Generating consumer goods Impact
How an internal controls CoE provides effective risk coverage for a global consumer goods company
A global consumer goods company
• Redesigned the global operating model for the internal controls function and set up an internal controls center of excellence (IC CoE) • Designed a risk-based, integrated control framework covering all operational and support processes • Helped standardize, optimize, and automate internal controls • Redesigned the Sarbanes-Oxley (SOX) program, including test script standardization, remote testing of controls, and risk-based global scoping • Designed and implemented advanced control monitoring solutions, including controls self-assessment and continuous controls monitoring, enabled by technology and analytics
• Reduced resource costs by 45%- 50% through process centralization and automation in controls monitoring • Enhanced control automation by more than 25%, with the possibility of further enhancement • Rationalized testing of SOX controls by 18% in 2016, and identified opportunities to rationalize another 27% in 2017; overall rationalization of 45% expected • Reduced overall auditing effort by internal and external auditors through greater reliance on the internal controls team • Created visibility of internal controls through digital dashboards
Industry Consumer goods Business need addressed The lack of a standardized and integrated controls framework, and supporting roles and responsibilities in the internal controls organization led to inadequate risk coverage and costly control monitoring
DESIGN • TRANSFORM • RUN
To transform its decentralized internal controls function, a global consumer goods company set up an IC CoE enabled by technology and analytics. Consequently, the company created an integrated control framework to cover all types of risks—including financial, operational, and compliance risks— across processes, and paved the way to reduce the cost of compliance with SOX requirements. The IC CoE delivered advanced solutions that enabled the company to manage controls self-assessment (CSA) and continuous controls monitoring (CCM). Business challenge
Following a series of mergers and acquisitions, the client—a leading global consumer goods company with a presence in 80 countries—needed to realign its global internal controls environment to its changed risk profile.
Genpact designed, transformed, and ran an integrated IC CoE to strengthen compliance and reduce overall costs. To gain maximum impact from the solutions adopted, the CoE leveraged Genpact’s Lean DigitalSM methodology, which combines design thinking—to focus on end-users’ needs— with digital technologies and Lean principles, and is underpinned by domain expertise. This unique approach allowed the client to respond to changes in business requirements through incremental and iterative sprints and feedback loops.
The company faced a number of challenges in managing internal controls, including: • A fragmented and manual control framework that focused only on SOX compliance and did not address end-to-end risks effectively • A decentralized internal controls organization with duplicated effort between the control monitoring and management functions resulting in costly control monitoring • Inefficient SOX testing and duplication of monitoring with multiple assurance providers testing the same controls • Low awareness of internal controls and ownership by control owners As part of a broader finance transformation program, the client identified the opportunity to address its fragmented internal controls environment and achieve an integrated, standardized controls framework that would enhance risk coverage at lower compliance costs. The client needed a redesigned operating model with process automation, better governance and transparency, and reduced costs.
Genpact and the client established the IC CoE in just eight months. The project involved: • Designing a risk-based integrated control framework covering all risks, including financial, operational, and compliance risks—the framework provided a common risk and control language for global operations • Redesigning the roles and responsibilities of the global IC organization, both in local markets and in the centralized CoE • Redesigning the SOX program to create an optimized control framework that included risk-based scoping, standardized test scripts, remote testing of controls, and enhanced SOX documentation • Migrating SOX testing to the IC CoE • Designing and implementing digital control monitoring solutions like controls selfassessment and continuous controls monitoring
GENPACT | Case Study | 2
• Setting up dashboards for near-real-time visibility across all work streams for stronger governance • Creating and implementing change management initiatives, including IC team training around the world, for faster adoption of the new controls framework The integrated controls framework and the controls self-assessment (CSA) and continuous controls monitoring (CCM) solutions were among over 150 unique design deliverables that were codeveloped by Genpact’s 20-member design team and 50 client end users. The solution helped the client go beyond SOX compliance and enhance the coverage of all financial, operational, and compliance risks (see figure 1). Genpact applied digital tools and analytics to the CSA solution to incorporate surveys and remediation tracking. With well-defined key performance indicators and SLAs, the management team also had access to real-time visibility of the impact of its IC CoE activities.
Stakeholder engagement in the design of the CoE was critical to this transformation as the sensitive nature of risk management required the buy-in of all relevant leadership and operational teams. Genpact focused change management initiatives at various levels to introduce the concept, seek support from stakeholders, make the CoE’s impact transparent, and ensure it aligned with corporate objectives. Training sessions on new processes and technologies were also organized to ensure that the retained organizations and outsourcing partners understood management’s vision.
Business impact The IC CoE helped the client build robust internal controls enabling business teams to identify risks and take remediation measures in real time. The initial phase of this large and long-term transformation project has helped the client achieve: • A 45%-50% reduction in resource costs through cost arbitrage and greater productivity. The IC CoE has 35 members, comprising full-time
Global service capability • • • •
Global IC CoE
KPIs and SLAs
*GRC - Governance Risk and Compliance
Broad service catalogue Continuous control monitoring
Leveraging technology like GRC*
Standardized control self assessment
Global SOX CoE – driving efficiency
Anti bribery and corruption
Integrated controls framework
Standardization of control framework and control testing Remote site audit capability—enhanced coverage Flexible model with options to ramp up and down Skilled talent pool
• Ability to run broad solution sets from traditional to advanced e.g. SOX to CCM • Single point of contact for all risks and control activities in the organization • Covering financial, operational, IT, compliance and other risks
Robust governance • Greater visibility of internal controls’ health at enterprise level through digital dashboards with drill down capability • Performance management of CoE through KPIs and SLAs • Technology and analytics enabled solutions— Control Analytics
Figure 1: A cost-effective operating model for advanced controls assurance servicing global requirements GENPACT | Case Study | 3
resources and surge resources for peak load work, who have helped the client reap benefits through cost arbitrage and greater productivity • Enhanced control automation, from 15% to 42%, with the possibility of further improvement • Rationalized testing of Sarbanes-Oxley controls by 18% in 2016, and identified opportunities to rationalize another 27% in 2017; overall rationalization of 45% expected • By aligning with external auditors on SOX compliance, the testing methodology, and test script standardization, Genpact identified the opportunity to significantly cut external audit costs, as auditors would have greater reliance on the work done by the CoE • Significant improvement in control health as key control issues are tracked globally and root causes are resolved through improved collaboration between internal controls,
internal audit (IA), and business process excellence teams • Increased ownership of controls by process owners through the CSA program, and real-time identification of control gaps and fraud indicators through CCM • Reduced audit fatigue of control owners by integrating the auditing plan of the IC and IA function • Enhanced governance of, and transparency into, the control environment through dynamic dashboards and metrics By adopting Genpact’s Lean DigitalSM approach to improve its internal controls environment, the client realized its vision to create a best-in-class risk management and control function. The center of excellence allows the company to extend internal controls beyond the role of auditing to enable business teams to proactively identify and manage risks.
About Genpact Genpact (NYSE: G) stands for “generating business impact.” We are a global leader in digitally-powered business process management and services. Our Lean DigitalSM approach and patented Smart Enterprise ProcessesSM framework reimagine our clients’ operating models end-toend, including the middle and back offices – to deliver growth, efficiency, and business agility. First as a part of GE and later as an independent company, we have been passionately serving strategic client relationships including approximately one-fifth of the Fortune Global 500, and have grown to over 70,000 people. The resulting domain expertise and experience running complex operations are unique and help us drive choices across technology, analytics, and organizational design. For additional information, contact, email@example.com and visit, www.genpact.com/what-we-do/business-services/enterprise-riskcompliance/sarbanes-oxley-compliance Follow Genpact on Twitter, Facebook, LinkedIn, and YouTube. © 2016 Copyright Genpact. All Rights Reserved.