Build Resilient Internal Control Systems to Confront Today's Diverse Challenges
The environment for internal controls is undergoing a period of intense change. A combination of technological acceleration, shifting work models, and expanding reporting requirements is placing unprecedented pressure on traditional control frameworks. For controllers, maintaining an effective and efficient system of internal controls is no longer just a compliance exercise; it is a strategic imperative for managing risk, enabling growth, and building stakeholder trust. See how KPMG can help.
Multiple interconnected factors are contributing to the rise of internal control challenges. These drivers require controllers to look beyond traditional financial risks and consider a broader spectrum of operational, technological, and strategic threats.
A critical and worsening shortage of qualified accountants: Data from a KPMG LLP report shows that material weaknesses attributed to a 'lack of accounting resources/expertise' steadily increased from 34% in 2021 to 60% in 2024.1 This issue is compounded by high turnover rates, which result in the insufficient transfer of knowledge.
Information technology, software, security and access issues: IT-related issues have become a primary driver of material weaknesses. These deficiencies are often pervasive and impact the entire control environment. Specific problem areas include:
Persistent Cybersecurity Threats: The increasing sophistication of cyberattacks represents a direct threat to the integrity of financial data and the systems that process it. The SEC has finalized rules2 that expand and standardize disclosures around cybersecurity risk management, strategy, and governance, emphasizing that robust cybersecurity controls are a critical component of internal control over financial reporting (ICFR). Weaknesses in IT General Controls can expose a company to data breaches, creating financial and reputational risks.
Digital Transformation and Automation: Companies are rapidly adopting technologies like Robotic Process Automation (RPA), artificial intelligence (AI), and cloud-based ERP systems. A 2023 KPMG survey3 notes that while these technologies offer efficiency, they also introduce new risks if controls are not designed and integrated from the start. Issues arise when systems are implemented without sufficient change management controls, leading to gaps in segregation of duties or flawed system-generated data and reports.
New ESG Reporting Demands: The growing demand from investors and regulators for reliable, auditable Environmental, Social, and Governance (ESG) data has created a new frontier for internal controls. Many companies lack a formalized control framework for their non-financial data, treating its collection as a disconnected exercise. This exposes them to risks of greenwashing accusations and regulatory scrutiny, as the SEC moves toward mandating climate-related disclosures.
Hybrid Work Models: The shift to remote and hybrid work has complicated the execution and monitoring of controls. A 2022 survey from Financial Executives International (FEI)4 noted that a significant majority of finance leaders expect their teams to spend 50% or less time on-site going forward, making virtual execution of internal controls a permanent feature. This decentralized environment can weaken the overall control culture and create opportunities for fraud or error that are harder to detect.
To navigate the current environment effectively, controllers should adopt a forward-looking, strategic mindset.
To navigate the evolving landscape of internal controls, controllers must proactively embed controls into the design of new systems and processes, championing technology like GRC and data analytics for automated, continuous monitoring. It is also crucial to rethink talent strategy by upskilling teams in areas such as data analytics and ESG, and to adopt an integrated risk mindset that breaks down silos between financial, cybersecurity, and sustainability risks for holistic organizational resilience.
Accounting Advisory Services
Support for deal-related accounting challenges
Financial reporting issues and restatement services
Financial reporting issues demand a quick and appropriate response. We can help you cut through the complexities of restatements.
Financial process and transactions support
Anticipating a merger, acquisition, separation, or IPO transaction?
Internal Audit and Controls
Maintain trust by consistently providing assurance over the full picture of risk in your organization.
Technology assurance
We help clients assess, manage and remediate IT-related risks
KPMG Managed Services
Make the difference with KPMG Managed Services: Optimize operations, improve costs, and deliver value-creating transformations.
1 Source: KPMG 2024 Study, “Trends in Material Weaknesses” (December 2024)
2 Source: KPMG Thought Leadership, “SEC’s final cybersecurity rules: A board lens”
3 Source: KPMG 2023 Survey “2023 KPMG US Technology Survey Report”
4 Source: Financial Executives International “13th Annual Public Company Audit Fee Study Report”
5 Source: The Association of Accountants and Financial Professionals in Business report, “Talent Retention in the U.S. Accounting and Finance Profession” October 2023
See how Chief Accounting Officers and Controllers are adapting to a dynamic landscape characterized by rapid market shifts, regulatory uncertainty, and relentless technological advancements.
Explore more insights
Popular category topics
Insider insights on CAO-relevant topics: Governance, risk and compliance developments, complex and event‑driven transactions, digital innovations, ESG and sustainability reporting, geopolitical landscapes, hybrid work environments, and the latest industry standards and trends delivered directly to your inbox.
We help navigate the complex challenges of technical accounting, financial reporting, financial integration, and leadership, empowering organizations to thrive.
