – such as supplier, customer and employee setup – are typical of the neglected parts of such processes. Yet they are the very areas that give rise to the greatest risks; for example, fraudulent setup of a bogus supplier, payments to an employee who has left the company or creation of a customer that has an untrustworthy credit record.
New technology has played a part in papering over these cracks. Workflow and email have allowed organizations to pick off aspects of a process, such as customer authorization, for improvement and automation. Similarly, the web has allowed organizations to provide “self-service” capabilities to employees, allowing them to maintain basic information about themselves, such as change of address, without recourse to the HR department. However, the value of these developments is often limited, because the additional features are an afterthought and not tightly embedded in the application software, so control over certain steps is not enforced rigorously.
The situation is even worse when it comes to performance management, such as statutory and management consolidation, budgeting, planning, forecasting and management reporting. These activities have typically been handled by separate applications, but would benefit from not only access to a shared pool of data and structural information or metadata, but also integrated process support. With this kind of integration, for instance, a common environment could be created to handle both the submission and approval of annual budgets and the submission and approval of the monthly management reporting pack from the same reporting entities.
Of course, no one would question that successfully managing finance and business processes – such as compliance, period-end close and reporting – that sit outside of a department’s transactional business applications is a complex task. The many interactions – between people, between systems and between people and systems – involved in these processes are often poorly documented, hard to follow and almost impossible to audit.
Ultimately, an increasing number of finance professionals are waking up to the importance of process control and automation. Whether driven by the need for greater compliance, efficiency or flexibility, it is a trend that is likely to grow in the coming years. Whether we like it or not, finance is increasingly going to have to take the role of the ‘control freak’ in the organization today!

Taking Control!
The trend towards process control has driven CODA to create the CODA-Control suite – a set of solutions for process definition and management, as well as for the more effective design, implementation, execution and assessment of internal controls. These are all essential elements for regulatory compliance and managing the risk factors that can undermine corporate governance. Many other products claim to provide support for a controls-based environment, but don't handle the documentation of controls and the risks they're designed to mitigate, and don't provide an audit trail of how those controls are applied in practice. With the CODA-Control suite of products, CODA has brought controls definition, maintenance and assessment into the heart of your applications to provide effective and robust connections between the process and transaction-oriented worlds. There are three CODA-Control applications that can be used either individually or as a combined suite. CODA-Control Architect enables the fast design and documentation of risks and controls, based on relevant best practice. CODA-Control Manager streamlines, coordinates and automates processes – embedding best practices and the right controls into each process. Finally, CODA-Control Assessor gives you the tools you need to assess the effectiveness of your internal controls program, report on it and keep track of any ongoing remedial work required.

The first element of CODA-Control – CODA-Control Architect – has been developed to help organizations identify business risks, decide on and then document relevant mitigating controls. This is an essential part of introducing and maintaining a controls-based environment, but it can be a Herculean task and extremely hard to accomplish consistently without the kind of specific methodologies and supporting technology offered by CODA-Control Architect.

The development of CODA-Control Architect is underpinned by CODA's partnership with Control Solutions International – a consulting organization that specializes in controls design, implementation and testing. This enables CODA to provide a best-practice database of risks and controls for the major applications and processes relevant to most businesses. Companies can capitalize on this expertise to quickly, easily and cost-effectively identify and establish a risk management and associated controls program tailored to their organization but based on many years of practical experience across a range of industries.

The second element of CODA-Control – CODA-Control Manager – has been developed to enable organizations with manually-intensive operations to rapidly automate and implement processes that are both well controlled and efficient. Ideal target processes tend to fall into three broad categories, namely: those for which existing application support is incomplete; those which are idiosyncratic or particular to an organization; or those for which there are no readily available software packages.

For instance, Elan, the world's leading IT and technical recruitment company, is using CODA-Control Manager to handle its month-end processes more effectively. Elan had used the CODA-Plus implementation methodology during its upgrade to Version 10 of CODA-Financials to deliver combined training, coaching and configuration to key users in one-to-one sessions with CODA application consultants. "It was a great way to review each business process and come up with improvements," explains Rob Nooitgedacht, project manager for Elan.

A spin-off this approach was that users tested, documented and signed off for their part of the system, and also used a desktop recording tool to make instructional DVDs for other users. The documentation and recordings were then used as the basis for clear instructions for each month-end task. As staff at many locations are involved in the month-end process, CODA-Control's ability to publish, monitor, re-assign, automate and evaluate tasks streamlines the month-end process and makes it visible to all. "Features like CODA-Workflow, CODA-Control, ImagePost and e-Procurement will help us to automate more of these processes, making us more efficient, effective and SOX-compliant as a finance team," Mr Nooitgedacht points out.

The final component – CODA-Control Assessor – delivers a collaborative web-based environment for internal audit teams to jointly record and audit both processes and supporting documentation, such as testing programs and the assessment of financial controls. Test results can be recorded in the database and an executive dashboard and reports can be used to provide a snapshot of the effectiveness of controls tested during the audit program.

LIN TV, a leading US TV and broadcasting corporation, which operates 30 television stations and has investments in five others, has introduced CODA-Control Manager alongside CODA-Financials to improve control of distributed business processes and eliminate manual financial processes, with the aim of reducing audit costs related to the introduction of Sarbanes-Oxley.