• Thomas Oschlisniok, Partner |
  • Konrad Szymanski, Expert |

Many companies see the Internal Control Systems (ICS)1 as an administrative burden and hardly realize the potential of robust and optimized internal controls. In this article we explore how ICS adds value to the organization by acting as an enabler for Finance Transformation2.

ICS as an inseparable element of a Finance Transformation

Finance Transformation initiatives typically address several dimensions for improvement, such as processes, people, technology, delivery model, insights & data and, very importantly, governance. The ICS is a fundamental risk management instrument that together with security aspects and policies forms the core of a proper finance governance. Without it, the Finance operating model will not have any guardrails, and will therefore not be able to yield sustainable benefits.

ICS as a value enabler

By offering guardrails, the ICS ensures that Finance Transformation initiatives deliver value. Its key contributions include:

  • Reduce risks, such as risk of material misstatement in financial statements
  • Provide confidence in new finance processes by giving feedback on quality of financial information, security aspects and process execution 
  • Decrease the administrative burden on finance departments and release time for business-partnering activities thanks to a mature and automated ICS
  • Ensure a high quality of financial and non-financial data, positioning finance as the most suitable data owner for both financial and non-financial reporting processes, such as ESG-related (Environmental, Social and Governance)
  • Expose gaps in the current technology landscape by automating the ICS, thereby identifying system improvement opportunities, e.g. an ICS assessment may trigger the decision to replace multiple reporting/planning systems with one holistic EPM solution

Transforming the controls landscape

An ICS cannot act as a value enabler if it’s cumbersome, unstandardized and requires extensive manual work. However, there are some key improvement steps that any company can take: 

1. Define strategy

Defining an ICS strategy starts with determining where the company finds itself on the ICS maturity scale, what the ambitioned future state is and what the key milestones on the way are. 
The different ICS maturity levels of the internal controls journey:
  1. Unreliable: Controls are not designed and/or not implemented; control results are unpredictable
  2. Informal: Controls are implemented, but there is no adequate documentation in place
  3. Standardized: Controls are well designed and implemented; there is a proper control documentation
  4. Monitored: Standardised controls are undergoing periodical assessments and testing for design, implementation, and operational effectiveness
  5. Optimised: Real time monitoring of the effectiveness of ICS is supplemented by continuous improvement efforts

After successful assessment of current maturity level and alignment on future state ambitions, companies can take the following steps to advance their ICS set-up.

2. Centralization and standardization

Once a strategy is defined, focus should shift to centralizing and standardizing processes and controls. This would typically involve documenting standard compliance activities and agreeing to a standard way of working, but also making sure that repetitive compliance activities are performed by a centralized team in a shared service center (SSC) or a compliance center of excellence (CoE).

Effectively performed centralization and standardization are both the basis and the driver of further digitalization and automation efforts:

  • It allows for streamlining execution efforts and supports standardization of activities and procedures
  • It brings more transparency to roles and responsibilities and can lead to cost savings
  • It’s a basis for further automation and digitalization efforts

3. Digitalization, automation and ongoing monitoring

Automation and digitalization of controls accelerates the execution of governance processes, reduces efforts of controls owners, contributes to quality and saves time of finance department. The following solutions can offer relief (amongst others): 

  • Deploying specific ICS tools: help digitalize, automate and monitor ICS activities by offering risks and controls libraries, configurable workflows and dashboards (Governance, Risk & Compliance)
  • Optimizing finance processes/ERP configuration: usually offers optimization opportunities to replace manual detective controls with automated preventative controls (Finance Strategy & Transformation)
  • Data analytics & continuous controls monitoring (e.g. process mining) allow organizations to replace manual controls and testing activities with automated continuous control monitoring (GRC)

Final Thoughts

Instead of seeing internal controls as an administrative burden, we encourage leaders to recognize the hidden potential of an effective and digitalized internal control system. A streamlined and optimized ICS can bring significant cost savings and therefore serve as a true value enabler. 

KPMG helps clients identify improvement opportunities in their ICS, create an improvement roadmap and manage the improvement initiatives. Do you want to explore value creation opportunities in your ICS? Feel free to reach out to one of our experts for a non-binding initial conversation.


1 An ICS can be defined as a set of measures implemented by a company to monitor and manage risks, e.g. 4 eyes principle while approving invoices or automated bank reconciliation. 

2 Finance Transformation is a program of initiatives to modernize the finance function. Those could include organizational changes, implementation of new technologies, introduction of Shared Service Centers, standardization and optimization of processes and controls, etc. 

Durchstöbern, Verwalten und Teilen

Verwalten Sie Ihre eigene Bibliothek und teilen Sie die Inhalte.