How to Build and Integrate Internal Controls, Governance and Technology

The importance of strong internal controls, governance and transparency with technology is the focus of this Solution Session from March of 2023, which addresses challenges posed by factors such as financial crises and events like the FTX crash. Learn actionable solutions for business owners when establishing synergy within these areas.

In the digital transformation era, strong governance and transparency with technology are more important than ever for businesses, especially after events such as the FTX crash. Regulators and external auditors are increasing the processes, guidance, and rules companies must adhere to for disclosing cybersecurity activities, and we expect to see more scrutiny in the future. It can become a laborious manual effort to disclose how a firm's internal controls are effective, but integrating the right technology can streamline the process and help management make better business decisions.

The convergence of internal controls, governance, and technology

It's helpful to consider the relationship among internal controls, governance, and technology like a household. As the head of a household, you have certain authority and oversight over the home, such as handling expenses or determining if repairs are in order. You have internal controls to mitigate risks, such as a roof over your head or an alarm system. Then, you have the technology to help you execute these controls and provide better data on your environment, such as an Alexa to turn off your lights or a Ring camera to detect activity on your porch. This information feeds right back to governance, as the heads of the household can use this data to see if their risk controls are working and monitor new areas of risk.

Integrating technology, internal controls, and oversight

Everything starts with governance and leading by example, and management needs a champion to set the right tone. When executives are living and breathing controls, technology, and oversight, the rest of the company will follow.

Next, businesses must look at their risk appetite and tolerance and determine where they can effectively mitigate the most crucial risks. Many companies start by looking at their financial statement risks, but that's only part of the picture; businesses should take a step back and look at risks across their enterprise. Remember that it's not just about checking a box; you must have the proper controls based on your industry and market size to help mitigate the risks tied to your specific marketplace. Assessing for risks is an ongoing exercise, so make sure your plan is nimble enough to pivot if necessary.

Once you've determined your risks, you'll need to monitor those risks, and that's where technology comes in. Firms are leveraging tools for access management, monitoring, and audit logs to create better risk programs. While many consider it a necessary evil, a great starting point for incorporating controls is through SOX, a useful piece of your enterprise risk assessment that helps safeguard that the information you're giving the public about your financials is correct.

Remember that technology is a tool, not a solution to a business problem; companies must fix their processes first to make certain they have the proper controls to adhere to regulatory requirements. If you don't have a good risk assessment, you could spend a lot of dollars and resources bringing in technology that's not focused on the right areas.

Creating a culture of compliance

Ultimately, everyone in the organization should be responsible and accountable for risk management. Companies have the most success in creating a culture of compliance when they start the process early, garner support from their partners, and view the integration of internal controls, governance, and technology as a way to improve their business.