A business case for transactional services of F&A ... · PDF fileA business case for transactional services of F&A Outsourcing – P2P, O2C, R2R Marvin R. Panlican . Business...
Post on 10-Feb-2018
218 Views
Preview:
Transcript
As part of our commitment to continuous
process improvement and cost reduction of
our valued client, we’re now driving of
global processes.
A business case for
transactional services
of F&A Outsourcing –
P2P, O2C, R2R
Marvin R. Panlican
Business Case Page 1
I. Introduction
Any Finance and Accounting Professional has a set of primary concerns – optimizing
expenditure, lowering costs and getting the maximum benefit for the expense made.
Transformational Finance and Accounting solutions are the order of the day. With F&A
solutions offered today, you can reduce overall cost, optimize the use of resources and
technology for the company benefit, manage cash inflow and outflow in the best manner possible
and also adhere to the necessary compliance while you do this.
Whether you need to streamline, optimize or transform your organizations Finance and
Accounting function, you need access to world class processes and technology in the perfect
blend to achieve this goal. Best F&A Outsourcing offers services methodology, not only help in
identifying gaps in your current process, but also ensure a smooth and risk-free transformation.
F&A Outsourcing must also consider best solution by using the well-defined operational metrics
like productivity, turn-around-time and accuracy that keep you in control. You also have access
to a 24/7 Helpdesk that makes certain that you have complete and comprehensive support.
This study gives you better insights into your processes that leverage Analytics and
giving you a holistic yet deep view of the processes and fosters decision making. Moreover, it
covers the best solutions of complete Procure to Pay (P2P), Order to Cash (O2C), and Record to
Report (R2R) processes including solutions for Accounts Payable, Accounts Receivable and
General Accounting.
II. Facts of the Case
Procure to Pay
Procure-to-pay processes involve all stages of a business’ transactions and are integral to
overall enterprise efficiency. Organizations face a number of challenges with these processes that
can affect profitability, compliance, and efficiency, including profit recovery, process
automation, and process optimization.
Business Case Page 2
A 2011 survey conducted by the Oracle Applications User Group ranked the procurement
process highest among business processes most vulnerable to fraud, waste, and errors. (1)
Furthermore, the 2012 Global Fraud Study conducted by the Association of Certified
Fraud Examiners (ACFE) found that 24.9 percent of reported occupational fraud cases were due
to employees causing their employers to issue payments by submitting invoices for fictitious
goods or services, inflated invoices, or invoices for personal purchases, with a median loss of
$100,000. (2)
And the risks aren’t just limited to fraud. When companies, don’t have enough visibility
into their procure-to-pay controls and processes, they can incur unexpected or invalid expenses.
The global edition of the 2012 Governance of Enterprise IT (GEIT) Survey, conducted by the
Information Systems Audit and Control Association (ISACA), revealed that 47 percent of
enterprises have incurred an unexpected cost due to an IT-related problem or incident in the last
year.
______________________________ (1) Strategies for Managing Risky Business Process, 2011 OAUG Enterprise Governance, Risk, and Compliance Survey, Unisphere Research
2011 (2) Report to the Nations on Occupational Fraud and Abuse, 2012 Global Fraud Study, Association of Certified Fraud Examiners, 2012
Business Case Page 3
Order to Cash
The order to cash cycle is the financial lifeblood of any organization. Not only does it
determine how quickly an order from a customer is translated into cash in the bank, it also
determines the customer experience and perception of the service provider. This is further
compounded by challenges such a price pressures, cost pressures, increasing stakeholder value
that are often seem contradictory in nature. All these aspects make it imperative for an
organization to focus on having a best-in-class Order-to-Cash Cycle.
Moreover, financial loss due to fraud and error is a growing problem for organizations. A
recent survey by the Association of Certified Fraud Examiners (ACFE) estimates that the
average organization loses 5% of its revenues to fraud each year. Applied to the 2011 Gross
World Product, this figure translates to a potential projected annual fraud loss of more than $3.5
trillion. However the costs to an organization due to fraud and error are not just financial; there
are intangible costs as well, with potentially far greater consequences, such as negative goodwill,
loss in public confidence and brand value. One of the business processes where there is
considerable potential for fraud and error is in the order to cash cycle. Order-to-cash is a set of
business processes that involve receiving and fulfilling customer sales for goods or services. An
Order-to-cash cycle consists of multiple sub-processes including: customer order is documented,
order is fulfilled or service is scheduled, order is shipped to customer or service is performed,
invoice is created and sent to customer, customer sends payment/collection, and payment is
recorded in general ledger.
A challenging economy is partly to blame. Steady reductions in headcount have stretched
workforces already under pressure to work harder and faster with limited resources - increasing
the possibility of error. Reduced headcount can also lead to fraud through excessive access to
data. With limited resources to complete processes, appropriate segregation of duties (SOD) is
not always possible. With fewer employees to segregate access, the remaining employees are
likely to have excess access to data, resulting in higher exposure for fraud to be committed.
Financial pressures on individuals have added to the risk of fraud as previously exemplary
employees succumb to temptation. An ACFE report says that approximately 87% of
occupational fraudsters had never been charged or convicted of a fraud related offense. Rampant
growth in transaction volumes compounded by increased business complexity has also made
Business Case Page 4
organizations more susceptible to error and fraud as they struggle to cope with the workload and
fraudsters exploit loopholes in systems, safe in the knowledge that massive transaction volumes
will potentially mask their activity. Finally, increases in cross-border trading, together with the
lengthening of supply chains has introduced greater risk of fraud and error as companies struggle
to maintain visibility to core financial processes and to implement sufficient business controls in
remote locations. It is clear that if left unchecked, fraud and error in the OTC cycle may pose a
significant cost and risk to the business. This can manifest itself in several detrimental ways,
such as the inability to respond confidently to compliance challenges, the impairment of profit
margins, a reduction in cash flow and operational inefficiency.
Record to Report
Finance and accounting professionals who manage corporate financial reporting and
disclosures are well aware of the amount of time and effort it takes to do the job well. Pressure to
meet deadlines to prepare quality financial statements and reports and to satisfy regulatory
reporting requirements—the Sarbanes-Oxley Act of 2002 (SOX), 2009 XBRL (eXtensible
Business Reporting Language) Reporting Mandate of the Securities & Exchange Commission
(SEC), and the Dodd-Frank Act of2010—means that finance and accounting departments are
constantly overloaded. Anyone who works in the field, or knows people who do, has heard the
war stories about how much work it takes to complete the reporting.
There is no firm definition of the Record-to-Report process, but it is widely
acknowledged to encompass the sequence of activities surrounding the ‘period close’ in
subsidiaries; the collection of year-to-date balances (or monthly movements) at a summary level;
their consolidation according to merger or equity accounting rules and subsequent reporting to a
variety of internal and external stakeholders, in a mixture of manual and electronic (e-filing)
formats.
Business Case Page 5
The diagram above illustrates the typical timescales for the Record-to-Report Process
Although the R2R process is similar across industry sectors and follows a well-trodden
path each reporting period, many finance organisations still face serious challenges in the area of
financial governance.
For example, 15% of global businesses say that they have missed statutory deadlines for
filings due to late changes to charts of accounts, exposing their companies to the risk of financial
penalties and damaging falls in their share price. 88% have experienced delays in the last 12
months when executing financial close, reporting and filing.
III. Problem Statement
Business Case Page 6
As more companies are seeking to move beyond procurement into fully deployed supply
chain systems, a key challenge for many companies is in the area of improving efficiency in their
procure to pay cycle for many of their contracted services, especially in the area of facilities
maintenance and on-site contract management. There exist multiple challenges in environments
where field associates are working from manual or electronic systems, requisitioning on-site
services for maintenance or other activities, and ensuring that this information is captured
effectively. In addition, there exist significant challenges to ensure that the proper service level
agreement is fulfilled, the correct price is charged, the purchase order is transmitted correctly, the
invoice matches, and finally, that the supplier is paid the correct amount for the actual services
delivered. While many enterprise systems claim that these elements are simply defined within
their structural logic, the truth is that there are many opportunities for error, and that without a
planned process for managing the procure to pay cycle, that the organization may be bearing
significant costs due to non-compliance to system or process requirements.
On the other hand, consumer products companies face increasing challenges around
management of the order-to-cash process. These include the ability to effectively manage high
order volumes and to deal with a high level of deductions. The challenges also include
optimizing and understanding trade promotions spend that is required for category success and
consumer adoption. Risk management is also challenging, particularly in the current economic
climate. In the case of credit risk, for example, it is hard to be confident that credit levels are
right, even for long-established and trusted customers. Any customer, including the largest brick-
and-mortar entities, can pose risks that can only be understood with deep trending and analytics.
Moreover, there is no firm definition of the Record-to-Report process, but it is widely
acknowledged to encompass the sequence of activities surrounding the ‘period close’ in
subsidiaries; the collection of year-to-date balances (or monthly movements) at a summary level;
their consolidation according to merger or equity accounting rules and subsequent reporting to a
variety of internal and external stakeholders, in a mixture of manual and electronic (e-filing)
formats.
IV. Issues
Business Case Page 7
These are the following challenges that may arise in Procure to pay, Order to Cash, and
Record to report;
Procure to pay
Procure-to-pay processes involve all stages of a business’ transactions and are integral to
overall enterprise efficiency. Organizations face a number of challenges with these processes that
can affect profitability, compliance, and efficiency, including profit recovery, process
automation, and process optimization.
Profit Recovery - One of the most consistent problems organizations face in the
procure-to-pay process is undetected financial leakage. Companies often fail to realize
the efficiencies that can be gained through the automation of key business processes. For
example, invoice payments are typically reviewed through a system of manual approvals.
This process is not only time consuming, but it can also fail to take advantage of early
payment discounts or avoid late payment penalties. Furthermore, a manual approval
process leaves the door open to potential fraud through post-approval modifications.
Another example of financial leakage is the reimbursement of employee expenses. Many
companies use a manual process to reimburse funds outside of their current systems,
which leaves them at risk of unpaid or duplicate payments, or payments being made for
expenses that have not been properly approved or vetted. At the other end of the
spectrum, inconsistent and stale master data across business units often impedes the
procurement process and creates unnecessary risk to financial integrity. The absence of
common or centralized master data—or lack of automation in approving, recording, and
reviewing master data on a regular basis—often makes master data fragmented and
unreliable, and impairs visibility and optimization of the procure-to-pay process. A good
example of this issue is found with the maintenance of vendor records. Companies
typically have multiple employees with access to the vendor master and they often
duplicate supplier entries in a system. Unfortunately, the data cleansing process is
commonly overlooked and typically occurs on an ad-hoc basis. Without better control of
vendor master data, the chance of fraud, mismanagement of funds, and/or financial
leakage remains significant. Finally, companies often fail to account for the elevated
risks that result from poor segregation of roles and responsibilities, as well as,
Business Case Page 8
unrestricted access to sensitive data. Most access to sensitive data and segregation of
duties analysis occurs on an annual basis and with little resolution. While this may be
sufficient for most year-end audits, it fails to provide the continuous control over
segregation of duties and access to sensitive data. In today’s business environment,
companies face high attrition rates and manage employees with frequently shifting roles
and responsibilities, so access control violations can go unnoticed for weeks, possibly
months, before being picked up. Furthermore, employees are often found to have access
to highly sensitive data that should be strictly monitored and restricted, yet companies
repeatedly fail to notice this until it is too late.
Process Automation - Since the procure-to-pay process is critical to every
organization, it is paramount that the process be as efficient and effective as possible, and
not a source of vulnerability. When you consider automation, the most basic aspects
would be automating transactions, managing the flow of information, and routing
approvals, while the more advanced aspects would include matching, vendor validation,
and alternate approvals. Today, many companies are not taking full advantage of
automating the procure-to-pay process, which could help tighten controls, lower resource
needs for manual validations and processing data inputs, which in turn lowers the risk of
errors that are inevitable with high volumes of manual inputs. One of the main reasons
companies are not fully leveraging opportunities to automate the procure-to-pay process
is simply limited visibility. Management lacks visibility into what data is available from
other departments, what controls could be implemented, and what processes can be
combined to increase efficiency and reduce risk. An example of this is automated
workflows that are either not used or not configured to support a growing company.
Workflows that aren’t configured to leverage the HR structure as the single source of
truth, for example, don’t automatically reflect any personnel changes in the HR structure,
and therefore fail to ensure that documents and approval needs are routed to appropriate
reviewers. By configuring the workflows appropriately, you can eliminate the need for
manual rerouting of approval requests, automatically sending them to a new purchasing
manager, for instance, if the initially assigned purchasing manager has moved on to a
different role, or has left the company. Another example is the failure to define and set
up automated matching rules to prevent financial loss between purchasing, receiving, and
Business Case Page 9
accounts payable. Companies typically have various types of matching within each
department (e.g., procurement analyst matches the requisition against the purchase order
before submitting it to vendors, receiving matches the purchase order to the packing slip
before completing receipt and sending to accounts payable, accounts payable matches the
purchase order to the invoice before making the payment). Manual matching for every
transaction not only consumes a lot of time and resources, but it is also error-prone.
Automated matching can help consolidate the various matching rules within each
individual department, as well as streamline and accelerate the matching process.
Matching rules can be defined to fit the needs of all three departments and provide
processing constraints to prevent further processing if a transaction fails the matching
requirements. This will free up time to focus on reviewing and resolving the true
exceptions identified from the automated matching process. The review and resolution
are critical in this process. While automation can help prevent unwanted transactions and
data from flowing through the procure-to-pay process, it is management's responsibility
to promptly review and resolve issues in order to avoid financial leakage that could be
caused by not processing transactions in a timely manner. For example, processing of a
purchase order may be time-sensitive to the requestor, and delays could lead to delays in
other projects or payments resulting in the accrual of late fee penalties.
Process Optimization - Another big challenge companies face is business-process
optimization. When it comes to optimizing the procure-to-pay process, the focus shifts to
higher value-add activities like cultivating optimal payables strategies with real-time
supplier and banking information exchange, centralized master data management,
workflow-driven approvals management, and global, electronic payment capabilities.
However, because most companies departmentalize different stages of the procure-to-pay
process, they miss the opportunities and value associated with process optimization. A
typical scenario might be when an individual employee initiates a requisition specifying
what product and vendor they want to purchase from, the requisition is approved by the
reporting manager, and the approved requisition is sent to the purchasing department for
processing. If the purchasing department is centralized, chances are someone will
forecast purchasing needs or consolidate requisitions from different departments,
subsidiaries, or geographical locations to strategically select vendors, take advantage of
Business Case Page 10
volume pricing, and initiate competitive bids with various vendors. Use of master data to
store pricing plans with different vendors and incentives offered by various vendors
allows the company to take advantage of the best deals available to meet purchasing
needs and assist with contract and price negotiations. In summary, decentralized
purchasing and inconsistencies in the purchasing process across different departments,
subsidiaries, or geographical locations become a challenge when you’re trying to control
financial leakage. This is more challenging for companies that do not enforce a
centralized single source of truth for master data. Multiple master data sources cause
challenges for enforcing consistent purchasing policies, process optimization, and
automation for the enterprise across different business units. Finally, the lack of
automation will lead to workarounds and increase the need for manual compensating
controls which then decrease effectiveness of automated controls applied in upstream
processes.
Order to Cash
Increasing pressure to;
Reduce time to market the product and services
Improve the margin
Retain existing customers and attract new ones
Price Pressures with reducing tariffs/costs
High cost of business processes
Varied statutory and compliance requirements across different countries/regions
Varied supplier/vendor performance and agreements across different regions
Record to Report
Data Posting Errors – can be result of a number of factors including;:
o Errors from accounting systems - Transactions posting from accounting
systems might not post to the appropriate accounts, or significant
transaction data points might be missing after the interface has processed.
These errors can be the result of an inaccurate or incomplete setup of the
Business Case Page 11
accounting system process. Management would be required to research
and resolve these errors before the closing process would be complete.
Part of the challenge in resolving posting issues from accounting systems
is helping ensure compliance with corporate policy. The resolution of
posting issues might require updating the original transaction in the source
system instead of making the adjustments directly in the target system.
Additional time would be required to help ensure those transactions are
updated according to policy prior to resubmission.
o Posting transactions to prior closed periods - Prior period posting of
transactions can be problematic. Over the course of the period, previously
unrecorded transactions might be identified and need to be entered in the
period they were incurred. Period management tends to be a very manual
process with limited visibility.
Allocation set-up errors - The process of setting up general ledger allocation
journal entries and running them should be a controlled process much like code
development. Accounting activity requiring allocating journal entries should be
well researched and planned. The use of ERP native or additional advanced
controls cannot take the place of the research needed to create allocations. Good
processes augmented with native ERP and advanced controls, support accurate
and well-controlled accounting.
Allocation formulas should be documented, well tested, and approved
through user acceptance. The schedule by which those allocations are generated
should also be documented and tested. This testing will help ensure that
dependent data from preceding transactions is captured and subsequent and
dependent transactions are created and posted accurately. Once approved, the
allocation formulas and the associated schedules should be restricted from further
update.
Business Case Page 12
General ledger reconciliation process - General ledger reconciliation can be a
difficult and time consuming process. Quite often, clear ownership and
responsibility for accounts has not been established. This lack of ownership can
lead to unauthorized journal entries being posted to sensitive accounts making the
GL reconciliation process long and difficult.
When the organization makes use of suspense accounting, reconciliation
issues can even be further exacerbated. Financial services organizations, in
particular, make frequent use of suspense accounting. Depending on the
accounting system, some suspense accounts are controlled by the system directly,
whereas other accounts can accept manual journal entries. These suspense
accounts can be misused if good ownership and oversight are not in place.
Knowing critical suspense accounts in use and the volume of transactions
affecting these accounts helps management prioritize and plan its reconciliation
for an efficient close process.
General ledger consolidation - The consolidation process can produce unexpected
results during financial reporting. The consolidation activities might highlight
some unusual activity once the preliminary financial statements are generated.
Possible causes of these issues could include data errors during the consolidation
process, inadequate drill- down capability for detail analysis, or even adjusting
entries were either unauthorized, not justified, or inaccurate.
General ledger master data maintenance - Organizations face challenges with
general ledger master data errors and complexity due to limited data standards and
incomplete understanding of master data change impacts. These challenges are
further complicated by the lack of segregation between master data maintenance
and daily transaction processing, allowing users to add/modify GL segment
values when entering the transactions without considering the impacts to other
areas of record-to-report process (e.g., FSG account range, consolidation
mapping, and reconciliation effort).
Business Case Page 13
V. Recommendations and Action Plans
High-risk activities and high impact to profits - Advanced financial controls provide out-of-the
box as well as configurable content to oversee the entire procure-to-pay (P2P) business process
and satisfy needs of P2P practitioners, auditors, and IT staff. In the P2P process, potential
vendors are identified, contracts and terms are negotiated, and supplier profiles are setup as
master data. The establishment of a vendor master and other master data provides a consistent set
of information, and rules that adhere to and support the enterprises policies, procedures, terms,
and agreements. It is strongly recommend that organizations take the time to standardize on a
single vendor master and the appropriate policies and procedures for their organization up front.
It is then critical for organizations to carefully and periodically monitor for changes made to
supplier data and assess the accuracy of the data.
A myriad of scenarios could cause errors—as well as potential fraud and abuse—that
result in significant realized financial losses, especially if they go undetected over an extended
length of time. Advanced financial controls can oversee the maintenance to vendor data such as
potential duplicate vendors in the system. Duplicates entered by different users can go
undetected because of differences in spelling of supplier names or other key data fields.
Transaction Controls Governor (TCG), in Oracle, can compare and find suppliers that have
similar—but different—spelling, perhaps as a result of abbreviations or simple transposition
errors. This same ETCG control can also find vendor data matches on other fields including tax
identification, address, bank routing information, and so forth, increasing the probability that the
vendor is a duplicate. Without these controls in place, overtime errors are likely to be introduced
into the procurement and payment processes, resulting in real financial losses that will incur
additional time and expenses to recover.
Another red flag that owners of vendor master data should be watching for are frequent
updates to a particular vendor or vendors for a particular buyer. Configuration Controls Governor
(CCG) monitors changes to vendor, accounts payable, and purchasing setup configuration data
including address, bank routing information, receipt and purchase order dates, payment terms
including discounts, and tax information. CCG will produce ‘snapshots’ of before and after
Business Case Page 14
values that are updated. An ‘audit trail’ will provide answers to who, what, and when the updates
were made. With visibility into frequent changes to P2P setup data, procurement rules and
payment terms manipulation may alert managers to fraudulent activity and should be further
investigated to determine the root cause.
Of course, having proper user roles and segregation of responsibilities will significantly
help mitigate loss by blocking users from setting up combinations of financially harmful
scenarios. Application Access Controls Governor (AACG) provides visibility of users’ access
all the way down to individual P2P menus and submenus, and maps the entire security in a
graphical interface, which provides an efficient means for analysis and remediation. For
example, a user such as a buyer should not be setting up or changing vendor master data and then
executing purchase orders or even payments to those same vendors.
There are many ways financial results can be negatively affected through schemes such
as creating a purchase order on-the-fly as goods or services are received that would ordinarily
require a lead-time. These high-risk P2P activities could circumvent hard-won negotiated
agreements, including pricing. Using advanced financial controls in concerned with delivered
ERP system configurations provides a highly effective controls environment while allowing
efficient processing of compliant P2P transactions. For instance, CCG may monitor vendor and
temporary changes to order-to-delivery lead-times, TCG can detect transactions where purchase
orders are created or modified on or about the same day as the goods are received, and AACG
can ensure policies are in place where a user cannot both create or modify purchase order and
receive goods.
Increasing automation to improve audit efficiency and timely detection - Advanced financial
controls empower the P2P organization and the audit staff in a number of ways. There are
limited resources to audit and assure the enterprise that P2P activities are performed in
accordance with established policies. Advanced financial controls are fully automated and
companies are rapidly moving from resource-intensive manual controls to automated controls.
The automation includes the scheduling of controls for periodic testing and monitoring of P2P
setup and configurations, users responsibilities, P2P transactions, as well as capturing inline P2P
Business Case Page 15
transactions in real-time to prevent committing transactions before they have been properly
reviewed and approved.
Manual controls are typically prioritized tightly and heavily dependent on available audit
staff and P2P resources. Because of this, monitoring and manual sampling of transactions may
have to be restricted to higher cost, low volume activities at the expense of high-volume
transactions, but the latter can quickly accumulate in significant financial risk and exposure.
Automation affords more scope and breadth of testing controls, monitoring more P2P activities
and providing a greater level of assurance to company stakeholders.
As incidents are inevitably identified, advanced financial controls employ a multi-user
workflow and remediation process that will alert and notify the necessary P2P stakeholders. The
tracking and reporting of incident status and aging delivers the visibility necessary to manage
high-risk P2P activities.
Audit time and effort can be greatly reduced when internal audit and line-of-business
users can setup and monitor their P2P activities, including producing their own evidence of
control effectiveness. Supporting evidence can be produced in advance of the audit engagement
and used by external auditors, thereby reducing fees paid to perform these tasks.
Clearly, effective oversight will require executives to anticipate changes to evolve and
keep pace with innovation. System software with complete process will continue to be a vital
solution and active player in managing P2P risks and providing the flexible, advanced controls
that prevent errors and financial leakage by monitoring configurations, users, and transactions.
top related