With the SEC’s recent finalization of pioneering climate-disclosure regulations, the landscape of corporate reporting is set to undergo a significant transformation. These regulations, aimed at ensuring transparency and consistency in climate-related disclosures, require a strategic and proactive approach from corporate executives. As the phase-in period approaches, with large-accelerated filers embarking on disclosures by 2025, understanding and preparing for these changes is critical for staying ahead. 

Overview

The SEC’s initiative represents not just a regulatory requirement, but a strategic opportunity for businesses to showcase their commitment to climate-related disclosures and risk management. Under the leadership of SEC Chair Gary Gensler, the rules are designed to provide investors with decision-critical information, thereby requiring that public companies focus on their climate-related risks and the expected mitigation strategies.  

Summary of Disclosure Requirements

Regulation S-K: Strategic and Operational Insights

  • Risk and Goal Disclosure: Highlight how climate-related risks and objectives could materially affect business operations and financial statements. 
  • Strategy and Business Model Impact: Describe the actual and potential impact of climate-related risks on the company’s strategy, business model, and outlook. 
  • Risk Mitigation and Adaptation: Detail actions taken to mitigate or adapt to material climate-related risks. 
  • Governance of Climate Risks: Outline board and management oversight on climate risks, including the processes for risk identification, assessment, and management. 
  • Financial Implications of Climate Actions: Report material expenditures and the impact on estimates and assumptions from climate-related mitigation and adaptation activities. 
  • GHG Emissions Reporting: For relevant filers, disclose Scope 1 and Scope 2 emissions, emphasizing the importance of assurance for material emissions data. 

Regulation S-X: Financial Impact and Expenditures

  • Weather and Natural Conditions Costs: Disclose costs and expenses from severe weather events and natural conditions, adhering to specified disclosure thresholds. 
  • Carbon Offsets and Renewable Energy Credits or Certificates (RECs): Report on expenses related to carbon offsets and renewable energy credits, especially if they are significant for achieving climate-related goals. 
  • Financial Planning Impact: Describe how severe weather and other natural conditions affect financial estimates, disclosed climate-related targets, or transition plans. 

A Multi-disciplinary Approach to Implementation

In an era where climate will shape market dynamics, aligning SEC climate disclosure requirements with corporate strategy is not just about compliance; it’s about seizing a leadership position in sustainability. A holistic, multi-disciplinary approach, drawing on expertise from sustainability, finance, operations, legal, HR, and supply chain, is pivotal for embedding climate consciousness into every facet of your business operations.  

This 5-step guide will help you outline a phased approach to meet the SEC mandates.

1. Streamline Reporting and Bridge Gaps

Evaluate your existing climate reporting procedures against the SEC’s benchmarks to identify and address discrepancies. This critical first step ensures your reporting infrastructure is robust and fully compliant.  

2. Quantify and Manage Emissions with Precision

Establish clear organizational and operational scopes for GHG emissions, utilizing standardized data collection templates and controls. This foundation supports accurate emissions reporting and strategic decision-making for reduction efforts. 

3. Elevate Disclosure Quality and Transparency

Collaborate with stakeholders to refine climate-related disclosure practices. Enhance the clarity, depth, and relevance of your disclosures, drawing upon TCFD and GHG Protocol standards to meet and exceed SEC expectations. 

4. Governance and Oversight for Climate Integrity

Strengthen your governance model to ensure comprehensive oversight of climate-related risks and strategies. This includes defining clear management roles and improving data collection processes to enhance the reliability and efficiency of your climate reporting. 

5. Assurance and Accountability

Ensure your GHG emissions data and climate disclosures are audit-ready. Engage both internal and external auditors for a thorough review of your processes and controls, guaranteeing the integrity and credibility of your disclosures. 

As you navigate the complexities of the SEC’s climate disclosure mandates, remember that this is not just a compliance exercise, but a strategic business imperative. CrossCountry Consulting is your partner in aligning these new requirements with your corporate objectives, ensuring not only compliance but also a stronger competitive edge and enhanced investor confidence. Let’s redefine the future of corporate sustainability together. 

Connect with an expert

Christina Kaminski

Accounting Advisory and ESG Lead

See Bio

Contributing authors

Stef Pria

Steve Coppolino

Brad Schultz

Michael Hempenstall

In 2023, when Coupa R35 centralized the procurement intake process with Guided Experience, users were confidently able to answer the persistent question, “Where do I start?” Fast-forward to 2024 and Coupa’s biggest release of the year, R38, delivers major enhancements to Guided Experience to further support users in guiding the request process.   

Available to all Coupa customers by February 2024 (depending on release schedule), Guided Request provides new visual cues, is more configurable, and is packed with additional options, making this powerful tool more valuable and user-friendly than ever.    

Guided Request Details 

Enhancements include: 

  • Multiple Guided Request pages can be linked by admins for more comprehensive guidance. 
  • New visual cues for improved user experience. 
  • Individual users can default to Write a Request as their first option. 
  • Process Automator enhancements allow the New Supplier Process and Requisition approval process to occur in parallel.  
  • New policy and process document types added for Guided Requests. 
  • New data table experience with collapsible views. 

These changes are explored in more detail below.

Link Multiple Guided Request Pages 

Users can still select individual Guided Requests from a pre-determined list, but to make this starting page even more dynamic, multiple requests can be linked in a parent-child relationship directly from the start page, supporting a more sophisticated guided experience. Admins can manage relationships by accessing Guided Requests and indicating whether the request is linked to a parent page.   

coupa R38 guided request linked pages

By creating the parent-child relationship, users can access requests related to the parent page from one request form. Shown below, the Parent Page R38 Guided Request Page Test is linked to 3 Guided Requests, displayed to the user under the “Let’s Get Started!” Display Name 

coupa r38 guided request supplier onboarding start form

New Visual Cues 

Want to guide users with easy-to-recognize visual cues? No problem.

If users submit a purchase request, by using visual cues, admins can create brand recognition and icons to inform them about which supplier and purchase experience they can select. As seen below, the supplier logo is used for brand recognition and icons are now available to indicate supplier popularity within the organization, diversity criteria, and whether the supplier is a Coupa Advantage supplier. 

coupa r38 guided request supplier advantage

Default to Write a Request  

Have users who frequently write a request? They can now default to the “Need help? Let us guide you” button to write a request (#2 below). From the request page, users can check the “Skip to ‘Write a Request’ by default” box at the bottom of the page, before adding the item to their cart (#1 below).   

This will then default this page for this user every time they click the “Need help? Let us guide you” button.    

coupa r38 guided request 'write your request' form

Process Automator and Guided Requests to Streamline the Supplier Request Process

Previously, the New Supplier Request Form and the Requisition Line Form were independent of each other. Now, the process automator can link the two forms (see image below), creating a seamless experience for the end user.

By leveraging this functionality, paired with the “Auto Approve” setting on the New Supplier Request form, requests can flow freely through the approval process while the supplier completes the remaining onboarding tasks. 

coupa r38 guided request process automator

New Document Types  

There are three new custom selection options available when creating a Guided Request page. 

  1. Policies: Allowing the user to view the selected policy.
  2. Processes: Guiding the user by starting a process.
  3. Guided Request page: Allowing a parent-child experience for the Guided Request page.

It’s important to note that child pages don’t include content groups, which means they can be reused with different start or parent pages. 

New Data Table Experience   

Lastly, the streamlined data table views now have a collapsed option and take up less space on the page. This reduces scroll and improves user experience for users quickly navigating through the platform.  

Coupa’s Guided Requests and the R38 enhancements are available to all customers right out of the box with R38; however, customization does need to be configured by a Coupa admin

Are you an existing Coupa customer looking to maximize this valuable new feature? Still deciding which business spend management (BSM) application is right for your organization? Contact our Coupa Release Management team to ensure your application centralizes purchasing requests and generates tangible ROI with every release. 

Connect with an expert

Harpreet Narula

Coupa Practice Lead

See Bio

Contributing authors

Anna Doppel

Ian Gray

Jordan Cullinane

Leaders preparing to launch a significant international growth initiative have a million tasks on their plate. Scalable financial management software that meets present and future needs is but one – yet it has far-reaching implications for ongoing operations, financial health, compliance, and procurement. 

Fortunately, Sage Intacct’s robust functionality and platform experience simplifies complicated transnational reporting, currency, data, tax, and language disparities that finance and accounting teams will encounter. SaaS companies in particular will find valuable use cases for billing automation and revenue recognition, enabling faster, more efficient execution in their growth journey.  

All this and more was discussed at Sage Transform 2024, with Sage implementation experts from CrossCountry Consulting leading key discussions on the internationalization of SaaS organizations. Here are some of the core highlights: 

Financial Management Challenges International Companies Face 

SaaS companies entering a global market for the first time will confront numerous and potentially complex obstacles if their accounting and technology systems are not designed to scale or support international needs. Similarly, companies that already have a global footprint may still be dealing with persistent challenges they’d prefer to finally overcome. 

The long but non-exhaustive list of expected challenges includes: 

– Multiple currencies lead to reporting and transactional issues– Multi-language requirements– Manually creating transactions to force compliance
– Systems and data cobbled together manually– Requirement-gathering is often incomplete– Consolidations become more complicated due to FX implications
– Tax laws, GAAP, and regulatory requirements differ by country– Stop-gap solutions become permanent solutions– Training is undervalued and leads to recurring and unique issues every month
– Technology solutions are often regional, requiring upgrades to existing tools or migration to more robust ones– Systems are looked at in a vacuum (e.g. focus on Sage Intacct only without evaluating impact on upstream/downstream solutions like Salesforce or Lockstep)– A cross-department problem requires a cross-department solution

So how can leaders navigate these issues within Sage Intacct? 

Identify Accounting Requirements for International Expansion 

To make the transition to a successful target state as a global organization, there are two key pillars leaders must keep top of mind: 1) what’s legally required from an accounting perspective and 2) how to address differences in GAAP across multiple countries. 

Legal Requirements 

The legal requirements for operating internationally are fundamentally different than operating domestically. Finance and accounting leaders should ask themselves: 

  • What did auditors ask last year? This is a useful baseline to spur conversations about what changes might need to be made in advance of a forthcoming audit cycle. And it can also shed light on the types of providers and third parties that will need to be brought in to support. 
  • What reports must be submitted to tax and regulatory agencies (e.g., Making Tax Digital)? International requirements may require additional internal and external resources to accommodate, and the Sage environment will need to be specifically configured in a way to allow the proper sharing, visibility, and flow of reporting information. 
  • What are today’s pain points? For instance: 
    • Some regions and countries require a unique, sequential number, known as the accounting sequence number, for each posted transaction that affects the general ledger or subledgers. 
    • Some regions and countries don’t allow deletion of any transactions, especially revenue. 
    • VAT returns must be submitted electronically directly through the ERP. 
    • Many countries have specific guidelines for how their invoices must be presented (tax information, language, invoice info, etc.). 

GAAP Requirements 

The reality of going international is that different countries have different GAAP requirements, such as ASC, IFRS, PCG, and more. 

The good news is that domestic accounting teams don’t necessarily need to be experts on all these regulations. Regional teams within the global organization will have more hands-on experience and detailed information on what exactly is needed to accommodate potential accounting changes. User-defined books are immensely useful in this capacity, as they can be adapted and layered to facilitate evolving reporting needs. 

Understanding the aforementioned requirements sets the stage for a successful, purpose-built Sage implementation. 

Execute an International Deployment: 5 Keys to Success

To remove predictable delays, ensure an optimal outcome, and quickly generate value from Sage, there are five primary focus areas to consider: 

1. Define Requirements

  • What systems will be impacted by the change? 
  • What new tax regulations must be complied with? 
  • Are there new regulatory reporting guidelines? 
  • Which languages need to be supported in the system? 
  • Are there new audit requirements? 
  • What entities will be added? 
  • Which banking partners will be selected? 

2. Create an Achievable Timeline and Stick to It

While timelines will vary depending on complexity and scope, here’s a rough snapshot of what SaaS leaders can expect:  

3. Get Buy-In From the Right People

  • International finance teams (tax, audit, operational finance, FP&A, FX). 
  • Sales operations and Salesforce development. 
  • Executive leadership. 
  • CTOs and systems administrators. 

4. Engage a Sage Intacct Expert

Clear communication and close partnership with a Sage Intacct implementation expert like CrossCountry Consulting will ensure the internationalization of modules and existing configurations are completed effectively. As part of the project delivery, hands-on go-live and post-production services can add greater value and ROI to the entire technology lifecycle. 

5. Support Teams With Thorough Testing and Training

As a reminder, any software is only as successful as its users, so all relevant staff must keep pace with system upgrades, environment changes, and new functionality before, during, and after rollout. Allow ample time for testing and questions, and create a robust list of test scenarios to track against. 

To implement Sage for your unique requirements, contact CrossCountry Consulting

Connect with an expert

Keith Linhart

Business Transformation Lead and Boston Office Lead

See Bio

Contributing authors

Sean Barrett

Megan Smith

When external auditors discover control deficiencies, especially those that rise to the level of a significant deficiency or material weakness, the remediation process can quickly tie up substantial internal resources public and private companies often lack. Persistent accounting and audit staffing shortages in the last two years have compounded the matter further.  

If there’s no one (or no team) on the bench with the required skills and capacity to make remediation their top priority or even full-time job, what’s the next step? 

To navigate the maze of remediation efficiently, management should look to strategic audit advisors capable of: 

A World of Difference: Audit Support That Frees Up Key Staff for Value-Add Activities 

Remediation will stretch internal capacity, prompt the reallocation of resources, and force management to make difficult decisions on whether to delay or abandon core business objectives. In fact, 71% of organizations believe they don’t have the talent or bandwidth to manage emerging risks – when an audit identifies deficiencies that need urgent attention, this gap will widen further. 

Plus, the Public Company Accounting Oversight Board (PCAOB) notes that companies typically take 6-18 months to fully address a material weakness. That’s valuable time companies will never get back. 

Will the months or yearslong remediation effort overlap with enterprise digital transformation programs, complex transactions (IPO, M&A, etc.), or expansion into new markets? These high-value initiatives are vital to current/future growth and competitive advantage – and will themselves take years of work and investment to orchestrate. 

Balancing these activities with the regulatory and investor demands resulting from an audit report represents a serious fork in the road for even the largest enterprises at a time when PCAOB-identified deficiencies are on the rise.  

There’s a real opportunity cost involved with how these concurrent efforts are shepherded – not to mention the total “true” cost on the balance sheet.  

Beyond Root Cause Analysis: An Audit Liaison 

Material weaknesses rarely stem from a single, isolated issue. They often involve intricate interdependencies between processes, people, and systems. Identifying the root cause of each deficiency is time-consuming and requires a meticulous, well-trained team. 

CrossCountry Consulting, a strategic audit advisor with extensive Big 4 audit experience, can manage all aspects of an audit, including remediation of deficiencies, significant deficiencies, and material weaknesses. This work entails: 

  • Total immersion in the issue, including a full understanding of the root cause of the deficiency. 
  • Defining a clear path to remediation as urgently and effectively as possible, including preparation of all necessary documentation. 
  • Training internal staff on what to look for, avoid, and better understand in future remediation efforts. 
  • Auditor communications, including responding to auditor questions and inquiries. 
  • Executive reporting of issues, remediation progress, results, and opportunities, including board and audit committee communications. 
  • Other operational enhancements, including automation, technology systems deployment, or process re-design, within Finance, Accounting, IT, and Risk functions. 

Audit support tackles all the issues dropped in the lap of management and impacted stakeholders without sacrificing critical ongoing initiatives outside of the audit process. 

That means: 

  • Devoting full-time focus to the remediation without unnecessarily distracting internal staff with complex requests. 
  • Propelling forward momentum daily so remediation is wrapped up on time and on budget. 
  • Reducing staff burnout and low morale during a high-pressure period. 
  • Removing information silos within the organization, which generates enduring downstream benefits even after remediation. 

Audit Impact Where It Counts 

As much as companies, auditors, regulators, and investors would appreciate remediation being a one-and-done housecleaning, the truth is that remediating deficiencies is often a multi-year process. A strategic audit advisor can assist management in architecting a control environment that prevents recurring issues and anticipates future risks, in addition to realizing long-term cost savings that avoids increased audit fees, regulatory sanctions, and loss of investor trust. 

As a firm built with Big 4 pedigree, CrossCountry Consulting’s audit-readiness specialists speak the language of auditors and take the burden off management teams. We drive value at all points in the process, with the ability to get involved before, during, or after an audit – wherever support is needed, our team plugs in. 

To get started on your remediation journey, contact CrossCountry Consulting

Connect with an expert

Christina Kaminski

Accounting Advisory and ESG Lead

See Bio

If 70% of change initiatives fail – the commonly accepted industry benchmark – what are the root causes?

It’s easy to point fingers at individual stakeholders, leadership decisions, or technology systems with steep learning curves. But it goes deeper.

Change management must be a cultural bedrock within the organization. When change fails, it makes clear that the organization was never truly invested in seeing the process across the goal line. Corners were cut, obstacles were sidelined, and everyone was left dissatisfied.

So how can organizations avoid the change management pitfalls that plague the vast majority of instances in which change is forthcoming? Where must greater consideration be given?

5 Common Change Management Failures

1. Under-Communication

When embarking on an ambitious change project – or even a relatively minor project – under-communication is the enemy. While top stakeholders involved directly in the change management initiative might be apprised of the goals, progress, and timelines of the project, it can’t be taken for granted that parties outside this group are likely in the dark.

Or, they’ve received general email blasts about upcoming change and have had to fill in the blanks themselves as to what that means and how it affects them.

Under-communicating will sabotage the best of intentions. In the absence of fact, rumor can take over.

Similarly, when the velocity of communication is lacking, it’s common that the volume of mediums used is also subpar.

Townhalls. Intranet announcements. Focus groups. Beta testing groups. Feedback sessions. Emails. It’s not one or the other; it’s all of the above. All communication channels available to the organization must be employed to ensure the change management message appropriately reaches all audiences.

2. Messaging Inconsistencies

Telephone isn’t just a game on the playground. It’s also unintentionally pervasive in the corporate world.

In addition to under-communicating change management, it’s equally destructive to inconsistently communicate.

There are several shapes this often takes.

  • The wrong level of detail: Some teams only need the cliffs notes version of the change messaging, while others need the full synopsis, annotations, and methodologies behind the initiative. Saturating staff with the wrong level of detail is ineffective and superfluous. Messaging must be calibrated to each respective stakeholder group.
  • Leaders receiving different messages: The OCFO has one lens on a project and the CHRO might have another. They come to the table with different questions, expectations, internal stakeholders, and responsibilities. But while the project might have different outcomes for their respective offices, they should still be reading from the same blueprint and sharing the same messages. The highest levels of leadership should be fully aligned on change and what it means for the organization at large. If ambiguity seeps into executives’ understanding of change, they can’t be expected to fully and faithfully communicate the initiative downward and outward.

3. Inadequate Budgeting and Planning

“It always gets cut and it’s always regretted.”

Truer words were never spoken in reference to change management budgets.

When evaluating a large investment in a software, reorganization, or growth, the devil is in the details. These outcomes must be paired with stellar change management at every juncture.

Change management is not the line item in the scope of work to cut, as once the initiative gets off to a rocky start, it’s difficult to course-correct without having to devote even more dollars, resources, and time. So, change management can be planned for upfront, or it can be retrofitted into the transformation after the fact much more expensively.

It’s not uncommon for a change program like a systems implementation to take five to seven years to put into place due to the absence of an effective change management strategy. At that pace, the system in question may no longer even be best-in-class or useful at all. To go back in and try again would only cause a significant amount of rework and extreme sunk costs. Think $3 million the first time, then $9 million the second time around for a total expenditure of $12 million over nearly a decade.

Inadequate budgeting and planning is the fastest route to a change failure. An implementation partner with expertise in project management, process improvement, and digital transformation efforts will always pay off.

4. Not Reinforcing

Change is a process, not an event.

As such, there isn’t a defined period of time when leaders can let off the gas during a change implementation. Reinforcement must be continuous if the transformation is to have any hope of achieving its stated outcome. Consider the three pillars of change in the table below with their corresponding actions:

Preparing for changeManaging changeReinforcing change
Change management project planProject managementProcess documentation, job aids, FAQ materials
Project team and key stakeholder communicationOngoing assessment of changeStakeholder followup and acceptance surveys
Communication strategy and timelineDashboard and progress reportingIssue monitoring framework
Audience and stakeholder assessmentCommunication contentMeasuring and reporting impact of change
Training strategyTraining schedule and materials
Approach to managing resistors to change

Managing complex change requires a holistic approach, with a center of excellence, change leader, or process owner orchestrating the effort. Some of the best ways to ensure a successful change management program are:

  • Designing a framework, such as agile, for monitoring and responding to issues as they arise. Change management accountability is derived from the clear-cut roles and responsibilities built into the framework.
  • Continuously measuring and reporting metrics related to the impact change is having on its intended business units (i.e., human resources, IT, finance).
  • Engaging in feedback surveys and sessions to gain a qualitative and quantitative perspective of the change process.
  • Creating accessible FAQ materials and process documentation.

5. Misalignment Among Groups

It’s not enough that senior executives and the project team are aligned on transformation. The entirety of the organization must be as well, even those who will be only tangentially impacted.

Every person in the business should have a baseline understanding of the who, what, where, when, why, how. This is instrumental in the larger company culture. If certain staff are left out of communications, totally unaware of change, or perhaps in total disagreement with the impetus for change, this friction must be addressed quickly.

Misalignment from leadership will derail a change initiative almost immediately. But misalignment among the rest of the staff may only become evident much later (or after) the process. At this point, it’s challenging and expensive to undo the friction that was already created.

Fundamentally, if you leave people out, change fails.

For total support in managing change in your organization, contact CrossCountry Consulting.

Connect with an expert

Sean Sinclair

Business Transformation

See Bio

Contributing author

Josh Mcleish

Coupa’s Release 38 (R38) production rollout through the first quarter of 2024 has brought a host of valuable upgrades to Coupa admins and users. Considered one of the biggest updates yet, procurement and spend management teams can expect substantive changes to various modules, interfaces, and applications commonly used in their day-to-day. 

For an in-depth exploration of all things R38, watch our recent webinar. To understand some of the key R38 highlights selected by CrossCountry Consulting’s Coupa implementation and transformation experts, here’s a good place to start:

1. InvoiceSmash Scanned Invoice Extraction With AI 

Continuous improvements to Coupa’s artificial intelligence (AI) engine have enhanced InvoiceSmash’s ability to extract information from scanned image PDFs. This new capability is in addition to existing extraction capabilities for text PDFs and credit notes. Note: Users must enable this feature and agree to the terms.  

For text-based invoice extraction, nothing has changed. For image-based extraction, InvoiceSmash will automatically begin parsing. Coupa states that “If the AI has low confidence in the extraction, it sends the invoice to Ready for manual entry, just like your existing workflows for scanned images.” 

2. Multi-Factor Authentication for Supplier Payment Accounts

While multi-factor authentication (MFA) is already a requirement for creating Supplier Payment Accounts (SPA), as of R38, it will now be required during the approval process as well. This update applies to all SPAs, with the only exception being if SPA or Supplier Information Management (SIM) is auto-enabled. 

MFA may create additional steps for users, but the update is critical to application security and process integrity.  

3. Third-Party Check Printing

Coupa Pay can now facilitate the printing and mailing of checks to beneficiaries. Payments are sent to a trusted third-party provider that generates physical checks and mails them via USPS First Class mail. The provider handles all processing, meaning suppliers who aren’t yet equipped to receive digital payments can still quickly and securely receive payments. 

The entire process originates within Coupa Pay. 

Explore expert Coupa solutions that solve real-world problems

Execute efficient Coupa deployments, enhance procurement and supply chain ROI, and minimize risk with Integration-as-a-Service offerings.

4. Invoice Entitlement and License

Coupa admins can now more easily grant (or control) invoice licensing to new users ad hoc or in bulk. Users added to Coupa accounts via API or CSV upload can automatically be given invoicing credentials at point-of-setup. Admins should keep this step top of mind when adding new users, as they’ll be prompted to select the appropriate licensing box, which will determine ongoing access control. 

The invoicing license is required for anyone who may need to view invoices. 

Change Management Is Essential 

In some cases, no action is required to access and benefit from R38 upgrades; in others, admins must manually enable a specific feature. It’s important to recognize that each Coupa release provides an opportunity to elevate the value Coupa can bring to the organization, and capitalizing on this value is only possible if users effectively implement and get comfortable with these new features.  

Although it may seem like another tedious change effort to leave for another day, it’s best practice to adopt Coupa upgrades as they come online. As an award-winning Coupa implementation partner, CrossCountry Consulting can help organizations maximize Coupa ROI and integrate each new release holistically across the Source-to-Pay lifecycle. 

Contact CrossCountry Consulting to get started. 

Connect with an expert

Harpreet Narula

Coupa Practice Lead

See Bio

Contributing authors

Anna Doppel

Neha Faxwala

Michael Collins

Obi Nwude

As a CFO, Controller, Procurement leader, or executive with Procurement oversight, you’ve been instrumental in rapid company growth. But that growth comes with a cost: It’s become increasingly difficult to have full visibility into what those costs are today and where they will be in the future. You’ve heard Procurement delivered significant cost savings at other organizations but aren’t sure how or where to start within your own company.

If your company recently stood up a Procurement function or plans to do so soon, below are five steps to building a value-driving team: 

1. Use Data to Inform Your Path

Nothing can be actioned until there’s visibility into all vendors and spend. Gathering this information can be expedient if a Procure-to-Pay (P2P) system (like Coupa) or data integration capabilities (like an ETL and Snowflake) already exist. Unfortunately, many companies still have data scattered in numerous spreadsheets.  

Aggregating and organizing spend data by categories enables teams to pinpoint immediate opportunities for supplier renegotiation and consolidation, while also identifying the organizational needs required to build the Procurement department (how many buyers vs. strategic sourcing personnel, how to align the team, how to connect Procurement to AP and Finance).  

The best organizations have deep connections between Finance and Procurement in which the annual budget feeds Procurement-related decisions (Plan-to-Pay). While this capability will not happen overnight, any new Procurement department should explore how to tie objectives and actions to the annual budgeting and planning activities across the company. 

2. Build and Sell Your Strategy

It’s important to immediately prove value to the organization. One of the first keys to this – even if Procurement reports to the CFO – is to step out of the accounts payable (AP) organization and position the new function as a strategic value-driver to the business.  

Then, it’s important to broadcast the goals of Procurement in line with overall company goals. For example, if the company is focused on generating cash, Procurement should identify ways to improve the company’s cost structure.   

Support from the business will be critical to the success of the new organization. Procurement leads must spend time with the business not just verbally explaining the value of the new function but proving value through hands-on experience.   

For instance, in the cost improvement-focused goal above, the Procurement department could help the business with building sourcing strategies, bringing market intelligence, developing RFx documents, and conducting sourcing events on their behalf. The Procurement organization then should have KPIs that showcase its value through data (e.g., savings generated, time saved for the business, etc.). 

Lastly, establishing governance from the start is critical. Procurement leads should work with the business to define decision rights across the Procurement lifecycle through a RACI (responsible, accountable, consulted, informed) document. Procurement’s role in sourcing, contract management, supplier management, and purchase order (PO) and invoice processing must be well-defined and understood by the organization as you move from decentralized decision-making to a more structured and controlled way of buying. 

Consider what percentage of spend should be directly influenced by Procurement. Which categories of spend (e.g., IT Services, Real Estate, Professional Services) will you lead vs. support? You’ll need coverage from executive leadership to advocate and champion these ways of working to make them stick. 

A reminder: Some business functions, such as IT and Marketing, may have built mini-Procurement teams in your absence. Strong alignment with these functions on the vision of Procurement will enable you to add value to existing structures and ultimately gain traction for new changes and objectives you plan to implement.

3. Generate Quick Wins to Stop the Bleeding and Gain Momentum

There are some relatively easy actions – many self-funding – organizations can take to generate immediate value through Procurement.  

Some are as simple as tightening policies around spend. For example:

  • Putting controls around spending.
  • Instituting requirements around the use of POs (No PO, No Pay) for the majority of spend areas.
  • Documenting allowable exceptions.
  • Leveraging Procurement catalogs for repetitive, low-dollar purchases like IT peripherals, office supplies, and general business admin. Catalogs can make buying faster and easier without disrupting normal operations.

Tightening policies can help reduce maverick buying that’s common with organizations that lack sophisticated Procurement departments. 

Sourcing is another opportunity. By examining spend data from step #1 above, RFx events can be conducted for key indirect categories (e.g. computer hardware) in which spend is higher than expected and/or desired. 

Explore expert Procurement & Cost Transformation solutions that solve real-world problems

Optimize Source-to-Pay, capitalize on procurement analytics, and drive cost management sustainably across the enterprise.

4. Review Digital Capabilities and Technology Architecture

Technology, data, and automation can be a catalyst to anyone building a new capability or department. You may be the only person in the entire company with “Procurement” in their job title. Or, there may be no dedicated Procurement function at all – just activities that ladder up to the CFO or Controller.   

In either case, you’ll need all the help you can get, and the more you can automate activities, integrate data, and simplify reporting, the more time you can spend with business stakeholders and suppliers on strategic, value-add activities. The great news is that there have been significant advancements in Procurement technology over the past 10 years that can provide built-in automation and reporting capabilities. That said, technology should be seen as an enabler to process. So, where do you begin?  

Start by examining the current technology architecture and flow of data.  

  • What sits in the ERP? Think through Sourcing, Contracts, Vendor Master, Requisitions, POs, Receipts, Invoices, and Payments.  
  • Are there other Procurement support tools in place, such as SharePoint as a contracts repository or Service Now as a routing tool? 
  • How are contracts, POs, or invoices approved today?  
  • What sits in offline spreadsheets?  
  • How do you retrieve data from each system and tool?  
  • How should it look in the future?  

Not sure where to start? Take a blank sheet of paper and draw an unconstrained view of a streamlined end-to-end P2P process that minimizes human touch and has the desired end-state technology architecture. How would live data reporting be automated in this desired end state?  

It may take time to achieve the technology target state, so answering these questions early is critical. The value of digitizing Procurement goes beyond efficiency benefits and can improve the experience the business and suppliers have with your Procurement department. 

5. Build a Multi-Year Roadmap

Time to put it all together. There will be so many things that you could do, but what should you do, when should you do it, and how?   

Some best practices include: 

  • Build an 18-month roadmap. Anything shorter doesn’t have enough lens into the big picture, and anything longer is too long to plan for. 
  • Prioritize 3-4 quick wins. These are initiatives (e.g., sourcing events for key categories) that take less than three months but generate noticeable value. They often include wins like defining decision rights throughout the process, updating policies, cleaning up vendor records, updating the approvals process, and installing a scanning tool or invoicing portal.  
  • Organize initiatives by people. What roles and skills are needed in Procurement to fuel process and technology-related activities? 
  • Prioritize initiatives that add the most quantifiable value. This is often cash generated, time saved, etc. Don’t boil the ocean and don’t get into initiative overload. 
  • Work in agile sprints. Instead of conducting sourcing for 10 categories at once, do them in sequenced waves. 

With this framework, organizations can build a Procurement department from scratch the right way or optimize their current Procurement activities to fit the needs of the business and reporting structure. 

To get started on your Procurement transformation journey, contact CrossCountry Consulting

Connect with an expert

Cade Lutz

Business Transformation

See Bio

Contributing authors

Blake Baptist

Anthony Diaz

The Public Company Accounting Oversight Board’s (PCAOB) “Target Team Inspections” consists of inspectors who focus on emerging audit risks and other topics the PCAOB believes could have important implications as audit teams aim to improve audit quality now and in the future. 

Recent PCAOB inspections identified the following three audit risk areas: 

  • First audits after traditional IPOs or de-SPAC transitions. 
  • Audit team reliance on shared services centers (SSC). 
  • Climate-related matters. 

Audit teams, already stretched thin, are feeling the pressure of closer scrutiny from the PCAOB due to a noticeable decline in observed audit quality. Overcoming current audit challenges – specific to the above focus areas and beyond – is imperative moving forward, and the work must begin now. Audit teams will increasingly be looking to management to engage in their audit responses to best navigate these challenges. 

Audit Quality by the Numbers 

The PCAOB estimates 40% of audits they review “will have one or more deficiencies that will be included in Part I.A of the individual audit firm’s inspection report.” Approximately 46% of audits are expected to have one or more deficiencies in Part I.B as well. 

This persistent upward trend over the last several years is a troubling sign, with PCAOB chair Erica Y Williams stating, “These findings are absolutely unacceptable, and audit firms must make changes to turn things around and live up to their responsibility to investors.” The Target Team focus areas may provide additional insights into auditors’, and by extension management’s, future areas of focus. 

The inspection report found the following:   

  • 20% of post-IPO audits contained deficiencies. Instances of deficiencies were in some cases caused by a departure from GAAP “in the presentation of deferred revenue” and the failure to test the accuracy of “labor hours used as an input to record revenue,” among other reasons. 
  • Positive signs for audit quality when relying on shared services centers (“SSC”), such as SSC personnel continuity between audit cycles, additional layers of review over SSC deliverables, and effective coordination between SSC and the U.S. firm. 
  • Registrants’ increased focus, communication, presentation, and disclosure considerations relating to Environmental, Social, and Governance (ESG) issues in anticipation of forthcoming ESG reporting requirements from the SEC.  

These targeted reviews will likely influence the areas of the business in which auditors will increase scrutiny. Therefore, companies should expect more questions relating to areas such as revenue recognition and ESG and be prepared with appropriate responses. In addition, audit teams may increase their use of SSC, which may lead to challenges with coordination. 

The Path Forward 

In the second half of 2023 and into 2024, audit firms have shifted their attention to respond to what’s viewed as a “breaking point in audit quality.” Firms turning the corner successfully are focusing on: 

  • Standardizing audit procedures and deliverables. 
  • Getting ahead of new accounting standards and policies by better understanding what regulators are thinking before audit season becomes time- and labor-intensive. 
  • Increasing audit partner engagement earlier in the audit process. 
  • Formulating proactive frameworks and responses to expected complex, judgmental areas (e.g., defining emerging risks). 

Additionally, new PCAOB Target Team focus areas for audits of 2023 financial information will include risks associated with: 

  • Distributed ledger technology. 
  • Interim reviews of certain banks. 
  • Multi-location audits. 
  • Significant or unusual events and transactions. 

Management, along with their auditors, should be prepared to address these ongoing and forthcoming audit inquiries. 

Fortunately, the audit process doesn’t have to be managed alone. CrossCountry Consulting’s audit-readiness experts help companies reduce audit friction and see around audit curves. To navigate the audit challenges of today and tomorrow, contact CrossCountry Consulting

Connect with an expert

Iris Chan

Accounting Advisory

See Bio

Contributing author

Aric Johnstone

As generative artificial intelligence (GenAI) becomes more accessible and expansive, business leaders need a plan to harness its potential while mitigating risks. This requires strategic planning activities, including exploring use cases, drafting an implementation roadmap, creating ethical usage policies, and elevating organization-wide AI literacy.  

There are two parallel paths organizations must take to successfully encourage the safe implementation of AI while proactively mitigating risks: 

  1. Build a strong data-driven foundation.
  2. Experiment with GenAI to create momentum for adoption.  
generative ai implementation and enterprise adoption journey
Organizations can make progress on GenAI even while still fine-tuning their data strategy.

Current AI trailblazers and innovators are already on this course. It’s beyond time for other organizations to follow suit.  

1. Build a Data-Centered Mindset 

A data-centered mindset is the precursor of a successful data transformation journey. This consists of having: 

  • A data strategy. 
  • Necessary governance mechanisms. 
  • The required initial infrastructure (people, processes, and technology). 
  • A capable team.  
  • Organizational data literacy.  

Together, these components enable companies to innovate and embrace GenAI safely and responsibly.  

To build a strong data foundation, companies should specifically consider the following actions: 

Establish Data Strategy and Governance 

An effective data strategy should drive the decision-making process of technology selection, including GenAI technology, as well as the assessment of use cases. Of course, these decisions should align with business needs, pain points, and goals.  

Leaders must ask “What tasks or functions could AI assist with?” “How could it improve operations or services?”  

Understanding the problems to be solved will help guide implementation and the selection of technology. 

Clear data governance allows the company to translate the strategy into an actionable roadmap. This includes: 

  • Defining data roles. 
  • Distributing responsibilities between stakeholders. 
  • Setting GenAI usage guardrails. 
  • Establishing measurable objectives at all levels of the company.  

Additionally, having a clear understanding of the organization’s risk landscape and how the usage of GenAI fits into it will enhance the organization’s ability to respond to new opportunities and risks and the ability to identify key gaps along the way. 

Focus on Data Centralization and Tool Selection  

With an explosion of technological advancements, companies must control where their data is created, transformed, and stored. It’s estimated the average enterprise uses more than 470 SaaS applications – SMBs rely on roughly 250 as well.

As the data technology space becomes more complex, so does the ability to manage and track multiple data sources. Selecting GenAI tools to kick-start experimentation doesn’t need to be a colossal task.

Develop a short list of current market offerings and their capabilities to efficiently select a Large Language Model (LLM) that employees can start leveraging for everyday tasks. In parallel with this initial experimentation tool, develop a longer-term plan for enterprise-level tools, carefully considering infrastructure needs, including hardware, software, and connectivity required to develop, host, and integrate broader GenAI into your data ecosystem.  

Team Building and Increasing Data Literacy  

While experimentation can be done with a handful of early adopters within the business, organization-wide adoption requires a data-literate workforce. Gartner’s Annual Chief Data Officer survey indicates that less than a third (29%) of companies are successfully meeting ROI objectives from the rollout of their data and analytics initiatives. Developing a literacy program with curated training materials and capable instructors is key to a successful implementation. 

2. Promote GenAI Experimentation 

There are several ways to shepherd GenAI adoption within the business, and, often, certain employees or departments will be ahead of the curve while others may be more averse to experimenting with new tools. To encourage responsible experimentation in a way that isn’t too aggressive, intimidating, or disruptive to normal operations, focus on the areas below: 

Start With Everyday Tasks 

OpenAI’s ChatGPT 3.5, Google’s Bard, and Anthropic’s Claude 2 are a few existing examples of public LLMs that can be accessed for free by all users. Similar to many other data-driven or business intelligence tools, the best way to grasp and understand the capabilities of the LLM is to use it.  

While the free versions of these LLMs do not offer protection of your proprietary business data, employees can still make great use of these tools in ways that don’t involve confidential data. 

Some employees may leverage the LLM as a teacher for existing marketplace technologies, while others may use it as an accelerated and more efficient research assistant. The teacher can walk through the steps of building the first workflow in an automation tool, while the research assistant can synthesize an industry article from a 10-minute read into a 1-minute read. As employees prompt the LLM for these low-risk use cases, each employee’s AI literacy increases. 

GenAI literacy is imperative to estimate ROI for projects and implementations in this space. Enterprise executives list “unproven ROI” as a key barrier to GenAI adoption. The experimentation phase helps to refine exactly how LLMs can slot into workflows, which can lead to more informed and data-driven assumptions around the true ROI that can be expected. 

Leverage Existing Tools 

Within the last year an increasing number of technologies, especially those focused within the business intelligence and data analytics industry (e.g. Alteryx, Tableau, PowerBI, Qlik Sense, Snowflake), have seamlessly integrated GenAI capabilities into their offerings.  

Some of these tools may offer an API that allows users to interact with an LLM from within the existing technology’s user interface, while others have fully integrated GenAI capabilities into their technology, allowing the auto-completion of code written by the user or the auto-generation of new insights from data. Technology leaders should speak with their third-party technology partners about safely experimenting with GenAI within the bounds of their existing offerings. 

Explore expert Data Transformation & Analytics solutions that solve real-world problems

Accelerate strategic adoption of data, analytics, and artificial intelligence platforms within a scalable systems architecture for efficient reporting, cleaner insights, and greater change readiness.

Crowdsource Use Cases 

Due to both the novelty of LLM capabilities and the breadth of their use cases, it can be difficult to build a use case list until the organization develops an initial familiarity with the technology. The initial focus on leveraging the LLM in everyday tasks is nearly guaranteed to spur new, more intricate use case ideas by those experimenting. There should be a central repository for the organization’s use case ideas that individuals can add to in real-time as they work and ideate with the LLM. 

The Right GenAI Partner 

CrossCountry Consulting can build out this initial use case list specific to your business and your industry and provide priorities so your organization maintains its momentum without becoming overburdened by the exponential proliferation of use cases. Proving the effectiveness of the first few use cases is a significant stride toward a culture that values the transformational capabilities of GenAI. 

Our Data Transformation & Analytics team believes that a successful GenAI journey starts with a strong data strategy and is accelerated by safe experimentation. It’s critical to get the correct foundations in place, whether that’s refining your data strategy and governance model, selecting the initial LLM to experiment with, exploring your existing tools for add-on GenAI capabilities, or developing and prioritizing your use case list.   

Contact CrossCountry Consulting to get started. 

Connect with an expert

Tom Alexander

Business Transformation

See Bio

Contributing authors

Humberto Jimenez

Austin Burlone

Aadil Seshadri

Alphonso McKenzie

Robert Harman

You just implemented your SaaS enterprise application you were told needed only minimal support. 

Because it’s – allegedly – a light lift (and cheaper), your organization opts to appoint as system administrator a member of staff who has availability to “help.” Unfortunately, they don’t have the proper, ongoing time or skills do the job effectively. 

Even if this administrator was heavily involved in the initial implementation and will be a power user, it won’t be long until you recognize that go-live is just the beginning of the application’s journey. Its actual value and impact on your organization start now – but you’re missing the critical infrastructure to realize true ROI.  

State of Enterprise SaaS

It’s estimated the average large enterprise has anywhere from 100-500 SaaS applications in use. Then there are also the dozens or hundreds of unsanctioned applications that employees use for individual tasks, creating a so-called “shadow IT” in addition to existing IT.

The implementation of more SaaS products will only increase, as evidenced by 500% growth of the SaaS industry at large over the past seven years. In 2024, the industry is projected to grow another 20%.

The explosion of the generative AI (GenAI) market further compounds IT demands. The GenAI Infrastructure-as-a-Service (IaaS) market will be valued at $1.3 trillion by 2032. A full-lifecycle systems architecture strategy is the path forward for IT teams and department heads concerned about adapting to change, adopting new technologies, eliminating IT redundancies, and controlling technical debt.

The appointed systems administrators for all this software can make or break your investment.

Can You Rely on a Part-Time Systems Administrator?

Applications consistently roll out new features and updates throughout the year, and your organization is most likely evolving with growth or change. Amid this sprawling infrastructure, maintaining alignment between systems, processes, and roles over time is the key to maximizing ROI. 

The chief barrier, however, is that your administrator has another day job, which leads to multiple debilitating issues that introduce risk across the rest of the business.

The Downsides of a Part-Time Systems Administrator 

  • Inflexibility when demand surges: When questions or issues arise during a surge period, it’s incredibly difficult for a single part-time administrator to keep up.  
  • Continuous training to maintain comprehensive knowledge: SaaS enterprise applications like Coupa or Sage Intacct are constantly evolving and rolling out new features. This requires a level of dedication to continuous learning. Ongoing system training is not going to be a priority when your administrator has competing operational activities they need to complete.  
  • Overall organizational risk: No one likes the phrase “but let’s think about segregation of duties.” There may be situations in which your accounts payable (AP) manager is also an admin in a system where they can manage suppliers, approve or bypass invoices, and maybe even execute payments.  
  • High turnover risk: Isolated or limited knowledge of the system within the organization can create significant gaps/risks if those key individuals leave. Additionally, talent with the right experience and skills is scarce, so the time to hire a candidate requires more time and money. 

Benefits of a Third-Party Administrator

Rather than settle for an in-house, part-time administrator, your organization may opt to have a full-time administrator dedicated solely to your application ecosystem. This is a considerably necessary and effective evolution in the application journey – if done well. 

The issue is that the skill set and technical agility required to support the application still reside in one individual, which is a risk in its own right. Further, inefficiencies that exist in a part-time model often still appear in a full-time model. 

That’s why top-performing companies with robust digital ecosystems leverage third parties for more balance during demand cycles. Third parties enable organizations to achieve the “gold standard” support model, which includes: 

  • A balanced, scalable approach to supporting your applications with relevant expertise. Additionally, a provider that brings a holistic view to your technology stack can support continuous innovation and optimization throughout every piece of connected systems architecture, creating real integration between IT and other business units. 
  • Access to specialized skills and knowledge to keep applications up to date and closely aligned with evolving business needs. This allows your internal resources to focus on core business activities that drive value, not on IT support tickets. 
  • Reduced overall risk by being able to segregate roles and reduce the complete loss of system knowledge when turnover hits. 
  • Mitigating costs directly by leveraging third parties to reduce internal headcount and training costs. Indirectly, not keeping your enterprise applications aligned with your evolving business will inherently have a large opportunity cost. 

While a part-time or full-time systems administrator is a valuable asset, they’re not the type of on-demand, high-ROI partner that’s needed in the long run.  

Distinguishing Between a Third Party and a True Partner

Not just any third-party support will do. You’re looking for a true value-add. 

A good partner will: 

  • Help resolve tickets while strategically getting to know your business for additional support capacity. 
  • Make recommendations based on the experience of companies similar to yours. 
  • Help you mitigate costs and maximize investment by leveraging the full power of applications across multiple lines of business. 

To better understand the value of an implementation partner and how we can support your enterprise application journey, contact CrossCountry Consulting today. 

Connect with an expert

Harpreet Narula

Coupa Practice Lead

See Bio

Contributing author

Matt Consevage

Everyone’s waiting for M&A to pick back up in 2024. When the time comes, are you ready to take your portfolio companies to market?  

Today’s financing and economic environment has created unique challenges for private equity sponsors, prompting management teams to be more prepared than ever to run a successful sales process and maximize exit value. Expert sell-side readiness can unlock the path forward. 

Market Conditions 

Sellers are confronting a market landscape characterized by uncertainty, limited financing options, and cautious buyers hesitant to commit capital. While the Federal Reserve has signaled a pause in rate hikes, there’s still a scarcity of available credit and a steep cost of debt. In 2023, this environment led to a decrease in transaction volume, depressed valuations, and intense scrutiny from lenders and buyers on assets that did trade.  

  • Private equity sponsors have increased their equity contributions, which in some cases surpassed 50% for the first time in 15 years. Additionally, hold periods have been extended, and distribution rates have fallen to their lowest levels since 2009.  
  • According to a recent Fund Performance Report from Pitchbook, private equity funds reported a modest return of 0.27% in Q3 2023, compared to the 5-year average of 4.33% and the low to mid-teen returns in late 2020 and early 2021.  

But the outlook is not all grim.  

The economy has weathered rate increases better than expected, employment is strong, and overall growth has run well above trend. That shift in sentiment, together with the growing pressure to deploy dry powder, will likely cause dealmaking to pick back up in 2024.  

That said, buyers and lenders will likely remain cautious. Assets that come across as more mature and well-prepared will likely stand out and receive more bids and higher valuations.  

Challenges Companies Face in the Sale Process 

Given what’s known so far in 2024, what’s standing in the way of a positive sales environment?  

For one, knowing that PE-backed platforms are utilizing buy-and-build strategies, it’s incredibly critical that unintegrated technology systems and processes don’t create undue challenges during diligence. Bidders desire cohesive datasets and effectively managed dataflow and communication. At this stage, data quality will shape buyer perceptions of the asset and the level of risk involved with operating the asset post-close.  

More specifically, the top five things that give buyers pause when evaluating a target are: 

  1. Lack of add-on and system integration: Platforms that have grown inorganically often face challenges in integrating add-ons from IT, finance/accounting, and operational perspectives. In such situations, buyers expect significant corporate infrastructure investments post-close, which affects the price they’re willing to pay for an asset. A complex or sub-optimal tech stack and financial reporting structure also make the diligence process longer, more painful, and less efficient for both sides. 
  2. Poor data quality: Limited visibility into key performance indicators (KPIs) and contradictory datasets can undermine the equity story. And incomplete or inaccurate financial records erode confidence and trust.  
  3. Key talent gaps: Open positions in critical areas of the business often mean there’s no one to adequately respond to operational or financial questions raised during diligence.  
  4. Executive turnover and lack of preparation: Recent executive turnover often results in a new management team that’s not able to speak to the company’s historical performance.   
  5. Legal and compliance issues: Unresolved legal or compliance issues can be deal-breakers, or, at minimum, delay deal close and impact valuations.  

Given recent shifts in the M&A landscape, both PE and strategic buyers expect a level of sell-side readiness from potential sellers. In 2023, assets were taken to market only to receive no bids or to have potential buyers withdraw from the process after encountering challenges or identifying risks in diligence. 

 

Exit Readiness: Best Practices for a Successful Sale Process 

Leading PE sponsors initiate the sell-side readiness process 12 to 18 months before engaging bankers or sell-side diligence advisors.  

This process entails mapping out risk areas and building a roadmap to address them. The roadmap should identify priority workstreams, clearly assign ownership, and include a timeline for addressing each risk area.  

Best practices for sell-side preparedness include: 

  • Deal PMO: Identify a member of management or the deal team with primary responsibility for the deal process and who’s accountable for timelines and deliverables. 
  • Document repository: Prepare a repository of important customer, supplier, and related-party agreements to demonstrate transparency and facilitate population of the data room. 
  • Strategic Initiatives: Prioritize commercial or restructuring initiatives that maximize exit value and contribute to a smooth, timely exit process. 
  • Key talent management: Address key talent gaps and key person risk by providing retention bonuses or long-term equity incentives to executives. 
  • System integration: Evaluate the level of system integration – enterprise resource planning (ERP), enterprise risk management (ERM), and customer relationship management (CRM) systems, for instance – across business segments and create a roadmap for future integration activities. Determine which aspects of the tech stack optimization effort should occur before going to market and which technology investments can be completed within the available time. 
  • Reporting best practices: Implement best practices in FP&A, accounting, and financial reporting well in advance of going to market. That will allow the company to present “clean” EBITDA numbers with a limited number of adjustments and to be able to respond to updated financials and buyer requests quickly. 
  • Finance and accounting bandwidth: Recognize the pivotal role of these functions during a sale process and ensure sufficient bandwidth and external support where needed. 
  • Data preparation: Calculate and track analytics illustrating the economics of the business and margin-drivers. Be prepared to respond to in-depth questions and provide transaction-level support for all materials shared with buyers. Don’t assume investment bankers will have primary responsibility for data gathering and analysis. The company’s FP&A team should play a leading role in this process.  
  • Control the narrative: Prepare to explain unfavorable trends in the data to maintain control over the narrative and provide additional support. 

That list may seem daunting, but making it a priority within a year of sale allows ample time for preparation. Forward-thinking sponsors who invest in comprehensive sell-side readiness consistently complete successful exits and accelerate time-to-value even in the most challenging economic conditions.  

To get started on your sales journey, contact CrossCountry Consulting

Connect with an expert

Chris Clapp

Private Equity Lead

See Bio

Contributing authors

Natalia Valderrama

Kate Saeva

Mergers and acquisitions (M&A) offer companies opportunities to:

  • Grow exponentially and improve access to talent.
  • Acquire and integrate new and complimentary services or products.
  • Increase customer base and enter new markets.
  • Gain economies of scale and purchasing power.
  • Address Environmental, Social, and Governance (ESG) gaps.
  • Access new technologies and innovations.
  • Drive geographical expansion.

However, there are also complex risks and integration issues that can’t be overlooked. Several challenges that commonly impact just how complex the transaction will be are:

  • Entity audit readiness.
  • Legal entity structures and intricacies.
  • Transition services agreements (TSAs).
  • Communication and change plans.
  • Financial implications of the size of the business and the size of the deal.
  • Purchase contingencies.

Integrating business operations requires advanced planning, coordinated execution, and effective communication – capabilities that may not be innate to existing organizations and that often require expert third-party support.

A Framework for Understanding and Overcoming M&A Complexity

Achieving the objectives of the transaction requires a defined roadmap with dedicated resources to manage the transition to a profitable post-integration state. Before, during, and after the transition, all expected and unexpected risks must be monitored, managed, and minimized as well.

The table below shows many of the fundamental questions leaders must consider when creating a transaction roadmap and before embarking on the integration journey. These questions are bucketed into three core focus areas and will greatly influence the complexity of the transaction.

Key M&A focus areasKey questions
Transaction type– What SEC and regulatory filings will be required?
– Have the accounting implications of the proposed transaction been assessed?
– What does the external auditor need to facilitate a timely closing of the transaction?
Operations (processes and systems)– What’s required to ensure merged companies operate effectively as one?
– Will the acquired company’s systems integrate into the current platform?
– How will different processes, policies, and procedures be reconciled?
Governance, risk, and change management– What new risks does the acquisition bring, and which existing risks are increased?
– What updates need to be made to internal controls, including IT and cybersecurity controls?
– How will consistent communication be ensured throughout the integration process?

Additionally, three crucial factors merit specific attention at all times:

  1. Finance and accounting: Merging finance and accounting teams, processes, and systems is vital to reporting, close, and consolidation cycles. Inefficient or unsuccessful integration of this functional and technological infrastructure will slow down every other aspect of the business and negatively impact the organization’s ability to accurately monitor financial health.
  2. Integration governance and management: A structured methodology for approaching, executing, and reinforcing the integration requires well-defined roles, responsibilities, milestones, communication, and training – ideally rooted in a centralized entity like a PMO, TMO, IMO, CoE, or steering committee. The enormous number of tasks for each functional group need to be properly tracked, enforced, and reported on consistently, a job only a centralized group can perform successfully.
  3. Future organizational structure: The target operating state will determine the best organizational structure for the business and affect how complex the transition will be. What’s important throughout the process is that all levels of the company are aligned on the future vision of the business, so that a cohesive culture can be maintained.

Explore in more detail the questions and answers that should be top of mind for leaders:

Have the Accounting Implications of the Proposed Transaction Been Assessed?

A transaction changes the consolidation structure and processes of the organization. This requires careful evaluation of:

  • Accounting policies.
  • Financial reporting implications, such as segments and reporting units.
  • Financial statement disclosures.
  • Key performance metrics, including non-GAAP financial measures.

Transactions also provide opportunities for the organization to evaluate its current accounting and finance function, increase efficiencies, and potentially automate processes rather than simply replicating the current state. An effective finance and accounting integration plan should include strategies for the following:

  • Standardization of corporate finance processes, policies, and reporting requirements.
  • Consolidation of payroll practices and systems.
  • Integration of travel and expense policies, systems, and procedures.
  • Financial forecasting and budgeting for the new entity.
  • Taxation issues.
  • Integration of billing, accounts receivables, and the general ledger.
  • Procurement systems and practices.

What’s Required to Ensure Merged Companies Operate Effectively as One?

Successful acquisition integrations are founded on a methodical strategy, attention to human capital concerns, a dedication to speed, and frequent communication to every stakeholder group throughout the process. These processes should be based around a team of dedicated integration practitioners both at deal-level project management and in functional areas.

To ensure the new company will operate effectively, leadership must develop a detailed integration plan that considers all aspects of the business, including:

  • Finance and accounting.
  • Business operations.
  • Client/customer support.
  • Communications (internal and external, including public and investor relations).
  • Facilities.
  • Governance.
  • Human resources.
  • Information technology.
  • Legal.
  • Marketing.
  • Product development.
  • Project management.
  • Sales and sales operations.
  • Tax.

To ensure that each of these functions is comprehensively addressed, it’s critical to create an integration governance structure that focuses executive time and talent on achieving the intended financial and operational objectives of the deal thesis. Merely putting people into transition or implementation management positions doesn’t keep a merger on a successful course. It requires an effective structure, able leadership, and systematic processes to make progress. This means molding individual contributors into transition teams and helping them handle the many operational and political factors that can otherwise transform good ideas into bad practices and great opportunities into painful memories.

Objectives achieved in the first 100 days post-close will create organizational momentum, set the tone for a cohesive culture, and create a smooth handoff to the functional leaders charged with the successful completion of the remaining integration tasks.

An organization’s integration governance structure should include:

  • A client-led steering committee to provide strategic input, escalate issues, and resolve challenges.
  • An executive sponsor to guide any decisions required by the integration team.
  • An integration management office (IMO) leader to provide overall direction of the integration process.
  • An integration project team responsible for day-to-day project management of the integration.
  • Functional leaders to lead execution and provide subject matter expertise.

What’s the Vision for the Organizational Structure?

When integrating two companies, leaders can’t ignore these change management questions:

  • How will you integrate the cultures of the two organizations?
  • How will the integrated company’s organization merge with the existing structure?
  • How will the reporting relationships change?
  • What is the impact on HR processes like performance management, compensation, promotion, and career mentoring?
  • Are there different operating models, such as decentralized processes versus a shared services model, that need to be reconciled?

Failure to consider these questions can lead to attrition, lost productivity, and integration delays.

A well-executed integration can provide a unique opportunity for businesses to grow rapidly and achieve strategic goals that may not be possible through organic growth. To achieve these benefits, though, management must understand and assess the complexity and potential challenges of the transaction and, in so doing, help to prevent disruption, delay, additional cost, and frustration from customers and key stakeholders.

To realize the deal thesis and execute a successful transaction, contact CrossCountry Consulting.

Connect with an expert

Kati Penney

Transaction Advisory Solutions Lead

See Bio

Contributing author

Kirk Lane

Companies considering a public offering in the next 12-24 months will need to carefully consider how to present their segment structure to external investors in a future registration statement. Given the segment structure’s importance to the overall story of the business and the change this represents for private companies, there may be some heavy lifting required.

Private companies typically present financial results as a single operating segment and aren’t subject to SEC reporting requirements. In a future public state, however, the Office of the CFO must be adept at external reporting for more intricate segment structures.

Here’s how to identify segments ahead of an IPO while maintaining momentum on the public-company journey:

Assess the Company’s Org Structure

Reviewing how the business is currently organized and operated is a good starting point for determining a company’s operating segments. This involves understanding the individuals or groups responsible for certain business units, who they directly report to, and how they are compensated.

This information enables a CFO or controller to build an analysis grounded in the actual reporting structure of the company.

An additional important step in this analysis is identifying the levels of authority each executive role has, which is valuable evidence in determining the operating segment managers and Chief Operating Decision Maker (“CODM”) under ASC 280 Segment Reporting.

Deliver value in the deal and beyond with expert IPO filing and advisory solutions

Generate and protect a profitable public company state with a methodology focused on your organization’s critical financial, operational, and technology-related functions.

Evaluate Information Provided to the CODM

A key element in the determination of a company’s operating segments is the information available, provided to, and regularly reviewed by, the CODM (often the CEO or executive committee). This type of financial information can suggest management’s view of the organization.

Although not uncommon, a defined set of key performance indicators (KPIs) or financial package may not be formally provided to the CODM on a monthly or quarterly basis. As a result, CFOs and controllers often need to work with their executive teams to design a formal financial reporting package that provides decision-makers with the desired level of information to manage the business and allocate resources.

Additionally, a formal financial reporting package can ensure the information auditors review is consistent with how management operates the business. These packages can also provide a good basis for IPO roadshow materials and Investor Day presentations in the future.

Complete Technical Analysis

After completing a review of the company’s org structure and the information presented to the CODM, the Office of the CFO should prepare a technical analysis in accordance with ASC 280 Segment Reporting. This analysis will determine the financial information that helps users of the financial statements better understand the entity’s performance, assess prospects for future net cash flows, and make informed decisions about the entity.

Preliminary conclusions should be validated with executive leadership and the Board of Directors. Audit evidence such as Board materials, as well as information presented to the CODM like org charts and financial packages, will be reviewed by the external auditors to substantiate the technical conclusion.

It’s also not uncommon for external auditors to participate in internal reviews of monthly or quarterly results to validate that the company’s operating segment structure is consistent with how executives manage the business.

Prepare Segment Disclosures

Upgraded financial statements that meet Regulation S-X disclosure requirements, including additional operating segment disclosures, are needed for any prospective S-1 filing. Proactively preparing these disclosures in conjunction with a technical analysis can ensure the accounting team understands the new disclosures and the appropriate source of data.

Prospective near-term registrants should expect the topic of operating segments to be raised by multiple stakeholders. That means investing time to understand and address segment structures in advance of the IPO process to align business stakeholders and external auditors. This early alignment is critical to the development of the company’s story and how it’s presented to external investors.

For expert support identifying segment structures and making progress on your IPO journey, contact CrossCountry Consulting.

Connect with an expert

Kati Penney

Transaction Advisory Solutions Lead

See Bio

Contributor author

Brian Bannon

How can CFOs push their teams to complete more transformation initiatives while still running a business? 

The answer is velocity.  

Here are five ways to get started: 

1. Drive Transformation and Continuous Improvement Through a Central TMO, Not a PMO 

Labels matter.   

There’s a negative connotation to the Project Management Office (PMO) label, although organizations have historically established PMO teams to manage roadmaps to completion.   

Four things have always been true about traditional PMOs: 

  1. They’re good at reporting status. 
  2. They keep things organized. 
  3. They don’t speed up progress. 
  4. They’re often viewed as a nuisance rather than an enabler. 

Alternatively, imagine a Transformation Management Office (TMO) that: 

  • Gets its hands dirty in process reviews with sprint teams. 
  • Challenges the status quo. 
  • Celebrates the success of others by sending weekly success spotlights rather than weekly status updates.  

Look at the differences between the PMO and TMO to see how your organization can benefit from making the shift:

finance transformation management office

2. Use Agile ‘Lite’ Instead of Forcing Too Many Complex New Concepts 

Agile is now commonplace for all project delivery types, not just technology implementations. The challenge is that it’s like learning a new language.   

Rather than creating a science project for your teams, infuse simple but effective agile concepts into a transformation by leading by example. 

Start with easy-to-apply agile delivery concepts, such as: 

  • Sprints: Each initiative should be broken into 4-week sprints. Multiple sprints run in parallel. There’s one week reserved after each sprint to report outcomes and plan for the next round of sprints. Pencils must go down regardless of progress at the end of each sprint.   
  • Cards: Deliverables for an initiative can be conveniently visualized through cards. Sprint teams select cards before the sprint and only focus on one thing at a time before moving to the next card. This enables teams to declare victory faster and more frequently. More victories correlate to transformation success.  
  • Scrums: A daily 15-minute meeting with the support of a Kanban Board focuses teams on the activities for that day and removes blockers from completing those daily tasks. Don’t let anyone work on meaningless tasks. Toyota invented the Kanban Board to best control and manage work at every stage of production. Their effective use is storied and diverse. Kanban Boards can also be fun and interactive, contributing to positive morale and collaboration. 

The illustration below represents an agile workflow for standardizing accounts payable processes:

finance transformation accounts payable optimization process and workflow

3. Embrace “Ish” as Opposed to Perfection 

“Ish” is a hard concept for finance and accounting professionals. It can apply to assessing processes to make them more risk-based, and it can also apply to a “good enough” definition of done.  

Transformation should be more about elevating organizational capabilities and finished products rather than perfection.  

For example, one sprint may be focused on process discovery for the Procure-to-Pay process. You may not achieve best-in-class cycle times by the end of the sprint, but if you end the sprint with a better process, move on and solve the next problem.  

Luckily, the word “ish” is in the word “finish.” Use this concept and you will finISH more initiatives. 

4. Put a Few Experts in Emerging Digital Tools on the Ground 

Companies invest in emerging tools like UiPath, Alteryx, and Tableau to generate process efficiencies, but the problem is that the average employee doesn’t know how to use these tools effectively. 

The organizations that will succeed in transformation velocity understand the importance of putting the right tools in the hands of sprint teams and teaching those teams how to use those tools. 

One quick way to catalyze the use of new tools is to implant a few experts as “champions” in the finance function. Have them build proofs of concept while they simultaneously upskill others on how to use the same tools. 

For example, the close process has heavy automation potential. Instead of planning an optimization project that takes a lot of time and money, an analyst on the accounting team should know how to create a bot within UiPath to automate a specific task.   

The finance professional of the future will be upskilled in the latest digital tools and will use these tools to continuously enhance ways of working so that they can focus on higher-value tasks. The image below highlights the skill sets and technology capabilities that separate traditional finance professionals from those who are future-ready:

finance transformation skills and technologies for finance and data professionals

5. Execute in Tiny, Dedicated Teams 

One of the most common transformation mistakes is expecting employees to keep doing their day jobs in addition to transformation work.   

Speed and part-time resources don’t go together in the same sentence. Sprints only work if people are dedicated, and it doesn’t need to be a lot of people. 

A quote we like to use internally rings true: “It’s better to have 2 people at 100% allocation than 10 people at 40%.” 

To execute successfully on your next transformation, contact CrossCountry Consulting today. 

Connect with an expert

Tom Alexander

Business Transformation

See Bio

Contributing author

Blake Baptist

For organizations closing their financials for year-end or preparing for their first close of 2024, three key factors can drive success throughout the process. 

  1. Clarity: Clearly defined processes, including tasks, roles, and deadlines.
  2. Transparency: Status visibility during close and transparency into what’s working well and what’s causing delays.
  3. Efficiency: Streamlined processes enabled through technology and automation.   

By prioritizing these goals, organizations can achieve time savings, speed-to-financial reporting, business performance insights, increased accuracy in results, and greater employee satisfaction. 
 
Let’s look at operationalizing this target state. 

Clarity: You Can’t Manage What You Can’t Measure 

An estimated 20% of companies take more than two weeks to complete a quarterly close, Ventana Research shows. Another 52% fall somewhere between one to two weeks. Completing a monthly close isn’t much easier, either. Finance teams still take about seven business days to close the books each month, equating to 90 days a year performing just this one task, according to a report from Sage. 

Clearly, there’s room for improvement. A few small enhancements to documentation and communication can shave time off the close cycle. 

  • Don’t underestimate the power of a central, easily accessible close checklist. While a close calendar is a good start, only a detailed checklist with clear tasks, preparer name, reviewer name(s), target date, and actual completion date enables full clarity on assignments and progress. Capturing this level of detail also allows for a meaningful baseline and informs an effective close debrief on wins and improvement opportunities.  
  • Clearly communicate policies and guidelines to support the process. Are leaders and reviewers clear on overall materiality thresholds for the close? Do the individuals preparing journal entries understand guidance on materiality to book for the month versus what can be trued up at quarter-end? Each team member should be clear on their individual roles, responsibilities, and expectations, in addition to any related dependencies for analysis, decision-making, forecasting, and other downstream processes.  

Explore expert close optimization solutions that solve real-world problems

Accelerate strategic adoption of advanced technologies like AI, automation, analytics, and business intelligence platforms that support rapid close execution and smarter insights to the business.

Transparency: The Engine of Accountability 

Better visibility into real-time financial data can surface insights leaders need for both operational and financial savings. For example, appropriate visibility into AP invoicing and processing bottlenecks allows for substantive discussions on establishing or updating the AP cutoff date. It also affords the opportunity to clarify and reinforce materiality thresholds to close the period. This is just one activity across the larger close process, but it’s representative of where transparent policies, standards, deadlines, and ownership relieve bottlenecks. 

  • Document all key close tasks, preparers, and business unit/corporate reviewers. Once everything is on paper, it’s much easier to observe opportunities to shift tasks around, relieve constraints, and better balance workloads across the team during a stressful, time-intensive close process. This is priority one – lack of transparency is a persistent issue companies of every size face. A checklist, as mentioned above, and a close management tool, to be discussed below, can elevate transparency for all relevant stakeholders and serve as key benchmarks for improving close maturity. 
  • Develop meaningful key performance indicators. KPIs improve transparency by highlighting performance gaps or achievements and enabling closer tracking of performance data. Finance and accounting leadership will be focused on measurement, so aligning KPIs to the type of criteria they most commonly seek is crucial. 
  • Support finance and accounting leadership with visualizations and dashboards to easily access close status. This step allows staff up and down the chain of command to drill down into specific data sets, check on milestones, understand progress, and have more substantive discussions with other team members. By understanding the details behind bottlenecks and delays, managers can quickly work to remediate issues and course-correct without disrupting the close timeline. This transparency also supports meaningful post-close retrospective discussions on what to continue and where to improve for the next close. 

Efficiency: Accelerating the Close and Related Reporting 

74% of finance professionals say they haven’t established an automation program within the close process, Controllers Council data found. Automation speeds up close, generates time savings, and accelerates financial and management reporting and insights.  

  • Streamline the close process to remove or shift tasks that don’t need to occur during the critical path of key close days. Organizations are starting to complete less-risky tasks quarterly, semi-annually, or annually to remove the burden on the monthly close. Additionally, these staggered tasks are being spread so as not to create additional work on quarter-end and year-end reporting cycles. 
  • Implement process automation and supporting tools and technology to unlock full close efficiency. Automating the financial close can triple the amount of time staff can devote to other strategic tasks. Over the course of the year, that adds up to saving the equivalent of 24 working days, according to Sage. Underlying data and related systems/sub-ledgers should be fully integrated. Journal entries, accruals, and reconciliations should be automated as much as possible within the ERP first and then supplemented with tools like FloQast, Alteryx, or Blackline as needed. If a close management tool is not in use, evaluate requirements against the cost of available tools in the marketplace to better understand potential ROI. Platforms like FloQast or OneStream are purpose-built for close acceleration. 
  • Realize faster insights into financial and business performance. An accelerated close allows for faster financial and management reporting, deeper analysis, and more time for strategic planning and forecasting. This shifts the team’s focus from transactional activities to value-added activities. If business intelligence, reporting, and forecasting tools aren’t already in place, it’s worth evaluating tools like PowerBI, Tableau, and OneStream. Data outputs and KPIs from the close process can be automated as inputs into these reporting tools, advancing efficiency as well as supporting clarity and transparency. 

Close Fundamentals Matter 

Leading enterprises with well-staffed accounting teams and robust, integrated tech stacks are pushing the boundaries on speed-to-close, even achieving a state of autonomous financial close. For most organizations, however, close success hinges on going back to the basics of enhancing and streamlining process integrity and bringing a continuous improvement mindset to each close cycle. 

Additional investments in automation, artificial intelligence (AI), and cloud-based reporting platforms can only be effective when there’s a foundation of defined, streamlined processes and clean, accessible data. 

For clear, transparent, and efficient close workflows that deliver rapid value-add insights, contact CrossCountry Consulting

Connect with an expert

Jennifer Goode

Business Transformation

See Bio

Contributing authors

Christina Gadrinab

Andrew Doster

Cory Miller

Isaac Brown

As part of the IPO process, private companies must substantially update their existing financial statements for inclusion in an initial registration statement filing with the SEC.

Making these changes often necessitates a series of firsts for CFOs and controllers in their current roles, such as:

  • Completing accounting policies/technical analysis and finalizing new disclosures in accordance with SEC Regulation S-X.
  • The drafting of a Management Discussion & Analysis (MD&A).
  • The implementation of a more robust financial reporting tool.

This work is imperative to IPO readiness and will require a core IPO team of internal, external, and third-party stakeholders to collaborate cross-functionally. As a result, a timely transformation of the financial reporting process and technology architecture must occur without disrupting the broader IPO timeline.

Here’s where pre-IPO companies should focus their most immediate financial reporting attention and resources to ensure a successful registration:

New Disclosures

Public companies are subject to increased disclosure requirements under SEC Regulation S-X. The footnotes and presentation of the initial registration statement matter.

The statement should consist of the following:

  • Operating segments.
  • Earnings per share (EPS).
  • Presentation and disclosure of certain redeemable securities as temporary equity.
  • Proposed adoption of new accounting guidance applicable to public companies.
  • Accounting policy for Goodwill (if change from private company alternative is required).
  • Certain income-tax-related disclosures.
  • Certain disclosures related to pensions and other postretirement benefits.

Prior to finalizing new disclosures, pre-IPO companies must complete their accounting policy and technical analysis for each additional disclosure, which will extend the time it takes to prepare financial statements. Additionally, it’s essential that companies coordinate with their external auditor on completing incremental audit procedures around the S-X uplift. Again, this phase of the process will impact the overall IPO timeline, so understanding the time implications of these steps is key to IPO readiness.

Management Discussion & Analysis

Preparing the MD&A is a significant effort for private companies – it’s a new process and the output is subject to a high level of scrutiny from underwriters, executives, and the SEC. The MD&A receives the most comments from the SEC, meaning companies must have a detailed approach to MD&A preparation to reduce rework and delays.

Below are some MD&A best practices to follow:

  • Identify a group of peer companies and review their MD&A with management to understand how your company will compare.
  • Review comment letters received by peer companies and other registrants on their MD&A to avoid common pitfalls (e.g., lack of granularity on drivers of change in revenues).
  • Finalize the operating segment structure with the executive team and with the auditors prior to drafting any version of the MD&A due to the downstream impact changes might cause.
  • Prioritize the preparation of a draft MD&A early in the IPO process to facilitate timely feedback from the CFO, Investor Relations, SEC counsel, and others before it’s put into the registration statement for wider review. This will ensure broad organizational alignment.

Financial Reporting Tool

In general, private companies rely on manual financial reporting processes without the support of a reporting tool, which can lead to inefficiencies and control deficiencies.

It’s not uncommon for external auditors to issue deficiencies on internal controls over financial reporting (ICFR) to new registrants – a symptom of poor reporting processes or absence of critical reporting technology.

Cloud-based financial reporting tools offer an efficient and collaborative option for preparing private companies’ financial statements. Critically for prospective registrants, these tools also provide additional layers of quality assurance and review controls over the financial reporting process. Cloud-based reporting software can enable electronic SEC filings as well, eliminating the need for traditional financial printers and achieving greater efficiency when preparing a registration statement.

Ahead of the IPO process, CFOs and controllers should partner with technology stakeholders to align on the exact type of technology to implement, conduct vendor assessments, and optimize the reporting process architecture without extending the IPO timeline. Companies should have several months of experience using these new tools successfully and efficiently before going public to ensure continuity and change management in a public operating environment.

For more information on producing SEC-ready financials and accelerating your IPO-readiness journey, contact CrossCountry Consulting.

Connect with an expert

Kati Penney

Transaction Advisory Solutions Lead

See Bio

Contributing authors

Avikar Kissun

Brian Bannon

The evolution of risks faced by modern organizations demands the adoption of flexible, scalable, and innovative solutions. User-managed intelligent automation is one such solution used to mitigate these risks efficiently and cost-effectively. 

With the internal audit function already juggling multiple responsibilities to address the current risk universe, attempting to transform for greater readiness and strategic enterprise input can be a challenging endeavor.

Enter automation. 

Why Automate Within Internal Audit 

When deployed and governed effectively, automation can help solve many of the common challenges internal auditors face daily.

In a recent webinar of 1,000+ internal audit, technology, and risk management professionals conducted jointly with AuditBoard, nearly 50% of attendees noted they experience all the following four challenges commonly solved by intelligent automation and data analytics: 

  • Regulatory requirements: Annual compliance requirements (SOX, NIST, PCI-DSS) are often clearly defined and repetitive, making them perfect candidates for automation. 
  • Budget constraints: Smaller internal audit teams with fewer resources can more effectively execute audit plans with the aid of automation, which, over time, can have less of a budget impact than hiring additional staff or outsourcing to a third party.  
  • Rapidly evolving risks: New risks present new challenges but also opportunities for transformative risk management. Cybersecurity and data privacy risks, for instance, already prompt internal auditors to think differently about risk mitigation practices and strategies. The use of automation can further shape and adapt the internal audit function, allowing risk teams to be more dynamic and data-driven while conquering compliance and proactively anticipating emerging risks. 
  • Employee focus: Teams with more time to work on stimulating and strategic tasks tend to have increased satisfaction within their roles. Automation can accelerate the transition to these kinds of activities while also reducing the cost of training and onboarding new resources. Additionally, automation helps teams avoid burnout commonly caused by document request delays and the monotony of completing routine tasks and testing procedures. 

Getting Started: Align on Strategic Priorities 

Before embracing intelligent automation, internal audit teams should hold frank discussions with relevant business functions and organizational leaders. It’s important to ensure automation aligns with the future vision of the company and directly addresses core challenge areas while gaining appropriate buy-in at key levels. 

By prioritizing the automation opportunities that directly support top priorities, internal audit can draw a straight line between their actions and investments to tangible results supporting the long-term strategic goals of the company.  

At this juncture, it’s also key to have a long-term, holistic perspective on the adoption of automation tools. As is the case with other technologies, scalability matters. The automation platforms, and the process architecture built around them, can have greater impact and strategic advantage when they can also serve other teams, functions, and organizational priorities beyond the four walls of internal audit.  

In this way, a collaborative, effective partnership with non-internal audit decision-makers can expedite automation investments and reduce time-to-adoption and time-to-ROI. 

Explore expert Risk Management solutions that solve real-world problems

Increase the value of internal audit and transform your enterprise risk function holistically to stay ahead of new standards, complexities, technologies, and threats.

How to Find Priority Automation Opportunities for Internal Audit 

To justify the efficacy and value in rolling out automation platforms within internal audit, it’s important to understand the potential scope of the automation program and, critically, where it can drive significant business impact and success. 

To identify these key opportunities, consider the approach below: 

  • Analyze current manual processes to identify suitable automation candidates (commonly manually time-intensive processes and/or prone to human error). 
  • Define and document key performance indicators (KPIs) that will help measure the success of automation. KPIs can quantify efficiency, accuracy, and improvements to audit processes. 
  • Determine the specific application and fit of different software tools for automating the listed audit tasks. 
  • Conduct a cost-benefit analysis
    • Perform a cost-benefit analysis on each potential automation project. 
    • Quantify expected cost savings in terms of FTE hours savings, error-rate reduction, etc. 
    • Also note the qualitative benefits of automation, such as employee satisfaction and opportunities to reallocate resources to other high-value-added tasks or processes. 

Areas where automation is commonly applied across each phase of the internal audit lifecycle include: 

internal audit automation and innovation

Deliver Better Automation Results With a Unique Approach  

Automation is never one-size-fits-all. To maximize the value of automation (whether it’s process automation, intelligent workflow management, or even artificial intelligence-enabled automation), it must be designed, developed, and deployed for the specific needs of the internal audit function.  

Specific ways to tailor automation and ensure a successful integration include: 

  • Strengthening data foundations: Access to structured, high-quality data from a robust, modern data architecture is a significant accelerator of automation.  
  • Creating standardized templates: A consistent, comprehensive approach to capturing information can create opportunities for reusable automation workflows. 
  • Building use-case libraries: Set up a basic intake process where team members can submit ideas and track items from ideation to approval to implementation. 
  • Engaging leadership: Include executive leadership and sponsors in ideation sessions and use-case reviews to directly expose them to automation and its transformative impact. 
  • Promoting an automation-first mindset: Encourage internal audit to continuously look out for new automation opportunities that improve efficiency and reduce risk. 
  • Establishing change management processes: Develop and adopt a standardized change management framework to ensure complete and accurate integration of automated tasks and compliance with corporate policies. 

To take the next step in your automation journey, contact CrossCountry Consulting.

Connect with an expert

Karalee Britt

Integrated Risk Management

See Bio

Contributing authors

Jordan Schweinsberg

Philip McKeown

Danny Green

Michael Douthit

The Private Fund Adviser Rules, issued by the SEC on August 23, 2023, will significantly impact the operations of registered private fund advisers (“advisers”) in the near future. One of the rules in particular, the Quarterly Statements Rule, will require finance leaders to assess and, in many cases, improve their Record-to-Report process.  

Such an effort should not be taken lightly. Adoption of better close and reporting practices takes time, including months of planning upfront and months of reinforcement after new processes are established. 

Learn more about the implications for registered adviser finance and accounting teams below. 

Background 

The Quarterly Statements Rule mandates that advisers distribute quarterly statements to investors that disclose fund-related information such as performance, investment costs, and fees and expenses paid by the private fund. Investor statements must be delivered within the following time frame:  

  • 45 and 90 days of quarter and year end, respectively, if a fund is not a fund of a funds. 
  • 75 and 120 days of quarter and year end, respectively, if a fund is a fund of funds. 

Advisers must comply with this rule within 18 months of its publication – currently by March 2025, regardless of total Assets Under Management. 

Impacts to Advisers  

The Quarterly Statements Rule impacts financial close, investor reporting, and data strategy for advisers in varying ways.  

Publicly Traded Advisers 

Advisers designated as non-accelerated filers already perform their Record-to-Report process within the SEC required timeline (45 and 90 days for 10-Qs and 10-Ks, respectively), which is the same period required by the Quarterly Statements Rule. Accelerated and Large Accelerated filers must complete their filings within an even shorter timeline (40 days for 10-Qs, 60 and 75 days for 10-Ks, respectively) putting them in a much better position than their non-public counterparts.  

As such, publicly traded advisers may need to focus on their data strategy – ensuring the appropriate data mandated by the Quarterly Statements rule is captured and presented in their investor statements. Additionally, abiding by the SEC 10-Q and 10-K reporting timelines does not necessarily mean that publicly traded advisers provide investor statements within that timeline, which they will need to do to ensure compliance. 

Non-Publicly Traded Advisers 

On the other hand, non-publicly traded advisers may need a more comprehensive approach to achieve compliance with the Quarterly Statements Rule. Many can take up to 60 days or more to complete the quarter-end close and up to 90 days or more for year end.  

Additionally, these advisers may not have an appropriate data strategy and corresponding technology to capture the data required by the Quarterly Statements Rule in their investor statements. This means they will need to accelerate both their Record-to-Report process and ensure they accurately capture and present the required data in investor statements.  

Depending on the adviser, compliance with the Quarterly Statements Rule will hinge on the ability to:   

  • Timely close the books; 
  • Capture the required data for investor statements; and 
  • Efficiently develop and distribute investor statements within the required timeline. 

Achieving these capabilities will likely require experienced support or external resources. 

Explore expert close optimization solutions that solve real-world problems

Accelerate strategic adoption of advanced technologies like automation, analytics, and business intelligence platforms that support rapid close execution and smarter insights to the business.

Seek Experienced Asset Management Support 

CrossCountry Consulting is a leader in helping private fund advisers improve their financial close, investor reporting, and data strategy. With an integrated approach to finance and data transformation, our methodology has enabled advisers to accelerate their Record-to-Report process by several weeks.  

CrossCountry can support advisers by helping: 

Understand Readiness With a Rapid Diagnostic 

  • One of the biggest challenges to optimizing the Record-to-Report process is knowing where to start. Our rapid diagnostic assessment enables advisers to understand their compliance with the Private Fund rules, including the Quarterly Statements Rule, within one to two weeks. This tool provides the “Big Picture” on compliance, identifies specific gaps, and delivers targeted recommendations.  

Optimize the Financial Close 

  • By partnering with clients’ finance organizations, we apply a proven approach that looks across people, process, data, and technology to realize a faster close. We help design an operating model that drives organizational alignment, reduces duplicative work, and maximizes the use of technology. This includes streamlining roles and responsibilities and exploring the use of close workflow management tools. An efficient close will not only help achieve compliance with the Quarterly Statements Rule but will also provide more timely transparency into financial results.  

Improve Data Strategy  

  • Leading Record-to-Report processes are supported by a data and technology infrastructure designed to maximize efficiency. We help clients implement the right data strategy and integrations within their technology infrastructure to make it easier to capture the required data for investor statements and beyond. 

Automate Investor Statements  

  • Developing investor statements and other reporting is often a manual process unsupported by technology. Additionally, many accounting systems with custom report functionality often require specialized coding knowledge and a dedicated resource. We help clients standardize and build investor statements using tools such as Alteryx, PowerBI, and Tableau. Combined with the appropriate data strategy and integration, this can save dozens of hours.  

Manage Change 

  • Adopting a new process can be a significant change for any team, especially if accompanied by new technology and mandatory regulatory requirements. We support clients by coaching teams through new processes and workflows, and observing their teams independently complete a full Record-to-Report cycle. We make observations, recommend tweaks to the process, and support retrospectives to help teams going forward. 

The Quarterly Statements Rule represents a paradigm shift, and registered advisers should prepare early. Though there are still roughly 18 months until full compliance is required, finance and accounting leaders should strive to have their processes in place one to two quarters in advance of the deadline to ensure they are ready. 

For expert support acting on the private fund rules, contact CrossCountry Consulting.  

Connect with an expert

Sean Sinclair

Business Transformation

See Bio

Contributing authors

Marcello Sandoval

Anjali Khullar

Dave Minto

One of the most effective ways to advance enterprise digital transformation is to go to the lowest common denominator in the organization: data.

All of the keystrokes, entries, transactions, touchpoints, and conversations internally and externally by all entities that come into contact with your company result in data that’s recorded, stored, cleaned, managed, and distributed in the course of daily business. 

So if data is the ubiquitous elephant in the room, why are corporate leaders, their teams, and even individual staff still wandering in darkness with data that can be incredibly useful and transformative to them? How can employees productively work toward common goals if data siloes disrupt workflows, impede digital progress, and generate unwarranted IT bloat

Data democracy is foundational to speaking the same language. And it’s an accelerant to real transformation.

What Is Data Democracy? 

Data democracy or democratization is the continuous objective of providing employees with access to relevant data that can enable better, data-informed decision-making and increase the organization’s collective comfort and confidence using data for various purposes.  

By removing unnecessary technical barriers to data, organizations can elevate cross-functional collaboration, enhance customer and employee experience, encourage greater innovation, and synchronize workflows on common platforms without requiring IT expertise or hands-on intervention. Now, non-technical users can contribute more meaningfully and strategically to enterprise objectives. 

Additionally, democratized data increases productivity and efficiency at the individual staff level, team or departmental level, and enterprise level as data flows more freely without silos. Helpdesk tickets, persistent chats, and unresponsive requests for platform permissions that often plague speed-to-decision can be overcome by improving employee data access that’s imperative to their roles and daily needs. 

Data Transformation First, Enterprise Transformation Second

Data democracy isn’t out of reach, even if it may seem like an aspirational concept. In fact, there’s often consensus across departments that tangible action on transforming data and data processes should be taken.

For example, finance and IT leaders have bipartisan agreement that increased visibility through mutual knowledge-sharing and cross-functional alignment supports the digitization of end-to-end processes. Data, of course, is a key component to mobilizing toward this goal.

Additionally, visibility can incentivize teams to engage cross-functionally (45%) to produce stronger processes and synchronize cross-department operating models and rhythms (42%) – directional outcomes that data democracy can facilitate.

These are key findings from a Forrester Consulting survey of 300+ senior finance and IT leaders commissioned by CrossCountry Consulting. 

See what 300+ Finance and IT executives say about the state of enterprise digital transformation.

New Forrester research commissioned by CrossCountry Consulting

To achieve this level of harmony, however, it’s critical that leaders prioritize a holistic data strategy, one that can underpin and inform future digital transformation efforts. 

Data is the binding ingredient between cross-functional activities – if the data strategy isn’t consistent across the enterprise, organizations often end up deploying more functional point solutions that have limited utility to anyone outside a siloed business unit. Plus, disparate organizational data can quickly lead to data mismanagement, competing governance structures, and general underutilization. 

To generate more value and alignment from data, organizations must: 

  1. Define and document clear business objectives: What are the specific business outcomes to achieve with data? What’s motivating transformation? These questions must be explicitly and clearly answered to ensure the data strategy is fully aligned to the corporate strategy. 
  2. Identify data sources and needs: What data does the organization currently have, where is it stored, how is it managed, who owns it, and how is it used? These baselines help to inventory the current state and spotlight gaps, risks, and opportunities. 
  3. Implement a data governance framework: Establishing appropriate governance over data management practices ensures data is measurable, manageable, auditable, and useful to relevant internal and external stakeholders. The data governance framework should include roles and responsibilities, controls, and processes for understanding, storing, sharing, and acting on data. 
  4. Invest in modern data technologies: Data cloud and automation tools like Snowflake, Alteryx, and Fivetran can store, migrate, and action operational data from across disparate sources and systems for strategic analytics, business intelligence (BI), machine learning (ML), and artificial intelligence (AI) capabilities. Additionally, 78% of finance and IT leaders indicate they’ve implemented, plan to implement, or plan to expand cloud data warehousing for the express purpose of facilitating more effective digital transformation. Leveraging best-in-class data technology of these kinds is imperative to embedding data democracy and taking the next step toward enterprise-wide digital transformation. 
  5. Build a data-driven culture: By democratizing data and establishing data literacy across the business, each function shares a common language and vision concerning the impacts of the enterprise data strategy. As teams align on data use cases, they are more motivated to maximize the value of data within their day-to-day and are more agile to the new technologies and processes that are necessary for concurrent and continuous transformation over time. 
  6. Promote data-driven hiring: Applying modern data management and innovation practices to current staff and processes is important to leveling-up in the near term, but organizations must also embed a data-driven mindset into their hiring strategies. With an evolving job and skills market, organizations can tap into candidates who already have proficient or advanced data skills they can bring into the firm on day one. In some cases, the nature of job roles might shift: Rather than seeking “traditional” applicants for accounting roles, for instance, organizations can re-align these job responsibilities to be more technology-enabled than in the past. In this way, each external hire helps move the needle on data transformation and expands upon the existing data-driven culture. 

While data transformation may not be the most conventional starting point for broader transformation (in many cases multiple transformations occur simultaneously), it can enable more informed, cleaner decision-making now and in the future.  

From Visibility to Value: Connecting the Dots 

Embracing data democracy enables teams across the organization to share accessible information and technology platforms they may not otherwise leverage. Empowered with this newfound touchpoint and level of connectivity, it becomes easier for staff from different functions to work together on end-to-end processes (e.g., IT collaborating with accounting on close management processes and software, finance collaborating with risk management on automation, or HR and marketing collaborating on branding campaigns to recruit talent). 
 
Tech-driven platforms that deliver scalability and speed are the top-cited mechanisms for finance and IT in particular to align, according to the study. Once aligned, leaders believe AI/BI-based decision support will be foundational to their organization’s digital evolution. 

data transformation alignment on enterprise digital transformation

As mentioned, digital evolution is not possible without a holistic data strategy. With visibility into data, staff can tap into and generate new value streams. 

These value streams are evident in: 

  • Improved decision-making: When teams have clear visibility into their data, they can make better decisions about everything from product development to marketing to customer service. They can also identify areas of improvement and deliver insights up the chain of command more quickly. 
  • Smarter processes: When leveraging data analytics and business intelligence platforms, staff can uncover process inefficiencies, cost overruns, and labor savings. Staff can also clarify which stakeholders are responsible for certain handoffs and workflows that stretch across teams to ensure common transformation challenges and obstacles are understood and overcome efficiently. 
  • New products and services: Data can help organizations to understand their customers’ needs and wants, and to develop new products and services that meet those needs. 
  • Improved data quality and security: Data lineage can help organizations identify and correct errors in data, mitigate security risks, and maintain auditability. 
  • Improved data compliance and governance: Enforceable governance policies and procedures enable organizations to comply with regulations (e.g., data privacy) and maintain a strategic, cohesive approach to data. 
  • Enhanced digital transformation outcomes: Security, innovation, and agility are the most sought-after outcomes of digital transformation, according to the study. Data visibility and data quality are imperative to accurately measuring these outcomes, reporting progress, and considering transformation “complete” or “successful.” 

Driving data transformation, beginning with data democratization, is central to long-term enterprise agility and competitive differentiation. There’s no time to waste.
 
To explore more expert insights on the state of today’s enterprise digital transformation, download the full study. And to expedite your next transformation, contact CrossCountry Consulting

Connect with an expert

Tom Alexander

Business Transformation

See Bio

Contributing authors

Sanket Sejpal

Nick Du Preez

As audit firms intensify their focus on enhancing audit quality and navigating regulatory changes, public and private companies are feeling the effects.  

More than ever, companies preparing for financial statement and integrated audits must maintain a forward-looking, audit-ready posture to keep pace with dynamic accounting, finance, risk, and human capital challenges on top of evolving factors external auditors are scrutinizing. The status quo approach to audit no longer suffices. 

Here’s how to game plan accordingly. 

1. Understand What Regulators Are Thinking 

Recent actions by the Public Company Accounting Oversight Board (PCAOB) signal a clear directive toward bolstering audit responsibilities.  

A June 2023 proposal amplifies the auditor’s vigilance against fraud and noncompliance with laws and regulations, significantly expanding the responsibility of the auditor. 

“By catching and communicating noncompliance sooner, auditors can help companies course correct and better protect investors from risk,” said PCAOB Chair Erica Y. Williams in reference to the proposal. 

Companies can anticipate questions about their process for identifying relevant laws and regulations and their process for preventing, identifying, investigating, evaluating, communicating, and remediating instances, or alleged or suspected instances, of fraud and other noncompliance. As a best practice, legal departments should be involved.  

Meanwhile, a new standard adopted in September 2023 aims to modernize requirements for auditor use of confirmations, fortifying investor protection in the current business environment. 

On the proposal, Williams stated, “The new standard will help auditors detect fraud and better protect investors. By replacing a confirmation standard that had not changed significantly since faxes were a regular form of communication, the Board has taken an important step in modernizing our standards to effectively protect investors in today’s world.”  

Because audit firms will no longer be able to rely solely on “negative confirmation” requests for PCAOB audits, companies should prepare for additional efforts, such as assisting with outreach to the third party or providing additional audit evidence for alternative procedures. Additionally, the PCAOB rule will prohibit internal auditors from assisting with confirmations, another key factor to take into account. 

2. Expect to Hear From Your Auditor on These Issues 

With evolving regulatory shifts on the horizon, alongside core, expected audit considerations, companies can improve their audit readiness by knowing what auditors are likely to scrutinize this season. 

Some of these primary concerns will be:  

Internal Controls  

Auditors will continue emphasizing internal controls, with a focus on the precision of controls and the reliability of information used in controls. Expect questions about the completeness and accuracy of any reports being used in a control, including system-generated canned reports and ad-hoc reports, as well as Excel files.   

As a best practice, keep an inventory of every report relied upon in a control and denote the key data elements used in that report, allowing auditors to focus on only the relevant data elements used. Not every data element in a report is necessarily relevant, and companies should demonstrate that they know which data elements matter and which don’t, as discerning between data elements streamlines the audit and showcases preparedness. 

Economic Considerations 

With mass layoffs hitting a range of sectors the past 12 months, a volatile IPO market, large stores of private equity dry powder, and prevailing supply chain, interest rate, and global security trepidation, it’s safe to say the impacts of these realities will be under a microscope.  

Companies can expect auditors to evaluate economic considerations, how they were assessed throughout the year, and how they affected valuations, impairment, and going concern assumptions. Be prepared with a well-documented analysis of these factors. 

Confirmation Processes 

Following the Wirecard fraud incident and the PCAOB action referenced above, expect additional efforts around the confirmation process. Auditors might seek more comprehensive confirmations, request additional data elements to be confirmed, or confirm accounts that weren’t previously confirmed.  

Cybersecurity Vigilance 

With escalating cyber threats and the increased utilization of IT systems, auditors will delve deeper into companies’ risk assessments around cybersecurity threats and potential attacks. Auditors will assess whether cyber incidents resulted in material misstatements, disruptions or impacts to financial reporting operations, and mitigation or resolution practices put into place. 

Companies must have clear, comprehensive documentation of their cybersecurity risk assessment process and extensive assessments of any attacks. 

Emerging ESG Questions 

Though not yet mandatory from a regulatory perspective, audit firms are seeking to understand how companies are assessing and responding to climate risks, with an eye on climate-related disclosures and greenhouse gas emission disclosures that may soon be required. Consequently, they are contemplating the impact of climate factors on financial statements and how ready companies may be for future required disclosures related to ESG

Companies should understand what they’re already disclosing about ESG, particularly regarding climate-related disclosures. They should also consider whether their “ESG story” aligns with other financial reporting determinations or disclosures – for example, as it relates to impairments or valuations. 

When approaching these regulatory concerns, companies should create a calendar of milestones and communicate often internally and externally. Traditional project management best practices can help mobilize relevant stakeholders and provide accountability during the audit process. 

3. Seek Experienced Support 

The audit process doesn’t have to be managed alone.  CrossCountry Consulting’s audit-readiness experts have decades of audit, accounting, finance, technology, and risk management experience that enables public and private companies to reduce audit friction and see around audit curves. For robust and proven audit-readiness support, contact CrossCountry Consulting

Connect with an expert

Christina Kaminski

Accounting Advisory and ESG Lead

See Bio

In 2024, organizations are focused on annual budget planning and reflecting on areas of improvement.

In the current economic environment, risk leaders are being asked to find additional savings, create efficiencies, or stay “budget neutral,” limiting their ability to make significant investments in the very technologies that could enable long-term incremental savings. The wish lists of “must haves” and “nice to haves” are likely being pruned to include only “must haves” at this point.

For risk leaders, this challenging budgeting and planning dynamic is compounded by:

  • Increased auditor and regulatory scrutiny.
  • New regulatory requirements and SEC rules.
  • Evolving risk and market conditions.
  • Increased third-party risk.
  • High employee turnover.
  • Poor organizational data management practices.

Amid these obstacles emerges a resolution for change in 2024. The time for integrated risk management has come.

What Is Integrated Risk Management?

Integrated risk management (IRM) is a comprehensive approach to managing all risks within an organization. This approach ties together the high-level risk pillars of the organization – enterprise-wide risk, technology risk, financial and compliance risk, and operational and strategic risk – enabling the creation of a common set of practices and processes that drive standard business operations and procedures cross-functionally.

How to Implement Integrated Risk Management

IRM allows leaders to prioritize where time and resources should be invested. This prioritization will be unique to the demands, strategies, and goals of each organization.

While there are numerous ways organizations can commit to and execute IRM, the below mechanisms are generally productive, agnostic starting points:

  • Creating a risk-aware culture: The crucial first step to effective IRM is to ensure the tone at the top of the company is set and a risk-aware culture is being implemented across the organization. This involves training employees to understand and manage risks within their roles and promoting a mindset that prioritizes risk identification and mitigation. Employees should understand not only why they are performing controls but how to identify whether controls are operating as intended.
  • Enhancing cross-functional collaboration: IRM requires collaboration across different departments within an organization like finance, IT, compliance, legal, and operations to help identify, assess, and mitigate risks. Many organizations are adopting IRM technologies or tools that consolidate various risk-related processes into a single platform. This allows for a holistic view and better management of risks. It also avoids duplication of efforts and creates better accountability.
  • Leveraging data analytics, automation, and AI: Risk management is an ongoing process. With data and predictive analytics tools, organizations can analyze large volumes of data to identify potential risks and trends and surface risks before they escalate. Automation and artificial intelligence (AI) platforms can simultaneously streamline and expedite highly manual processes and controls, improving the reliability and accuracy of data and decision-making.
  • Performing dynamic risk assessments and scenario planning: Unlike traditional risk assessments, which are typically conducted annually, dynamic risk assessments acknowledge that risks change and new hazards arise. They emphasize the importance of adaptability and flexibility in addressing risks effectively. Conducting dynamic risk assessments and scenario planning exercises on an ongoing basis empowers organizations to formulate appropriate responses to variable risk scenarios. This proactive approach to risk management helps to mitigate the impact of potential risks that would otherwise likely be more severe or entirely unexpected.
  • Keeping pace with evolving regulatory compliance: Staying abreast of changing regulations and ensuring compliance is a key aspect of IRM. With changes such as SEC Cybersecurity Disclosure Requirements or SEC Climate Risk Disclosure Organizations, organizations must stay ahead of what’s coming so they’re prepared to comply when regulations are released. Companies should invest in tools and processes to monitor regulatory changes and ensure adherence across the organization.
  • Increasing Board and leadership involvement and education: Boards and senior leadership play a critical role in IRM. They set the tone for risk management strategies, oversee the implementation of IRM frameworks, and ensure that risk management is integrated into the organization’s overall strategy. It’s critical to ensure that all members of the Board and senior leadership are educated in critical areas of risk, such as cybersecurity. It’s also critical that the Board and senior leadership are provided with accurate data to ensure they’re making informed decisions.
  • Focusing on resilience planning: One huge lesson that many organizations learned during COVID was the importance of focusing on business continuity and resilience. Building organizational resilience to bounce back from unforeseen events involves not only identifying risks but also preparing strategies to recover swiftly from potential disruptions.

By incorporating these strategies, organizations can create a more robust and proactive approach to managing risks across all facets of operations. To implement IRM strategically, contact CrossCountry Consulting.

Connect with an expert

Jill Agudelo

Integrated Risk Management Lead

See Bio

(more…)

Asset management, investment banking, and other financial services firms subject to SEC Rule 17a-4, a 2022 amendment governing the monitoring and retention of electronic communications, today still have insufficient or adolescent message archival programs established for compliance. 

Earlier this year, regulators cited more than 15 Wall Street broker-dealers for failure to maintain and preserve electronic communications, amounting to $1.1 billion in total fines. SEC enforcement actions are expected to continue as firms grapple with building compliant recordkeeping programs. 

Planning for a more robust and effective controls program for 2024 implementation should ideally be well underway, but a number of challenges persist, putting thousands of firms in the hot seat. 

What Is the Electronic Recordkeeping Amendment? 

The rule is officially referred to as the “Electronic Recordkeeping Requirements for Broker-Dealers, Security-Based Swap Dealers, and Major Security-Based Swap Participants” or “Electronic Recordkeeping Requirements” for short. 

Other common references often include “Mobile Device Communication Monitoring and Retention,” “Mobile Comms,” “eComms” or “Electronic Message Archival.” 

In essence, the rule requires firms to maintain and preserve electronic communications for proper recordkeeping and compliance with federal securities laws. In the last decade, and especially since the pandemic, firms have made greater use of “off-channel communications,” meaning business matters are conducted and communicated over personal devices like employee cellphones through text messages or private email. 

When personal devices are used without procedures for archiving communications, firms deprive regulators of critical information on conduct, finances, and data security in addition to putting client and organizational information at risk.  

What Does an Effective Message Archival Program Entail? 

Successful message archival programs should be a cross-functional initiative designed with key strategic business, technology, and functional goals in mind. Due to the pervasiveness of mobile communications channels, such as iMessage, SMS, WhatsApp, and WeChat inside and outside the workplace, firms must re-evaluate their existing policies and technical solutioning around mobile device audit and surveillance. 

Explore expert Risk Management solutions that solve real-world problems

Understand emerging threats, changing regulations, and evolving technologies – then formulate actionable, pragmatic strategies to reduce risk across the enterprise.

There are four overarching pillars that guide the direction and successful execution of a message archival program: 

  1. Meet SEC requirements for electronic communications monitoring and capture from mobile devices. 
  2. Implement secure, streamlined, scalable, and firm-controlled technical solutions for in-scope mobile communication channels. 
  3. Provide staff with the best possible user experience within acceptable security and risk requirements. 
  4. Establish an agile, forward-looking program capable of adapting to future market changes and regulatory requirements. 

More tactically and immediately, this means firms subject to the rule should: 

  • Identify the types of electronic communications that need to be archived. This includes communications with customers and clients, as well as business records such as order tickets, trade confirmations, and account statements. 
  • Select a message archival solution that meets the organization’s needs. There are a number of different message archival solutions available; however, the software market in this space is still in its infancy and organizations might find their options limiting. Generally, it’s important to select a solution that’s scalable, secure, and easy to use. 
  • Develop message archival policies and procedures. The policy should document how electronic communications will be archived, retrieved, and retained. 
  • Train employees on the message archival policy and procedures. Employees need to understand why properly archived electronic communications are critical to regulatory compliance and minimizing financial and reputational risk. Additionally, employees must understand how to leverage different communication channels as part of their job function and how improper communications can open areas of risk for the firm. Again, user experience is critical to program adoption and success. 
  • Monitor and review the message archival program on a regular basis. This will help to ensure the program is working effectively and meeting the needs of clients, employees, regulators, and the organization itself. 

Best Practices for Message Archiving  

When implementing a message archival program, financial services organizations should follow these best practices as a baseline: 

  • Archive all electronic communications. This includes emails, instant messages, text messages, and voicemails. 
  • Use a tamper-proof archive format. This will help to ensure that records cannot be altered or deleted. 
  • Index and search records. This will make it easier to find the records when needed.  
  • Implement audit and reporting capabilities. This will enable internal and external auditors to track who is accessing the records and when. 
  • Retain records for the required period of time. SEC Rule 17a-4 requires that certain records be retained for two to six years. 

Key Challenges to Message Archival Program Implementation 

Building a message archival program from scratch or enhancing an established program is not without its obstacles. As evidenced by increasing regulatory scrutiny and the number of fines levied, even some of the world’s largest institutions are falling short of compliance. 

Understanding these common challenges, both internal and external, is necessary to avoiding the pitfalls of peers and enacting a future-ready program. 

Internal  

  • Lacking resource capacity to support large-scale changes. 
  • Insufficiently assessing the change impact of mobile device management for end users. 
  • Balancing regulatory compliance with user experience. 
  • Educating employees on required changes and resulting impact on day-to-day operations. 

External 

  • Ambiguous SEC requirements. 
  • Regulatory misalignment or conflict with specific messaging platforms. 
  • Few highly mature software solutions on the market that can meet comprehensive compliance needs. 

Cross-Functional Expertise Needed 

While firms may have effective controls and capabilities over some functions and processes germane to SEC rule 17a-4, most need additional bandwidth and experience across multiple functional areas to ensure message archival program excellence. 

Six core capabilities are needed: 

  1. Change management: To develop effective and purpose-built training and communications programs for employees with the goal of facilitating quick adoption of new policies and reinforcing policies continuously over time. 
  2. Program management: To align stakeholders, measure progress, and oversee the end-to-end message archival program to ensure the firm’s goals are met and regulatory requirements are achieved.  
  3. Technology architecture and strategy: To assess the current-state technology ecosystem and integrate new technology solutions for optimal integration, compliance, and effectiveness. 
  4. Vendor selection: To understand the requirements for third-party technology or program support and negotiate vendor contracts for long-term savings. 
  5. Risk strategy and management: To understand current and future technology, regulatory, and financial risks and implement effective monitoring and remediation programs. 
  6. Governance and operating model architecture: To create and implement a structure for ongoing controls and decision rights and to design a future-state program that meets the needs of today and tomorrow. 

CrossCountry Consulting’s integrated approach to SEC rule 17a-4 compliance empowers asset managers, investment bankers, and other financial institutions to adopt effective message archival programs and adapt to the regulatory landscape. 

For expert support navigating your program build, contact CrossCountry Consulting.  

Stock compensation awarded to executives and employees creates additional accounting complexity for pre-IPO companies and becomes an expanded audit focus by external auditors.

Rapidly growing companies with limited resources may find it challenging to build a more robust and efficient process since stock compensation accounting necessitates greater expertise and support often not found internally. To align to public company standards via a more mature stock compensation process, below are several key activities pre-IPO companies can initiate:

Implement Equity Plan Software

Equity management platforms, such as Morgan Stanley at Work’s Shareworks Platform, enable companies to efficiently manage their equity awards and cap table from early growth stage right through to operating as a public company. These tools can also:

  • Improve data management (i.e., single source of truth for HR and finance).
  • Create efficiencies through elimination of manual calculations.
  • Simplify the application of withholding taxes.
  • Add a layer of IT general controls to the process, effectively limiting access to sensitive compensation data.
  • Provide additional efficiencies around stock compensation expense accounting when moving to a quarterly process as a public company.

Align 409a Valuations

Pre-IPO companies typically get 409a valuations prepared only in conjunction with fundraising activities (if any) and as part of year-end close. These valuations form the basis of the stock compensation expense recorded in the company’s Income Statement, but the timing of the valuation may not be aligned with the dates employees were granted awards.

The valuation of awards is a common area of comment by the SEC on S-1 registration filings, particularly when the grant-date fair value of the awards is significantly different from the target IPO price. To reduce the risk of an audit issue or an SEC comment on a future filing, prepare for more regular 409a valuations and align them with their standard grant dates of awards to employees.

Establish Internal Controls

Stock compensation expense may be a common source of misstatement for private companies, especially where a manual process is the only means for calculating the annual or quarterly expense. To mitigate the risk of misstatement:

Review and Standardize a Complex Awards Process

To facilitate a more efficient audit, identify material and complex transactions throughout the year and proactively address technical accounting on a real-time basis. This is also applicable to complex equity awards, such as performance-based awards, which are commonly awarded to company executives and management.

The accounting for these awards may require a different expense recognition pattern to standard awards and may require quarterly monitoring. For any new types of awards issued to employees, companies should consider creating an accounting policy related to these award types in line with ASC 718 and establish a process for reviewing the accounting for such awards in future periods.

The above activities can be a significant challenge due to time and resource constraints, but the value and demand in taking action is necessary for public-company readiness.

To mature your stock compensation process and minimize the risk of audit issues or SEC comments, contact CrossCountry Consulting.

Observing a backlog of key filers, including Stripe and Databricks, several highly valued companies are in various stages of IPO planning without having officially made the jump. That changed in September with British chip company ARM’s successful $5 billion IPO – the biggest in 2023.

The move has fueled further interest in profitable exit strategies in a range of industries, creating renewed momentum for pre-IPO companies still on the sidelines. Case in point: Quickly following ARM’s IPO, Instacart increased its own IPO price range nearly 10%. Birkenstock took a more conservative approach with its pricing strategy but still managed to successfully raise $1.48 billion in its October IPO.

This uptick in IPO activity mirrors pursuits in the M&A (Microsoft’s $69 billion acquisition of Activision subject to FTC approval) and private equity spaces (Thoma Bravo’s take-private of NextGen Healthcare for $1.8 billion).

Regardless of the type of exit, companies transitioning into the next stages of their lifecycles will require substantial infrastructure investment. Fortunately, that transformation is consistent across exits, as the shift to a more efficient, de-risked operating model smooths the path toward a successful transaction.

Exit-Readiness Assessment: A New Corporate Baseline

An exit-readiness assessment is a review of the current state of all critical business functions, timelines, stakeholders, costs, and transformation required to meet the higher standards of future reporting requirements.

The assessment documents the gaps in current-state operations relative to the future state and provides a roadmap for bridging those gaps, often in the form of upgrading or implementing technology, standing up a more effective process architecture, and aligning talent and investments to necessary areas of the business.

It’s a moment of self-reflection for corporate leaders: Do they have what they need and what it takes to execute a successful transaction?

The graphic below illustrates common changes and characteristics between a typical private company and one that is exit ready:

ipo, m&a, private equity exits

These activities represent core areas of the business that must be high-functioning and high-performing prior to an exit. While starting with these five areas is a good practice for aligning transformation priorities, there are several other areas of the business that will need to be established or optimized, as seen in the graphic below:

exit readiness strategies for each business function

Proactively Improve Functions and Capabilities  

An exit-readiness assessment delivers numerous benefits, such as:

  • Developing an exit-ready timeline across functions.
  • Identifying potential exposures and mitigating risks before a transaction.
  • Developing a plan to address any identified exposures, including hiring strategy.
  • Ensuring compliance with all applicable laws and regulations.
  • Evaluating quality and required effort of financial statements.
  • Improving internal controls over financial reporting.
  • Communicating effectively with investors.
  • Increasing chances of a successful transaction. 
  • Improving corporate governance practices.
  • Strategizing for deal synergies and realizing the investment thesis.
  • Accounting for integration challenges and how to overcome them.

To achieve these outcomes, companies must either establish new functions entirely or enhance key activities they already perform. In the chase to develop a product, define a unique vision, and gain market share, many of the core non-customer-facing areas of the business go overlooked. An exit-readiness assessment is the time to enhance corporate hygiene and play catchup on many of the functional areas that weren’t vital during earlier stages of the company lifecycle.

Plan for an Efficient Exit Process Now

Companies or funds planning an exit event in the near future must begin implementing operational enhancements far in advance to ensure they’re consistently and successfully rolled out. To take the next step in the investment lifecycle, contact CrossCountry Consulting for a proprietary exit-readiness assessment.

As emerging-growth companies seek investor confidence, it’s critical to build an effective internal control environment. Being newly established, there’s a high likelihood control deficiencies will occur.  

When control deficiencies accumulate to a level where the risk of financial misstatement is likely, management and/or external auditors may determine a material weakness.  

What Is a Material Weakness? 

As defined by the Public Company Accounting Oversight Board (PCAOB), “A material weakness (MW) is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis.” 

When issued, organizations are required to disclose the details of the material weakness, possibly impacting the organization’s reputation and bottom line.

So what causes material weaknesses and how can they be remediated effectively? 

Explore expert Risk Management solutions that solve real-world problems

Understand emerging threats, changing regulations, and evolving technologies – then formulate actionable, pragmatic strategies to reduce risk across the enterprise.

Common Causes of Material Weaknesses 

Specific to emerging-growth companies, material weaknesses are commonly caused by: 

  • Inadequate segregation of duties, often found in smaller finance organizations with limited personnel, creating conflicts in roles and duties. 
  • Inconsistent information technology general controls (ITGC) within the control environment as well as personnel with the knowledge and expertise to implement and manage the controls, putting at risk the accuracy and reliability of systems and data. 
  • Lack of oversight and monitoring of key business processes, including inadequate review/approval of transactions or reconciliation, allowing erroneous or fraudulent activities to go undetected. 
  • Insufficient evidence documentation relating to control and review procedures, leading to the inability to validate the occurrence of key business procedures. 
  • Insufficient or uneven training for business and IT control owners, creating an environment where controls may be designed effectively but do not operate as consistently as intended. 
  • Inadequate consideration of complex or non-recurring transactions or significant events such as mergers, acquisitions, or other complex transactions that may occur outside the normal course of business can increase the possibility of misstatement if not appropriately accounted for. 

Material Weakness Remediation Tactics 

When a material weakness is identified, management must initiate a collective remediation effort, including key stakeholders, control owners, internal audit, finance, and IT. In some circumstances, where management lacks appropriate bandwidth to oversee remediation, a third party can assist in the remediation efforts.  

The keys to working toward an effective conclusion include:  

  • Understanding root cause: Management must understand the root cause of the issue(s) identified. If the root cause is not adequately identified, the issue(s) may not be fully addressed, leaving the organization at risk of not completely remediating the material weakness. 
  • Developing a remediation plan: Management should document a plan or “roadmap” to address the root cause and any other downstream effects. The remediation plan should address all aspects of the material weakness, including specific steps to be taken, a timeframe, and roles and responsibilities for those involved. 
  • Alignment with external auditor expectations: It’s critical to align expectations with the external auditor. Aligning expectations early in the process allows for effective remediation by minimizing risks associated with miscommunication and ambiguity.   
  • Project management/oversight: Delegation and understanding of ownership during control execution and remediation of the material weakness is vital. All persons identified in the remediation roadmap, and any other relevant stakeholders, are responsible for owning the material weakness remediation effort and will be held accountable.  
  • Updating SOX controls and documentation: Management must consider applicable changes to the control environment and update documentation accordingly. Updates to flowcharts/narratives, risk and control matrices, or policies should be indicative of the changes. 
  • Reinforcement of SOX training: Continuous reinforcement of SOX training is important for any organization, especially when facing a material weakness. Stakeholder awareness of potential downstream impacts on the business can drive sustained operating effectiveness in the execution of SOX controls

As emerging-growth companies establish their internal control environment, deficiencies can and will occur. Understanding the process and building a plan to overcome a material weakness being issued is critical to removing it from disclosures and reinforcing investor confidence. 

For expert support understanding, anticipating, and responding to material weaknesses, contact CrossCountry Consulting

Generative artificial intelligence (GenAI), propelled by innovative tools like OpenAI’s ChatGPT, Google’s Bard, and IBM’s Watson X, has made significant inroads into everyday work, leaving virtually no industry untouched. With compelling and challenging use cases in banking and capital markets, healthcare, accounting, customer service, and much more, these tools, and those like them, transform the concept of chatbots and AI data platforms and, in turn, the very nature of corporate performance. 

Today, business leaders are grappling with how to approach employee productivity, gain operational insights, and unleash creative potential now that GenAI has redefined organizational possibilities. 

More urgently, they’re seeking to grasp what truly is and isn’t GenAI, what it’s capable of, and what they should keep top of mind in the months ahead. 

What Really Is GenAI? 

GenAI refers to artificial intelligence systems that have the ability to generate new content, such as text, code, images, audio, and video. Unlike traditional AI, which is focused on analysis and classification, GenAI takes a creative approach. It learns about connections between large volumes of data, building an understanding that allows it to produce original, realistic artifacts within certain guidelines. 

To put it into perspective, imagine a tool that can swiftly summarize complex legal documents, sift through vast datasets for initial research, and propose creative and unconventional solutions to intricate problems – all within seconds. GenAI is engineered to perform human-like tasks while delivering exceptional speed and precision.  

While GenAI is often associated with content creation, it also seamlessly integrates into a diverse spectrum of business applications. It proves its worth in fields as varied as automating data analysis, optimizing decision-making processes, enhancing customer experiences, and pushing the boundaries of creativity.  

GenAI Myths and Misconceptions, Dispelled 

GenAI represents a leap forward from both traditional rule-based AI as well as standard machine learning (ML), both of which are limited by their dependence on human-crafted logic and training data/inputs. GenAI models take in vastly more data from diverse sources, allowing for more flexible, generalizable learning. 

Unlike earlier attempts at AI, modern generative systems can contextualize information and handle complex or novel prompts. With fine-tuning innovations like reinforcement learning, they continue to improve independently in an iterative process. However, GenAI does have limits in reasoning, intentionality, and judgment compared to human intelligence. 

Below are common points of distinction to consider about GenAI: 

  • GenAI is intelligent or sentient: GenAI is not intelligent in the same way that humans are. GenAI models can learn to generate new content based on patterns they have learned from training data, but they do not have the ability to understand the context, emotions, and nuances that humans possess. 
  • GenAI is too risky for businesses to integrate right now: In the year or so since ChatGPT’s release, an entire GenAI industry has developed, with organizations of every size now using the technology in the normal course of business. It’s estimated that 56% of workers and 42% of all U.S. companies are already using GenAI. With the cost still relatively cheap, a greater risk may be waiting too long to experiment with and adopt GenAI where relevant. While there are risks, explored in a later section, they are not insurmountable. 
  • GenAI isn’t necessary: While it’s true that organizations can and have operated without GenAI for decades, the technology is creating a new frontier for corporate performance and workforce productivity. As is the case with any new technology, when adopted strategically and cost-effectively with supportive change management, GenAI can quickly prove its value and validate its necessity. Some of the ROI-positive metrics companies have reported so far have included time and cost savings, faster cycle times, and speed-to-research. 
  • GenAI will eliminate roles: Similar to previous technological advancements, job loss will be coupled with new job creation, as necessary skills shift toward other types of in-demand activities. GenAI can more immediately reduce the time it takes to accomplish certain manual tasks. Companies may opt to use that newfound employee bandwidth to achieve other higher-value or strategic tasks, or, depending on organizational and market factors, they could also simply cut hours or curtail future hiring in traditional areas of the business. 
generative artificial intelligence evolution alongside machine learning, deep learning, neural networks, ChatGPT, Bard, Watson X
  • How is GenAI different than chatbots or voice assistants? GenAI is the underlying technology enabling more advanced, conversational agents – not the agents themselves. These systems display generative abilities when creating fresh responses instead of matching pre-set queries and answers. 
  • How is GenAI different than traditional AI? Traditional AI is typically more efficient and interpretable than GenAI, but it’s also less creative and flexible. Traditional AI learns rules and patterns from data and then makes predictions or decisions, whereas GenAI learns patterns from data and generates new data
  • How is GenAI different than machine learning? Machine learning is a precursor to GenAI and is limited to human-crafted logic and data input/training. GenAI uses machine-learning algorithms to not just learn, classify, or predict data but to create entirely new forms of data and analysis. 
  • How is GenAI different than automation? Process automation tools are programmed to follow a fixed set of rules and conditions to automate specific tasks, like data entry or pricing retrieval. These tools often require a lot of training data and development time for narrow use cases. GenAI can also automate tasks but require less training and can handle more complex tasks that require creativity and original creation of content/data. 

Unlocking New Opportunities While Navigating Risks 

For businesses, GenAI unlocks new possibilities for saving time, costs, and human effort by assisting workers with some of their time-consuming tasks. It can serve up detailed market research reports, draft business proposals, generate product descriptions, code simple programs, and much more. As technology improves, so will its business applications.  

However, as with any innovative technology, challenges exist. A key concern is that AI systems can hallucinate or generate false information if trained on low-quality, biased datasets. They may also favor common patterns over accuracy. Being aware of these limitations is important when deploying GenAI responsibly. Companies must have a thorough understanding of the associated risks and the necessary tools to mitigate them, including an adequate governance framework. 

Explore expert Data Transformation & Analytics solutions that solve real-world problems

Accelerate strategic adoption of data, analytics, and artificial intelligence platforms within a scalable systems architecture for efficient reporting, cleaner insights, and greater change readiness.

Other relevant concerns include legal and ethical risks around copyright, data privacy, and the misuse of generative models for fraud or propaganda. As its capabilities grow, adequate regulation will be needed to protect against potential harm.  

Several companies and global organizations have taken the lead to ensure AI development takes a human-centric approach. In 2019, the Organization for Economic Co-operation and Development (OECD) published the “OECD AI Principles” aimed at providing guidelines for governments and other stakeholders to achieve trustworthy AI. In addition to this, Microsoft released its “Responsible AI standard” in 2022 as a response to filling the existing gap between legislation and the responsible usage of AI. 

Looking Ahead with Cautious Optimism 

Understanding GenAI’s realities, both positive and negative, will be key to leveraging its possibilities. Businesses can derive tremendous value from GenAI while also exercising diligence around ethics and security. With an informed, measured approach, this technology holds vast potential to augment human abilities and open new avenues of innovation. 

When exploring how to integrate GenAI models into operations, a clear understanding of current offerings, capabilities, and limitations is imperative. The goal is to rigorously assess GenAI’s upsides and use cases while mitigating risk to the organization. Partnering with CrossCountry Consulting can offer invaluable guidance on how to identify GenAI’s integration and alignment potential with your current or future data strategy.  

To get started on your GenAI journey, contact CrossCountry Consulting.

For non-financial services organizations in particular, CECL for private companies has been another surprise compliance requirement that may have slipped by their auditors. There’s still time for private companies to adopt CECL, but the work must begin now.

Didn’t know you were on the hook for CECL compliance? Unsure where to begin and how to apply the standard?

Read on for key insights to understand and adopt CECL.

1. What Is CECL, and Does It Apply to Me?

Current expected credit loss (CECL) is the Financial Accounting Standard Board’s (FASB) new credit loss accounting standard (ASC 326) that’s required for non-public entities. For most private companies, it will represent some material change from legacy GAAP (ASC 310, ASC 450, ASC 310, and ASC 320) both in policy and application. Although the banking industry is most heavily impacted, all private entities with financial assets like trade receivables, lease receivables, held-to-maturity securities, and contract assets are subject.

For comparison, public entities on average experienced a 37% approximate increase in their allowance balances post-adoption. Private companies will face similar experiences, in addition to increased auditor focus on this heavily judgment-based standard.

2. What Is the New Standard Replacing?

ASC 326 – Financial Instruments – Credit Losses, or CECL (Current Expected Credit Loss), replaces the previous guidance for calculating allowances for doubtful debts, previously accounted for under the “incurred loss” method. Legacy methodology accounted for a loss only when it was probable to occur. Under CECL, private companies must now estimate an expected credit loss for all financial instruments in scope.  

Key Differences to Legacy GAAP

ConsiderationLegacy GAAPCECL
Recognition ThresholdWhen a loss is probable to have been incurred.If any loss is expected, no matter how remote, on a financial asset in scope.
Aggregation RequirementsNo requirements to pool or segment similar assets.Explicit requirement to pool or segment assets with similar risk profiles.
Period to EvaluateNo requirement to assess for a specific period.The expected life of the asset.
Loss Data to EvaluateHistorical loss data and current conditions.Must consider historical loss data, current conditions, and reasonable and supportable forecasts about future economic conditions.

3. What Are the Effective Dates?

CECL was effective for Securities and Exchange Commission (SEC) filers and Public Business Private companies (PBEs) for periods beginning after Dec. 15, 2019.

CECL is effective for all other private companies for annual periods beginning after Dec. 15, 2022. In practice, this means that private companies will need to have documented and adopted the CECL standard for their year-end 2023 annual report.

Entity TypeEffective Date
SEC FilersDec. 15, 2019
PBEsDec. 15, 2019
Private CompaniesDec. 15, 2022

Companies should start planning for adoption now, in addition to planning how to incorporate the new requirements into existing processes and how to identify incremental processes that may need to be added.

4. What Are the Key Changes With CECL?

As summarized above, CECL introduces material changes to prior guidance on calculating credit losses on in-scope receivables. Below are some key details on those changes:

Scoping

  • Financing receivables measured at amortized cost are now in-scope of the CECL standard. In practice, this means that an entity will have to assess each receivable for expected credit losses on an ongoing basis. Some of the most common instruments are assessed below:
In ScopeOut of Scope
Financing Receivables including Trade ReceivablesFinancial assets measured at Fair Value
HTM Debt SecuritiesAFS Debt Securities
Contract AssetsLoans and receivables between private companies under common control
Net investments in Leases recognized by a lessor in accordance with ASC 842Receivables arising from Operating Leases accounted for under ASC 842
Off-Balance Sheet credit exposures not accounted for as insuranceLoans made to participants by defined contribution employee benefit plans

Segmentation

  • Private companies are now required to pool assets that share similar risk characteristics. Some examples of aggregating assets with similar risk characteristics would be: (i) credit rating, (ii) financial asset type, (iii) geographical location, (iv) product type, (v) industry of the borrower. Existing segmentation decisions, if any, should be reviewed for CECL compliance.
CECL accounting standard segmentation

Life of the Asset

  • Private companies must forecast expected credit losses for the life of the asset. Typically, trade receivables are shorter duration (<12 months) financial assets; however, longer duration financial assets such as an HTM debt security will need to be evaluated over the life of the asset.

Adjustment for Current Conditions and Reasonable and Supportable Forecasts

  • Private companies must now consider reasonable and supportable forecasts of economic conditions that may have an impact on the expected credit loss calculation. For example, adopters have used the unemployment rate as a metric to evaluate its interaction with write-offs the company has experienced and aligning that experience with readily available forecasted unemployment data to adjust their expected credit losses.  

5. Do I Need to Change My Methodology?

CECL does not prescribe a method for calculating expected credit losses. Existing methods may remain a valid approach if adjusted to take account of the key changes noted above. Common methods used by non-financial institutions in calculating an allowance on in-scope receivables include loss-rate methods and provision matrix methods.

6. What Are the Disclosure Requirements With the New Standard?

CECL is a principles-based standard, which requires disclosures to reflect the credit risk inherent in the company’s financial assets and how it’s measured, along with details of the estimate of expected credit losses and the movements within this balance period over period. Generally, adopters are required to separately present on the Statement of Financial Position, the allowance for credit losses that is deducted from the asset’s amortized cost basis.

Upon Day 1 adoption of CECL, entities should capture any changes in the balance from legacy GAAP to CECL through a cumulative-effect adjustment to retained earnings. Subsequent changes in the balance should be captured as an adjustment to credit loss expense in the Statement of Operations and a corresponding adjustment to the allowance for credit losses in the Statement of Financial Position.

Notably, an exception exists from having to provide vintage disclosures for receivables that fall due in one year or less – as most trade receivables would.

7. What Should I Do Now?

Asking and answering the following questions gives an idea of the level of effort required for a successful implementation:

  • Are there financial assets that are now in-scope that had not previously been considered from a credit loss perspective?
  • Does detailed and granular loss data exist over a sufficient historical period to enable a meaningful calculation to be made for expected credit losses for financial assets identified as being in scope?
  • Are the controls over the historical loss data reliable and permit tie out to prior period amounts disclosed in the financial statements?
  • If receivable aging buckets have been used to calculate a percentage allowance per aging bucket, does quantitative and qualitative support exist to support these percentages?
  • Are there areas of the business that currently use a form of economic forecasting, and can this be leveraged for the CECL calculation, or will it be necessary to perform this evaluation from scratch?
  • Does the capability and bandwidth exist in your entity to perform the implementation, update legacy documentation and policy, and adapt existing processes for the new requirements?

8. How Can CrossCountry Consulting Help?

CrossCountry Consulting helps SEC filers, PBEs, and private companies navigate the challenges of adoption and provides ongoing support in adapting methodology to changes in the business and auditor feedback.

With an audit-ready CECL playbook that accelerates compliant adoption and provides robust documentation and assessment, our methodology includes:

  • Completion of a comprehensive CECL scoping exercise evaluating each FSLI and sub-ledger account for CECL applicability.
  • Provision of an Accounting Judgment Matrix reviewing the requirements of the standard, assessing current practice, and identifying gaps and how to bridge those gaps to compliance.
  • Drafting of documentation supporting implementation decisions in addition to providing a thorough up-to-date CECL accounting policy.
  • Development of a CECL-compliant methodology, including consideration of reasonable and supportable forecasts, with an accompanying model to generate an expected credit loss calculation.
  • Preparation of draft disclosures that are right-sized to the company while remaining in compliance with CECL guidance.

For expert CECL adoption and compliance support, contact CrossCountry Consulting.

Connect with an expert

Bob Michaels

Technical Accounting Lead

See Bio

Contributing author

Paul Carty

If at first you don’t succeed with digital transformation, there’s no choice but to try and try again. The pace of change and technological innovation demands forward momentum at all times.

The problem, however, is that organizations are making the same mistakes repeatedly with each new transformation initiative, especially as it pertains to the technology investments that were originally designed to propel organizations into greater digital maturity and agility.

With the global market for enterprise software projected to reach more than $610 billion by 2032 – roughly triple its current size – it’s clear that it’s more important and cost-effective than ever to get transformation right the first time around or else risk wasting resources in perpetuity.

Finance and IT must get aligned.

Follow the Money: Digital Initiatives in the Pipeline

Today’s organizations are prioritizing a range of digital initiatives, with the most common being some form of internal or external enhancement of existing technology, according to a Forrester Consulting survey of 300+ senior finance and IT executives commissioned by CrossCountry Consulting.

More specifically, leaders are primarily seeking to upgrade, replace, or consolidate legacy applications or systems – the top-cited goal for 53% of finance and IT leaders. Adjustments of this kind can be challenging to say the least. Organizations that are generally less digitally mature or that don’t have a history of making successful digital transformations will specifically feel the pressure.

See what 300+ Finance and IT executives say about the state of enterprise digital transformation.

New Forrester research commissioned by CrossCountry Consulting

Among the key findings of the survey is that leaders are prioritizing better technology implementations (good) but not necessarily the steps it takes to accomplish that very goal (bad). Organizational silos, operational misalignment, and process ambiguity, among other pitfalls, are often still very much entrenched in today’s enterprises – throwing more money at technology without addressing these legacy obstacles may impede progress and render transformation ineffective.

How to Promote Stronger Enterprise Transformation

According to the survey, 64% of respondents expect it will take more than two years to see meaningful results from their digital transformation efforts. 53% haven’t yet seen the progress they originally hoped for, either. In both cases, finance leaders appear to be even more wary and critical of slow progress relative to IT.

enterprise digital transformation results and outcomes

With the fruits of their labor not materializing any time soon (if at all), a re-calibration of focus may be warranted. To avoid recreating poor habits of the past, there are several key changes organizations can make.

Forge Deeper, Strategic Partnerships Across Functions

Working across the aisle with other functional leads, especially those most impacted by an enterprise-wide transformation, is imperative from the start. 95% of respondents believe alignment between finance and IT in particular is important to positive digital transformation outcomes.

Partnership can be achieved in a number of ways, from rolling cross-functional meetings, the establishment of a cross-functional Transformation Management Office (TMO), deliberate cross-pollination and assignment of projects, and more. Ideally, leaders are already working on these partnerships before transformation is even on the agenda: It should be a natural predecessor of transformation that endures before, during, and after any large change event.

That way, time-to-ROI for technology investments is more predictable, streamlined, and manageable.

Increase Visibility to Support Digitization of End-to-End Processes

Cross-functional alignment naturally democratizes data and conversations about shared data technologies, management practices, and applications. This level of visibility unlocks previously unknown or ignored synergies between teams and departments.

45% say visibility encourages skilled workers to engage across teams, while 42% say visibility synchronizes cross-departmental operating models and rhythms.

With a sharper and broader view of the organization’s entire process architecture, leaders can better understand what’s working and what isn’t, what needs more investment and what can be retired. By assessing the full lifecycle of key processes, like Procure-to-Pay, Order-to-Cash, and many more, leaders will find new opportunities to digitize various stages of workflows and even alternate ways to structure teams to better facilitate faster, scalable, and more efficient processes.

enterprise digital transformation partnership between finance and IT functions
*Recommendations from Forrester Consulting study commissioned by CrossCountry Consulting

Set Common Goals and Operating Rhythms

As closer alignment with other teams becomes the norm, business units begin operating on the same wavelength. Staff know with whom to collaborate, which processes to follow, when meaningful cycles (e.g., budgeting, reporting, audit, tax, etc.) are converging or conflicting, and which technology platforms to utilize for any given objective.

The resulting harmony makes it easier for staff to float new ideas, build coalitions for key projects, and speak the same language. In the context of making the right kinds of technology investments to help scale the business, this harmony is crucial. Early alignment on technology – thanks to early alignment of staff and processes – makes change management all the more frictionless.

Seek Balance and Alignment With Technology Investments

IT teams are inherently more digitized than finance, and the responsibilities around technology expenditures are variable organization to organization. But both departments have roles to play in managing technology spend, including agreeing on the core enterprise systems the business runs on, addressing costs associated with technical debt, investing in high-growth, high-innovation areas of the business, and otherwise collaboratively moving the needle on enterprise-wide digitization.

So, to advance leaders’ top transformation goal – upgrading, replacing, or consolidating legacy applications/systems – take a step back and seek foundational alignment across functions first. A strategic Finance-IT alliance is the best defense against wasteful spend and poor transformation outcomes.

Invest in Program and Change Management

Consider a $3 million enterprise software implementation effort that is expected to take one year. Without an effective governance structure, one year can quickly turn into two – $3 million quickly turns into $4 million. Inadequate planning is the fastest route to change failure.

A strategic, proven implementation partner with expertise in program management, change management, process improvement, and digital transformation can help guide and validate vendor selection and decision-making. They can also ensure all technical requirements are met, progress is made on-time and on-budget, and the full value of digital transformation materializes.

For more expert insights on the state of finance and IT’s transformation partnership, download the full study. And to expedite your next transformation, contact CrossCountry Consulting.

Compared to a decade ago, the financial planning & analysis (FP&A) function is getting more expensive. That could be due in part to the added responsibilities put on FP&A’s plate, the expanding role of the OCFO generally, and the convergence of costly software in a tight labor market, to name a few reasons. 

What’s known for sure, however, is that FP&A employees are still spending 75% of their time sourcing data and “performing” FP&A. That means just 25% of time is spent on true value-add activities to the business. 

Interestingly, while 77% of finance professionals believe their FP&A work is delivering value-added insight, connectivity and collaboration between departments are still limited, which caps the value and height FP&A can reach. 

Modern FP&A functions are moving the needle toward several core focus areas, including: 

  • Close interpersonal collaboration with non-finance teams. 
  • Technological synergy across departments and platforms. 
  • Refined, simplified process and policy architecture for the entire organization. 
  • Automation for low-touch processes. 
  • Agile scenario management. 

The scope of FP&A is changing. Here’s how to get ahead. 

1. Integrate Company Strategy Into the Planning Process

The high-level objectives and key results (OKRs) the business pursues must be observed at the departmental and cross-departmental levels as well. The FP&A function interprets and converts these OKRs into their own sub-OKRs primarily through the planning process – ensuring actionable targets are set and that everyone is working toward the same goals. 

This integration requires close collaboration between FP&A leaders, other department heads, and senior executives to maintain a sustainable, unified approach to planning that ultimately fuels operational excellence and achievement of OKRs. 

It’s FP&A’s job to take this first step and embed company strategy and tone into its wider process transformation initiatives. 

Explore expert FP&A Transformation solutions that solve real-world problems

Drive analytical forward progress across the organization with modern process architecture, technology, and data insights.

2. Move to a Driver-Based Approach to Enable Real-Time Planning

Driver-based planning is a more flexible and dynamic approach that orients and aligns the entire planning process toward key business drivers in a way that includes more operational and people data. As business drivers are impacted or adjusted due to economic, regulatory, or industry conditions, FP&A must thus be agile enough to quickly re-calibrate plans.  

A driver-based approach is only possible with firmwide alignment and access to more data FP&A may not historically have had access to. But as this shift toward business drivers occurs, FP&A can develop more accurate forecasts and provide more valuable insights to the business – and do so without being disruptive or slow to the chase. 

Similar to the point above, an innate understanding and integration of the corporate strategy is mandatory. 

3. Design Flexibility for Scenario Planning

Pivoting, adjusting, or otherwise re-planning on the fly is a necessary task for future-ready organizations but one that virtually none have perfected. As market conditions change and the business evolves, FP&A must nimbly adapt to new realities to ensure decision-makers are still receiving the latest, most accurate information. This requires core flexibility built into the planning process from the start so that plans can be adjusted quickly and efficiently without prompting a full teardown and re-build of the plan from the bottom up.  

Platforms like OneStream can aid and visualize scenario planning across the organization with built-in intelligent financial signaling. These “signals” – once hidden and locked away in reams of data – can be surfaced midstream and acted upon during normal close or planning periods.  

Rapid “what if” scenario planning is critical, and FP&A needs to be at the forefront of this activity to keep the business pointed in the right direction when reacting to new opportunities or threats. 

4. Implement Scalable, Repeatable Processes

FP&A functions that contain a solid foundation of financial and operational master data management can enable the scalability of various technology and process innovations that are vital to elevating business performance. For example, automation, performance management, and data analytics software can build upon this foundation to instill common, repeatable processes and controls throughout FP&A and adjacent functions to start – and the entire organization in time. 

Think UiPath, Alteryx, and more. 

financial planning and analysis transformation and process automation

Consistent, self-executing processes – be it budget cost allocations, monthly variance reporting, or financial statement development – reduce errors, inconsistencies, and inefficiencies.  

Free from rote, error-prone processes, the FP&A function is also better positioned to provide the most actionable, comprehensive information and recommendations possible to management, further elevating the strategic importance and gravity of FP&A to the business. 

5. Leverage Predictive and Prescriptive Analytics

To predict future trends, FP&A must look to the past – past data and historical patterns to be exact.  

Embedded in FP&A should be a robust predictive analytics capability that uses prior data points to make future predictions using artificial intelligence (AI), machine learning (ML), modeling, and data mining. As past and future benchmarks are better identified and understood, teams can measure performance more effectively, as well as mitigate risk and capitalize on opportunities effectively. 

But predictive analytics only goes so far. 

predictive and prescriptive analytics for fp&a transformation

Prescriptive analytics takes a prediction and recommends next steps and actions organizations can take to meet a goal. This means the prediction has been analyzed more thoroughly and decisions can be made based on a “truer” or more real set of facts rather than assumptions. A prescriptive approach puts FP&A fully in the driver’s seat of strategic decision-making, with data-backed intelligence guiding every move. 

6. Think Beyond the Ledger

Historically, other departments toss data over the fence to FP&A and hope for the best. Data may be coming from different unstructured sources, it may be incomplete or unverified, or it may be communicated too late in the process to really be useful in a given period’s planning process. 

This dynamic has created an environment in which FP&A operated within the confines of the ledger, making do with the data it had. Moving forward, the FP&A function should be ingesting broader data sets from across the business – HR, operations, IT, third parties, etc. – to generate more robust, holistic plans. As more data is routed through FP&A, leaders are able to see clearer pictures of the past, present, and future on metrics that weren’t previously accessible or well-understood. 

Consequentially, this produces a mindset shift of the professionals inside and outside FP&A. Now there are more labor hours and headspace available to effectively think beyond the ledger and get out in front of management and boardrooms with new insightful ideas and strategies. 

7. Connect the Planning Process to Other Functions

The totality of all of the above FP&A accelerators and innovations adds up to deeper, more collaborative relationships with other departments. In other words, FP&A’s success, value, and impact are extended to other functions (known as xP&A).  

See what 300+ Finance and IT executives say about the state of enterprise digital transformation.

New Forrester research commissioned by CrossCountry Consulting

Building integrations and processes with these functions is imperative to high-performance planning. But each team should also play a larger role in their respective planning responsibilities to ensure handoffs to finance are clean, firmwide alignment exists, and technology systems are working in unison. 

As other functions like HR, IT, and sales leverage existing FP&A recommendations and toolkits, it will become clear where redundancies lie, where further efficiencies are to be won, and how the entire spectrum of enterprise planning can be continuously optimized for impact. 

For expert support in transforming enterprise planning at your organization, contact CrossCountry Consulting

Pervasive economic volatility, technological innovation, and regulatory change call for an advanced, forward-thinking approach to risk management.

The necessity of a new risk management framework is evidenced by the Institute of Internal Auditors (IIA) recently refreshing its Global Internal Audit Standards and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) releasing a new edition of its Fraud Risk Framework.

These updates are in response to the complexity and volume of dynamic risks modern organizations continuously face. The updates also support and inform the creation of new risk management strategies and perspectives that shift the way risk, financial, and operational leaders are thinking.

What if risk could be harnessed as a strategic ally for business success? How can current and future risk universes be transformed into real business drivers?

What Is Risk Transformation?

Risk transformation prompts organizations to seamlessly align enterprise-wide risk management practices to overarching business strategies. Doing so enables risk practitioners to inform and lead business decision-making on how to best navigate risk complexity and how to view risk not as a challenge but as an opportunity that can drive strategic success.

Organizations that take a risk transformation approach can turn holistic risk anticipation and mitigation into differentiators and create new enterprise and market value.

Additionally, by positioning risk as a strategic driver of success, the future of risk management becomes much more data-driven and technology-enabled by the latest advancements in progressive automation, analytics, cloud, artificial intelligence (AI), and machine learning (ML) technologies. This tech-forward approach is supported by standardized processes, sustainable controls, and timely insights that streamline and elevate decision-making.

Explore expert Risk Management solutions that solve real-world problems

Understand emerging threats, changing regulations, and evolving technologies – then formulate actionable, pragmatic strategies to reduce risk across the enterprise.

Unlocking Value: The Benefits of Risk Transformation

Embarking on a risk transformation journey might initially seem daunting, but the realized value can be significant, as demonstrated by the benefits outlined below:

  • Enhanced risk visibility across the organization: By leveraging data and advanced technologies, organizations can better understand and act on their risk landscape. This increased visibility enables agile, real-time risk management that adapts to evolving risks and empowers risk leaders to make decisions that are optimized for value creation – not just risk remediation.
  • Risk as a strategic ally: No longer viewed as just a challenge, risk is pivotal to strategic decision-making. Enterprise-wide risk management practices and corporate business strategies inform and align with each other, allowing functional and business leads to preemptively look for ways to transform operations now that risk is perceived as a strategic ally.
  • Proactive risk management: An agile approach to risk management means organizations can proactively anticipate emerging risks rather than just responding to them. This forward-thinking perspective ensures better preparedness and resilience in the face of uncertainties.
  • Streamlined internal control framework: Prevention and mitigation of risk is simplified with best-in-class controls embedded in business processes, data, and technologies. Controls are designed with standardization and automation, driving excellence and consistency in the control environment and reducing the burden and cost of compliance.
  • Improved employee experience: With a reduced compliance burden, employees can focus on efforts that drive strategic objectives and add value to the organization, opening up meaningful career paths to staff.

The Risk Transformation Maturity Model: A Roadmap to Success

The first step toward successful risk transformation is for organizations to understand their maturity and define what success looks like to them. The risk transformation maturity model below illustrates the advancement of risk management practices across data, processes, technology, and people: 

risk transformation maturity model

After understanding their current position in the risk transformation journey and the desired future state, risk leaders can develop an actionable roadmap to achieve a new, transformed risk function. Considerations on the roadmap may include:

  • Aligning risk practices with overarching business strategies.
  • Implementing dynamic risk assessments.
  • Developing an approach to anticipate and adapt to emerging risks.
  • Evaluating and streamlining the control environment.
  • Deploying continuous monitoring and automated testing.
  • Enabling innovative technologies.

Building a Resilient Future

Risk transformation isn’t just a trend; it’s a necessity for organizations looking to thrive in a rapidly evolving world, and it’s the clear future of risk management. With streamlined processes, centralized data, and leading technology, organizations can enhance risk management practices to see around corners, drive growth, and achieve sustainable success.

For expert support in navigating a successful risk transformation, contact CrossCountry Consulting.

What’s a secure, effective way to simplify B2B payments, manage corporate spending limits, and fuel procurement savings? Swap every physical card for a holistic virtual credit card program. 

What Is a Virtual Credit Card? 

Virtual credit cards, also referred to as virtual company cards or virtual payment cards, function similarly to traditional physical cards in that they are used for corporate spending by organizations and departments large and small. Instead of a physical plastic card, however, a virtual card is a digital single-use card number and CVV code generated automatically and uniquely, resulting in superior online payment, expense management, and transaction security capabilities for businesses. 

Conventional corporate credit cards or purchasing cards have historically implied a shared, plastic card stored within a physical location (usually a coworker’s desk or wallet), often leading to poor oversight, enforcement, and governance of organizations’ business card policies.  

Today, organizations looking to modernize payment and cash management are turning to virtual cards issued by leading business spend management (BSM) platforms like Coupa.

Virtual Card vs Physical Company Card

Virtual cards can be used like traditional company cards: planning corporate events, booking travel, boosting employee engagement, or throwing a team-wide pizza party. However, virtual cards also have a leg-up on traditional company cards:

  • Preapproved spend and compliance: Virtual cards can be generated after a request for spend is approved, validating that proper approvals are secured before the card is even generated.
  • Fraud prevention: Virtual cards have a defined number of valid days, making them less susceptible to theft and ensuring card details like the virtual card number are not circulated.
  • Pre-set spend limits: Virtual cards have pre-set card spending payment limits, ensuring the card is not over-charged by the supplier or employee.

These advantages make virtual cards multi-functional and multi-purpose for organizations of every kind.

Use Cases for Virtual Cards

How exactly can virtual cards work within the Procure-to-Pay (P2P) ecosystem to drive value?

  • One-time suppliers: Supplier onboarding is a tedious, time-consuming, and often manual process that involves contacting a supplier for required information to set up a Supplier Record in the ERP and W9 data entry to issue payment. For one-time suppliers, this data is never used again. Virtual credit cards eliminate the need for this process completely by providing the supplier with one-time virtual card detail without burdening Procurement/AP.
  • Deposits: Corporate retreats, team events, or employee fringe benefits (e.g., motivational speakers, corporate wellness events) usually require an upfront payment method. ACH can take several days to settle, which can cause planning delays for the business requester. With a virtual card program embedded in a BSM application, end users request a specific dollar amount on the virtual corporate card. Once approved, this card can be used as a deposit for booking and all subsequent event-related spend.
  • Travel and trips: Traditionally, employee business travel is expensed post-purchase. With a virtual card program, trips or conferences can be pre-approved so that spend does not exceed the pre-approved amount.
  • Recurring bills: Companies can pay recurring bills while also winning the affection of their AP team: electricity, phone/internet, telecom, and utility bills need to be paid by the first of the month. Traditionally the AP team manages recurring payments via non-PO invoices or a third-party provider and then allocates payments via a complex, intercompany billing process. When managing these recurring bills with a virtual card, coding is set on an annual or monthly cadence and allocated automatically on charge arrival.

Explore expert Procurement & Cost Transformation solutions that solve real-world problems

Optimize Source-to-Pay, capitalize on procurement analytics, and drive cost management sustainably across the enterprise.

 5 Benefits of Virtual Cards

  1. Prevent employee fraud: The third most common type of e-commerce fraud is employee expense reimbursements, which a study from The Association of Certified Fraud Examiners found comprise 11% of all business fraud cases and endured for an average of 18 months before detection. Employees who intentionally file inflated, inconsistent, and fake reimbursement claims cost businesses billions of dollars each year. New artificial intelligence tools and algorithms in banking and expense management platforms are now more capable of automatically surfacing anomalies and preventing fraud, fortunately. Payments over virtual cards, by design, must match the pre-defined dollar range, supplier, and date, making fraud less likely. 
  2. Limit enterprise risk: With virtual cards, companies don’t have to worry about their corporate card information ending up in the wrong hands. Virtual cards generate a unique 16-digit number, expiration date, and CVV that inactivates after the approved value is charged by the vendor.
  3. Enforce spend and purchasing policy compliance: By pre-setting card limits, virtual cards ensure that the card is not over-charged by the supplier or employee. Gone are the days of “blank check” cards. With traditional credit cards, the audit team is unaware of the spend until after it occurs. With a virtual card issued via a BSM application, the card is not issued until the spend is approved.
  4. Free up cash flow and bring on those savings: Virtual cards allow a “buy now, pay later” policy, increasing Days Payable Outstanding (DPO).
  5. Rebates: Earning virtual card rebates empowers departments to become revenue-generating centers rather than just cost centers.

Keys to Implement a Successful Virtual Card Program

The first step to establishing a virtual card program is implementing technology (e.g., a BSM solution) and an agreement with a preferred bank. To maximize value:

  1. Select a BSM application, like Coupa, that integrates natively with bank and card providers. End users are more likely to adopt a simple purchasing process. Applications like Coupa make this easy because all spend types originate within the application. A virtual card program is great, but if users need to originate cards via a challenging process outside of the normal procurement process, adoption will remain low. Successful supplier onboarding and enablement are key to realizing the full value of virtual cards.
  2. Define categories and suppliers eligible for virtual card use. Spend analysis is a great place to start. Not all suppliers accept credit card payments, so the spend analysis should target categories eligible for card use. Most banks provide a list of all suppliers that accept their credit cards.
  3. Follow-up with actors not using virtual cards to drive accountability and compliance. Leading BSM applications like Coupa make it easy to display reports showing non-compliant categories and suppliers. Monthly reporting should influence end-user follow-up to drive procurement policy compliance, including virtual card use where prescribed by the policy.
  4. Practice reconciliation during the roll-out. Applications like Coupa integrate bank statements directly into the system to reconcile monthly posted charges against monthly bank statements. Practicing reconciliation prior to roll-out ensures team readiness when the first statement is posted.

To capitalize on the benefits of a virtual card program implementation, contact CrossCountry Consulting.

Spend analytics is the practice of gathering, cleansing, examining, and interpreting a company’s expenditure data. By compiling all purchasing-related data from across the business, procurement and operational leaders can analyze spending patterns and trends, identify immediate budget-saving opportunities, and gain useful insights into the end-to-end procurement process. 

Spend Analytics Benefits

Typical procurement improvements delivered via spend analytics include:

  • Uncovering opportunities for strategic sourcing to lower costs and strengthen valuable supplier relationships.
  • Ability to negotiate discounts based on volume and supplier performance.
  • Improved oversight of supply chain processes to drive compliance.
  • A reduction in supplier risk.
  • A spend cube that can inform future savings opportunities and budgetary decisions. 
  • Spend visibility into direct spend, indirect spend, maverick spend, and more across the enterprise. 
  • Extraction and compilation of data sources into a spend analytics dashboard to visualize procurement costs and provide procurement leaders with tangible insight into expenditures per business unit. 

How Does Spend Analytics Support Procurement?

Spend analytics optimizes organizations’ procurement performance by integrating information fromsourcing data, cleaning it for accuracy, and categorizing it at an item level. Cost savings are a common goal for this process.

Most organizations are increasing the time spent analyzing the process by using analytics software to understand their spending patterns better, identify future savings opportunities, and increase Source-to-Pay efficiency.

Explore expert Procurement & Cost Transformation solutions that solve real-world problems

Optimize Source-to-Pay, capitalize on procurement analytics, and drive cost management sustainably across the enterprise.

Spend analytics software with reliable data and deep classifications can empower organizations to make better, more actionable decisions. Stakeholders involved with or impacted by advanced spend analytics typically include:

  • Business end users and budget owners.
  • Operational managers.
  • Procurement professionals.
  • C-level management.
  • Financial Planning and Analysis (FP&A) professionals.

Steps to Successfully Implementing a Spend Analytics Strategy

  1. Retrieve procurement data.
  2. Validate completeness and accuracy of data.
  3. Cleanse data and normalize suppliers.
  4. Organize data by category into a deep, standardized taxonomy.
  5. Enrich data with metrics and benchmarks.
  6. Use an analytics tool to evaluate data and generate instant insights and visibility.
  7. Identify savings opportunities, process efficiencies, and contract creation or renegotiation options.

Business spend management (BSM) applications like Coupa enforce correct data entry at the time of request, which drives data compliance and standard spend taxonomy throughout the procurement process to Purchase Order and Invoice.

Modern Spend Analytics Software

Purchasing patterns are easier to see on dashboards, charts, and tables. Often these are built as static presentations or spreadsheets. When done manually or with outdated tools, data preparation process can take months, limiting the frequency of use.

As opposed to legacy office applications such as PowerPoint or Excel, spend analytics technology provides a variety of dynamic visualizations that allow data exploration through filters and drilldowns, empowering the procurement team (and others) with valuable insight that otherwise can’t be achieved. By using an analytics platform, such as Coupa, data cleansing and categorization time dramatically decreases, while data accuracy increases.

spend analytics dashboard and analytics technology solution

SaaS procurement analytics can also provide spend analysis solutions that automatically identify common cost-saving strategies, such as vendor consolidation, volume discounts, and purchase price variance.

One common way to segment procurement data is by procurement category. Category-specific data allows category managers to use their expertise for cost reduction, supplier consolidation, and contract coverage. Additional ways to demonstrate procurement data include budget segment (Department, Location, Region) or by Supplier.

As companies make the switch, spend analytics is moving from a yearly check to a quarterly or monthly review. As procurement experts, business leaders, and management apply actionable insights, it can become an everyday tool to understand the past and help predict future spending and savings.

For expert spend analytics implementation and supplier management support, contact CrossCountry Consulting.

In July, the Federal Trade Commission (FTC) announced it had opened an investigation into OpenAI, the company behind the signature artificial intelligence (AI) tool ChatGPT. According to the Civil Investigative Demand (CID) sent to OpenAI, the FTC’s investigation will address whether OpenAI engaged in: 

  • Unfair or deceptive privacy and security practices. 
  • Unfair or deceptive practices that pose a risk to consumers.  

Concern over AI is part of a growing global and domestic trend of increased regulatory scrutiny of the use of AI and the risk it poses to consumers, notably consumer privacy. 

More specifically, the Electronic Privacy Information Center published a “State of State AI Laws” report showing the 10 states in the last legislative year that have proposed comprehensive privacy bills, which include language to regulate AI. These proposed legislations were created to address concerns over: 

  • Preventing general harm to consumers. 
  • Protecting employees from AI. 
  • AI use in healthcare. 
  • AI use in insurance. 
  • Generative AI. 
  • AI used by government agencies.  

These current events (and more) are already influencing decision-making at organizations in banking and capital markets

Recent Examples of AI Implementation 

One industry that has not been shy about investing in and implementing AI is banking and capital markets. Large banks such as Morgan Stanley, Deutsche Bank, Wells Fargo, JPMorgan Chase, and more are using AI internally and hiring AI subject matter experts at a rapid pace. 

It’s estimated that the generative AI market in finance will surpass $27 billion in under 10 years, and global investment in AI technology will reach $200 billion by 2025. 

Morgan Stanley recently reported using AI to launch an advanced chatbot, leveraging OpenAI’s technology to support its financial advisors in effectively utilizing the bank’s research and data library to better support their clients. Westpac decided to deploy a language model, developed on conversations and banking industry data, to support lending staff and customers for internal communications and documentation.  

With regard to capital markets, the rising implications of generative AI are vast. Microsoft published a report that highlights the capabilities of using AI technology across front-office functions of capital markets, from leveraging content generation to build pitchbooks to generating accurate reports of research and client interactions. AI can support back-office and middle-office operations, too, through improving trade support and enhancing reporting, making AI technology an intrinsic tool across all aspects of the bank. 

Below are key ways generative AI can make an impact across all operations:

generative ai uses cases

AI Risks and Uncertainties Top of Mind 

With several banks actively using generative AI internally and others planning to begin their implementation of AI in consumer-facing applications, banks must be mindful of proposed legislation that seeks to protect consumers from the potential harm of generative AI.  

Three states (California, New York, and New Jersey), as well as the District of Columbia, have proposed legislation to protect consumers. D.C, NY, and NJ have banned or limited the use of AI for any decision-making regarding individuals using their protected personal information (such as biometric data). California and New York have proposed requiring impact assessments before the implementation of any automated decision tools.  

Outside of regulation, there is an inherent risk within the technology of AI itself. Many have expressed concern about the inherent biases within AI technology. 

Kim Smouter, director of the group of European Network Against Racism, noted it can be challenging knowing whether AI-based discrimination has taken place. Prominent figures in the industry, such as Rumman Chowdhury (Twitter’s/X’s former head of machine learning ethics) remarked that algorithmic discrimination already exists in financial services, particularly in lending.  

Considerations for Financial Institutions to Effectively Roll-Out AI 

This rising trend in regulation shouldn’t discourage financial services institutions from using AI technology effectively and ahead of regulator demands. Below are several mechanisms organizations should consider before official experimentation or adoption of AI: 

Impact Assessment of AI Technology 

Heeding New York and California legislation, banks should conduct impact assessments on every line of business before rolling out any form of AI.  

The impact assessment (visualized below) should cover technology, data, regulatory, consumer, employee, and business impacts. Apart from ensuring that the implementation of AI creates minimal risk for the bank, the impact assessment also has the benefit of documentation that enables banks to work with regulators in the future to show their due diligence and cooperation in effectively rolling out AI and protecting consumers. 

generative ai technology impact assessment

Controls, Controls, and Controls 

Following the completion of an impact assessment, banks can establish controls that address aforementioned AI risks as well as any other types of risk that arise as a result of the assessment. Risk leaders must ensure AI doesn’t discriminate against consumers or make use of personal information in any of its decision-making algorithms. 

Controls and security measures should also extend to preventing users and bad actors from manipulating AI via its respective learning model and/or damaging the AI application by conditioning it to provide false or misleading generative content. 

Governance Structure and Training 

Part of effectively installing controls and implementing AI applications is effective governance. A governance structure allows banks to control and monitor how their employees use AI as well as who can train AI.  

Banks and financial services institutions will also need to invest in training their employees on how to effectively use AI and how to protect the organization from AI technology at all levels.  

With proper protocols in place, AI can be (and is already) an innovative tool with valuable implications and banking use cases that can’t be ignored.

CrossCountry Consulting’s Banking & Capital Markets team advances key initiatives on generative AI and other progressive technologies for leading organizations amid rapid innovation. To capitalize on relevant AI opportunities at your organization with proven strategies, frameworks, and accelerators, contact CrossCountry Consulting

This article is part of a series on generative AI technology, implementation strategies, use cases, and more in Banking & Capital Markets.

To meaningfully advance key environmental, social, and governance (ESG) initiatives – even ahead of forthcoming disclosure requirements – organizations must first assess where they are in their ESG journey. There’s no better way to do that than mapping current efforts against an ESG maturity model. This is square one. 

What Is an ESG Maturity Model?

The ESG maturity model is a framework that organizations use to assess their progress in integrating ESG factors into their business practices. Though dependent on the company’s industry, size, goals, and requirements, an ESG maturity model may include multiple stages, ranging from least to most mature. These varying stages help companies gauge their current status and guide them toward achieving higher ESG standards. 

ESG Maturity Model Redefined

With more than a decade of experience in sustainability, business transformation, and risk management, ESG leaders at CrossCountry Consulting have designed an ESG maturity model that’s useful for all companies and directly applicable on day one. The four stages of ESG maturity are:  

esg maturity model
  • Stage 1 – ESG Mindful: The organization has started looking into key ESG metrics they may have readily available as part of the organization’s different core areas. At this level, organizations have an awareness of relevant laws, regulations, and stakeholder expectations related to ESG issues that impact them.  
  • Stage 2 – ESG Defined: The organization has established a strategic ESG approach, and ESG reporting is being explored further by different areas of the business. At this stage, organizations may start to feel pressure from regulators, clients, or investors to start collecting data on identified key risks and opportunities. This involves identifying and prioritizing the ESG issues most relevant to the organization and its stakeholders and establishing clear and measurable goals and targets for improving the organization’s ESG performance. It also includes establishing policies and procedures for monitoring and reporting on progress toward ESG goals and metrics.  
  • Stage 3 – ESG Managed: The organization has now implemented a robust and systematic ESG strategy in which data is captured consistently across all aspects of the firm. This data is considered part of business operations and strategic decisions. ESG Managed also involves implementing monitoring and reporting processes to track progress toward ESG goals and metrics and to identify emerging ESG risks and opportunities that may require additional attention.  
  • Stage 4 – ESG Integrated: The organization has fully integrated an ESG strategy, is aware of any potential risks, and is looking to capture opportunities. It’s fully ready to comply with and exceed global regulations using investor-grade ESG-reported data. ESG Integrated also involves integrating ESG strategic goals into the organization’s day-to-day operations, including procurement, supply chain management, and employee training and development, to ensure that ESG considerations are fully embedded in the organization’s culture. At this level, the organization favors a progressive ESG strategy focused on transparency

Explore expert ESG Reporting solutions that solve real-world problems

Integrate sustainability reporting best practices and build an ESG framework that meets current and emerging regulatory requirements.

Key Components of the ESG Maturity Model 

The specific metrics often assessed in an ESG maturity model, again, can vary from company to company, based on business operations and the industries in which they operate. The following factors form a common outline organizations can start with: 

  • Environmental factors 
    • Energy consumption reduction. 
    • Waste management and recycling practices. 
    • Carbon emissions reduction. 
    • Water conservation efforts. 
  • Governance factors 
    • Board diversity and composition. 
    • Transparency in financial reporting. 
    • Anti-corruption policies.
    • Ethics and integrity in decision-making. 

Benefits of an ESG Maturity Model 

There are many benefits to using an ESG maturity model, including:  

  • Clear roadmap: By understanding where they sit on the ESG maturity spectrum, companies can assess which key milestones are required to move to the next level. 
  • Improved ESG performance: By understanding their current maturity level, organizations can develop a plan to set clear metrics and targets to enhance their ESG performance and achieve their ESG goals. 
  • Increased transparency and accountability: By enhancing their reporting process, organizations can demonstrate their commitment and strategic approach to ESG to their stakeholders. 
  • Enhanced reputation and brand value: By being seen as a leader in ESG, organizations can attract customers, investors, and top talent. 
  • Reduced risk: By understanding ESG-related risks, organizations can take proactive mitigation steps, protect their business, and focus their strategy on long-term value creation. 
  • New opportunities: By understanding the ESG landscape, organizations can position themselves to capitalize on new business opportunities to align with more sustainable market expectations. 

Challenges in ESG Maturity Model Implementation 

Merely “defining” ESG programs can impede progress and leave a lot of questions unanswered. Companies must contend with a variety of internal blockers and habits such as:  

  • Data collection and accuracy: Systematically gathering accurate and comprehensive ESG data across various business units is cumbersome without a cohesive data strategy in place. Inconsistent data can hinder accurate assessments and may translate into greenwashing or reputational risks. 
  • Complexity of integration: Integrating ESG principles across all levels of an organization requires significant effort and cultural shifts, which can be met with resistance internally and externally. 
  • Multiple ESG regulatory frameworks: Upcoming localized global ESG reporting standards make prioritization a challenge when deciding how to best allocate internal resources for ESG reporting. This also complicates benchmarking analysis between companies given the difference in scope of ESG disclosures required across different legislations. Most of these regulations use existing well-known frameworks, such as the Taskforce on Climate-Related Financial Disclosures (TCFD), which can smooth companies’ transition into the new regulatory landscape.  
  • Short-term vs. long-term priorities: Balancing short-term financial goals with long-term ESG objectives can pose dilemmas for decision-makers who must satisfy different audiences, stakeholders, and budget requirements. 

To baseline your current ESG posture and meaningfully advance to the next stage of your ESG journey, contact CrossCountry Consulting

As one of the primary architects and agents of digital transformation across today’s enterprises, the finance function has a two-step charter: 

  1. Internally transform the finance department by acting as the tip of the spear for the rest of the business. This means experimenting, vetting, and implementing leading analytics, automation, and artificial intelligence (AI) platforms that remake day-to-day finance activities and upskilling staff to perform higher-value tasks that meaningfully contribute to the strategic vision of the company. 
  2. Take the lessons learned from re-ordering its own department outward to other business functions. Finance must serve as a trailblazer and shepherd the holistic adoption of tools and processes throughout the enterprise with the goal of greater digital maturity and agility. 

Collectively, this requires finance to lead from the front. It must incubate successful practices and technologies on behalf of the business, then compound those wins through strategic cross-functional deployments and integrations. 

Easier said than done. 

Step 1: Internal Transformation and Innovation 

In a Forrester Consulting survey of 300+ senior finance and IT executives commissioned by CrossCountry Consulting, 43% of respondents indicated the CFO is the driver of digital transformation, more than triple the next stakeholder. 

With this responsibility, the first component to leading enterprise digital transformation is for finance to advance digital progress within its own house. Broadly speaking, that refers to: 

  • Automating manual processes: Process standardization and simplification of daily manual activities, such as invoice processing, reconciliation, and budgeting, through robotic process automation (RPA) frees up critical labor hours that can be better spent innovating and strategizing on behalf of the business. Finance’s ability to move away from rote number-crunching is a blueprint that can be replicated in other business units. 
  • Leveraging data management practices: Cloud data warehousing, the top benefit of digital transformation for 19% of surveyed organizations, is a critical advancement for finance and IT teams. Other data management practices, such as master data management (MDM), data governance, and data visualization, move the needle on what’s possible with the massive amounts of data organizations carry. A holistic data strategy underpins finance’s relationship to the rest of the business and sets the foundation for migrating respective teams onto core systems. 
  • Deploying advanced analytics and data insights tools: Real-time reporting, predictive insights, and strategic financial planning and analysis (FP&A) are made possible through enterprise performance management (EPM) tools. EPM tools offer the most important benefits of digital transformation according to 13% of respondents. With newfound insights that are easily accessible and drillable, the CFO can make informed decisions quickly, enabling them to see the organization’s path forward more clearly than other stakeholders. 
  • Embracing progressive technologies: AI and business intelligence (BI) tools are key focus areas for 77% of finance and IT leaders at “high maturity” organizations. Shifting to a technology-enabled culture that is ready to evaluate and onboard new technology platforms as they come onto the market empowers workers to use technology as a force multiplier in their work and impact. 

See what 300+ Finance and IT executives say about the state of enterprise digital transformation.

New Forrester research commissioned by CrossCountry Consulting

These actions generate tangible benefits to finance internally, thus validating finance’s leadership in piloting new ideas. But they also contribute significantly to the business, again substantiating the direct line between finance transformation and enterprise transformation. This allows finance to have an outsized impact on the business, including in areas not traditionally in its scope, such as:  

Possessing a trove of financial and operational data, the finance function has the capability of seeing under the hood and seeing into the future. Finance’s current digital maturity is a benchmark against which other departments can measure themselves and, over time, advance in unison. 

Step 2: Impactful Collaboration and Vision 

Even for leading finance teams, it is not enough to simply knock on the door of the CRO, CIO, CTO, COO, or other key executives and expect immediate, productive partnership in enterprise digital transformation. These departments may have their own agendas, systems architectures, employee cultures, and understanding of their place in the company hierarchy. 

Finance must intentionally and strategically build a business case for collaboration with these teams, assemble a coalition for change, and align the momentum of this effort to the five-year strategy. Doing so empowers the organization to: 

  • Increase alignment and digital collaboration: 95% of finance and IT leaders agree that for digital transformation to succeed, it’s important their business units establish a close and strategic partnership. 45% cite the absence of operational alignment as a critical barrier to partnership, though. Digital progress at the enterprise level must be first rooted in the alignment of departments. 
  • Maximize the adoption and impact of digital tools: When finance has the broader vision to implement tools with use cases beyond its own department, it has a running start on getting the rest of the organization on board with the same or similar platforms. Through a cross-functional Transformation Management Office (TMO) or Center of Excellence (CoE), finance can carry its digital momentum forward in a systematic, measurable way that drives accountability and adoption of digital tools. 
  • Rationalize technology systems and vendors: The most common digital priority (53%) for finance and IT leaders is the upgrading, replacing, or consolidating of legacy applications or systems. To avoid technology bloat and redundancies, it’s imperative that all functional and business leads provide transparency into existing technology spend. Finance and IT specifically can comb through the thousands of tools in place and identify overlapping capabilities and unnecessary customization with the goal of migrating the organization to an efficient set of core digital tools. This ensures the enterprise systems architecture works for the organization, not against it. 
  • De-risk: Improved security (40%) is ranked as the most important outcome of digital transformation. The expanding risk universe (regulatory, cyber, economic, competitive, etc.) necessitates a strong, responsive security and innovation posture from organizations. Finance’s partnership with the CRO and CISO in particular is vital when evaluating which technologies and controls can best thwart attacks and risk vectors. 
  • Manage growth in strategic areas: Some areas of the business are better positioned to digitally transform due to the availability of advanced technologies like AI, BI, and machine learning (ML). Additionally, investment in certain functions might be key to the five-year plan, meaning it’s natural for some business units to make digital progress faster, by design and necessity. Finance’s experience with making the jump to greater digital maturity is a roadmap for high-growth, high-innovation areas of the business, with digital transformation serving as a critical lever to achieving corporate growth objectives. 
  • Build a value-based cost structure: In a period of rising expenses and borrowing costs, right-sizing the business is critical to starting, maintaining, and reinforcing transformation that takes several years to materialize. 64% say it will take two or more years to see meaningful results from digital transformation. Meanwhile, 23% are using digital transformation explicitly as a cost-reduction effort. To build a durable cost structure that generates short- and long-term results, all business units must be aligned. 
  • Identify new business opportunities: Enterprise transformation instills common operating rhythms between departments, enabling key business units to ideate, innovate, and execute cohesively and collaboratively on the same wavelength. This collaboration marshals additional resources in the pursuit of new business opportunities, whether that’s IPO, M&A, or other forms of expansion. 
  • Be intuitively change-ready: The cultural shift to becoming a change-ready, future-ready organization is less measurable but equally impactful. If today’s transformation takes years to generate results, what about the next transformation and the one after? There isn’t a clear starting and stopping point when engaging in concurrent or successive transformation initiatives that impact the entire enterprise – the fog of change is a reality in an environment in which change is expected and accepted at any time. As cross-functional systems and shared processes begin to enable speed, agility, and digital maturity, the entire workforce is resilient and adaptable to change curves. 

Finance’s growing charter is more critical than ever. Successfully moving the organization toward a digitally mature future state will take years, but there are key incremental wins along the way that can pile up quickly and deliver meaningful results. The best time to get started is right now. 

For more expert insights on the state of finance and IT’s transformation partnership, download the full study. And to expedite your next transformation, contact CrossCountry Consulting

As global data collection triples between 2022 and 2025, the organizations positioned to rationalize, secure, manage, and leverage that data across the enterprise can improve digital transformation outcomes. These new wellsprings of data must be made actionable through a holistic data strategy that aligns the interests, investments, and ideologies of two of the most powerful executives: the CFO and CIO. 

This desired synchronicity will never organically develop, however. The partnership must be mission-driven, driver-based, and thoughtfully nurtured to ensure the enterprise data strategy is anchored in transformative practices and oriented toward long-term value creation in the form of advanced analytics, efficient reporting, and continuous cost management across the organization. 

So how can this relationship be made more effective? 

It starts with understanding the interdependencies and opportunities inherent in current data management practices. 

Dual Roles in a Common Purpose 

Though the CIO may in some cases report to the CFO and in other instances to the CEO or COO, the CIO and CFO organizations are unique (and often siloed) enough to warrant closer collaboration and agreement on priorities coming out of the C-suite. Overlapping, unclear, or inchoate responsibilities for data management are case in point. 

CFOs can leverage the potential applications of data and technology, such as cloud-based ERP, advanced analytics, and cybersecurity, while CIOs must consider market dynamics, operational requirements, and employee expectations. By fostering collaboration between the CIO and CFO and ensuring alignment in decision-making processes, techniques employed, analytical engines created, and information delivery tools used, both executives can significantly enhance their impact within the organization. 

To jointly work toward corporate agility and efficiency, CFOs and CIOs should align on these data technologies: 

Data TechnologiesContext for Alignment
Data GovernanceData governance involves the creation and enforcement of policies, standards, and processes to ensure the proper management and use of data across an organization. It includes data quality management, data security, and compliance with regulatory requirements. 
Reporting ToolsAdvanced analytics tools that leverage existing data to better predict future performance and generate what-if scenarios when making C-suite-level strategic decisions enhance reporting processes.
Cloud ServicesFor business continuity during disasters, minimized overhead, reduced property expenses, and greater uptime, cloud services are essential to modern firms. They’re also the backbone of data and analytics innovation. 
Data WarehousingData warehousing is a technology that involves the collection, storage, and management of large amounts of structured data from various sources. It provides a centralized repository for data analysis and reporting purposes. 
Master Data Management (MDM)MDM is a technology that focuses on creating and managing a single, authoritative source of master data, such as customer data, product data, or supplier data. It ensures data consistency, accuracy, and integrity across multiple systems and applications. 
Data IntegrationData integration technologies enable the extraction, transformation, and loading (ETL) of data from various sources into a unified and consistent format. It helps in combining data from different systems or databases for analysis and reporting. 
Data VirtualizationData virtualization allows users to access and manipulate data from multiple sources without the need for physical data movement or consolidation. It provides a virtual layer that abstracts the underlying data sources, allowing for real-time data access and integration. 
Data Quality ManagementData quality management tools and techniques help in assessing, improving, and maintaining the quality of data. They involve processes for data cleansing, deduplication, validation, and enrichment to ensure data accuracy and reliability. 
Data ArchivingData archiving technologies involve the long-term storage and management of historical or infrequently accessed data. Archiving helps in reducing storage costs, optimizing database performance, and complying with data retention policies. 

The CFO’s knowledge of company financial and strategic objectives and the CIO’s knowledge of systems, tools, and processes are a critical confluence. Getting data management right sets the course for future decisions, employee experience, financial health, competitive advantage, and technology adaptability.  

This is how impactful the CFO-CIO relationship is. Their collaboration propels the enterprise. 

How CFOs and CIOs Can Empower Each Other 

The channels and responsibilities through which CFOs and CIOs cross over will expand as these leaders continue to take on the roles of digital stewards for the enterprise. Recognizing and optimizing these touchpoints can streamline process workflows, clarify critical duties, and open the door for even greater partnership on key opportunities in the future. 

Especially at organizations in which technology is a critical component to business operations, CFO and CIO roles cross over in several areas, as seen below: 

CFO Priorities and Perspective 

While not necessarily rooted in the functionality or day-to-day operations of the company’s technology stack, the CFO is still a power user for the purposes of generating data-backed insights for planning, forecasting, and reporting processes. The CFO ensures the technology architecture of the firm doesn’t have negative financial implications (high operating costs, low utilization, compliance or regulatory risks, etc.). 

Technology platforms must be attuned to the firm’s risk tolerance and future financial fitness, making every system implementation not just an investment in IT but in the whole firm. 

CIO Priorities and Perspective 

The CIO, on the other hand, is responsible for evaluating, selecting, and implementing the systems and processes that support data generation, governance, analytics, and reporting. These systems and processes provide the foundation for CFOs to make strategic decisions. 

With expertise in technology risks and innovation, the CIO has the background to implement enterprise-wide controls, wisely deploy optimal technology, and pursue the latest tools on the market, such as automation, digitization, artificial intelligence (AI), machine learning (ML), business intelligence (BI), and more. 

How the CFO Can Help the CIO 

CFO and CIO organizations can support each other in numerous meaningful ways in the spirit of common values and corporate vision. Additionally, the business strategy will have a direct impact on the financial strategy and technology strategy, implicating both parties from the top down. Collaboration between these parties, too, can foster an elevated business strategy for the entire organization, more of a bottom-up influence. 

CFO overtures to the CIO can include efforts such as: 

  • Articulating business priorities, organizational goals, and value-drivers so the CIO has a better sense of what and how the CFO evaluates and approves recommended technologies. 
  • Giving the CIO a voice in executive strategy meetings, familiarizing other C-suite peers with potential opportunities with technology, and formalizing a process by which the CIO can contribute more meaningfully to corporate objectives beyond IT investments alone. 
  • Aligning the CIO to OCFO departmental priorities, costs, challenges, and opportunities to help them tailor their proposals and future research on beneficial technologies to the right audience and objectives. 

How the CIO Can Help the CFO 

The CIO can similarly support the CFO by: 

  • Developing a data strategy that aligns with the organization’s overall business goals and growth objectives that are driven and/or supported by the OCFO. 
  • Selecting and implementing the right data analytics tools and solutions. 
  • Creating and managing data governance policies and procedures. 
  • Developing and delivering data-driven reports and visualizations. 

It’s clear that an elevated, consistent CFO-CIO partnership is optimal for maintaining an efficient, agile organization capable of leading its industry from the front. As their domains evolve and synchronize further, CFOs and CIOs will find themselves making collaborative, forward-looking decisions on behalf of the business at large, resulting in lasting value otherwise not achievable with legacy silos and platforms. 

Enabling Change

Beginning with a current-state assessment that outlines the priorities of both parties, CrossCountry Consulting enhances the CFO-CIO alliance. Through strengthened partnership, the CFO and CIO organizations are able to deliver strategic recommendations to the business and share a common roadmap for executing transformation that’s measurable, manageable, and meaningful.

For leading data management practices and transformation impact, contact CrossCountry Consulting

Companies are increasingly recognizing the role diversity, equity, and inclusion (DEI) plays in creating a successful organization. Studies are finding that there is a strong connection between successful DEI efforts and company financial performance.

For instance, companies with the highest DEI scores on Glassdoor have an 80% higher ability to adapt than others. An organization’s improved ability to adapt – sometimes referred to as “change power” – led to 2x earnings before interest and taxes (EBIT) improvement, 2x in shareholder return, and 1.5-3x revenue growth, demonstrating a powerful intersection between successful DEI efforts and an organization’s financial performance. However, despite great progress in creating DEI programs, executives are struggling to measure and share the impact of diversity efforts. This has subsequent impacts on environmental, social, and governance (ESG) reporting, which will soon need to be addressed by public companies due to forthcoming regulatory changes.

To meet this reporting need, executives need a dashboard that provides comprehensive and current reporting of DEI data and key performance indicators (KPIs) in one place. Conventional human resources information systems (HRIS) software is capable of simple data visualizations, but the functionality of the reporting is often quite basic, lacking in customization or shareability internally and externally.

Now, companies are finding success quantifying DEI progress by building interactive dashboards in leading data analytics platforms, creating a new era of transformative insights for financial, operational, and executive teams.

What Is an Executive DEI Dashboard?

Executive DEI dashboards serve as a central hub for DEI data, consolidating information from various data sources into a user-friendly interface. These dashboards enable a holistic and interactive view of the organization’s diversity metrics, which allow executives and stakeholders to gain real-time insights and track progress against organizational goals.

Having such a comprehensive tool unlocks transparency within the company and fosters a culture of accountability. This ultimately encourages leaders to set and act upon measurable goals, track KPIs, and regularly evaluate DEI initiatives.

Below is an example of an executive DEI dashboard with various drillable views and insights:

dei metrics dashboard for executive decision-making

How Does DEI Data Visualization Strengthen Decision-Making?

Accurate and up-to-date information is crucial for making informed decisions. Creating DEI reporting with modern data visualization tools, such as Power BI or Tableau, provides decision-makers with a wealth of information.

Leaders are able to identify patterns, trends, and disparities within the organization in custom views that are most effective for team goals. With such seamless and interactive access to HR data, leaders can develop data-driven strategies to pinpoint areas of concern and shortcomings, optimize resource allocation, and recognize effective practices. By leveraging data insights derived from the executive dashboard, organizations can align DEI efforts with broader business objectives and create a competitive advantage.

What Can Data Visualization Tools Do Better Than Conventional HRIS Solutions?

Executive DEI dashboards need to be adaptable, convenient, and comprehensive. While HRIS systems may have standard reporting functionalities to generate predefined reports and export data, data visualization tools are designed to present data in an interactive interface and can incorporate custom KPIs created by the organization.

Explore expert Data Transformation & Analytics solutions that solve real-world problems

Accelerate strategic adoption of data and analytics platforms within a scalable systems architecture for stronger performance reporting, cleaner insights, and greater change readiness.

Since these tools are built specifically for summarizing and presenting complex data sets to broad audiences, the collaboration features are also often much stronger than what can be found in a traditional HRIS solution.

Below are some key examples of where market-leading data visualization tools have an advantage:

  • Enhanced visualization options: With a library of visualizations and custom visuals, data visualization tools enable the end user to present DEI data in engaging and impactful ways. Users can choose from a wide range of charts, infographics, and storytelling features to highlight key diversity insights.
  • Trend analysis and forecasting: Superior trend analysis and forecasting features are incredibly useful in understanding the trajectory of DEI efforts. Users can analyze historical data and identify patterns to forecast future diversity performance.
  • Data sourcing: These tools allow for integrating data from multiple sources as well, including popular HRIS systems like Workday. This means you can combine data from various systems, such as employee demographics in the HRIS and applicant tracking solutions, survey results from internal and third-party sources, and external benchmarks, to create a comprehensive collection of reports. By incorporating additional data, organizations can enrich their DEI analytics and gain a full understanding of diversity-related factors impacting their workforce.
  • Sharing and accessibility: Robust collaboration features often facilitate teamwork and knowledge-sharing. Users can share the DEI dashboard with stakeholders across the organization, enabling them to interact with the data, ask questions, and explore insights. As an example, Power BI integrates seamlessly with Microsoft collaboration tools like Microsoft Teams.
  • Security: Users can enable granular permissions and security settings, such as row-level security. Administrators can control access to sensitive personally identifiable information (PII) data as is common with HR datasets and restrict editing rights based on user roles and responsibilities. This ensures that only authorized individuals can view, modify, or share specific content. For example, executives may choose to restrict access to DEI data at a location, department, or business unit level.

How Do Dashboards Improve DEI Results?

The level of accessibility gained through an executive DEI dashboard empowers organizations to identify specific areas that require attention, then tailor interventions accordingly. For instance, if the data reveals disparities in promotion rates among certain demographics, companies can implement targeted mentoring programs or training initiatives to address these gaps.

The ability to pinpoint challenges and develop focused HR strategies to combat those challenges enhances the effectiveness of DEI initiatives. Over time, these data-driven decisions can drive greater workplace inclusivity while also strengthening the organization’s ability to adapt.

The newfound transparency, actionable insights, and stakeholder engagement in executive DEI dashboards directly contribute to measurable, meaningful DEI outcomes. With the right information available, leaders can take decisive steps toward implementing tailored DEI action plans and more efficiently report metrics to employees, boards, investors, customers, partners, and more.

For expert support developing practical, impactful reporting tools, contact CrossCountry Consulting.

Life sciences companies face numerous challenges in managing their spend and driving growth under more normalized post-pandemic economic conditions. While 2020 and 2021 were banner years for life sciences investment and growth, 2023 brings recession fears, financial services crises, and continued global uncertainty.

Amid this environment, the pressure to demonstrate a strong cash runway, reach meaningful milestones, and produce organizational value within life sciences makes effective financial management imperative.

These demands were explored in a recent webinar from top life sciences experts from CrossCountry Consulting and Coupa, a leading business spend management (BSM) platform. Joined by more than 100 senior finance and accounting executives in the industry, the discussion reinforced how Coupa has emerged as a valuable solution for life sciences companies seeking to optimize their spending and fuel growth.

Coupa Proves Essential to Life Sciences Roadmaps

One of the key benefits that life sciences companies have experienced with Coupa is the ability to accurately align their spend with an approved budget. With the board’s increasing focus on cash runway and the expectation of at least two years of financial stability, it’s crucial for companies to have a clear understanding of their spending and its impact on the overall financial health of the organization.

Coupa enables companies to track and manage their spend in real-time, ensuring expenses remain within budgetary limits set by the board. This level of financial control provides stakeholders with the confidence that the company’s resources are being utilized efficiently and effectively.

Explore expert Coupa solutions that solve real-world problems

Execute efficient Coupa deployments, enhance procurement and supply chain ROI, and minimize risk with Integration-as-a-Service offerings.

Coupa also empowers individuals within the organization to manage their own purchase orders (POs) in a streamlined and efficient manner. By automating the PO process and providing user-friendly interfaces, Coupa reduces the administrative burden on finance and accounting teams, allowing them to focus on more strategic initiatives. This self-service capability not only improves operational efficiency but also fosters a sense of ownership and accountability among employees, as they are actively involved in managing their expenditures.

Holistic business spend management transformation of this kind is now becoming a must-have internally in organizations and throughout the vendor supply chain, as implementing a centralized BSM solution like Coupa is the fastest path to generating sustainable procurement savings and finance efficiencies relative to deploying narrow point solutions.

Additionally, accurate and timely data is essential for life sciences companies to make informed decisions and develop realistic models for achieving meaningful milestones. Coupa’s comprehensive reporting and analytics capabilities provide companies with the necessary insights into their spending patterns, enabling them to accurately assess costs and plan for future investments. With reliable cost data at their disposal, companies can confidently present models and scenarios to the board, addressing various funding options, including business development, partnerships, and traditional biotech funding sources.

Visibility and Control Power Operational and Procurement Improvements

In addition to these core advantages, Coupa addresses some of the operational challenges commonly faced by life sciences companies. The lack of visibility into spend and limited control over processes have long been pain points for organizations relying on manual and outdated systems.

Coupa’s automated platform offers enhanced visibility, enabling management to make data-driven decisions and address bottlenecks effectively. By streamlining processes and introducing robust controls, Coupa ensures compliance and reduces the risk of unauthorized spending or circumvention of established financial controls.

“Reducing R&D bottlenecks allows for more time on science,” said Michael Manna, Regional Vice President – Life Sciences, Coupa. “Simplifying the buying process leads to greater adoption, allowing companies to improve visbility and control, while driving compliance and measurable savings across the organization.”

Another area where Coupa has proven valuable is in the procurement of lab supplies, which is critical for life sciences companies. Coupa’s Open Buy functionality and partnerships with trusted vendors provide employees with easy access to a wide range of lab supplies across multiple suppliers in one centralized place. This not only simplifies the ordering process but also reduces the need for additional manual reviews, saving time and resources for both the finance team and the lab personnel. The seamless integration of procurement and payment processes within Coupa further contributes to operational efficiency and facilitates smooth collaboration between different departments.

As discussed, the deployment of Coupa can deliver serious improvements in spend management and operational efficiency for life sciences companies. The reduction of manual processes, enhanced visibility into spend, and streamlined procurement workflows have paved the way for accelerated decision-making, improved resource allocation, and ultimately, greater growth.

For expert Coupa implementation or optimization support, contact CrossCountry Consulting.

Companies considering a public offering in the next 18-24 months must plan for their pre-IPO audits given the possibility of this time period being included in a future SEC registration statement.

Financial statements in the public domain generate a host of considerations, which, if planned proactively, will help clear the way for an efficient IPO process. As part of the IPO readiness journey, it’s time to start planning an external audit.  

Consider the Audit Scope for FY 2023

An audit under PCAOB standards comes with higher materiality thresholds than what is required for an AICPA audit. Companies in the process of preparing an SEC registration statement are subject to “uplift” procedures that reflect additional audit procedures from historical AICPA audits to comply with a PCAOB audit.

Financial controllers can alleviate some of this effort by requesting the scope of the current-year audit to be at public-company materiality levels and potentially revisiting prior periods. Although it might be time-consuming, this approach can provide efficiencies, as additional sample testing can be completed before the commencement of the registration process.

Address Material Technical Matters

Material complex transactions can absorb a significant amount of financial controllers’ time, and delayed accounting typically contributes to inefficiencies during the year-end audit.

To minimize undue audit issues, maintain an inventory of such transactions and proactively address them within the respective quarter or, at the latest, during the fourth quarter before year-end audit fieldwork begins. This can save significant time during the year-end audit, as the financial controller and their team can focus on “routine” year-end close and reporting with key technical matters already addressed.  

Examples of common accounting issues recommended to close out before year-end include:

  • Accounting for business combinations.
  • Accounting for the issuance/modification of debt and equity instruments.
  • Accounting for long-lived asset disposals.
  • Impairment assessment of goodwill, intangibles, and long-lived assets.
  • Adoption of new accounting standards.

Deliver value in the deal and beyond with expert IPO filing and advisory solutions

Generate and protect a profitable public company state with a methodology focused on your organization’s critical financial, operational, and technology-related functions.

Consider New Contracts With Customers

Although the adoption of ASC 606 Contracts With Customers may be behind us, the application of ASC 606 continues to require considerable judgment for an array of industries.

To ensure a smooth year-end audit of reported revenue:

  • Identify new material contracts with key issues, like principal/agent relationships, variable consideration, and contract modifications.
  • Proactively prepare technical memos for audit review.

Private Company Alternatives

The prospective transition to public company reporting will result in the reversal of any private company accounting alternatives a company previously adopted (e.g., election to amortize goodwill). Similarly, certain practical expedients permitted for private companies, such as the use of a risk-free rate for leases, will no longer be available.

Financial controllers will want to understand the prospective impact of any such changes to their financial statements and consider whether implementing these changes in the current financial year could save time in the future and help align their reporting to public company peers.

Preparation of Shell Financial Statements

Streamline the year-end reporting process and allow auditors an early review by rolling forward prior-year financial statements and refreshing disclosures before year-end hits.

Additionally, public companies are subject to increased disclosure requirements under SEC Regulation S-X. Pre-IPO companies will need to consider this on their path toward their first registration statement filing.

Financial controllers may want to consider the timing of uplifting their disclosures in accordance with SEC requirements and whether it could be done in conjunction with the preparation of shell financial statements for the FY 2023 audit. Some examples of topics that may require new disclosures for a prospective public company include:

  • Earnings per share (EPS).
  • Segment reporting.
  • Temporary equity classification of redeemable securities.
  • Certain income-tax-related disclosures.
  • Certain disclosures related to pensions and other postretirement benefits.

Appointment of a Project Manager

As part of the IPO team, a designated project manager within the finance team who can manage the external audit ensures the financial controller has additional capacity to focus on the day-to-day management of year-end close and reporting. The project manager can help establish a predefined governance structure with the audit team, facilitate communication between the auditor and the financial controller, and support the timely resolution of audit issues. This results in a shorter audit timeline akin to a public company.

Organizations pursuing a public filing in the near term will find that the Office of the Financial Controller is pivotal to a successful IPO process. And for financial controllers seeking to deliver success to the organization, proactive planning for the FY 2023 audit is an effective way to make a meaningful impact.

For expert IPO readiness support and to make tangible progress on your IPO journey, contact CrossCountry Consulting

On August 23, 2023, the SEC adopted new rules under the Investment Advisers Act of 1940 (Advisers Act) to increase transparency from private fund advisers to their investors. The new rules require private fund advisors to equip their investors with more information pertaining to performance and expense metrics, and it prohibits engaging in certain preferential treatment practices to protect investors.

What Are the Changes?

For private fund advisers registered with the SEC:

  1. Quarterly Statement Rule: Private funds are required to distribute a quarterly statement to their investors, disclosing information such as private fund performance, investment costs, and fees and expenses paid by the private fund.
    • If the fund is not a fund of funds, this quarterly statement must be distributed within 45 days after quarter end and 90 days after year-end.
    • For a fund of funds, quarterly statements must be distributed within 75 days after quarter end and 120 days after year-end.
  2. Private Fund Audit Rule: Fund advisers are required to undergo an annual audit of their financial statements. 
  3. Adviser-Led Secondaries Rule: Registered private fund advisers must obtain a fairness opinion OR valuation opinion when offering existing investors the option to transfer their interests from one fund to another.
  4. Books and Records Rule Amendments: These amendments allow the SEC to assess an adviser’s compliance with the rules.

For all private fund advisers:

Restricted Activities Rule Summary

Private fund advisers are restricted from the following:

  1. Charging certain fees and expenses to a fund or its portfolio investments without investor disclosure, such as fees for unperformed services and fees associated with an investigation of the adviser.
  2. Charging or allocating any fees or expenses that are related to compliance, regulatory, or examination activities without disclosure to the fund’s investors.
  3. Reducing the amount of an adviser’s claw back, unless investors are informed of both the pre-tax and post-tax amounts.
  4. Charging fees or expenses related to a portfolio investment on a non-pro rata basis when multiple investors have invested in the same portfolio investment, unless the adviser is able to provide advance written notice and provide evidence that the approach is equitable.
  5. Borrowing or receiving an extension of credit from a private fund client without disclosure and consent from fund investors.

Explore expert Technical Accounting & Financial Reporting solutions that solve real-world problems

Anticipate, understand, and respond to accounting and reporting changes with agility and accuracy.

The Preferential Treatment Rule Summary

This rule prohibits all private fund advisers from providing preferential treatment to investors unless disclosure is provided to the investor prior to investment. The SEC is grandfathering certain prohibition aspects of the Preferential Treatment Rule and the Restricted Activities Rule that require investor consent. For those governing agreements that were entered into prior to the compliance date, legacy status would apply if the applicable rule required the agreements to be amended. Otherwise, all private fund advisers are prohibited from providing preferential terms to investors regarding:

  1. Certain redemptions from the fund, unless required by law or the private fund adviser offers this option to all other investors.
  2. Certain preferential information about portfolio holdings unless this information is also offered to all other investors.

The Compliance Rule Amendments Summary

An amendment to the compliance rule requires that all registered advisers document the annual review of their compliance policies and procedures.

When Do These Rules Take Effect?

RuleTimeframe
Quarterly Statement Rule18 months after the date of publication in the Federal Register.
Private Fund Audit Rule18 months after the date of publication in the Federal Register.
Advisor-Led Secondaries RuleFor advisers with $1.5B or more in private funds assets under management, 12 months after the date of publication in the Federal Register; for advisers with less than $1.5B in private funds assets under management, 18 months after the date of publication in the Federal Register.
Restricted Activities RuleFor advisers with $1.5B or more in private funds assets under management, 12 months after the date of publication in the Federal Register; for advisers with less than $1.5B in private funds assets under management, 18 months after the date of publication in the Federal Register.
Preferential Treatment RuleFor advisers with $1.5B or more in private funds assets under management, 12 months after the date of publication in the Federal Register; for advisers with less than $1.5B in private funds assets under management, 18 months after the date of publication in the Federal Register.
Compliance RuleRequired 60 days after publication in the Federal Register.

What Are the Implications?

The SEC’s new rules have the potential to significantly impact the regulation of private fund advisers, shaping how these entities operate and interact with investors. While the changes aim to foster innovation and improve transparency, they also introduce new challenges and considerations for both advisers and investors.

Striking the right balance between facilitating growth and maintaining investor protection will be crucial as these rules reshape the landscape of private fund adviser regulation. As these rules are implemented, stakeholders across the financial industry will closely monitor these developments to assess their practical implications and potential long-term effects.

For expert support interpreting and acting on the rule changes, contact CrossCountry Consulting.

Have you ever noticed that investors and key stakeholders have certain assumptions about how sustainable your operations are, or they ask about your management of ESG-related issues? Ever been engaged by investors asking what you’re doing to manage your ESG risks, only for them to suggest your peers are doing things more strategically?

At any given moment, there are multiple players looking at your disclosures and comparing your performance and management of ESG concerns to peers. For instance, third-party ESG ratings providers and investors form assumptions about ESG strategies and risks based on public disclosures – but those assumptions don’t always tell the full story.   

Suffice it to say, if you don’t tell your own ESG story, someone else is certainly telling it for you. It’s time to own your narrative. 

Who’s Evaluating Your ESG Performance? 

Various stakeholders and entities are interested in your approach to ESG, including: 

CategoryESG InterestNotes
Investment managersMay have ESG-specific funds or mandates and can only invest in companies that fit the mandate.  Global ESG Assets Under Management (AUM) are predicted to be $50T by 2025.
Third-party ESG research and rating firmsFirms such as Sustainalytics, MSCI, ISS, and others rate companies based on their ability to manage ESG-related risks. Where there are limited company-provided disclosures, these firms use third-party data to bridge the gap.  
RegulatorsTo mitigate greenwashing and validate compliance, regulators mandate certain ESG reporting standards and ensure the integrity of ESG-related data.An SEC climate reporting proposal is expected to be finalized before the end of 2023. 
BanksMany banks have signed onto goals aimed at reducing their lending to carbon-emitting businesses.  A survey of 55 banks and financial institutions representing $40+ trillion in assets revealed that 46% of respondents expect to limit credit underwriting to low-carbon, ESG-aligned customers by 2050.
InsuranceUnderwriters incorporate ESG risk (i.e., climate change) into risk models. 
Supply chainsScope 3 emissions, a category of Greenhouse Gas Emissions (GHG), are produced by your value chain, including your suppliers. If your company is in someone else’s supply chain, they may be looking for your carbon emissions data. Amazon and Microsoft are among two of the largest companies mandating climate reporting from all their suppliers.  

Make Your Story Yours 

The above stakeholders look at what you are or are not saying regarding your approach to mitigating ESG risks. Where there are gaps in your disclosures, they leverage alternative data sources and internal methodologies to make their own ESG assessments of your company’s operations, which may not fully capture your approach or may not account for your internal strategy for managing key ESG topics.   

Explore expert ESG Reporting solutions that solve real-world problems

Integrate sustainability reporting best practices and build an ESG framework that meets current and emerging regulatory requirements.

Investors and other stakeholders compare your ESG strategy against your peers and make valuation assumptions and assess an embedded level of risk. However, only you know what your sustainable strategy is – it would be hard for others to gather this insight. So, telling your own story allows you to course-correct the narrative (if playing catchup) or shape it from the start (if the company is new). 

Failure to engage in the larger ESG conversation with your own corporate ESG story can result in ineligibility for ESG mandates, lost investments, limited access to credit, or perhaps higher insurance premiums – any or all of which are ultimately a high price to pay. 

How to Tell Your ESG Story 

To write a story, start with chapter headings and content. For this purpose, the chapter headings will be based on materiality – that is, the ESG elements that are material to the business. The content will be the data that’s calculated, validated, and disclosed against those elements. 

ESG Story Chapter Headings: Materiality 

The first step in telling your story is to figure out which ESG-related data elements are material to your business. Materiality is arrived at in the following way: 

  1. ESG materiality assessment: Utilize established frameworks such as SASB to gain an understanding of the ESG metrics that are material to your industry. SASB has already done the work of developing 70+ distinct industry standards that serve as a great starting point to define materiality, which has been used as a market baseline. Further, new regulations include their own set of standards – such as ISSB and the ESRS – that provide guidance on key ESG areas of focus across E, S, and G.
  2. Peer benchmark: Supplement the above assessment with a review of what peers in your industry are disclosing with respect to ESG and what may have been defined by industry-specific affinity groups.  
  3. Employee, executive, board, client perspective, and the rest of your value chain: Complete the definition of your ESG story by understanding what your firm prioritizes internally at both the grassroots and board levels.  Finally, talk to external stakeholders, such as key clients, and see what they are expecting from their vendors. The larger your key client, the more likely they have ESG expectations from their suppliers. So, you want to be proactive in addressing these.  

Telling your ESG story requires the chapter headings to be defined. An airline and a consumer staples company, for example, both want to tell their ESG story, but their chapter headings will be quite different. The materiality assessment, peer benchmark, and stakeholder perspectives will allow you to define what components are part of your story.  

ESG Story Content: Company-Specific ESG Data 

After completing the materiality assessment, looking at your peers, and talking to stakeholders, it should be clear what ESG data elements are material to your business. Let’s say these include GHG and employee diversity, which means you at least have “Carbon Emissions” and “Employee Diversity” chapters in your ESG story. Now how do you fill in the rest of the content? 

Some content creation will be simply a function of accessing existing company data repositories, while other content will require utilizing new, ESG-specific technologies. In this example, employee diversity data should be easily retrievable from HR systems such as Workday and Oracle – albeit it is important to consider that not all organizations are capturing the breadth of diversity data that may be required, so additional efforts may be necessary. 

Calculating your inventory of GHG emissions will require utilizing a new class of tools known as “carbon accounting.” These tools can upload data on items such as your utility usage, business travel, office leases, truck fleets, etc., and apply emissions factors based on the Greenhouse Gas Protocol to come up with your Scope 1, 2, and 3 carbon metrics. Carbon accounting vendors include Sustain.life, Persefoni, Watershed, and many others.   

Calculating the emissions produced by your organization’s upstream and downstream value chain, known as Scope 3 emissions, requires key collaboration for data collection and integration into your overall business strategy. This may require tools to survey your suppliers and assess their responses. Tools that help with this include Ecovadis, which was created with purposes like this in mind, and Coupa, which extends its existing procurement platform to this capability. 

Bottom Line 

Don’t let the market make assumptions about your ESG story. Write the story yourself so that your company’s ESG reporting efforts and disclosures are a strategically open book – not a mystery. 

For expert support defining material ESG metrics and compiling relevant ESG data, contact CrossCountry Consulting

The principal barriers to successful digital transformation likely sound frustratingly familiar to today’s top executives. Particularly for CFOs and CIOs – the stewards often tasked with advancing organizational digital maturity – overcoming these challenges is make or break from competitive, strategic, human capital, and budget perspectives.

However, digital investments continue to climb. Progressive technologies like artificial intelligence (AI) and machine learning (ML) redefine once-laborious processes. Employee talent is higher than ever. These advancements are ostensibly moving organizations in the right direction, so why is digital transformation still a puzzle that can’t be solved?

Below are recent findings from a study conducted by Forrester Consulting and commissioned by CrossCountry Consulting that spotlight what’s preventing digital transformation from being effectively implemented and impactful. To move the needle on the velocity, scale, quality, and cost of transformation across an extended enterprise, it starts with fixing what’s broken. 

See what 300+ Finance and IT executives say about the state of enterprise digital transformation.

New Forrester research commissioned by CrossCountry Consulting

Persistent Cross-Functional, Cross-Level Silos

The complexity and entrenchment of silos in today’s organizations bog down the business in a web of misalignment, miscommunication, and missed opportunities.

72% of finance leaders say their department is more internally siloed/very siloed compared to 61% of those in IT. Silos are also obstructing alignment at multiple levels throughout organizations, with respondents agreeing that they persist not only between finance and IT (65%) but throughout the entire organization (62%).

enterprise digital transformation silos

Concurrent and overlapping silos exist on more than one axis as well. For example, silos obstruct alignment between departments, within departments, and across the org chart. In other words, finance and IT jointly struggle to synchronize with each other, while both struggle to collaborate internally with their own teams. Inside these silos, too, are often disconnects between staff and management, or management and leadership.

Counterintuitively, just 19% of finance and IT leaders prioritize the removal of these silos as part of their digital transformation roadmaps.

Poor Visibility Through a Lack of Knowledge-Sharing

One of the chief repercussions of organizational silos is poor visibility into operations. Without an established, successful framework for knowledge-sharing across teams, it’s not uncommon for departments and individuals to advance digital transformation for different reasons, with different systems, and at different paces.

When assessed in totality, the organization might then realize it has implemented redundant software or competing processes simply because the left and right hands weren’t speaking.

Absence of Operational Alignment

45% of finance and IT leaders say a lack of operational alignment creates more silos. Had finance and IT, for instance, fostered greater alignment earlier, poor transformation results could’ve been avoided. 

Breaking down silos is more than just leveraging the same systems or using the same vocabulary; leaders must commit to removing philosophical and strategic silos that exist at the highest levels of the business.

That means there must be concrete alignment on the corporate vision, the five-year strategy, and other key priorities that impact the entire business and its reason for operating. If leaders have contradictory visions, operational silos will proliferate.

Misunderstanding of End-to-End Processes

The number of touchpoints across business functions expands during transformation. Closer collaboration and integration of workflows, personnel, data, and technologies requires a high-performing process architecture that’s clearly understood and engrained in day-to-day operations.

44% of survey respondents, however, indicate that end-to-end processes – a backbone of digital transformation – aren’t well-understood in their organizations. Opaque rules, roles, and responsibilities make process integrity difficult to maintain over the long run.

Decentralized Communication

While work and work environments are more commonly distributed around the globe today, communication is still a channel that might suffer from further decentralization as it pertains to digital transformation. Decentralized communication (42%) is cited by finance and IT leaders as an accelerant for more silos.

A Center of Excellence (CoE) or steering committee must be a consistent driving force behind digital transformation. If staff hear conflicting priorities or objectives through different channels, it makes transformation all the more difficult to advance.

Disconnected Front and Back Office

Connecting the front and back offices fuels planning, budgeting, reporting, staffing, and various financial and operational activities. But 37% of respondents lack this connection – over time, this disconnect sows different cultures and processes, hampering digital transformation efforts.

enterprise digital transformation progress

Lack of Collaboration

Employees may not naturally have a stimulus to collaborate more closely with other teams or departments, as doing so might lead to more work that doesn’t yield tangible payoffs today. Similarly, if department heads don’t specifically incentivize and enforce greater collaboration, it won’t organically occur on its own. 50% of finance and 38% of IT leaders recognize the absence of critical collaboration as a contributing factor to stalled digital transformation.

Outdated Technology

49% of finance and 40% of IT leaders cite outdated technology as another barrier to digital progress. Decades of custom and legacy software solutions have created an environment in which it’s expensive to retain and maintain existing tech stacks but also expensive to make the jump to entirely new enterprise systems that require years of expenditures in vendors, staff, and training.

The underlying truth is that CFOs and CIOs must partner to make this business case and chart a feasible, cost-effective path forward, even if it upsets decades of tribal knowledge and comfort with systems. Digital transformation can of course occur in stages, but it must begin somewhere, and it will ultimately lead to potentially major technological overhauls.

Lack of Budget

Even if all of the above challenges are addressed, there’s still the cold reality of budget. Depending on the size of the organization, the implementation and maintenance of cloud-based technology solutions won’t be cheap. 46% of finance and 41% of IT leaders say budget constraints hamper their digital transformation efforts – until that budget is secured, real transformation will always be slow-going.

Macroeconomic Uncertainty

Organizational sensitivity to macroeconomic factors like inflation, interest rates, supply chain issues, and labor shortages indefinitely clouds decision-making. CFOs and CIOs – being close to the financial and technological fallout of these factors – must account for these external circumstances on top of the aforementioned internal challenges.

60% of survey respondents indicate they can’t sustain another year of continued macroeconomic uncertainty. Conversely, companies may find this opportunity ripe for strategic investment in cost- and labor-saving technologies, like AI, cloud computing, and robotic process automation (RPA).

Leaders capable of seeing through the fog of hurdles, complexities, and indifference can lead their organizations from the front – toward greater digital maturity and enterprise agility. Kick-starting (or re-kick-starting) digital transformation starts from the top, in full recognition of the roadblocks and opportunities ahead.

For more expert insights on the state of finance and IT’s transformation partnership, download the full study.

Successful digital transformation starts with strategic Finance-IT alignment. When these critical functions collaborate on the priorities, investments, and initiatives necessary to drive transformation across an extended enterprise, the odds of success increase.

To learn about the latest findings on the state and value of enterprise digital transformation, view the infographic below, based on a Forrester study of 300+ Finance and IT leaders commissioned by CrossCountry Consulting:

enterprise digital transformation

For even deeper data-backed insights and key findings, read the full results of the study here.

Possessing one of the most extensive troves of data, banks have an unprecedented business opportunity to convert this wealth of information into innovative digital solutions internally and for their customers. Artificial intelligence (AI), machine learning (ML), and Big Data harnessed through the lens of banking can deliver newfound customer insights, enhanced financial products and services, strategic competitive edge, and transformative risk management at a level not possible even a few years or months ago. 

As these digital technologies evolve, the data underpinning them becomes an increasingly invaluable asset that can set the course for business success (or failure). Impacting all bank functions – front office, treasury, operations, risk, finance, compliance, cybersecurity, etc. – data must be wrapped in a holistic enterprise data strategy to be truly understood and acted on. 

Accounting for volatile market conditions, highly regulated environments, and the rapid pace of change, how can bank leaders take charge of their data to make elevated, informed decisions in real-time while avoiding undue risk? 

The stories of two organizations help shed some light. 

Capital One: A Lesson in Data-Driven Success 

Capital One’s data-driven approach included leveraging data analytics and innovative technology to grow into the 12th largest U.S. bank within the 30 years since its inception. One of its most successful strategies was implementing fraud-detection algorithms based on predictive analytics and machine learning. This competitive edge enabled the bank to navigate fluctuations in financial markets over the years while industry peers struggled. 

Credit Suisse: A Cautionary Tale 

The Credit Suisse collapse in 2023 was a culmination of significant losses and scandals resulting from decades-long failed investments. In one instance, the bank’s relationship to failing Archegos Capital Management in 2021 resulted in a $5 billion loss. While other banks like Goldman Sachs and Morgan Stanley were able to mitigate losses during the same timeframe, it became evident that Credit Suisse’s risk management framework did not have adequate, quality risk and exposure data the bank could access in real-time. 

In 2022, Switzerland’s Federal Criminal Court fined Credit Suisse the equivalent of $22 million for failing to prevent money laundering related to a Bulgarian cocaine trafficking gang. With a more robust data infrastructure to support anti-money laundering (AML) monitoring, this event could’ve been avoided. 

In these cases, poor data hygiene and practices were fatal. 

The Data-Driven Opportunity in Banking 

A coherent data strategy is make or break for banks and other financial institutions. As banks continue to generate vast amounts of transactional and customer data, the power of that data can be capitalized on. 

Explore expert Data Transformation & Analytics solutions that solve real-world problems

Accelerate strategic adoption of advanced technologies like AI, automation, analytics, and business intelligence platforms within a scalable systems architecture that works for your business today and tomorrow.

Embracing a well-defined data strategy can, among other things: 

  • Unlock valuable insights. 
  • Reduce operational costs and risks. 
  • Enhance customer experiences. 
  • Increase revenue. 

At its core, a data strategy is a guiding framework that dictates how a business collects, manages, and utilizes data. For banks, this means identifying the critical data, establishing efficient collection and storage processes, and defining strategies for analysis and action. The key lies in data-driven decision-making. 

Banks can optimize their relationship to and usage of their data through a sequence of transformative steps: 

1. Document a Collective Vision

Building a coalition of key stakeholders is the first step to substantive change. With an assembly of all impacted teams, leaders can define their vision of the future and begin to lay the groundwork for working toward that vision collaboratively. 

2. Define Goals and Objectives

Not all metrics are created equally. Determine which specific KPIs matter most to the vision, then develop a strategy for employing data to accomplish these KPIs. Dashboards, often created in Tableau of Power BI, are essential tools for business leaders to monitor progress toward goals in real-time, allowing them to report milestones to other stakeholders, maintain accountability, and build momentum toward mastering the new strategy. Another critical element to achieving success is a holistic data governance framework that establishes controls over every aspect of the organization’s data pipeline. Defining meaningful KPIs goes hand-in-hand with understanding the data governance structure. 

3. Collect and Store Data

In an increasingly data-rich environment, knowing which data to collect and store is vital. This often involves leveraging diverse sources, such as customer transaction data, social media data, and external data from economic indicators. The advent of cloud data warehousing has enabled banks to consolidate their data in a single optimized location. However, the challenge lies in seamlessly integrating data from source systems into the data warehouse. That’s where powerful data integration platforms like Fivetran come into play, empowering banks to establish real-time data pipelines that effortlessly migrate data from source systems into the data warehouse. Tools such as Alteryx may be leveraged to supplement the data pipeline in a post-warehouse environment by providing a seamless link between the data warehouse and business intelligence layers. 

4. Analyze and Interpret Data

With data collected and stored, the next phase involves uncovering hidden insights. This requires sophisticated tools and techniques, including machine-learning algorithms and advanced analytics. By harnessing these powerful resources, banks can identify patterns and trends that would otherwise remain obscured. For those taking their first steps into the realm of data analysis, leveraging business intelligence tools like Power BI and Tableau can provide actionable insights, automate the analytics process, and enable interactive dashboards. 

At the same time, the rapid evolution of GPT-4 and other generative AI platforms has empowered business leaders with a self-service option to break down complex tasks into more achievable objectives. For tasks as simple as updating Python code to selecting a bank’s technology stack, generative AI has multiple options that offer a step-by-step walkthrough of the entire process. 

5. Act on Insights 

Insights without action are wasted potential. Once you’ve gained valuable insights from data analysis, it’s time to act. This might involve implementing changes to business processes, developing new products or services, or adjusting pricing and marketing strategies. By translating insights into tangible actions, you can drive tangible results and stay ahead of the competition. 

6. Monitor and Evaluate

To ensure your data strategy is delivering the desired outcomes, ongoing monitoring and evaluation are essential. Continuously analyze data and make necessary adjustments to your strategy. For banks seeking real-time tracking, automated data pipelines can generate reports with minimal human interaction. This automation streamlines the end-to-end reporting process, saving business users countless development hours. For more mature organizations looking to achieve long-term data success, the Chief Data Officer can play a pivotal role in framing data-related policies and controls. The CDO can work with business leaders across the bank to promote collaboration and achieve data-driven decision-making. 

Data-driven enterprises hold a powerful competitive edge. By prioritizing data strategy, banks can harness this edge and deliver unparalleled customer experiences. It all starts with the framework, as outlined above.  

To implement a holistic data strategy, contact CrossCountry Consulting

Though not the most popular or efficient task, calculating accurate taxes is a legal imperative in procurement. Transactional taxes (sales, use, VAT) vary by city, county, state, and country. Meanwhile, other factors must also be taken into account, such as the type of product or service, its point of origin and destination, characteristics of the supplier, and any special rules or exemptions that may apply. 

A Complex Tax Landscape 

Even for the most advanced procurement platforms, like Coupa, assigning and calculating the right tax code can still be challenging and time-consuming without the proper oversight and technology capabilities. 

For example, Coupa has the ability to apply different tax rates to any kind of purchase, but if faulty tax determination logic is entered into the platform, inaccuracies can occur. Typically, when an invoice is submitted for payment, the supplier includes the tax – but did they enter it correctly? Coupa may accept the tax amount at face value and process the invoice for payment. 

Additionally, when considering that VAT taxes in some countries are higher than 25%, it can be easy for companies to unknowingly overpay taxes, leaving a lot of money on the table. Conversely, underpaying taxes results in noncompliance with regulatory authorities and potential audits and fines. 

In the U.S. alone, there are more than 12,000 sales tax jurisdictions, with states like New York, California, Georgia, Illinois, and Washington known for aggressively pursuing and prosecuting tax evasion. Knowing all of the above, how confident are you in your compliance strategy? 

Explore expert Coupa solutions that solve real-world problems

Execute efficient Coupa deployments, enhance procurement and supply chain ROI, and minimize risk with Integration-as-a-Service offerings.

Simply paying the taxes on suppliers’ invoices will not keep you in full compliance. It’s the responsibility of the supplier to collect taxes, but it’s your company’s legal responsibility to calculate the appropriate amount. 

Solving Tax Issues With a Powerful Coupa-Vertex Integration  

So, how does Coupa help solve the above tax issues and many more like them? 

Coupa users may leverage the intelligence behind tax engines such as Vertex to do the heavy lifting. As a leading tax engine provider and established Coupa partner, Vertex integrates with Coupa to help users achieve: 

  • Real-time tax calculations for purchase orders and invoices. 
  • Increased tax accuracy, leveraging up-to-date tax content for more than 17,000 global taxing jurisdictions. 
  • Reduced time and risk. 

“Our clients benefit from tax integration with Coupa in a few different ways,” noted Harpreet Narula, Partner at CrossCountry Consulting. “In addition to the benefit of compliance, we’re seeing a positive impact on financials and EBITDA given the common practice of overpaying tax. The fees to license with the tax provider and integrate with Coupa can quickly be recouped returning an ROI to the organization.”

Tax Engine Implementation Strategies 

Using a tax engine, there are essentially three different models to design the flow of your taxes: 

1. Tax Handled at ERP

Coupa will accept the taxes in the invoice at face value and send the information to the ERP. An integration between the ERP and the tax engine will then evaluate the invoice and recommend the appropriate tax code and amount.  

This model simplifies the implementation of the procurement platform, leaving additional layers of complexity to the ERP. If your company decides to replace its procurement platform, it may have little or no impact on the tax engine. In addition, the tax engine may already be integrated into the ERP on the sales side.  

The downside of this design is that accurate tax information may not be available on the procurement platform, only in the ERP. 

2. Tax Handled in Coupa at Invoice Entry

Coupa connects with the tax engine once it receives the invoice. The tax engine should be able to analyze the invoice and send back to Coupa the calculated tax based on the type of purchase derived from the Coupa commodity and destination of the goods or delivery location of the services, which is placed on a separate field, showing the Vertex/tax engine-expected tax amount. Coupa can use this calculated amount for payment and accounting, so all the information will be accurate and available in the procurement platform and in the ERP. 

3. Tax Estimated at Requisition or Purchase Order

The third model is less common. To accrue tax liability, a very small percentage of Coupa customers include taxes on requisitions and purchase orders. These are usually estimates, and it’s not uncommon for the estimates to differ from the taxes in the invoices.  

With the above advantages in mind, companies implementing Coupa should consider the use of a tax engine to minimize their financial risk and improve their operations, among other key benefits. For more information about tax engines, contact Vertex. To ensure your Coupa-tax engine integration is explicitly designed to your unique needs, contact CrossCountry Consulting.   

With visible signs of momentum in the IPO markets in recent months, companies are increasingly viewing the remainder of 2023 as the time to prepare for entry into the public markets in 2024 and beyond. 

Factoring in the healthy backlog of filers (see representative firms below), the IPO window appears on the horizon, prompting companies to seriously consider their next steps on their prospective IPO journeys

  • Stripe, a payments processing company valued at over $50 billion.
  • Databricks, a cloud-based data infrastructure company valued at over $30 billion. 
  • Reddit, a social media platform that valued at over $5 billion. 
  • Instacart, a grocery delivery company that valued at over $10 billion. 
  • Discord, a chat platform for gamers that valued at over $15 billion. 

To capitalize on market opportunities ahead, preparation must begin now. 

Public-Company Readiness Assessment: The Essential IPO Roadmap 

To plot out the timeline, cost, stakeholders, and milestones on the IPO journey, it’s imperative to understand the organization’s pre-IPO posture. This is accomplished through a comprehensive public-company readiness assessment: a tailored roadmap that bridges a company’s current state of operations to an operating model that will enable the company to perform effectively as a public company. 

The assessment can also facilitate critical internal discussions with the board of directors, audit committee, and executive team, with the goal of aligning the company’s priorities ahead of the public-company listing. 

Because an IPO is a complete transformation of the people, processes, and culture of the organization, the functions of the business must individually and collectively become fit for IPO. Here’s what IPO readiness looks like for various functions: 

FunctionCapabilities
Accounting close– Able to close and report the monthly results in a timely basis.
– Heavily automated month-end close process.
Close-time reduction system being leveraged to provide visibility into the financial statement close process.
Finance– Finance serves as a strategic partner to the organization.
– Robust, centralized budgeting and planning process.
FP&A software tool to automate the planning and budgeting process.
Accounting policies– Documented accounting policies for all “SEC hot topics.”
– Adoption of all new accounting pronouncements in accordance with public company reporting deadlines.
Technical accounting matters recorded on a monthly basis.
Technology stack– Fully integrated ERP system capable of scaling with the growth of the business.
– Robust ITGCs to ensure the validity and accuracy of the outputs of the systems.
Cybersecurity– Established cybersecurity and privacy program that addresses the risk profile of the business.
– Regular monitoring and reporting of cybersecurity threats.
Internal controls– Strong internal control environment over the financial reporting process.
– Documented internal controls demonstrating the operating effectiveness of the internal controls.
Investor relations– Established investor relations function prior to commencing the roadshow capable of interacting with a diverse set of investors.
– Mock “earnings calls” held each quarter.
External audits– Utilize a Big 4 or national accounting firm capable of producing a PCAOB-compliant financial statement audit.
– Audit performed within SEC reporting deadlines (75 days).

Create or Enhance Major Functions and Activities Before IPO 

A public-company readiness assessment affords pre-IPO organizations numerous benefits, including: 

  • Identifying potential exposures and mitigating risks before going public. 
  • Developing a plan to address any identified exposures. 
  • Ensuring compliance with all applicable laws and regulations. 
  • Evaluating quality and required effort of financial statements. 
  • Improving internal controls over financial reporting. 
  • Communicating effectively with investors. 
  • Increasing chances of a successful IPO. 
  • Attracting a wider range of investors. 
  • Obtaining a higher valuation for shares. 
  • Improving corporate governance practices. 

To achieve these outcomes, companies must either establish new functions entirely or enhance key activities they already perform. Without an objective view of what needs to change internally to operate effectively as a public company, the IPO journey may start and stop, fail altogether, or lead to subpar results. 

Those critical areas of the business include: 

  • Accounting and financial reporting. 
  • Finance effectiveness. 
  • Internal controls. 
  • Technology. 
  • Financial Planning & Analysis (FP&A). 
  • Governance and leadership. 
  • Investor relations. 
  • Environmental, social, and governance (ESG)
  • Legal and compliance. 
  • Executive compensation and HR. 
  • Treasury. 
  • Internal audit. 
  • Project management. 

Maximum IPO Value, Minimal Risk  

Optimizing for public-company readiness can accelerate growth potential while simultaneously limiting risk exposure before, during, and after the IPO process. Working with an established partner is the most effective way to navigate IPOs, as they can ensure the right activities are sequenced correctly and that a systematic, comprehensive framework is applied strategically to each organization’s specific goals and requirements. 

Additionally, an official IPO team of third parties will need to be involved, from underwriters and financial printers to accounting advisors and tax consultants – bringing these groups together in a timely and collaborative way can make or break prospective IPO planning and success. 

For expert IPO readiness support and to make tangible progress on your IPO journey, contact CrossCountry Consulting

After more than a year of debate, the SEC has published profound cyber disclosure and risk management rules for public companies. These rules are not just another set of cyber regulations. What Sarbanes-Oxley (SOX) accomplished with financial oversight, the new SEC cybersecurity disclosure rules will similarly jumpstart a transformation in the enterprise-wide management of and reporting on cyber risk.   

What Are the SEC Changes? 

The SEC is changing reporting requirements in three key ways:  

  1. Material incident disclosure: Companies must disclose “material” cyber incidents within 4 days of determining that an incident was material. There are limited exceptions for national security. This manifests as a new section 1.05 on 8-Ks. 
  2. Cyber risk management: Companies must disclose processes for identifying, assessing, and managing material risks from cyber threats. This includes risks from past cybersecurity incidents that could materially affect the company. This is detailed in new Item 106 in Regulation S-K.  
  3. Board cyber oversight: Companies must also describe the board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats.

What Are the Implications?  

Fundamentally, the rules drive a sea change in cyber visibility and transparency. Suddenly, corporations must show investors robust methods for proactively managing cyber risks, evaluating and assessing the business impact of cyberattacks, and governing cyber at the highest levels of the company.   

The rules are also about executive accountability. Although the SEC did not mandate board-level cyber expertise, the requirement to describe the board’s cyber role will force executives and directors to become far more conversant in and comfortable with cybersecurity.   

Related, the rules are about risk management rigor. By demanding visibility and mandating disclosures, the SEC is essentially telling companies: We expect you to have comprehensive, deep approaches for managing and mitigating cyber risks, and we expect the officers of the corporation to have some accountability for that.    

Explore expert Risk Management solutions that solve real-world problems

Understand emerging threats, changing regulations, and evolving technologies – then formulate an actionable, pragmatic cybersecurity strategy to reduce risk across the digital ecosystem.

What Should Companies Do?  

There are three big themes. First, get organized:  

  • Organize the players. These rules stretch beyond the CISO or VP, Information Security. SEC filings typically sit with the Chief Accounting Officer or in Finance. Disclosing an incident requires Legal at the table. And the Chief Risk Officer or head of enterprise risk management will need to ensure cyber risk is managed consistently with other top organizational risks. Companies should get these stakeholders together early, perhaps as a tiger team to oversee the company’s compliance efforts with these rules. 
  • Baseline and plan for compliance. The tiger team’s first step is a quick assessment to figure out the biggest gaps between existing cyber risk and disclosure processes and the SEC’s requirements. The assessment should generate prioritized actions to rapidly ensure compliance.   

Second, set the foundation:

  • Define cyber materiality. This is fundamental to rules compliance. Companies should start with existing corporate definitions of materiality as reported to the SEC in other domains (e.g., finance). Then, incorporate proven methods for quantifying or articulating the business impact of cyber risks (e.g., the FAIR methodology).   
  • Create a uniform cyber risk picture. Underpinning the rules is the phrase “risk from cyber threats.” Companies need a singular, shared picture of the top cyber risks facing the company. This can manifest in a risk register, heatmap, or similar artifact, and becomes the “what” (actual risks) that informs the “how” (processes and procedures) of cyber risk management and disclosure.   
  • Strengthen cyber risk management. This is the hard work of updating or building cyber risk management policies, procedures, and governance mechanisms. This will look different for each company, but there are two universal goals: First, to have robust practices for the entire cyber risk management lifecycle (risk identification, risk prioritization, risk mitigation, and risk monitoring). Second, to clearly govern that lifecycle with the right organizational entities and levels involved at clear and clearly appropriate times – including the C-suite and the board.  

Third, engage – internally and externally:  

  • Educate executives and directors. Cyber has become a management and board topic but often remains technical, jargon-filled, and inaccessible to business leaders. This must change. Companies should implement hands-on learning sessions to raise institutional cyber IQ, paint a simple picture of cyber risk, and – easier said than done – agree on when and how executives and the board will engage on cyber risk management.   
  • Don’t go it alone. No one knows exactly what “good” compliance looks like yet. Companies should work with trusted peers to share approaches and best practices. Corporations can also look to cyber-related coalitions, like industry information-sharing and analysis centers (ISACs), of which they may are already members, to share what is and is not working.    

To stay ahead of the SEC cyber rules curve with thoughtful, proactive cyber strategies, contact CrossCountry Consulting

To establish and maintain a high-performing procurement and supply chain function, it’s imperative for leaders to proactively and continuously engage and nurture supplier relationships. Stronger supplier engagement generates, among other things: 

  • New and recurring points of conversation and collaboration. 
  • Sales and networking opportunities. 
  • Cost savings and efficiencies. 
  • Faster scalability and response times. 
  • Resilience during times of economic, operational, or market change. 
  • Minimized price volatility and supply chain risk. 
  • Alignment on environmental, social, and governance (ESG) values. 

Two solutions – punchouts and Coupa Advantage – are emblematic of the value of supplier engagement, as explored below. 

How Punchouts Work 

Punchouts are a powerful purchasing channel, allowing Coupa users to access and shop directly on a supplier’s e-commerce website, starting from the Coupa platform. The end user can choose an item from a catalog maintained entirely by the supplier and bring their items back into Coupa to complete the purchase and approval process. 

Purchasing through a punchout is the most efficient and preferred method of procuring goods and services from Coupa because the purchase order and subsequent invoice are transmitted automatically between Coupa and the supplier. This accelerates every aspect of the purchasing process, including request, approvals, purchase order, receiving, invoice, and payment.  

To see punchout purchases in action, view the case study below:

Where to Start With Punchouts 

Not all suppliers have punchout capability, which is why it is important to lead a successful supplier enablement strategy that intentionally identifies key suppliers who are punchout candidates. With the help of an implementation partner and Coupa Growth Owner, procurement teams can run an analysis that identifies active suppliers who have utilized a cXML connection with Coupa. This analysis can also provide insight into total spend and purchasing volume with suppliers, which are key metrics when discussing punchout capabilities with target suppliers. 

Once targeted supplier(s) are identified as potential punchout connections, the following points are key: 

  • Connect account managers with suppliers to kick off the process. Coupa systems specialists, along with a dedicated Coupa Growth Owner, can support these discussions. 
  • Utilize an implementation partner for end-to-end advisory and execution. 
  • Gather all required information from the supplier (or allow the implementation partner to leverage their existing supplier relationships to do this work). 
  • Capitalize on additional training materials, support resources, system administration guidance, and video tutorials in Coupa Compass as needed throughout the process.  

Enabling a punchout does require upfront investment, so it’s highly recommended that an implementation partner be engaged to manage the process as cost-effectively and rapidly as possible. The faster the timeline, the sooner punchout benefits can be realized. 

Configuring Purchasing Experience to Specific Punchout Options 

It’s common for procurement teams and platforms to guide or limit certain user groups to specific punchouts when multiple connections are available. Coupa’s content group functionality enables this flexibility and control by limiting punchout catalog visibility to only relevant users’ purchasing needs.  

In other words, user A can only see or access pre-defined punchout catalogs germane to their needs or level in the organization. Meanwhile, user B will have an entirely different and unique purchasing experience with alternate punchout catalogs. An office manager, for example, is the only user who needs access to a Staples punchout for office supplies. 

Configuring punchouts further – beyond a standard implementation – appropriately tailors end-user purchasing experience for organization-level spend control and efficiency, once again adding greater value to the business. 

Coupa Advantage: Punchouts Made Even Easier   

Available to all Coupa customers, the Coupa Advantage program provides turnkey punchouts with top suppliers that can be instantly enabled in any Coupa instance. By leveraging the collective buying power of hundreds of global customers, Coupa Advantage can maximize savings, pre-qualify suppliers, and reduce the overall sourcing workload for procurement teams. 

The pre-negotiated catalog content from leading cXML suppliers enhances sourcing events, with Coupa handling end-to-end implementation (setup, testing, and go-live) with virtually zero effort required by Coupa users. 

The Coupa Advantage program is broken into two parts: 

  • Instant Advantage delivers pre-negotiated savings, terms, and contracts from dozens of trusted suppliers. 
  • Sourcing Advantage brings customers together to maximize buying power through professionally managed sourcing events. 

An example of purchasing optimization through punchouts can be found in CrossCountry Consulting’s and Amazon Business’s seamless and expedited punchout setup process. Learn more about how choosing Amazon as a punchout can generate new efficiencies at your organization in the case study below:

To maximize continuous supplier engagement and capitalize on seamless sourcing through expert punchouts, contact CrossCountry Consulting

With a greater need to attract talent from diverse backgrounds amid challenging economic environments, HR leaders are placing diversity, equity, and inclusion (DEI) objectives at the center of their hiring strategies. 

The goal is to achieve an inclusive work environment and corporate culture in which the employee base is equally represented by voices across various demographic groups and perspectives. This is often done by setting quarterly recruitment targets in key areas of the business – known as a headcount-driven model – with progress communicated internally to the firm and, when relevant, to shareholders, customers, vendors, and the board. 

Making hiring targets actionable and effective, however, is easier said than done. There are several inputs that must be factored into the hiring strategy to 1) establish actionable DEI metrics and 2) sustain and achieve a diverse workforce. 

Actionable, Measurable DEI Hiring Targets 

A baseline understanding of the current representation in the organization is key. This information constitutes all demographic groups against all departments and business segments. 

The most commonly evaluated demographic groups include: 

  • Age range. 
  • Disability status.
  • Ethnicity. 
  • Gender and gender identity. 
  • Languages spoken. 
  • Military or veteran status. 
  • Race. 
  • Sexual orientation. 

Once there is agreement on which demographics to monitor, take the following actions: 

  • Establish a target total headcount number for the period in which the employer is seeking to achieve targets.  
  • Consider historical turnover for defined demographic groups to achieve a precise headcount number for each represented group. 
  • Apply an assumption for the percentage of total hires each group will comprise during the given period. This figure ensures leaders have a tangible metric to factor into scenario and forecasting processes. 
  • Utilize these assumptions to understand the headcount surplus required for meeting targets in each employee demographic.  

Meeting headcount initiatives is a multi-year process with incremental progress milestones along the way. As HR leaders begin to see forecasted versus actual hiring data, they can refine their hiring strategies and further develop a more realistic sense of what can be achieved and in what timeframe. The byproduct is more precise hiring targets, greater efficiency throughout the hiring lifecycle, and more effectively embedded DEI into organizational culture

Case in Point: A Headcount-Driven Model for Fulfilling DEI Targets 

A company was re-evaluating its hiring strategy to increase the representation of underrepresented groups in its employee base. By using a headcount-driven model, as described above, and leveraging historical analysis, the company was able to set comprehensive hiring targets for the next five years. 

The company had to weigh its hiring ambitions against the feasibility of achieving targets given the locations in which it operates and the verticals within the organization. As part of this effort, leaders specifically wanted to expand representation in already-growing departments to ensure staff were best aligned to high-growth opportunities and the trajectory of the business. 

To support this initiative, CrossCountry Consulting performed a comprehensive analysis, which achieved the following: 

  • A detailed summary of the current employee base and percentages of demographic groups in each department. 
  • A headcount projection to be met over the course of five years, accounting for natural attrition and fluidity in the market. 
  • A hiring model for the excess headcount needed to reach the total projected target, with specific annual targets. 
  • Quantifiable hiring scenarios across each demographic based on how fast the company moved (aggressive, baseline, low). 

With a DEI headcount-driven model, the company could benchmark the female employee demographic, for example, as 40% of all hires in year one, 42% in year two … and up toward 50% by year five. The model and analysis allowed for flexibility in the hiring strategy, enabling the company to calibrate to achievable targets while still making and demonstrating measurable progress. 

What to Do Next 

By setting clear objectives, executing a defined plan to accomplish them, and communicating the importance of DEI to the business, companies of every size and industry can differentiate themselves from competitors and offer unique value propositions to a larger pool of applicants. This requires a close partnership between operations and finance teams to ensure business drivers and recruitment drivers align – and that the right technologies and processes are in place to support and fuel onboarding and time-to-productivity once hires are made. 

For its part, HR must own the conversation and attainment of hiring targets based on its assessment of current- and future-state organizational diversity. As is the case for any significant transformation of this kind, sufficient project management and change management support must be deployed, especially if working on accelerated timelines. The highly cross-functional nature of impacted stakeholders necessitates a holistic methodology when implementing DEI initiatives. 

For expert support assessing current-state headcount metrics and future-state headcount target-setting, contact CrossCountry Consulting

As the world shifts its focus toward sustainability, public companies are feeling the pressure to not only comply with regulations but also to address their environmental, social, and governance (ESG) practices. This has brought attention to the need for stronger internal controls over sustainability reporting.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently released its framework on sustainability and internal controls, which serves as a valuable tool for companies looking to improve their sustainability reporting. The report highlights how the COSO framework’s five components and 17 principles can help companies establish an effective system of internal control over their sustainable business information.  

Synthesizing and Applying COSO Components

The COSO framework provides guidance on how companies can establish effective internal controls over their sustainability reporting processes. By using this framework as a starting point, companies can ensure that their sustainability and ESG reporting processes are reliable, consistent, and transparent. The five components are:

ComponentGuidance
Control environmentEstablishing a control environment that supports sustainability objectives is essential. This component emphasizes the importance of setting the “tone at the top,” which means that senior management must be committed to sustainability and must communicate this commitment throughout the organization.  
Risk assessmentThe risk assessment component involves identifying and assessing sustainability risks, as well as evaluating the likelihood and potential impact of those risks. By integrating ESG-related risks into their risk assessment processes, companies can ensure that risks are given appropriate consideration and that mitigation strategies are developed as needed within a repeatable control environment. 
Control activitiesThe control activities component of the framework involves implementing policies and procedures to identify and address sustainability risks, in a similar fashion to Internal Controls over Financial Reporting (ICFR) and SOX compliance. By integrating ESG compliance requirements into their control environment, companies will be asked to implement a level of rigor around relevant data and control activities to ensure that sustainability risks are effectively managed and that sustainability reporting is complete and accurate.  
Information and communicationThe purpose of information and communication systems and processes is to provide timely, accurate, and reliable information. By integrating ESG compliance requirements into their information and communication processes, such as an integrated Governance Risk and Compliance (GRC) tool, companies can ensure that decision-makers are informed about sustainability risks and performance and that reporting is transparent and accurate.  
Monitoring activitiesRegular monitoring and evaluation of sustainable business information is vital to ensure that internal controls exist and are functioning properly.  

Explore expert Risk & Compliance solutions that solve real-world problems

Integrate sustainability reporting best practices and transform your enterprise risk function holistically to stay ahead of new standards, complexities, technologies, and threats.

Integration of ESG Into ERM  

It’s not enough to simply implement the COSO framework. To truly address ESG compliance requirements, companies must integrate them into their existing Enterprise Risk Management (ERM) programs.

A clear implementation approach is critical in establishing a “right-sized” ERM + ESG Framework that supports the identification of current and emerging risks and provides plans to identify, assess and mitigate ESG risks.  

To fully integrate ESG into ERM, consider the following actions:

Risk identification and assessment: To initiate the risk assessment process, the company should adopt a comprehensive approach that encompasses internal and external factors and:

  • Implements short, medium, and longer-term ESG objectives. 
  • Identifies financially material ESG risk exposures via a materiality assessment. 
  • Determines and documents the organization’s appetite for ESG risk.  

Risk analysis and evaluation: Following the initial risk assessment, the company should analyze the potential impact of the company’s existing risk mitigation strategies, including:  

  • Identifying necessary ESG metrics that need to be monitored as part of the ERM program. 
  • Integrating ESG risk elements into the list of risks and finding correlations with other risks to combine efforts. 

ESG materiality assessment: To establish an effective ESG program, it’s important to determine the specific focus areas and priorities for the organization’s ESG program. One of the primary objectives of this assessment is to identify and prioritize ESG financial material issues that are most critical to the organization.  

Risk reporting and monitoring: To ensure accurate and effective reporting, it’s recommended that the company confirm the key reporting requirements and integrate ESG metrics reporting into an ERM monitoring system. Reporting on ESG metrics promotes transparency and enhances holistic ERM awareness and oversight. 

Key Takeaways 

According to COSO’s report, companies can incorporate internal controls over sustainability reporting (ICSR) into their operations, similar to how they implement internal controls for financial reporting. In addition, the COSO framework is designed to be applied at various levels within organizations, including the entity, division, operating unit, and functional levels.  

The new COSO framework on sustainability reporting offers valuable guidance to public companies as they update their internal control environment for ESG reporting. Below are key insights from which risk and ESG leaders can benefit when taking action:

  1. Holistic approach: The COSO framework emphasizes the need for a holistic approach to sustainability reporting. ESG reporting should not be treated merely as an “annual and manual” activity. Rather, it should be integrated into a company’s overall strategy and operational practices. It encourages companies to consider ESG factors as interconnected and interdependent aspects of their operations. This broader perspective enables companies to identify and address potential risks and opportunities more effectively. 
  1. Integration of ESG in internal controls: The framework recognizes the importance of integrating ESG considerations into existing internal control systems. By embedding ESG factors within their control environment, companies can ensure that sustainability-related risks are identified, assessed, and managed alongside other operational risks. This integration fosters a more comprehensive and sustainable approach to governance and decision-making. 
  1. Stakeholder engagement: The COSO framework emphasizes the significance of stakeholder engagement in sustainability reporting. It encourages companies to involve a diverse range of stakeholders, including investors, employees, customers, and local communities, in the reporting process. This engagement facilitates a better understanding of stakeholder expectations and allows companies to align their reporting with the needs and interests of various stakeholders. 
  1. Materiality assessment: The framework highlights the importance of conducting a robust materiality assessment specific to sustainability reporting. Companies need to identify and prioritize ESG issues that are most relevant to their operations and stakeholders. By focusing on material issues, companies can allocate resources effectively, address the most significant risks, and report on the aspects that truly matter to stakeholders. 
  1. Data quality and reporting transparency: The COSO framework underscores the significance of data quality and reporting transparency in ESG reporting. It emphasizes the need for accurate, reliable, and timely data collection, measurement, and reporting. This aspect ensures that companies provide stakeholders with credible and meaningful information, enabling informed decision-making and fostering trust. 
  1. Continuous improvement: The framework promotes a culture of continuous improvement in ESG reporting. It encourages companies to regularly review and enhance their internal control environment, keeping pace with evolving sustainability standards, guidelines, and regulations. By continuously improving their processes, companies can adapt to changing expectations and demonstrate their commitment to long-term sustainability. 
  1. Integrated reporting: The COSO framework recognizes the value of integrated reporting, which integrates financial and non-financial information into a single comprehensive report. Integrated reporting provides a more complete picture of a company’s performance and value creation, enabling stakeholders to understand the interdependencies between financial and non-financial aspects and assess the company’s sustainability and resilience. 

As evidenced by the evolving ESG landscape in recent years, ESG compliance requirements are becoming increasingly important for public companies. Integrating ESG into ERM programs is essential for effective risk management and compliance.

Each company is going to be at a different stage of its ESG journey. Enhancing sustainability reporting practices and strengthening the overall control environment will be imperative moving forward. A structured adoption framework, as outlined above, can systematically identify and address sustainability risks and ensure that sustainability data and reporting are reliable, consistent, and transparent now and in the future.

For expert support understanding and acting on ESG risks and compliance requirements, contact CrossCountry Consulting.

What Is Enterprise Performance Management?

An Enterprise Performance Management (EPM) solution enables businesses to efficiently complete financial and operational performance reporting and analysis while incorporating strategic initiatives into the planning and forecasting process. This is made possible when performance management is applied to all functions in the enterprise (e.g., sales, operations, finance, marketing, and other lines of business) and automation is introduced into critical enterprise activities, such as reporting, budgeting, planning, and strategy.

In addition to providing OCFO leaders with visibility into revenue and expense controls, EPM also empowers all departments to integrate cross-functionally and collectively work toward collaborative solutions.

Why Should Banks Deploy an EPM System?

The inherent complexity in bank organizations is compounded by:

  • Uncertainty in the marketplace.
  • Existing and emerging regulatory scrutiny and associated risks.
  • Demand for continuous innovation, competitive differentiation, and new financial products.
  • Customer experience pressures and improvements.

As banks grow, their systems architecture also expands with the addition of new platforms and processes designed to support new products and controls. Consequently, the data stored and flowing throughout these systems becomes more challenging to maintain, understand, protect, and act on. Often seen as one of the more significant issues in the industry, data quality and accuracy can easily deteriorate without appropriate interventions and upgrades.

Explore expert EPM solutions that solve real-world problems

Drive analytical forward progress across the organization with modern process architecture, technology, and data insights.

EPM Benefits

EPM systems provide banks with a single source of financial truth amid uncertainty and challenges.

Leveraging data on transactions such as loans, letters of credit, deposits, trading desks, and debt capital market (DCM) transactions, EPM systems enable users to evaluate and report on performance while simultaneously monitoring the investments, budget, and impact of transformational programs the bank enacts in various areas of the business. As the bank pivots, changes, and improves, all progress (or lack thereof) is accessible and measurable in a single platform.

These benefits, among others, make EPM software an incredibly powerful tool for helping banks achieve stronger financial performance, mitigate risk, and deliver profitability.

For example, EPM software can improve loan portfolio management by assessing credit risk, monitoring loan performance, conducting scenario planning and forecasting, generating financial reports, and visualizing data through dashboards and visualizations. EPM software also provides powerful analytical tools for assessing these loan portfolio metrics in real time, enabling banks to quickly identify underperforming loans and take corrective action to minimize losses. EPM puts risk reduction, optimal loan portfolio performance, and improved bottom line easily within reach.

Selecting the Right EPM Software in Banking

The OCFO typically holds decision-making authority on EPM system selection, with common vendors being Oracle EPM and Anaplan. More recently, another vendor, OneStream, has gained market share in various industries.

To ensure users are empowered with the right combination of tools to make informed decisions on behalf of the bank, finance leadership should look for the following elements in their EPM software:

  1. The software should accommodate flexible and extensive reporting, which allows for multidimensional and transactional reporting. Users from different departments, locations, and business lines gain access to core reports and robust dashboards that assist with reporting and analysis. With this level of granularity and access, the EPM platform eliminates the need for multiple reporting systems and synergizes the work of finance and operations staff.
  2. The software must have interactive dashboards. Interactive dashboards allow users to easily make changes to the interface to drill down and examine information across the entire organization at the touch of a button. Dashboards should reflect the latest changes in upstream data, making them continuously updated and actionable.
  3. The software should be scalable. The proper implementation of EPM allows for the system to meet the bank’s current and future business and regulatory needs. As needs change, new financial solutions are introduced, and the bank expands, the system should adapt and scale accordingly. That means that if limited dimensionality is needed at present, for instance, but the bank would like the option of more robust dimensionality in the future, the system is capable of accommodating this evolution.
  4. The software should integrate with the bank’s existing systems. EPM systems should support banks’ desire and ability to integrate with other core systems, such as trading and loans platforms, treasury software, and Enterprise Resource Planning (ERP) systems. In addition to these enterprise systems, bank EPM software must integrate with widely used desktop solutions like Microsoft Excel and Word. 
  5. The software should have extensive modeling capabilities. Leading EPM software accommodates driver-based modeling and scenario-based analysis (e.g., “what-if” scenarios). Modeling enables highly flexible calculations for the bank’s budget/projections and rolling forecasts. Since all the calculations and drivers are centrally located within a bank’s EPM system, modeling should be faster and more accurate as compared to having spreadsheets in multiple locations.
  6. The software should be cloud-based. Cloud-based software has many advantages over on-premises software. Usually, the implementation timeline is shorter and, since the software is administered over the cloud, there is little to no investment in computer infrastructure. Cloud-based EPM provides a safe and secure storage system for banks’ sensitive data. Another advantage of cloud-based EPM is the very limited business interruption it might cause, as the cloud-based software is usually on multiple fail-safe data centers throughout the world. Lastly, upgrades to the system are typically performed very quickly and cost-effectively.
  7. The software should be simple with a user-friendly interface as this is vital for user adoption of any EPM system. As any business leader can attest, poor adoption will tank any form of transformation or change management, resulting in reduced EPM ROI.

As an EPM platform is successfully deployed, the transparency and insights generated immediately make an impact. Leaders throughout the business can develop new strategies for efficiently running and improving operations, financial performance, and decision-making in support of corporate objectives. For banks that find the cost of EPM prohibitive, the lost opportunity cost is even more expensive. Implementing EPM software is critical to banks striving to enhance the accuracy and integration of financial processes, resulting in ROI in relatively short periods of time as more and more activities are migrated over to the new system.

For expert support implementing or optimizing EPM systems, contact CrossCountry Consulting.

As automation investments skyrocket – projected to more than triple in the next decade – the mantra “Never automate a bad process” rings even truer.  

When launching an automation program – often beginning with a specific process or function before being deployed more holistically across the organization – leaders must consider that optimization must also justifiably occur before any automation engineering. That means optimizing process workflows, standing up stronger governance structures, implementing enforceable controls, and generally taking a long-term, holistic view of the operating model. This is all to ensure you’re doing the right automation work, not just the easiest, fastest, or most obvious. 

In fact, companies that invest in transformation holistically see approximately 80% success rates while a partial or siloed approach to transformation yields just 30%. 

Taking steps of these kinds also ensures there’s a high level of human intent involved from the start. End users – and those tasked with best enabling those users – desire thoughtful, impactful tools and processes that generate objectively better outcomes for them, be it the speed at which they work, satisfaction in their role or with user experience, or time returned to focus on value-add activities. 

Human-centered design is foundational to producing and inspiring these outcomes, especially when embarking on automation programs that already engender complicated feelings about job insecurity, displacement, and learning curves. Human-centered design moves the needle across the core tenets of transformation: people, process, data, and technology. By applying these design principles, organizations can create user-centric solutions, foster adoption, and cultivate a future-ready and satisfied workforce. 

Understand the Operating Model 

For automation to achieve its full potential, it requires more than a few successful but narrow deployments. It needs wider context and utility to ensure it’s scalable to additional use cases and functions. In the image below, transforming the finance department through automation must account for more than the individual processes of Record-to-Report, Quote-to-Cash, or Hire-to-Retire, for instance.  

human centered design for automation

Human-centered design factors in the entire human experience: the actual staff doing the work, their respective skill sets, the existing technologies they use, their management frameworks, their communication preferences, and so forth. Getting the operating model right is imperative to automation success. The lens of human-centered design helps make this happen.  

Establish a Center of Excellence 

Without strategy and governance – as outlined by a transformation roadmap to achieve them – automation programs have the penchant for becoming mere side projects with limited impact. They’re shiny toys used by small teams but with finite value for other functions.  

A Center of Excellence (CoE) ensures automation is driver-based and fully accountable. This includes not only key stakeholders sitting in the right seats but, more importantly, a holistic, actionable strategy that’s clear to everyone involved from day one supported by educational materials, intake assessments, transformation management offices, and more. The CoE should implement guardrails, not handcuffs during the design process. 

It’s not uncommon for automation to generate 6X ROI when successfully executed and adopted through a CoE. It’s equally common, unfortunately, that a rudderless automation program intended for one function (e.g. Finance) is wrestled away by another (e.g. IT) because no strategy, ownership, and governance are established. 

Define the Steering Committee 

Within the CoE, the steering committee plays a particularly imperative role. Without an effective steering committee, several things tend to happen, including but not limited to: 

  • Poor prioritization. 
  • Sub-optimal sourcing of meaningful projects. 
  • Misalignment between functions, stakeholders, and business objectives. 

Steering committees with more experience in automation, including the specific automation platforms under consideration like Alteryx or UiPath, can help spot and predict efficiencies to be gained, investments to be made, and outcomes on which to be hyper-focused before, during, and after the initiative. They can define and then drive toward success with clear progress milestones, reinforcement, and buy-in across all functions. 

Baseline Against a Maturity Model 

All progress begins with what you can measure. An automation program maturity model thus plots the organization’s current and target states on a spectrum for all to see, serving as a consistent point of reference as realities on the ground evolve and leaders begin to proactively look into the future at scalability potential outside existing or known requirements.  

automation program maturity model accounting for human-centered design principles

It’s also important to have sub-KPIs and OKRs for individual teams or processes that ladder up to high-level goals. This allows each category in the above illustration, for example, to be broken down into granular scoring matrices that are achievable and direct. As micro-teams work on their specific project work under the umbrella of the automation initiative, they collectively move as one unit that advances progress on the high-level OKRs. 

Applying the Human-Centered Design Framework 

Scaling an automation program can only be successful when the delivery and experience of the program are enjoyable to users. A bad automation quickly turns negative; a good automation improperly communicated can also turn negative. A human-centered approach avoids both outcomes. 

A lack of adoption commonly plagues technical rollouts, including data projects. It’s estimated that 77% of big data and artificial intelligence (AI) initiatives have trouble being adopted. 85% of data projects fail – never making it past preliminary stages. And yet, 92% of firms seek to increase investment in data and analytics.  

They see the prize but lack the framework to achieve it. 

To keep users’ desires, pain points, and preferences front of mind, it’s important to leverage the following human-centered design framework: 

1. Inspiration and Empathy 

In the first phase of human-centered design, the goal is to do a discovery and intake process. What do people actually want? How would they feel about a change? What needs to be done to increase job satisfaction? 

2. Ideation and Exploration 

The second phase entails brainstorming, prototyping, testing, and iterating. This is where a minimum viable product (MVP) is developed based on user requirements. The goal is not to create the perfect solution on the first pass, as it’s critical to get continuous user feedback at multiple stages of the development lifecycle to ensure the product and the design framework are still attuned to human needs. 

3. Implementation and Exploration

In the final phase of development, the CoE becomes even more vital. This is the time when the MVP is released and socialized to the business. The CoE should use this pilot stage to solicit more feedback, refine design parameters, define success metrics, and ensure the product is iterated on further on a smaller scale. Buy-in can only be achieved when users and non-users fully understand the benefits and functionality of a tool, so the technical engineering language needs to segue into more business-friendly terminology that larger groups of people can grasp.  

After using a human-centered design framework for automation and other data programs, the successes generated can be rolled into new initiatives in other functions, while the challenges discovered along the way can be planned for and ironed out in advance, creating a culture of continuous improvement across the organization. 

For expert support on your next automation initiative, contact CrossCountry Consulting

The monthly close process is a significant strain for financial professionals, with 52% citing it as their top stressor. Surprisingly, though, 74% of organizations have not implemented process automation improvements to streamline the close.

Technological advancements, such as cloud-based applications, application integrations, automation, and artificial intelligence (AI), collectively offer opportunities to enhance the finance and accounting function and specifically address commonly cited close challenges. When adopted in a unified systems architecture, these innovations enable what’s now referred to as “autonomous financial close” – a high-speed, high-accuracy close process achieved with limited human intervention, which will be explored in greater detail below.   

While few organizations have reached the top of the maturity curve in adopting these technologies, significant advantages can be won by those that do. They can access key business insights faster and make decisions more quickly, giving them a competitive edge over organizations lower on the maturity curve. Additionally, once a firm has successfully leveraged technologies of these kinds, it becomes much easier to organically outpace lower-maturity competitors over time, creating a flywheel effect.  

Reaching peak digital maturity begins with a core understanding of an organization’s current position on the maturity curve and then implementing a strategic plan to achieve incremental and continuous progress on the path toward autonomous financial close. Learn how below.  

What Is Autonomous Financial Close, Exactly?  

Autonomous financial close, also known as continuous financial close, is the pinnacle of financial close maturity. This approach to the close process involves automating transaction entries, system integrations, account reconciliations, data consolidation, and financial reporting through the month.  

It is not “continuous” in the sense that the close process is never-ending or that it entails constant human action. It’s the opposite. It leverages the latest technology to operate autonomously in the background, evolving the users’ job to more of a reviewer than a data enterer, resulting in an accelerated and perpetually accurate financial close. Regardless of the level of automation, accounts, of course, are still necessary for close and scrutiny is still required, especially for public companies. 

Companies that embrace an autonomous close aim to achieve a state where a “soft close” can be performed at any time, providing timely financial insights. While a “hard close” is still conducted at the end of each period, it becomes a streamlined, predictable process, due to the continuous processing and aggregation of financial information. By spreading out the task of closing the books over the entire month, technology can enable the team to address items promptly, greatly reducing the accumulation of journal entries.  

More specifically, an autonomous close enables instantaneous reporting by eliminating the need for different modules to be closed before reporting balances to the nominal ledger. For example, technology stakeholders can implement tools to automatically process invoices for accounts payable, reducing the need for manual intervention and providing quicker access to key reports. Another application of close automation is the automation of reversing journal entries. 

Automation of manual tasks is just one of the ways technology can contribute to achieving an autonomous financial close. 

Explore expert close optimization solutions that solve real-world problems

Accelerate strategic adoption of advanced technologies like AI, automation, analytics, and business intelligence platforms that support rapid close execution and smarter insights to the business.

Benefits of Making Progress on the Maturity Curve 

Moving up the maturity curve brings numerous benefits to an organization, including:   

  • Better executive decision-making by providing faster access to critical data and deeper insights.  
  • Accurate information on-demand that’s accessible by management, with financial data updated in real-time for improved accuracy and reliability.   
  • A comprehensive review of the organization with cleaner and more accessible data.   
  • Optimized compliance and auditing processes enabling auditors to see source files linked to financial records.   
  • Greater staff uptime as workers are freed-up to focus on strategic collaboration, financial planning, and organizational performance.   
  • Reduced burnout, improved morale, and empowered employees, enabling staff to play a more integral role in the firm’s success.  

Diagrammed below is a sample close maturity curve with key distinctions and opportunities to be realized by steadily progressing along the curve toward a truly market-leading close function. The average organization can spend years stuck in one stage with no clear action plan to advance further. 

autonomous or continuous close on a digital maturity scale

Challenges to Achieving an Autonomous Financial Close  

Autonomous financial close is not without its challenges. Organizations must overcome resistance to change and spearhead a cultural shift toward forward-thinking problem-solving. Not all companies are equipped to easily communicate a clear vision, align leaders, and generate buy-in.  

Common challenges to be on the lookout for include:  

  • Unclear and undocumented current close processes.  
  • Over-reliance on tenured employees’ institutional knowledge.
  • High costs and complexity associated with implementing new technologies.  
  • Incompatible legacy systems.  
  • Unreliable data, lack of data governance, and difficulty disseminating data.  
  • Lack of training and unclear roles and responsibilities. 
  • Little knowledge of the tools and technologies that can automate transactions. 

Well-defined plans for handling these obstacles should be discussed and established prior to any major change event.  

Moving Up the Financial Close Maturity Curve  

Moving up the financial close maturity curve offers significant benefits, regardless of an organization’s starting point. The goal is to gain more accurate and timely insights into an organization’s performance while optimizing the usage of its people and technology. Incremental changes, driven by a continuous improvement mindset, are key to reaching the top.   

 Examples of incremental improvements that can generate substantive gains include:  

  • Utilizing a close checklist.  
  • Maximizing the use of existing technology to increase automation.  
  • Implementing a new tool that improves workflows.  

Each organization should assess its current state, evaluate personnel, processes, and technology, and develop a vision for improvement. No matter where an organization is on its close journey, incremental improvements add up to significant benefits and eventually a competitive advantage. Autonomous financial close doesn’t happen overnight – it can take months or years to truly achieve peak maturity. However, there are myriad optimizations to make along the way that deliver tangible value, making the climb worth it.  

For expert support with understanding where your organization is on the financial close maturity curve, identifying areas for improvement, creating process optimization plans, and bringing those goals to reality, contact CrossCountry Consulting today

With the artificial intelligence (AI) market projected to expand at a 37.3% annual growth rate through 2030 and 94% of enterprise professionals desiring a unified automation platform (rather than disparate tools), it’s clear that progressive technology investments are table stakes for modern executives. 

Alteryx Inspire 2023 boasted a key confluence of trends, timely topics, and exciting product announcements that support and reinforce this narrative. Several of CrossCountry Consulting’s Technology Optimization & Digital Innovation leaders joined the event to explore and explain pervasive challenges faced by finance and IT teams and how human-centered automation programs can simultaneously elevate user experience and process efficiencies.  

One of the primary takeaways from the event was the necessity for companies to optimize the analytics journey end-to-end. This means creating a standardized, repeatable pipeline of converting data to insights, insights to decisions, decisions to actions, and actions to tangible business outcomes. 

Building Automation-First Organizations With AI Capabilities 

Being insights-driven is no longer a nice-to-have: It‘s a must-have. During tough economic times, specifically, it’s even more important to double-down on data and analytics capabilities, as they’re critical to reducing costs and increasing productivity without adding headcount.  

Some of the key discussions at Alteryx Inspire naturally revolved around automation and AI, with highlights including: 

  • About 63% of organizations are at the beginner stage of their data journey, 35% at the intermediate stage, and 2% at the advanced stage. 
  • It’s no longer enough to focus on people, process, and technology. Organizations must also focus on strategy and data when building automation programs. 
  • If data quality is bad, AI algorithms are bad. Data quality is nonnegotiable.  
  • Modern tech stacks are integrating more and more data platforms, including Alteryx (access to analytics) and Snowflake (access to data). Together, platforms of these kinds enable businesses to tap into data and people across all functions, delivering greater insights. 
  • Data analytics strategies must be holistic. With a broad view of company data, leaders can develop a data analytics strategy roadmap that generates incremental changes quickly that ultimately influence longer-term, sustainable wins. Implementation of data programs must be top-down through a center of excellence (CoE), not bottom-up. 
  • Don’t focus on data; focus on outcomes. 
  • Build awareness, provide frequent updates, and build roadshow capabilities during the data analytics journey. 

Explore expert Data Transformation & Analytics solutions that solve real-world problems

Accelerate strategic adoption of advanced technologies like AI, automation, analytics, and business intelligence platforms within a scalable systems architecture that works for your business today and tomorrow.

Common questions and themes that emerged from these discussions prompted attendees to consider: 

  • Are there additional opportunities to automate, consolidate, and enhance within my organization? 
  • How do I navigate the human factor when building and deploying AI and automation programs? 
  • Change should not be defined in terms of “better” or “improvement.” These words imply that current processes (and the people performing tasks) are negative or subpar, which can engender resistance to change. So how should I message change to the business? 

The Age of AI: Alteryx Product Announcements 

The new launch of Alteryx AiDIN, the AI engine that infuses the power of generative AI and machine learning (ML) across the Alteryx Analytics Cloud Platform, was also central to the event. Alteryx AiDIN combines the intuitive nature of generative AI with the trusted, secure, and enterprise-grade capabilities of the Alteryx Analytics Cloud Platform and is built to accelerate intelligent decisions across the enterprise. 

Other innovations include: 

  • Workflow Summary Tool: The Workflow Summary Tool is a new Designer Desktop tool by Alteryx that uses OpenAI’s GPT API to provide summaries of Alteryx workflows. The tool provides concise summaries of a workflow’s purpose, inputs, outputs, and key logic steps. It can be used to document workflows as they are created or to summarize existing workflows for easier understanding.  
  • Auto Insights Magic Documents: Magic Documents is a new Auto Insights feature that leverages the Microsoft Azure Cognitive Services Open AI Service, an enterprise-grade service, to develop automated communications — synthesizing and delivering trusted analytical insights to stakeholders. Here’s how Magic Documents work: Once you’ve developed your insights in Auto Insights, simply select your medium of communication (e.g., email, PowerPoint, etc.) and indicate your audience. AiDIN will then automatically draft a communications deliverable that summarizes your insights in plain language. You can then review and edit the communication as needed and send it off to your stakeholders with just a few clicks. “It’s like having an analyst on deck 24/7.”  
  • OpenAI connector: Open AI connector enables generative AI to be embedded in Alteryx Designer workflows. A drag-and-drop tool, the OpenAI connector generates natural language outputs from user data and analytics. This gives users the ability to easily change how they present and share data.  
  • Designer Cloud with 30 days free trial

As innovation inspires and propels organizations to act now on analytics, automation, AI, and other leading technologies, the ability to strategize and execute effective implementation plans is critical. 

For expert support implementing Alteryx or optimizing your Alteryx platform, contact CrossCountry Consulting

(more…)

(more…)

New SEC Actions 

The SEC is poised to issue groundbreaking cyber regulations soon. These changes will force a sea-change in how public companies manage cyber risk in the boardroom, govern cybersecurity across the enterprise, and disclose cyberattacks.  

As SEC Chair Gary Gensler stated, “Today, cybersecurity is an emerging risk with which public issuers must contend. Investors want to know more about how issuers are managing those growing [cyber] risks. A lot of issuers already provide cybersecurity disclosure to investors . . . [Companies] and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.”

Collectively, these proposed rules will transform companies’ handling of cyber like Sarbanes-Oxley (SOX) did for financial accounting and reporting. And just like SOX, these cyber rules vastly increase visibility into corporate practices, all with the goal of protecting investors, consumers, and citizens.  

The SEC has issued three proposals. The first, developed in early 2022, focuses on investment advisors and funds. The second, also issued in early 2022, aims broadly at public companies and is likely to take effect in the next several months. The third proposal, from early 2023, is specific to “Market Entities” – a cross-section of firms involved in the U.S. securities markets. 

Table 1 at the end of this article summarizes the specifics of each proposal. But there are four common threads: 

1. Cyber Risk Management and Governance

The SEC is demanding that companies covered by the proposals make cyber risk oversight, governance, and management more rigorous and consistent. Companies will need to review and improve – or design from scratch – a suite of strategic, operational, and tactical cyber risk management documents that specify the “how” of cyber risk identification, prioritization, mitigation, and monitoring. These plans will need to give regulators, customers, and the public confidence that cyber risks are well-understood and thoughtfully treated at all levels of the organization (e.g., risk owners, enterprise risk management, C-suite, Board). 

2. Board and Corporate Management Accountability

The SEC is asking all public companies to disclose exactly how the C-suite and Board are involved with cyber risk management. This is a shot across the bow of the private sector: The federal government intends to hold corporate leaders responsible for cybersecurity mishaps. Companies need to show – through refreshed cyber risk management plans and procedures (see above) – that the corporation’s most senior leaders have visibility into and accountability for cybersecurity. 

3. Incident Disclosure and Reporting 

The SEC has decided that major cyberattacks are materially important to a company and its customers. Thus, through its proposals, it is demanding an unprecedented level of transparency and visibility into companies’ cyber incidents. While terms like “significant” and “material” cyber incidents remain frustratingly opaque, the intent is clear: Companies must come clean about cyberattacks, their consequences, and steps taken to respond and recover.  

4. Technical Control Mandates

In the most recent rules proposal, the SEC is moving down a level: from policy, governance, and disclosure to technical control implementation. The SEC expects companies to demonstrate implementation of – and presumably effectiveness – of core controls around identity and access management, third-party security, threat and vulnerability management, and incident response and recovery. The SEC’s message here? Our purview is more than paper.  

Explore expert Risk Management solutions that solve real-world problems

Understand emerging threats, changing regulations, and evolving technologies – then formulate an actionable, pragmatic cybersecurity strategy to reduce risk across the digital ecosystem.

Why Does It Matter? 

The implications are massive. Ultimately, these rules are about transparency. Companies will soon have their cyber practices – including whether they have been breached – in the public domain like never before. And with visibility comes scrutiny and judgment from customers, shareholders, and investors. Corporations must do everything possible to “show the world” sound and rigorous cyber plans, governance, and technical controls. Reputation is at stake.  

More tangibly, the rule proposals require companies to significantly elevate cyber risk management and oversight. No more burying cyber within corporate functions or delegating accountability to technology and security leaders. Executive management and the Board are on the hook.  

Finally, the sheer scale of requirements is daunting. Companies face a growing to-do list, including:

  • Navigate the alphanumeric soup of SEC disclosure rules and templates.
  • Understand and implement risk management upgrades.
  • Implement new policies, procedures, and technical controls.

Companies shouldn’t assume existing practices will meet the SEC’s expectations.   

What to Do Now 

Smart companies will act now. Here are several steps:  

  • Conduct an SEC Cyber Readiness review. Identify exactly what rule proposals apply to your company. Determine the extent to which your existing practices meet the SEC’s requirements. Identify the major gaps and set forth an action plan for addressing them. 
  • Enhance cyber risk management and reporting processes. Ensure your company has a systematic and repeatable approach for cyber risk management: identifying, prioritizing, mitigating (or accepting), validating, and reporting on cyber risks. Bake these approaches into enterprise risk management processes and forums where cyber risk conversations should be framed in simple business terms. Disseminate simple risk dashboards, ideally from an organization-wide governance, risk, and compliance platform, and reports to executive leaders and the Board. Codify cyber as an agenda item in C-suite and Board meetings. Determine your approaches for continually assessing and refining cyber risk management systems.
  • Review disclosure procedures. Understand your company’s existing mechanisms for reporting and disclosure to the SEC and other regulators. Who is responsible? Who is accountable and has final approval? Work with these stakeholders – who may sit across legal, finance, and other corporate functions – to determine how to handle cyber-related disclosures. 
  • Educate and engage executives. Companies that have cyber-savvy leadership groups have made a concerted, long-term effort to “build the cyber IQ” of corporate officers and Board members. Companies should design and implement a series of practical workshops – educational but highly tangible, that expose and inform executives and Directors to the reality of cyber: real-world threat scenarios, business impacts of cyberattacks, the existing cybersecurity posture of the company, and what to do in case of a major incident. These workshops are also mechanisms to stress-test risk management systems, incident response plans, and business continuity and disaster recovery playbooks.
  • Test technical controls. Execute internal and external assessments of technical security controls. This can start with framework-based maturity assessments and continue into penetration testing and other more “hands-on” assessment techniques that provide deeper insight into control effectiveness against realistic attacks. 

The SEC’s proposals are bold, detailed, and transformative. Compliance will require serious effort, and companies should get ahead now while the SEC refines the details.   

Rule NamesWho’s Impacted?When Are Rules Expected to Be Finalized?Proposal Rule Details (What Companies Must Have or Do)
Cybersecurity Risk Management Rules and AmendmentsRegistered Investment Advisors and Funds (under the Investment Advisors Act and the Investment Company Act) – Initial Proposal: February 9, 2022  
 
– Comment Period Reopened: March 15, 2023  
 
– Rules likely to be finalized in concert with proposed rule set 3 (focused on Market Entities) in mid-late 2023  
– Establish policies and procedures, with mandated general elements, that reasonably address cybersecurity risks 
– Report significant cybersecurity incidents (including on behalf of a fund or private client) 
– Disclose of cyber risks and incidents (dating back two years) to an adviser’s clients and prospective clients 
– Keep records of cyber policies and procedures and information about cybersecurity incidents 
Cybersecurity Risk Management, Strategy, Governance, and Incident DisclosurePublic Companies (subject to reporting requirements of the Securities and Exchange Act) – Initial Proposal: March 9, 2022 
 
– Rules likely to be finalized imminently in mid-2023  
– Disclose of material cybersecurity incidents within four days 
– Disclose of past cybersecurity incidents that would be considered material under the new rules 
– Report cyber risk management policies and procedures, including extent to which cyber is considered as part of business and financial planning 
– Disclose the Board and Management’s role in overseeing and assessing cyber risk, and management’s role in implementing cyber risk management policies and procedures 
– Disclose Board member cybersecurity expertise  
Addressing Cybersecurity Risks to the U.S. Securities MarketMarket Entities (wide variety of securities market and financial services entities) – Initial Proposal: March 15, 2023 
 
– Rules likely to be finalized in concert with proposed rule set 1 (focused on RIAs and Funds) in mid-late 2023  
– Establish and maintain policies and procedures to reasonably address cybersecurity risks 
– Review and assess policy and procedure effectiveness on an annual basis 
– Disclose, immediately, significant cybersecurity incidents and, subsequently, steps taken to respond 
– Implement and maintain a collection of technical controls centered on access management, third-party risk management, threat, and vulnerability detection and remediation, and incident response 
– Disclose summary descriptions of cyber risks and any significant cyber incidents experienced each year 

To stay ahead of the SEC cyber rules curve with thoughtful, proactive cyber strategies, contact CrossCountry Consulting.

What’s New?

On May 2, 2023, a joint task force between the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE), released the second edition of the Fraud Risk Management Guide (Guide). The Guide provides organizations with a comprehensive framework for identifying, assessing, and mitigating fraud risk. 

The following are key changes made in the 2023 edition: 

  1. Fraud risk management and deterrence. 
  2. Relationships between COSO’s two frameworks and fraud risk management. 
  3. Expanded information on the use of data analytics to detect fraud. 
  4. Internal control and fraud risk management. 
  5. Assessing the effectiveness of existing control procedures as related to fraud risk. 
  6. Changes in the legal and regulatory environment. 
  7. Fraud reporting systems or hotlines. 
  8. Changes in the external environment and fraud landscape. 

This update emphasizes the importance of using technology in fraud mitigation efforts and the impact of external factors when assessing fraud risk. 

Explore expert Risk Management solutions that solve real-world problems

Increase the value of internal audit and transform your enterprise risk function holistically to stay ahead of new standards, complexities, technologies, and threats.

Fraud’s Fresh Face 

As the world changes, so do the factors impacting an organization’s fraud risk management program. The updated Guide specifically calls out newly evolving external factors that organizations must consider when assessing fraud risk. Some examples include: 

  • Environmental, Social, and Governance (ESG) initiatives and reporting: Fraudulent and unethical reporting of ESG initiatives is increasingly important with the evolving standards around this topic. The Guide specifically outlines considerations organizations must make when assessing their ESG framework. 
  • Blockchain, cryptocurrency, and digital assets: As the use of digital assets expands beyond the financial services sector, organizations must be prepared to understand and adapt to these risks. The updated framework emphasizes fraud risk management strategies specific to the incorporation of cryptocurrency payment methods, technical evaluations of blockchain-related risks, and committing appropriate resources to monitor these risks. 
  • Remote working and hybrid working environments: Remote work is now the norm in many sectors. This has opened the door for more cybersecurity attacks and forces organizations to consider the implications of fraud risk management tactics.  
  • Innovative and virtual management tools and accounting procedures: The use of technology through artificial intelligence (AI) and robotic process automation (RPA) comes with its benefits, but also with risks. Additionally, virtual audit techniques (such as remote inventory observations) are becoming more prevalent as organizations strive to reduce compliance costs. These innovative tools and techniques require careful consideration by management to ensure relevant fraud mitigation practices are in place. 

Constant monitoring of current events and business practices helps organizations to ensure the implementation of a comprehensive fraud risk management program. In other words, as part of ensuring a complete assessment of fraud risks impacting an organization, management should continually assess real-world fraud events and ask two important questions 1) “Could this happen to us?” and 2) “How are we prepared?”  

“Fraud risk management isn’t just about reacting to fraud after it has occurred. It’s also about being proactive and taking steps to prevent fraud from happening in the first place. One way to do this is through the use of evolving technologies like RPA and AI.”

Jordan Schweinsberg, Accounting & Risk Manager

A Toolkit for Practitioners 

Practitioners can be better prepared by understanding the changes outlined in this updated fraud risk guide, as well as by collaborating with management, incorporating the use of emerging technologies, and being proactive.

The fraud risk management process should be a collaborative effort between internal audit and management. Management is responsible for establishing and implementing the organization’s fraud risk management program, and internal audit can provide valuable assistance in this effort by understanding and incorporating the key changes outlined in the Guide.

Additionally, fraud risk management is not just about reacting to fraud after it has occurred. It is also about being proactive and taking steps to prevent fraud from happening in the first place. One way to do this is through the use of evolving technologies. 

Harnessing Tech to Outsmart Fraud 

The Guide underscores the importance of expanding the use of data analytics and advanced technologies, such as AI, to support fraud risk management efforts within an organization. COSO states that “technology can be a powerful tool for fraud prevention and detection.” The Guide provides a number of examples of how technology can be used to deter and detect fraud, including: 

  • Using AI to identify suspicious transactions:  AI can be used to analyze large amounts of data to identify patterns that may indicate fraud and that may not be visible to the naked eye through manual fraud detection techniques. For example, AI can identify suspicious or unusual transactions in financial data or identify employees submitting unusually large expense reports, indicating the presence of fraud. 
  • Using RPA to automate tasks that are susceptible to fraud: RPA can automate tasks that are susceptible to fraud, such as reconciling bank statements or reviewing expense reports. 
  • Using cybersecurity solutions to protect against cyberattacks:  Cyberattacks, including hacking, economic espionage, or unauthorized access to data, are an increasingly relevant and evolving threat to businesses of all sizes. And the prevalence of remote work has created new opportunities for fraudsters to exploit vulnerabilities in remote access systems. Cybersecurity solutions can help to protect businesses from cyberattacks, which are used to commit fraud. 

Securing the Future 

The updated Fraud Risk Management Guide is available to all practitioners and is designed to aid in the ongoing establishment of an effective fraud risk management program. 

Leading organizations are fast at work implementing standardized processes for embedding a technology-enabled fraud-prevention culture, allowing them to remain ahead of the risk curve as much as possible.

For expert support navigating the fraud landscape and designing transformative risk solutions, contact CrossCountry Consulting

After a series of substantive discussions with top procurement and finance leaders that use Coupa for business spend management (BSM), it’s clear that today’s decision-makers are doing their best to stay ahead of trends impacting not just their respective functions but their businesses at large. As such, they’re experimenting with additional ways to leverage Coupa functionality for greater use cases in their day-to-day that can add more value at a lower cost. 

Though high-growth or emerging-growth organizations may have originally deployed point solutions to perform narrow tasks, it’s now evident that they’re migrating and consolidating those systems into Coupa for the majority of their BSM functional processes, creating a robust, all-in-one platform environment that saves money, reduces redundancies, and minimizes risk. This is the fastest path to BSM maturity. 

That path typically starts with common Coupa applications like Procurement, Invoicing, and Payments then matures into Sourcing, Analytics, Travel & Expense, Third-Party Risk Management, and Contract Lifecycle Management before implementing Cash Management and Treasury solutions. When assessed in totality, the entire Source-to-Settle process is transformed and modernized into a high-powered, high-performance framework. 

With this in mind, explore below the prominent trends Coupa users are facing in 2023 and how leading organizations are seeing around the change curve: 

2023 Procurement Trends 

  1. Increased expectations for spend analytics and reporting to identify cost reduction opportunities: Procurement is moving from negotiator to strategic partner, with expectations to provide analytics on spend data and opportunities to deliver savings.  
  2. Supplier consolidation and savings targets in key categories: Rationalize technology systems spend and avoid vendor bloat with multiple vendors that provide the same service or support the same functional process.
  3. Increased accountability structure for budget owners: Organizations are holding budget owners accountable for spending within targets. BSM applications like Coupa natively provide the ability to curb maverick spend, enforce compliance, and implement continuous cost control measures like zero-based budgeting.
  4. Changes to taxonomy structure/Coupa commodities for more granular reporting: Instead of bucket categories for SaaS/Software, analytics are expected in greater detail, such as hosting and server fees for on-premises and cloud, maintenance, and warranty as well as software usage details such as human resources information system (HRIS), cloud infrastructure, and cloud security. Together, granular reporting can aid in system consolidation efforts.    

Enhance procurement and supply chain ROI with expert Coupa implementations and advisory

Hands-on technology systems specialists use a proven engagement methodology to help you capitalize on process efficiencies and strategic value through Coupa’s core modules and power applications.

2023 Payments Trends  

  1. Diversification of banking relationships creates added need for treasury cash solutions and easy bank integrations: Organizations are adding multiple banks, increasing the need for cash management solutions to provide a consolidated picture of balances at different institutions.   
  2. Growing adoption and acceptance of virtual cards: Suppliers are becoming more comfortable accepting virtual cards, which can help turn procurement functions into revenue generators.
  3. Growing focus on tax compliance and local regulation: Leading BSM applications like Coupa integrate natively with third-party tax engines to ensure compliance with local regulations. 
  4. Cash flow: Maximize value from payment terms through early-pay discounts and extensions. 

2023 New Vendor Onboarding Trends 

  1. Focus on data integrity: Modern vendor onboarding platforms increase automation and reduce data entry. Coupa users are integrating with third parties and external data sources to validate supplier-entered banking information, improving data integrity and catching attempts for fraud before supplier records are approved.  
  2. Environmental, Social, and Governance (ESG) tracking and supplier scorecards: Leading BSM organizations have standards around ESG and third-party spend, which Coupa can support tracking and reporting on progress against these metrics.
  3. Ongoing assessment of key criteria: Risk metrics, Certificates of Insurance (COI), third-party risk, and the expiration of vendor documents can be automated in Coupa, providing efficient and actionable alerts.
  4. Growing focus on duplicate data records: Coupa has native functionality to provide duplicate checks on vendors to prevent one business entity from being set up as two separate records, improving the ability to provide accurate spend and risk reporting. Coupa Pay also resolves the challenge of setting up one business entity as separate records due to separate remittance locations.  

Coupa users have a distinct advantage from non-Coupa users due to the tool’s intuitive ability to consolidate multiple functional processes within one cohesive platform. For example, spend data originating from Coupa can be used to deliver savings opportunities elsewhere in the organization and in the Coupa ecosystem. This capability expands the role of Coupa and empowers procurement and finance leaders to be strategic partners to the business’s larger corporate objectives and future vision. 

For expert support implementing or optimizing Coupa, contact CrossCountry Consulting.

(more…)

Imagine you’re a CFO and don’t have to worry about the company’s costs. 

Instead, you focus your energy on value-driving investments and strategic goals because each individual in the organization feels compelled and accountable for controlling costs within their respective domains. Every activity in the financial planning and budgeting process becomes immensely streamlined and productive.

Doing so delivers continuous cost control, an effective lever for any organization in any economic environment. Fortunately, achieving this level of expense discipline and budget ownership is possible through zero-based budgeting, a budgeting method growing in popularity due in part to rising inflation and market uncertainty.

In simple terms, the zero-based budgeting process requires companies to build a cost budget from scratch rather than editing a previous budget from the last quarter or year. With a budget fully aligned to the realities and goals of the business, every employee from executives, directors, and managers on down becomes a steward of strategic savings goals and effective cost management at a level of granularity traditional budgeting and budget owners can’t achieve.

Though it might represent a learning curve relative to building a traditional budget – in this case, find a working middle ground through “near” zero-based budgeting – there are critical benefits derived from the zero-based budgeting method that leading organizations are now leveraging for competitive differentiation and organizational agility.

Below are five advantages that unlock greater cash flow and cost reduction:

1. Materially Lowers Costs

More than 40% of companies using zero-based budgeting improved headcount and cost of goods sold (COGS) by greater than 40%. Attaining cost savings of this kind begins with blank-sheet exercises, the foundation of zero-based budgeting.

Similar to the scarcely used or forgotten junk in your house that somehow takes up more and more space over time, unnecessary expenses creep into companies, and many of those costs go unnoticed if you don’t start over. The biggest difference from traditional methods is that zero-based budgeting removes entire line items, whereas traditional methods typically just change the numbers of existing line items. By removing wholesale budget items or categories, the path to material cost improvement is much more accessible.

Generate up to 30% G&A and 10% OPEX cost savings in 8 weeks

Transform your cost structure for sustainable value and implement staffing, process, and technology solutions to expertly realize org-wide savings.

2. Enables Company Strategy

Zero-based budgeting is an opportunity to build a cost structure that aligns to the company strategy. There are good costs and bad (or less valuable) costs. Good costs drive value and support the company’s strategy. For example, a products company needs to invest in sales and marketing capabilities to sell its products to consumers.

But, like any company, that same products company also needs to do payroll. The payroll needs to be completed on time and accurately, but it can typically be completed at a lower cost and service level. Once appropriate prioritization is given to strategic areas of the business, the processes that aren’t as value-add are good starting points for cost savings.

3. Increases Transparency and Accountability for Continuous Improvement

Zero-based budgeting can be a catalyst to Enterprise Performance Management, in which planning is integrated across the company. The zero-basing process requires all functions to collaborate toward building the right budget – it’s not just the finance department’s job to go it alone.

Traditional budgeting methods often put employees on autopilot, prompting them to make slight changes to the numbers from a previous period. This shallow, top-down approach results in companies not having visibility into even basic general ledger cost transactions. Companies that zero-base their budgets, however, empower employees with more ownership and accountability for their individual and teamwide spend – because these employees, by extension, helped build the corporate budget.

Companies that continuously zero-base their budgets are more likely to create cultures of practical spending, meaning every expenditure is rightly justified and meaningful to the business. 

4. Is More Time Effective Than Traditional Methods

Adopting zero-based budgeting often prompts two concerns: 1) It takes more time and 2) Companies don’t have the resources on hand to spend even more time on budget planning. These are fair but spurious claims.

Yes, the approach can be more time intensive. But many organizations still take several weeks – if not months – to finalize budgets the traditional way due to numerous reviews and hierarchal approval structures. Why not spend this time more effectively building the right budget from the ground up rather than discussing and incrementally updating a bad budget? It’s really a matter of time spent versus time well spent. The latter is clearly preferable.

Further, implementing enterprise planning systems like OneStream can also make a zero-basing process more efficient so there isn’t wasteful drain on time or resources at any point.

5. Scales Beyond Budgeting

The methodology of zero-basing can be applied to multiple facets of the business. In particular, the organization structure itself can be zero-based.

What does that mean? It means you build a blank-sheet organization structure to increase labor cost efficiency. This approach, just like zero-based budgeting, focuses spend on what you need to run your business, not what you have today, and it yields materially better results than optimizing labor costs top-down.  Once the company masters zero-based budgeting, expanding the concept into other parts of your business is not only easier but also incredibly healthy for each business function on its own right and the total corporate infrastructure in aggegrate.

Contact CrossCountry Consulting today to optimize your cost structure.  

With the market experiencing an evolving set of challenges and competition, FinTech companies are exploring new ways to gain an edge. One popular and productive lever is transitioning from a public entity to a private one. Below, we discuss what is driving this trend and explore key drivers behind the shift.

Market Observations

During bear markets, companies start to cut costs and focus on conserving cash, particularly companies with liquidity issues. Often, these businesses accelerate the sale of assets deemed non-core to the overall business model to raise much-needed cash.

Outside of traditional business unit divestitures, the industry is also witnessing more take-private deals, an advantageous option for both buyer and seller. For instance, FinTech companies that lost a significant amount of market value may be tempted to accept offers when the premium is over 40% of the current market value. On the other side, buyers are seeing an opportunity to buy at a significant discount. One example is when Vista Equity Partners purchased Duck Creek Technologies, an insurance software provider, in January 2023 for an all-cash offer of $19 per share or $2.6 billion. The purchase price represented a premium of approximately 64% over the closing stock price at the time of sale; however, it was still significantly lower than the $46 Duck Creek offered back in 2021.

Benefits of Take-Private Deals

  • Less transparency: Public companies must comply with the SEC for financial reporting purposes, and every quarter they host earnings calls in tandem with filing their financial results. As a private company, this requirement is removed and the C-suite executives no longer need to worry about meeting analysts’ expectations or dealing with disruptive short-term shareholders. This shift often allows leadership to focus longer term without being under increased scrutiny, an attractive option for the management team.
  • Reduced reporting costs: Private companies have significantly reduced reporting costs as they no longer need to comply with Sarbanes Oxley (SOX). Furthermore, public companies incur compliance, reporting expenses, exchange fees, and audit fees for both quarterly and annual filings, which private companies do not incur. The estimated savings on average to remove these costs is roughly $1 million in fees annually.

Explore a suite of expert Transactions solutions that solve real-world problems

Divest a business unit, execute a merger and acquisition, or transition to a public or private organization for maximum value and minimum risk in the deal lifecycle.

What Are the Deal Triggers?

  • Declining share price: Economic uncertainty remains persistent, having an impact on smaller public companies that continue to see declines in their share price value. At the same time, the price decline presents an opportunity for potential buyers to buy out existing shareholders at a discount. As such, the appetite for take-private deals grows, especially when sellers face increased pressure and buyers are sniffing out new opportunities.
  • Premium offer: Board members have a fiduciary duty to maximize shareholder value and a take-private deal can provide shareholders with a premium valuation that is well above a company’s current market price. This can be an attractive option for current shareholders to sell and exit their declining investment. For instance, when Elon Musk bought Twitter, the deal represented a 40% premium over the closing share price at the time of sale, an extremely attractive option for the board and shareholders, although both expressed concerns about Musk’s management style.

Private Equity Moves Cautiously

Private equity firms have large amounts of capital available (U.S. PE holds $1.1 trillion) and are eyeing such transactions. Although interest rates are high, a PE firm that thinks a deal makes sense from a valuation and growth perspective will likely proceed with a cash purchase, as they can always refinance or recapitalize the business when interest rates drop from current levels.

In addition to the opportunities within the public markets, privately owned FinTech firms are looking to sell off non-core assets to restructure businesses and focus on their core strategy. For instance, Finastra, an international banking and payments provider owned by PE firm Vista Equity Partners, announced in February 2023 that it was taking a strategic review of its business and looking to offload its banking unit division.

This has been a common theme over the last 12 months as FinTechs shore up their balance sheets and ensure they have enough cash to ride out the turbulent economic slowdown. Coupled with a venture slowdown and lack of IPO activity, access to capital is harder to come by. As a result, FinTech companies that don’t have enough cash look for ways to sell off assets to raise liquidity. The FinTech market has also seen many layoffs recently, fueled by the aforementioned squeeze companies are feeling. The expectation is that more M&A activity/consolidation within the industry will occur in Q3 and Q4 of 2023.

Private equity firms are scanning the market for FinTech and other financial services take-private deals, such as when Computer Services Inc (CSI), a leading provider of payment processing and regulatory compliance, announced the completion of its acquisition by private equity firms Centerbridge Partners, LP and Bridgeport Partners in August 2022. The acquisition was an all-cash transaction with a purchase price of $58 per share, or $1.6 billion, representing a 53% premium over CSI’s closing stock price of $38. Prior to the purchase, the share price of CSI had been in decline, falling 40% from $63 per share in July of 2021 to $38 per share at the date of purchase, making it an attractive offer for both buyer and seller.

This transaction reiterates what’s playing out in the market, as large amounts of private equity “dry powder” is beginning to create more deal flow. Below are recent discounts on offer:

(Source)

Value of Global PE Dry Powder 2003-2022

(Source)

Divestiture Opportunities an Attractive Option

Outside of an all-out equity purchase, some public companies are divesting parts of their businesses as they look to trim underperforming business units and raise much-needed cash. This dynamic will create opportunities for partial carve-out sales between public entities and private equity firms. Typically, these deals occur at a discount due to distressed prices. Such deals are an attractive play for private equity firms with longer-term objectives for the assets they’re acquiring, as evidenced by FIS announcing it intends to sell Worldpay and recent sales of Global Payments’ prepaid and gaming divisions.

With experience in the full lifecycle of take-private deals, CrossCountry Consulting supports transactions through sell-side and operational due diligence, accounting support, deal management, and post-close support, including detailed technical accounting and carve-out support.

To explore transaction opportunities today, contact CrossCountry Consulting.

Global Internal Audit Standards: What’s Changed?

The future of internal audit is rapidly evolving, driven by technological advancements and a changing business landscape. The new Global Internal Audit (GIA) Standards (currently in draft form and open for public comment through May 2023) from the Institute of Internal Auditors (IIA) promise to revolutionize the field by providing a framework for auditors to adapt and thrive in the years to come.  

The new GIA Standards, a progressive refresh of the previous International Professional Practices Framework (IPPF), are transforming internal audit by providing a forward-thinking, comprehensive framework for internal audit practitioners to ensure the effectiveness and efficiency of their organizations’ internal controls, risk management, and governance processes. These updated Standards emphasize the importance of a risk-based approach to the use of technology, enabling auditors to adapt to the changing business environment and generate more value for their organizations. The IPPF elements are now concisely organized into five domains that more clearly and comprehensively reflect the roles and responsibilities of internal audit in modern organizations: 

  1. Purpose of internal auditing.
  2. Ethics and professionalism.
  3. Governing the internal audit function.
  4. Managing the internal audit function.
  5. Performing internal audit services.

A Spotlight on Emerging Technologies

The key reason for these changes is the simplification and adaptation of emerging audit technologies. The previous Standards had been in place for nearly two decades and were no longer sufficient to address the complexities of modern organizations and the new risks they face, such as cyber threats, data privacy concerns, and regulatory changes.  

The new GIA Standards place a strong emphasis on the use of data analytics, automation, and artificial intelligence (AI) in the internal audit process. They recognize that these technologies can enhance the effectiveness and efficiency of internal audits by enabling auditors to analyze copious amounts of data quickly and accurately and identify trends and patterns that might otherwise go unnoticed. 

“The GIA Standards place additional emphasis on the due professional care required when leveraging unfamiliar audit techniques and new technologies. Most importantly, additional guidance is provided on how to manage these risks and develop mitigation strategies.”

Karalee Britt, Integrated Risk Management Partner

From continuous auditing to sophisticated data analysis, the internal audit approach is transforming daily. As such, the new Standards require internal audit functions to develop a strategy for leveraging emerging audit technologies. This strategy should include an assessment of the organization’s current technology infrastructure and capabilities, an evaluation of potential risks and opportunities associated with the use of modern technologies, and a plan for implementing and monitoring the use of these technologies in the audit process.  

Success Through Synergy

The new Standards also emphasize the importance of collaboration between internal audit and other functions, such as risk management and compliance, leading to a more integrated approach to governance and risk management. They recognize that emerging technologies can impact multiple areas of the organization, and internal auditors must work closely with other departments to ensure that modern technologies are integrated effectively and efficiently. 

Explore expert Risk Management solutions that solve real-world problems

Increase the value of internal audit and transform your enterprise risk function holistically to stay ahead of new standards, complexities, technologies, and threats.

In pursuit of greater synergies, internal auditors must be transparent about their use of technology and ensure the tools they’re leveraging are consistent with the organization’s values and objectives. In doing so, all departments with which internal auditors work adhere to the same foundational technological principles and best practices, creating a unified approach to the management of key platforms, communications, and data. Additionally, internal audit must maintain confidentiality and privacy when handling data, another key touch point with multiple functions. 

Benefits and Risks

Organizations must calibrate their new internal audit approach to the realities of both the benefits and risks implicated in the Standards.

The benefits of aligning with emerging audit technologies, such as continuous monitoring and automated audit procedures, are numerous. These technologies can enhance the effectiveness and efficiency of internal audits by enabling auditors to analyze large amounts of data quickly and accurately and identify trends and patterns that might otherwise go unnoticed. Use of these techniques, including automation and AI, can provide deeper insights and better decision-making support, which can lead to improved risk management and better business outcomes. 

Conversely, there are also potential risks and challenges associated with this approach. For example, these technologies may require significant investments in infrastructure, training, and personnel. They also introduce new considerations related to data privacy, data quality, addressing biases of automated audit techniques, security, and governance. The GIA Standards place additional emphasis on the due professional care required when leveraging unfamiliar audit techniques and new technologies. Most importantly, additional guidance is provided on how to manage these risks and develop mitigation strategies. 

Ready for Tomorrow’s Challenges

The GIA Standards are open for public comment and review through May 2023, will be issued in late 2023, and are effective 12 months after release. 

In advance of full adoption, alignment with emerging audit technologies is critical, as it provides a roadmap for internal audit functions to remain relevant and effective in an increasingly complex and technology-driven business and regulatory environment.

For expert support navigating an evolving internal audit landscape, contact CrossCountry Consulting.

Cloud computing has become an essential component of most organizations’ IT infrastructure, with the global cloud computing market expanding at a 17.9% compound annual growth rate through 2027, more than doubling its current size. The cloud offers numerous benefits, including scalability, flexibility, and cost-effectiveness, making it an integral lever for modern firms.

However, the cloud also presents unique security challenges that organizations must address to protect their data and systems. These challenges present significant obstacles to internal audit teams tasked with providing assurance that their organization’s cloud environment is secure, compliant, and resilient to cyberattacks.

So what cloud security challenges do internal audit teams face daily, and what can they do about them? Explore five expert problems and solutions below:

Challenge 1: Lack of Visibility

As organizations move toward the cloud, the lack of visibility into cloud infrastructure becomes incredibly debilitating. It can be difficult for internal audit teams to monitor the security of cloud-based applications and services, as organizations often have limited control over them due to the shared responsibility model (see Challenge 3 below). This can lead to security gaps cybercriminals can exploit to gain unauthorized access to the organization’s sensitive data being stored or processed in the cloud.

Recommendation: Implement Cloud Security Monitoring

To address this challenge, internal audit teams can leverage cloud security monitoring tools to gain visibility into their organization’s cloud infrastructure. Native tools such as AWS CloudTrail and CloudWatch or Azure Monitor are readily available, optimal solutions. Alternatively, some organizations implement a Cloud Security Posture Management (CSPM) tool for automated cloud risk identification and remediation.

These tools provide real-time alerts for security events, including unauthorized access attempts, data breaches, and other security incidents. Internal audit teams can inspect data from these tools during an audit or develop continuous monitoring capabilities by connecting to the monitoring tools through an application programming interface (API) and aggregating the data into dashboards for more real-time monitoring. However, internal audit should first inspect the relevant configurations of these tools before placing reliance on the data.

Challenge 2: Compliance

Large organizations are subject to various regulatory requirements, and ensuring compliance with these regulations can be a daunting task when dealing with multiple cloud service providers. In fact, 90% of enterprise organizations have a multi-cloud environment and use between two or three private or public clouds. Internal audit teams need to validate that all cloud services used by the organization comply with regulatory requirements such as GDPR, HIPAA, or SOX.

Explore expert Risk Management solutions that solve real-world problems

Increase the value of your internal audit function and optimize your IT risk management program holistically for complete security, compliance, and protection.

Recommendation: Develop a Cloud Compliance Framework

Internal audit teams should develop a cloud compliance framework that outlines the regulatory requirements for the organization’s cloud environment. The framework should include the necessary controls to ensure compliance as well as the procedures to validate the effectiveness of these controls. The internal audit team can then use this framework to assess the compliance of all cloud service providers used by the organization and recommend remediation steps as necessary.

There are several resources readily available to help guide the development of a cloud compliance framework.  One example is the Cloud Controls Matrix (CCM) developed by the Cloud Security Alliance (CSA). The CCM is a framework of cloud-specific security controls mapped to leading standards, best practices, and regulations such as ISO/IEC 27001/27002/27017/27018, CCM V3.0.1, AICPA TSC (2017), CIS Controls V8, NIST 800-53r5, PCI DSSv3.2.1, and ISF SOGP 2022.

Note: CSPM tools and cloud-native services can also be utilized to monitor and enforce compliance patterns.

Challenge 3: Shared Responsibility

Cloud service providers follow a shared responsibility model in which they are responsible for the security of the cloud infrastructure, and each organization/customer is responsible for securing their data in the cloud. Validating the security of data in the cloud can be problematic for internal audit teams, as they need to obtain assurance that both parties are fulfilling their responsibilities. Additional challenges arise when responsibility for remediating control gaps is not clearly established.

Below is an example of Azure’s responsibility model.

shared responsibility model example for cloud solutions

(Source)

Recommendation: Understand the Shared Responsibility Model

Internal audit teams need to understand the shared responsibility model and their organization’s role in securing data in the cloud. The internal audit team can work with the cloud service provider to understand their security controls and assess effectiveness. This can often be limited to reviewing control attestation reports such as Service Organization Control (SOC) reports.

Additionally, the internal audit team can review the organization’s security controls to validate that they are aligned with the shared responsibility model. Both parties should have a clear understanding of responsibilities, and these should be documented and available for internal audit review. Clear and open communication should be encouraged between internal audit and the organization’s security team (e.g., DevSecOps) to work collaboratively on improving the control environment.

Challenge 4: Identity and Access Management

Managing user identities and access to cloud services is arduous work for many organizations. Without a defined Identity and Access Management (IAM) strategy, IAM is often implemented in a variety of disjointed ways without visibility across the overall IAM landscape. Many public data breaches involving cloud services have been due to poorly configured IAM controls (e.g., publicly facing S3 buckets).

Recommendation: Understand IAM Risk and Controls

A good understanding of the risks and controls associated with IAM across the organization’s cloud environment is a must-have for internal audit. Internal audit teams need to validate that their organization has appropriately configured IAM controls across all applicable domains so that only authorized users have access to cloud services and data and that there are no unauthorized access attempts.

Areas such as root account credentials, multi-factor authentication (MFA), key management services, federated access, and the principle of least privilege should all be thoroughly inspected by internal audit.

“Internal audit teams can work closely with IT and security teams to build a shared understanding of cloud security risks and controls. This can help auditors gain a deeper understanding of the cloud environment and provide more effective recommendations to improve security.”

Simon Burton, IT Risk Associate Director

Challenge 5: Lack of Technical Expertise

Unfortunately, internal audit teams often lack cloud security technical expertise. Internal auditors may not have the necessary skills or knowledge to audit cloud-based applications and services effectively, resulting in issues such as:

  1. Inability to identify security risks,
  2. Inability to assess the effectiveness of cloud security controls,
  3. Inability to provide meaningful assurance, and
  4. Inability to maintain regulatory compliance.

Additionally, many organizations’ internal security teams struggle to hire and retain staff to manage their cloud environments due to a shortage of qualified cloud security architects and engineers.

Recommendation: Collaborate and Invest in Training and Development

Internal audit teams can consider the following solutions:

  1. Invest in training and development: Internal audit teams can invest in training and development programs to help build technical expertise in cloud security. This can help auditors understand the unique challenges of auditing cloud-based applications and services and provide more effective recommendations to improve security.
  2. Leverage external experts: Internal audit teams can collaborate with external experts in cloud security to provide technical expertise and support. This can help augment internal audit teams’ capabilities and support a more effective and meaningful audit.
  3. Increase security awareness: Internal audit teams can work closely with IT and security teams to build a shared understanding of cloud security risks and controls. This can help auditors gain a deeper understanding of the cloud environment and provide more effective recommendations to improve security. Investment in security awareness would also benefit the architects, developers, engineers, and product owners by reducing future compliance issues.

For expert internal audit support to solve these problems and more, contact CrossCountry Consulting.

(more…)

A sustainable business model today often encourages varying levels of Diversity, Equity, and Inclusion (DEI) programming, either through grassroots company initiative or as part of investor or regulatory requirements. 

As of 2022, 100% of Fortune 100 companies run DEI programs with information publicly available on their websites. Of Fortune 500 companies, roughly 16% publish annual DEI reports. Additionally, research shows that companies that embrace diversity are significantly more productive and have higher retention and engagement levels relative to companies that don’t invest in DEI programming. Further reinforcing the criticality and momentum of compiling and transparently reporting DEI metrics are emerging Environmental, Social, and Governance (ESG) reporting structures from the SEC. 

Advancing DEI initiatives, however, isn’t yet a capability the average organization has fully executed on, at least not to the degree that it can consider its DEI goals “accomplished.” It takes concerted effort, accountability, and strategic action from DEI leadership teams. 

What Is a DEI Action Plan? 

A DEI action plan is the program by which HR and corporate leaders execute against DEI goals in measurable, meaningful ways, with reportable results to employees, boards, and, when relevant, investors. 

Although leaders say they are committed to DEI, people notice when progress is slow, thus necessitating an action plan that propels forward progress at all times.  

A 6-Part Plan to Change 

Especially when considering younger generations in the workforce who are more diverse and socially active, translating DEI goals into actionable results is becoming table stakes for talent acquisition and competitive differentiation.  

Make progress on DEI strategy with the below action items: 

1. Integrate Leading Benchmarks to Kick-Start and Accelerate DEI Planning and Execution 

By understanding existing best practices across the DEI landscape (and specific to relevant industries), leadership can begin to shape their DEI work in a way that maximizes what’s worked for other organizations and bypasses pitfalls. This includes leveraging DEI benchmarking data from external resources, ideally curated into dashboards for quick, visual insights. Data commonly includes demographic information by job level, employee engagement, accessibility, suppliers, and more. 

2. Build an Employee Feedback Loop for Optimized Programming 

Fresh perspectives can optimize DEI programming and provide greater inclusion and diversity of thought. By granting a pathway for staff to be engaged and responsive, organizations can build bi-directional conversations around DEI. This can simply be done by recurring employee engagement surveys, focus groups, or other forums. The key is open communication channels followed by real shifts or changes in programming from DEI leadership. 

3. Embed Continuous Optimization  

As the organization as a whole acclimates to change (and sees the benefits of it), it’s necessary to systematize a process by which optimization is “always on.” Employees at all levels of the business should have the buy-in and confidence to experiment with new DEI ideas, test new techniques in smaller groups, and innovate on behalf of the business, effectively creating a culture of continuous optimization. This type of culture creates unique ways for individuals to connect, embrace differences, find common ground, and expand awareness, potentially uncovering new areas of programmatic effectiveness that could benefit from smart investment. Organizational design, process architecture, and hiring practices are common functions ripe for greater efficiencies. 

4. Refine Reporting to Be More Quantifiable  

While standing up a reporting structure often starts with a few basic metrics that are important to the organization, it’s just the beginning. Analyze the industry environment, peer organizations, and leading HR practices to gain insights into additional metrics to measure, benchmark, and report. Aim for quantifiable data points that increase accountability and success. For example, most human resources information systems (HRIS) already contain figures for recruiting, hiring, and retention, but can they be broken out further to compare against QoQ progress, competitor benchmarks, and more while attaching a dollar amount. 

5. Implement Compliance Controls as a Baseline 

DEI checkpoints and policy reviews can ensure compliance with federal and state civil and human rights laws and regulatory requirements. These controls can foster compliance in the early stages of DEI efforts; over time, being a DEI leader in the industry can be a competitive advantage. To go beyond compliance, consider launching employee resource groups, mentorship programs, unconscious bias training, and targeted outreach programs. 

6. Customize and Scale the DEI Mission 

With DEI, one size does not fit all. DEI goals should align to the underlying company vision, inspire staff, and improve the communities served. Customizing DEI to future-state business needs and company culture can protect the DEI mission from under-investment and inertia, ensuring progress is measurable and scalable over time.  

For expert support from Human Capital Transformation leaders, contact CrossCountry Consulting


At a time when 43% of finance leaders are first and foremost seeking to drive greater efficiencies and insights via their current processes and another 31% are primarily aiming to elevate the finance function as a strategic contributor to the organization, the OneStream Splash™ Global User Conference & Partner Summit couldn’t have arrived sooner. 

Bringing together finance and industry experts from around the world to inspire, educate, and connect – with a key focus on OneStream’s Intelligent Finance platform – the conference featured a series of breakout sessions, hands-on workshops, and drop-in demos calibrated to the pulse of the modern finance professional. 

Several of CrossCountry Consulting’s Enterprise Performance Management leaders joined the event to discover and decode the latest complexities the finance department faces, such as accelerating transformation and building a high-performing finance process architecture. 

An Expansive and Intuitive Platform Experience 

Among some of the key highlights of the event included: 

  • OneStream is launching SensibleGPT, which embeds ChatGPT functionality into the platform. This innovation should enable users to interact with the platform more seamlessly and conversationally. 
  • OneStream announced enhancements to Sensible Machine Learning, expanding the AI capabilities in the tool and making forecasting more accurate.  
  • OneStream will allow partners to create solutions on the platform that can be sold to other customers or partners. This is a fantastic opportunity for partners to monetize their expertise and improve their OneStream return on investment. It also expands the breadth of applications and use cases the average customer can expect to gain all within one platform. 
  • OneStream announced CPM+. While conventional ERPs “run the business,” and CPM “manages the business,” CPM+ “steers the business” by leveraging financial and operational data, allowing decision-makers to lead the organization from the front with the most actionable, comprehensive data possible. 

Maximize your OneStream investment with an expert implementation and advisory partner

Simplify and align enterprise performance management processes like financial consolidation, reporting, planning, analytics, and more.

These additions and improvements to the core OneStream offering are complemented by robust AI services designed for stakeholders inside and outside the OCFO. This AI suite can promote greater trust and collaboration between departments, generate transparent yet flexible forecasts, and deploy ML models across the business for a variety of use cases. 

As innovation in the corporate performance management space advances further, organizations of every industry and size will be empowered to work seamlessly as one forward-moving unit rather than as disparate teams inching toward siloed goals.  

For expert support implementing and optimizing OneStream to your unique needs, contact CrossCountry Consulting

Managing a family office’s finances is exponentially challenging when dealing with multiple clients with unique needs. Before developing workflows within an accounting system or leveraging user-defined books and dimensions, as provided by software like Sage Intacct, it’s essential to the family office’s financial management that all requirements and goals are fully understood and ultimately represented. 

That’s exactly what Anne Costello, Managing Consultant in CrossCountry Consulting’s Sage Intacct practice, and Ryan Kerry, CEO of KnowLedger, an accounting translation platform that integrates with Sage Intacct, set out to address in a recent demonstration. 

Family office reporting made easier

Explored in the video are the workflows of three different fictional clients based on very real scenarios, each with different reporting requirements.

In all three cases, user-defined books are leveraged to successfully strengthen and configure investment reporting, better capture specialized adjustments, and enrich investment data models, among other powerful use cases available with a Sage Intacct-KnowLedger integration.

Sage Intacct dimensions are configured to suit specific client reporting needs. For example:

  • Clients can track investments using the Department, Class, or Item dimension.
  • Dimensions can be renamed for more specific tracking, such as renaming “Department” for Principle versus Income.
  • The Department field is used when management wants to restrict user access to investment information.
  • The Item field is used when adding a transaction approval workflow for transactions such as capital calls.
  • The Class field might be used in combination with the Department field for reporting and approvals.
  • The Location encases investments into their native trusts and legal entities. 

Pairing Sage Intacct with middleware like KnowLedger automates data migration between various sources and enriches data further for greater clarity, insights, and accuracy. View the full video above for more information on how both platforms facilitate family office investment reporting, or contact CrossCountry Consulting today for best-in-class financial management support.  

Is zero-based budgeting (ZBB) just a buzzword, or are your competitors really starting their budgets from scratch every year? How do they find the time? 

Though interest in ZBB gains traction in times of crisis – as evidenced by the responses to the financial fallout in the 1970s, 2008, and 2020 – it wanes in stronger economic cycles.

Fast forward to today, and organizations are once more unearthing ZBB as a tried-and-true method for identifying and realizing cost savings in anticipation of another economic downturn. Why?

  • It works. It’s a quick way to generate material improvements to earnings before interest, taxes, depreciation, and amortization (EBITDA). Over 40% of surveyed companies using ZBB decreased headcount and cost of good sold (COGS) by greater than 40%. And SG&A budgets can be reduced by 10-25% through ZBB alone.
  • But it’s time-consuming – or is at least perceived that way – which deters companies from doing it every year.   

So how can companies zero-base to realize savings without disrupting operations? Consider “near” zero.

What Is Near Zero-Based Budgeting? 

While ZBB challenges finance leads to justify all expenses against a fresh budget starting from zero every period (rather than against last period’s budget), “near” zero-based budgeting (NZBB) can be a more efficient and realistic approach that aims to be less time-intensive, less disruptive, and more flexible than conventional zero-basing.

Ultimately, all costs are designed to contribute to the year’s necessary operations and corporate objectives. ZBB starts from a blank sheet of paper; NZBB safely assumes that some expenses can be carried into a new budget based on the previous year but most rightly require new justification and allocation.

It’s a healthy, productive budgeting methodology that gets companies as close to ZBB as possible without harmful rigidity. Plus, NZBB contains elements of traditional budgeting, which most organizations are comfortable with, serving as a smoother on-ramp to better budgeting practices overall.

As seen in the comparison below, NZBB sits in between traditional and ZBB, making it useful to a wide array of organizations on their journey to healthy planning and budgeting activities.

near zero based budgeting vs zero based budgeting and traditional budgeting

Near Zero-Based Budgeting in Action  

Following a standardized yet configurable approach to NZBB can yield positive results for virtually every business. To reduce spend strategically rather than mechanically, consider the below steps:

First, get clear transparency at the line-item level for spend. Even if you don’t need last year’s budget to start from scratch next year, you’ll never be able to analyze spending if you don’t get data transparency. 

Second, determine what spend is addressable within a reasonable timeframe and focus most of the budgeting time on those items. In the framework below, you can see that it’s important to pursue addressable spend wherever it may exist rather than wasting time on not-addressable spend. And in cases, where the obvious solution is simply to eliminate a given cost, that decision should be made efficiently without undue roadblocks. Ultimately, it’s key to get to a point where the harder more granular cost-improvement decisions can be made strategically before the budget cycle is up.

spend segmentation and decision tree for zero based budgeting

Third, rigorously pursue the lowest-cost options for addressable items required to operate a company (e.g., Wi-Fi) and the items required to compete in your given industry but that a low-cost alternative won’t destroy value (e.g., logistics company requires trucks but can have more affordable vehicles as long as they are dependable).  

Often, there are quick-win solutions to better vendor management. These options can be implemented parallel to longer-tail initiatives that require a heavier lift, like implementing a new automation software or migrating operations to a cheaper facility.

Lastly, don’t mix zero-basing headcount and budgets. Those activities should be separate because they require different approaches. Keep budgeting activities within integrated planning and sales teams, whereas decisions on headcount can sit closer to operations and management teams. The goal of ZBB and NZBB is not to reflexively arrive at layoffs as the sole or most convenient solution every budgeting period. It’s to eliminate wasteful spend primarily in less-essential areas of the business to ensure the budget is always aligned to the strategic vision of the firm.

For expert support improving costs systematically across your business, contact CrossCountry Consulting.

As CFOs look to trim costs – primarily by decreasing headcount – in anticipation of further recessionary pressures, overhead in the finance back office is under a microscope.  

But reductions in key finance positions can generate a backlog of unprocessed and unpaid invoices with reverberating effects across all areas of the business and vendor ecosystem. So, while labor is “streamlined,” accounts payable (AP) efficiency erodes. 

To proactively address this type of scenario – along with many others – future-ready firms are pursuing automation initiatives, with a transformative business spend management (BSM) application being a productive, high-value entry point for many organizations. BSM platforms like Coupa aid AP automation by digitizing the invoice process and reducing cycle times between receiving invoices and approving them for payment. 

Benefits of Automated Invoice Processing 

Invoice automation benefits the finance back office in direct, tangible ways, as evidenced by greater throughput and more uptime for human capital to focus on higher-value activities. 

At its core, automated invoices generate: 

  • Savings from payment discounts. 
  • Tighter cash flow controls. 
  • Reduced workload for the AP department. 
  • Automated general ledger (GL) coding from purchase orders. 
  • Organizational efficiencies through AP workload reductions. 
  • Increased rate of electronic invoices received. 
  • Reduced invoice creation and approval cycle time. 
  • Increased Earnings Before Interest, Taxes, Depreciation, and Amortization (EBITDA). 

Below is an example invoice dashboard, which is a starting point for visualizing and realizing some of the above benefits:

accounts payable efficiency through an invoice automation dashboard

While modern finance functions no longer handle paper invoices and manually validate purchase orders, there’s still room for continuous optimization, primarily through a technology stack that accelerates additional automation over time. Some of these supporting technologies include: 

  • Optical Character Recognition (OCR), which converts images or text into a machine-readable format. 
  • Artificial Intelligence (AI) to automate invoice matching and approval and reduce the need for manual data entry. 
  • Merging of invoice processing and payment platforms to enhance reporting capabilities and transaction tracking. 
  • Integrations to ERP to automate accounting and reduce duplicative work. 

The sum of these advancements is AP efficiency that sets a high standard of performance within the finance function while enabling the organization to ingest, understand, and act on data in a systematic, forward-looking way. 

The Power of BSM Process Automation 

The adoption of a BSM platform in the pursuit of ongoing AP process efficiency is a useful, integrated model for leading organizations. BSM tools provide a suite of adjacent process efficiencies throughout tax, treasury, contracts, planning, and more – further arming the AP function with opportunities to make an impact outside of invoicing alone

The global accounts payable automation market will grow to $3.1 billion by 2024, expanding at 11% CAGR since 2019.

MarketsandMarkets Research

Coupa, for example, contains modules for compliance, spend management, and strategic sourcing – to name a few – in addition to its core AP automation capability. Through automated invoicing channels, free web portals for supplier invoicing, AI-powered PDF processing, and eliminating invoices entirely through virtual cards, Coupa delivers a sophisticated approach to cost-effectively running an AP function, as seen below: 

  • cXML integration enables businesses to exchange electronic invoices with their suppliers quickly and easily. By automating the exchange of invoices through direct cXML integration, businesses can reduce the time and effort required for manual invoice processing, improve accuracy, and reduce the risk of errors and fraud. 
  • Free invoicing portals such as the Coupa Supplier Portal (CSP) and Coupa Supplier Actionable Notifications (SAN) allow suppliers to easily submit their invoices online, eliminating the need for manual data entry and reducing the risk of errors. This reduces the burden of entering invoices on the AP team, improving invoice processing time. The supplier is able to view invoices and their current status, which allows transparency and leads to improved supplier communications. 
  • AI-powered PDF processing tools like Coupa InvoiceSmash are another valuable feature of BSM Platforms. These tools use AI and machine learning (ML) algorithms to learn and understand PDF supplier invoices, enabling them to extract relevant data accurately and efficiently. InvoiceSmash can also detect and flag any anomalies in the invoice data, helping to identify potential errors and fraudulent activities. 
  • Virtual cards are another trending feature of BSM Platforms, which are replacing traditional paper invoices. Virtual cards are essentially digital payment cards that can be used to pay suppliers quickly and securely, eliminating the need for paper invoices and manual payment processing entirely.  

On average, organizations that implement Coupa increase their digital invoicing receive rate to 75% of their vendor base within just six months of going live. As a result, average invoice cycle times decrease drastically to just 10.5 hours.  

For expert support implementing AP automation, contact CrossCountry Consulting

In October 2022, the SEC issued a new rule, Item 402(v) of Regulation S-K, requiring registrants to include disclosures on pay versus performance (PvP) in their proxy statements. This requires companies to calculate Compensation Actually Paid (CAP) using the value of equity awards paid to named executive officers (NEOs) under a new, prescribed methodology. Registrants are also required to compare CAP to the shareholder return for both the registrant and peer group, to net income, and to a company-selected financial measure such as earnings per share.

Registrants excluding smaller reporting companies (SRCs) are only required to provide information for three years in Year 1, with one additional year presented in both Years 4 and 5, to eventually present at a total of five years in the PvP table. SRCs only have to present two years in Year 1.

Below are some observations on implementing PvP to date:

PvP Impacts Nearly All Public Companies

All public companies are impacted beginning with fiscal years after Dec. 15, 2022. However, emerging-growth companies, registered investment companies, and foreign private issuers are exempted.

SRCs and newly public companies get relief on the number of historical periods to include in the filing, but they are not exempt from this requirement.

The PvP Disclosure Is More Than Just One Simple Table

In addition to a detailed revaluation of compensation, companies must disclose multiple tables on the calculations of CAP, graphs on the relationship between PvP, and narrative disclosures. This requires collaboration between accounting, financial reporting, legal, and compensation teams.  

Revaluing Equity Awards Under the SEC-Prescribed Methodology Is More Time-Consuming Than a Lot of Companies Expect

Companies will need to invest time and resources with the necessary skills to collect, analyze, and remeasure the equity award data accurately. In particular, the revaluation of stock options can be extra demanding as it requires updating assumptions, such as volatility and expected remaining term, for each measurement date.

Additionally, in Year 1, companies need to perform these calculations for three years of historical information (two for SRCs), adding to the demand on resources.

CAP May Be Negative for Companies With Declining Stock Prices

Especially if the NEOs are paid heavily in equity, CAP can be negative if the company has a declining stock price. Companies should still disclose the negative amount.

CAP Doesn’t Actually Reflect Compensation Paid to Executives

As noted above, CAP is based on a prescribed methodology and not tied to amounts actually paid to executives. While this may provide better consistency when assessing CAP across companies, it can create additional challenges for companies when describing their compensation strategies to investors.

Companies Have Flexibility on How to Present the Relationship Between Their Performance and Executive Pay

Companies have the option to present the relationship between their company’s performance and executive pay in a narrative or graphical format. However, the vast majority of companies are presenting graphically.

It Can Be Difficult to Identify the Financial Performance Measures in Year 1

Non-SRC companies must disclose the most important financial performance measure used to link CAP to the registrant’s NEOs, as well as an unranked list of three to seven other performance measures for the CAP to NEOs. There’s no one-size-fits-all approach, and different companies may use different performance measures, making it difficult to compare across industries. Additionally, companies may include non-financial performance measures if they are among the three to seven performance measures used by the company to link pay to performance.

If a company doesn’t use financial performance measures to link CAP to performance, no measures are required to be disclosed.

Controls and Procedures Should Be in Place for This Disclosure

While the PvP disclosures will not be included in or incorporated by reference into filings under the Securities Act of 1933 or other filings under the Securities Exchange Act of 1934 (e.g., Form 10-K), unless a registrant explicitly incorporates them by reference, companies should remain mindful that this disclosure could be subject to SEC review. There should not be inconsistent or potentially misleading information in relation to other disclosures which may result in SEC comment letters.

Further, although the PvP disclosure will likely not fall under SOX 404 certifications, it’s still important to establish controls and procedures to ensure information presented is accurate and reviewed appropriately.  

Seek Expert Preparation Support

The challenges of preparing new disclosures – understanding what’s required, figuring out best practices, setting up processes and controls, and carving out time to get the necessary work done – make compliance no easy feat, especially when weighed against other priorities and responsibilities. Cross-functional technical accounting specialists at CrossCountry Consulting support organizations through the requirements, ensuring applicable deadlines are met and providing the additional solutions, such as:

  • Revaluing applicable executive equity awards under new SEC-prescribed methodology;
  • Preparing the Pay vs Performance table, including Compensation Actually Paid for the Principal Executive Officer (PEO) and average for non-PEO NEOs;
  • Drafting the disclosure language for the Proxy Statement;
  • Consulting on the peer group selection;
  • Consulting on the Company Selected Measure (CSM) and other Financial Performance Measures;
  • Providing required description of relationship between pay, performance, and required metrics either in graphical or narrative format based on company preference; and
  • Setting up a repeatable process with controls that can be leveraged for the future.

For expert support meeting new PvP demands, contact CrossCountry Consulting today.

The Federal Trade Commission (FTC) is increasing oversight and enforcement against companies processing children’s data. Dating back to Q422, the agency issued close to half a billion dollars in fines against companies for noncompliance with children’s privacy laws.

In December 2022, the FTC announced that “the action against Epic Games involves two separate record-breaking settlements. As part of a proposed federal court order, Epic will pay a $275 million monetary penalty for violating The Children’s Online Privacy Protection Act (COPPA) Rule—the largest penalty ever obtained for violating an FTC rule. Additionally, Epic will be required to adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default. Under a separate proposed administrative order, Epic will pay $245 million to refund consumers for its dark patterns and billing practices.”

Organizations that collect personal information online from children under the age of 13 in the U.S. must meet the requirements of COPPA. Industries with increased regulatory spotlight include EdTech, social media, and online gaming.

Below is a checklist of key COPPA requirements to begin the compliance journey:

Key COPPA RequirementQuick Tips to Meet Requirements
Website or online service operators must:

(a) Provide notice on the website or online service of what information it collects from children, how it uses such information, and its disclosure practices for such information (§ 312.4(b);
Review the Privacy Notice and confirm all collection, use, and disclosure of children’s personal information is accurately described.
(b) Obtain verifiable parental consent prior to any collection, use, and disclosure of personal information from children (§ 312.5);Ensure Privacy Notice describes the process for collecting verifiable parental consent, and that it follows the described process.

Obtaining verifiable consent means “making any reasonable effort (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent of the child 1) receives notice of the operator’s personal information collection, use, and disclosure practices; and 2) authorizes any collection, use, and/or disclosure of personal information.”

Maintain a mechanism for parents to opt-out at any time. Opt-out should be available through the same means by which the opt-in was provided.
(c) Provide a reasonable means for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance (§ 312.6);Maintain a mechanism (such as a data inventory) that can be referenced to fulfill parent’s access and deletion requests.
(d) Not condition a child’s participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity (§ 312.7); and Implement the principle of data minimization throughout the organization’s website or online service to limit the collection of personal information to what is reasonably necessary to participate.
(e) Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children (§ 312.8). Implement security protocols throughout the organization to safeguard children’s personal information throughout the data lifecycle.

Reference industry documentation like the NIST Cybersecurity Framework to identify, assess, and manage organizational risk and enhance data security.

Consider engaging a third party to independently assess compliance.

Expert Regulatory Support

For in-depth guidance on meeting regulatory requirements in the U.S., check out U.S. Privacy Compliance Checklist: What to Know for 2023.

Additionally, the California Age-Appropriate Design Code Act (AADC) effective date is July 1, 2024, placing new obligations on companies offering online products and services that are likely to be accessed by children under the age of 18.

CrossCountry Consulting’s robust privacy and data protection team is actively involved in the industry, holds leadership roles within IAPP, and is passionate about data protection and the evolution of the field. Contact CrossCountry Consulting today with questions or to discuss how we to achieve compliance goals.

Two SEC proposals impacting investment advisers and funds are expected to be finalized in Q323.

The first enhances investment funds’ ESG disclosures. The second expands the scope of the “Names Rule” to additional ESG terminology like “green” or “sustainable” in fund names, among other amendments.

Together, these proposals are designed to provide consistent ESG standards, allowing investors to make more informed decisions. The rapid rise of ESG-related investment products coupled with divergent data and investment criteria used in ESG strategies have prompted both regulator and consumer interest in greater standardization, transparency, and measurement of ESG investments.

Overview

The proposals were originally released in May 2022 and apply to:

  • Registered investment companies.
  • Business development companies (together with registered investment companies, “funds”).
  • Registered investment advisers.
  • Certain unregistered advisers (together with registered investment advisers, “advisers”).

These new proposals followed the previous SEC proposal announced on March 21, 2022, requiring registrants to include climate-related disclosures in annual reports and/or registration statements. These efforts align with the market’s increasing expectations for more scrutiny of ESG compliance and reporting. While still in the proposal phase, the issues in question are already relevant as illustrated by the SEC’s active enforcement of existing regulations in the ESG funds space. The regulator has fined two well-known financial institutions in the last year, with the last fine doubling the previous one.  

ProposalWhy It’s Important
1. Require funds and advisers that consider ESG funds in their investment process to enhance disclosures regarding their strategy.Helps make ESG disclosures more consistent, measurable, and reliable, allowing investors to make informed decisions when comparing ESG investments.
2. Expand the regulation of naming funds with an ESG focus.Ensures funds are properly descriptive of their portfolio by requiring a fund’s name to accurately reflect the fund’s investment strategy.

Proposal 1: Enhanced ESG Disclosures for Investment Advisers and Funds 

The SEC proposes requiring funds and advisers that consider ESG factors in their investment process to disclose additional information regarding their strategy, such as including greenhouse gas (GHG) emissions metrics, having a tabular strategy overview in statements, and submitting statements and reports in a structured machine-readable data language.  

The amendments would enhance disclosure by:  

  • Requiring additional specific disclosures regarding ESG strategies in fund prospectuses, annual reports, and adviser brochures.  
  • Implementing a layered, tabular disclosure approach for ESG funds to allow investors to compare ESG funds more consistently. 
  • Requiring ESG-focused funds that consider environmental factors in their investment strategies to disclose additional information regarding the GHG emissions associated with their investments. 

Additionally, the amount of required disclosure under the proposed rule depends on the degree to which ESG factors are core to a fund’s strategy. The proposal identifies the following three types of ESG funds:  

  1. Integration funds: Funds that integrate ESG factors alongside non-ESG factors in investment decisions would be required to describe how ESG factors are incorporated into their investment process. 
  2. ESG-focused funds: Funds for which ESG factors are a significant or main consideration would be required to provide detailed disclosures, including a standardized ESG strategy overview table.  
  3. Impact funds: A subset of ESG-Focused funds that seek to achieve a particular ESG impact would be required to disclose how they measure progress on their objective.  

Proposal 2: Amendments to the Fund ‘Names Rule’ 

The Names Rule requires funds with certain names to adopt a policy to invest at least 80% of their assets in the investments suggested by that name. The SEC is proposing expanding that rule to apply to any fund names with particular characteristics, such as ESG characteristics. For example, fund names with terms like “growth,” “value,” “sustainable,” “green,” etc. will fall under this new proposal.  

In addition, the proposal would: 

  • Require a fund to use a derivatives instrument’s notional amount, rather than its market value, to determine the fund’s compliance with its 80% investment policy. 
  • Not permit “integration funds” to use ESG terms in their names since ESG factors are generally no more significant than other factors in the investment selection process.  
  • Specify the particular circumstances under which a fund can depart from the 80% requirement, including time frames for returning to it.  
  • Prohibit a registered closed-end fund or business development company whose shares are not listed on a national securities exchange from changing its 80% investment policy without a shareholder vote. This prohibition would ensure investors could vote on a change in investment policy given their limited options to exit their investments if the change were made. 
  • Require fund prospectus disclosure that defines the terms used in a fund’s name. The proposal also includes amendments to Form N-PORT to require greater transparency on how the fund’s investments match the fund’s investment focus. The proposal would, furthermore, require funds to keep certain records regarding how they comply with the rule or why they think they are not subject to it. 
  • Retain the current rule’s requirement that, unless the 80% investment policy is a fundamental policy of the fund, notice must be provided to fund shareholders of any change in the fund’s 80% investment policy. The proposal would update the rule’s notice requirement to expressly address funds that use electronic delivery methods to provide information to their shareholders. 

Clarity in ESG Details

Currently, the way ESG is defined in the market, even between different funds and advisers, can vary widely. There are differences in the data, criteria, and strategies used as part of an ESG-focused fund. The lack of disclosure requirements and a common framework tailored to ESG investing make it harder for investors to understand which investments or investment policies are associated with a particular ESG strategy. 

In the absence of informative disclosures, a fund’s or adviser’s disclosure could exaggerate its actual consideration of ESG factors. The proposed rule would help make ESG disclosures more consistent, measurable, and reliable, thus allowing investors to make informed decisions when comparing ESG investments.  

In addition, having a robust disclosure and reporting framework that investment managers would be mandated to provide on the criteria and data they use to achieve their investment goals, as well as details about their strategies, would help expand the governance of the SEC over ESG-related funds and advisers. 

The name of a fund is an important marketing tool and should reveal much about the fund and its portfolio. Fund names can be misleading or deceptive if they include words like “green” or “sustainable,” and they truly are not. This may entice or draw investors to these funds based on the name, even if they’re not reflective of their portfolio. To ensure funds are properly descriptive of their portfolio, the amendments to the Names Rule would require that a fund’s name accurately reflect the fund’s investment strategy.  

Next Steps 

The comment period closed August 2022. The proposals are expected to be finalized in the fall of 2023 following the SEC’s review of public comments. 

Funds and advisers should consider acting now by reviewing their policies and procedures around ESG factors. Reporting and disclosures should also be updated to meet compliance with these enhanced requirements. It’s important to assess underlying ESG data and determine whether there’s a need for enhanced compliance and governance.  

Asset managers needing ESG reporting and disclosure support can contact CrossCountry Consulting today.

Selecting an implementation partner for your Source-to-Pay (S2P) project sets the trajectory and ultimate success of your strategic sourcing and procurement initiatives. Given the variety of S2P vendors on the market – the procurement software space will be valued at $9.5 billion globally in the next five years – one of the primary factors separating good from great is the implementation partner executing the project.  

When implementing a leading platform like Coupa to manage procurement, payments, and supply chain, selecting the right partner will have outsized impact on success due to how far-reaching and foundational the software is to core business operations and objectives. 

Here’s what to consider to make your Coupa rollout effective, efficient, and forward-looking: 

coupa implementation partner for source to pay

Experience and Repetition 

A correctly implemented system reduces timelines and iterations while enabling you to more quickly generate savings. Implementation partners with more experience might skew more expensive, but the total value received across the project lifecycle is immeasurable. Beginning with design and configuration and through to post-production support, an expert partner should have a long history of leading Coupa projects across ERPs, countries, and industries. 

Auxiliary Services 

Coupa partners range from global multinational services firms to boutiques that implement only procurement applications. Choose a partner that fits the needs of your company at the right cost structure, one that brings lateral but critical competencies to the implementation, such as accounting advisory, controls, risk and compliance, cybersecurity, and more. Coupa’s impacts do not live in a silo, so a partner with a breadth of experience outside implementation alone can help you see around corners, continuously optimize in any business environment, and deliver a more holistic perspective to every project.  

Procurement Transformation 

To fully transform the S2P process, it takes more than software. It requires a new culture within the organization, powered by new capabilities and skill sets. End users and admins will need training; executives will need the ability to pull rich analytics; purchasing teams will need the intuitive ability to identify additional automation and cost improvement opportunities. Not every implementation partner is capable of pulling Coupa through to new areas of the business and empowering them to use the platform in efficient, innovative ways. 

“Some companies may have a complex system landscape and opt for dedicated solutions for Inventory, CLM, Direct Procurement, or Taxes. Your implementation partner should have extensive relationships and credibility with other solutions providers in these domains.”

Murillo Xavier, Coupa Director

Flexible Payments 

Pricing structures often fall into a few categories: Time & Material; Fixed Fee; or Risk. The pricing structure typically dictates payment terms, but as any business leader knows, payment flexibility can make or break a relationship during trying economic times. When considering that complex implementations can span more than a year start to finish, your firm’s financial situation is likely evolving during that time frame. A partner that grants payment flexibility is a value-add. 

Hybrid Delivery Models 

Due largely in part to the pandemic, virtual consulting is the norm. That said, “virtual” doesn’t have to mean low-cost offshoring to teams across multiple time zones and with variable availability and expertise. Implementation partners that offer multiple delivery models provide the best opportunity to complete projects on time, on budget, and in a way that creates a positive, memorable experience. Top implementation partners can conduct project work remotely (saving you on travel costs, for instance), but do so through a 100% onshore model or a hybrid model that leverages offshore resources for specific use cases to minimize costs while improving efficiency. The key is to at least have the option of choosing an adaptable delivery model that works for you. 

Post-Production Services 

After Coupa is live, clients still need personnel to manage the system. These activities are typically support calls, running periodic reports, managing user profiles, adjusting approval rules, and others. Leading consulting firms dedicate departments to managing Coupa systems on behalf of clients, which allows day-one readiness with an experienced hand on the wheel. With this level of service, you can focus on maximizing Coupa’s value rather than simply maintaining the system. In this way, you’re able to achieve greater, more durable ROI faster.  

Pre-Configured Integrations 

Coupa usually has multiple integrations with ERPs and other systems. The technical design and construction of these integrations may take considerable time and resources, which is why it’s beneficial to partner with a firm that offers flexible pre-configured integrations that can be adjusted for each situation and even monitored by the consulting company themselves. It’s a great option for companies with limited IT resources that would like to accelerate their implementation and remove a layer of complexity.  

Automation 

Even though Coupa is highly automated, there may still be some processes or data preparation requiring human intervention prior to handing the information off to Coupa. For example, the consumption from a vending machine needs to be translated into a proper purchase order prior to migrating to Coupa. Some of these processes may benefit from additional automation, which an implementation partner should be capable of executing.  

Integrated Systems Approach  

Some companies may have a complex system landscape and opt for dedicated solutions for Inventory, CLM, Direct Procurement, or Taxes. Your implementation partner should have extensive relationships and credibility with other solutions providers in these domains. A large network allows partners to be cross-trained in relevant areas to your business, offering another key upside to working with an experience partner. For example, the knowledge and foresight to integrate Coupa with other systems like Amazon Business extends the ROI of the implementation and ensures your technology stack works for you, not against you. 

For expert Coupa implementation services, contact CrossCountry Consulting today. 

Taking control of third-party spend is an effective way to generate more cash for your business. 

Why would more cash be good in an uncertain economic environment?  

It’s simple: more flexibility and control.   

Even if cash isn’t “king” like some say, cash can be used as a buffer against potential financial losses, to pay down debt, or to purchase discounted assets. To those aims, implementing spend controls generates direct and indirect benefits to the business during times of heightened volatility and risk. 

Here’s how you take control of third-party spend. 

1. Increase Transparency of Current and Future Planned Spend to Understand What’s Addressable

It’s hard to improve spend if you don’t know what you’re spending money on today. 

Spend analytics tools like Coupa are an easy and effective way to simplify the categorization and analysis of third-party spend data.   

Combine an analytics capability with a procurement team that has more visibility and governance over spend, and you then can: 

  • Determine what is addressable for improvement. 
  • Set improvement targets by category. 
  • Track savings. 

2. Eliminate Non-Essential Discretionary Expenses to Find Immediate Savings

Spend transparency — just like if it was your own personal monthly bank statement — opens your eyes to expenses you simply don’t need.  

If you need to move fast, you can take a top-down approach to look at expenses by category and use a red pen to cross off items you no longer need.  

A more effective strategy is zero-basing spend. This will challenge you to think hard about what you really need, not what you have today, and normally leads you to a materially lower spend answer than the top-down approach.  

3. Rationalize Vendors to Increase Purchasing Power

If you have visibility into spend and have already cut out any unnecessary expenses, keep going. Take a hard look at your list of vendors and remaining spend, and you should find opportunities for additional consolidation.  

“The most profitable organizations embed spend management processes and capabilities into their organization so that it becomes part of their DNA.”

Blake Baptist, Strategic Cost Improvement Director

It might be the case that you have two business units purchasing similar widgets from different suppliers. Or, some of your vendors can supply additional products and services you’re currently buying elsewhere.  

Regardless, the more you buy from vendors, the more purchasing power you build.   

But it’s important you have proper vendor management processes in place to avoid too much supplier risk. 

4. Renegotiate Contracts With Vendors to Enable Better Payment Terms

Once you’ve streamlined into a manageable set of vendors, those same vendors are likelier to seek to retain your business long term, including working with you in tough times. 

Ever notice your household internet or phone bill suddenly increase, then you call the vendor to get the lower rate back? This concept can apply to your business too.  

Reach out to each vendor, particularly for needle-moving expenses, and simply ask for opportunities to renegotiate rates or payment terms.  

5. Make Spend Management a Continuous Capability so You’re Always Saving Money

You might start taking control of third-party spend during a challenging economic time, but you shouldn’t stop there. 

The most profitable organizations embed spend management processes and capabilities into their organization so that it becomes part of their DNA.  

Use a portion of your newly generated cash savings to invest in the following if you haven’t already: 

  • Developing sound end-to-end Procure-to-Pay and Order-to-Cash processes. 
  • Dedicating a strategic sourcing team to anticipate needs, vet and manage suppliers, and negotiate the best rates. 
  • Increasing procurement’s governance over spend so that more spend is under management of the supply chain function. 
  • Setting annual savings targets by function and/or category. 

Need help actioning these five steps? Contact CrossCountry Consulting and start generating cash today.

Organizations have tremendous financial opportunity to optimize areas of the Source-to-Pay (S2P) process via technology. Business Spend Management (BSM) solutions like Coupa, for instance, are delivered via the cloud and consist of an annual recurring software fee and one-time implementation fee.

CrossCountry Consulting has experience using several tactics that allow the software to pay for itself: Using native Coupa functionality, the software quickly returns value to the organization in excess of the fees associated with using and implementing the software.  

This is an incredibly advantageous lever to pull when evaluating the vendor and implementation partner landscape, especially during times of economic uncertainty when cost improvement measures are imperative

To fully leverage the power of your spend, here are six steps procurement teams can take to implement Coupa for free: 

how to implement a business spend management application for free

1. Complete a Spend Analysis in Advance

Before implementation, review key spend categories and compare the benchmark savings delivered via Coupa’s Sourcing module. Prior to the Coupa project, or in the early phases, a spend analysis of the past 12 months allows teams to measure spend versus internal benchmarks and deliver savings in key areas. This analysis can also be used to determine key target vendors for virtual card or negotiated early-pay discounts.  

2. Introduce Coupa Sourcing

A typical S2P project timeline is 4-18 months. Coupa’s Sourcing module can be ready for use by week six. This means you can invite vendors to participate in Sourcing events six weeks after signing your Coupa contract. Your procurement team can run sourcing events on your behalf, which is a key learning opportunity to identify where sourcing events can be executed, how quickly savings can be delivered, and how effectively end users can be trained to run their own sourcing events in the future. So, with one modeling exercise, organizations can extract a multitude of benefits. 

3. Convert Vendors to Virtual Cards

Leading BSM applications like Coupa can transmit virtual cards on purchase orders or at the time of invoice via most card providers, which offer 50 bps-1.5 bps per transaction. Using a merchant match, you can identify key vendors that accept credit card payments and convert them to this payment method.

4. Identify and Implement Early-Pay Discounts

Coupa makes it easy to identify vendors that have opted in for early-pay discounts. Your organization will receive a discount, in some cases up to 5% but usually in the 2-3% range, if you pay your invoice within a certain number of days. The Coupa Growth team supports you during your project to identify vendors that prefer early payments. Using Coupa Pay, you can quickly and easily identify which bills are eligible for discounts, a service provided at no charge for all customers who license Coupa. 

5. Use Preferred Suppliers to Secure Savings and Monitor Compliance

When a preferred supplier for a spend category is identified, the tendency is for procurement and legal to secure negotiated pricing in a signed contract and immediately jump right into enabling that supplier for transactions and tallying up the savings. Following the negotiations, there are other steps required to communicate why that supplier is “preferred” and integrate the supplier into the operations.

Ensuring that the identified savings have been secured requires clear communication, change management, proactive compliance monitoring, and education. Otherwise, end users may continue purchasing outside of the preferred supplier program, rendering the contracted pricing useless.

When a strategically managed program is also backed by Coupa-automated contract compliance validations, and users are directed through intuitive buy-pay channels (for example, a catalog with pre-approved items, pricing, etc.), the risks of non-compliant suppliers cannibalizing identified savings are mitigated.  

6. Access Pre-Negotiated Discounts via Coupa Advantage

The Coupa Advantage Program is free of charge for all Coupa subscribers and brings a set of pre-negotiated discounts from major indirect suppliers leveraging the combined spend power of all Coupa clients. This includes categories like Car Rentals or Background Checks, and in some cases, Coupa Advantage can deliver as much as 20%-50% in named categories.

Ronnie Beardsley, Sr. Director of Supplier Partner Success, manages Coupa’s supplier relationships and the Advantage Program and noted, “[E]mbedded in the success of the Coupa platform is ease of integration and adoption for suppliers. Our Advantage program has 70 suppliers, many of these with native catalog integrations that can quickly be deployed, delivering cost savings in purchasing and efficiency savings in AP processing.”

Most suppliers in the program will honor the discount the day you sign with Coupa. With Coupa Advantage, you can recoup a portion of your subscription and implementation costs in as fast as three months, sometimes even before you’re live on the Coupa platform. 

When creating the business case for spend management technology, it’s easy to see one-time fees as a hurdle. The bigger and more costly hurdle, however, is not implementing spend management technology for fear of fees.

For expert support implementing a cost-effective business spend management application, contact CrossCountry Consulting.

Imagine a company without the typical corporate functions: Finance & Accounting, Supply Chain, IT, and HR.  

The organizational structure is instead a combination of high-performing cross-functional teams focused on business outcomes and organized around end-to-end processes (e.g., Order to Cash).  

These teams are supported by centralized hubs (COEs) that provide spoke resources and tools needed to be more efficient and effective. 

This progression won’t be easy for most organizations. But it’s necessary, and it’s the future. 

corporate functional structures of the past, present, and future

Adaptable Structures Are a Necessity in an Increasingly Complex World

The world is changing rapidly – it’s faster, more connected, and more complicated. Customers have more power and more access to information. One viral tweet can upend an entire company’s reputation.   

Companies must be able to adapt quickly to meet the needs of employees, customers, and investors. Adaptability requires an empowered organization in which decisions are made at lower levels – where the information and knowledge sit. 

The Team of Teams Model: A Backstory

In the early 2000s, the U.S. military pioneered new models for connecting military branches that weren’t reliant on traditional top-down silos. Known as the “Team of Teams” model, organizations within the military could operate independently and interdependently to take fit-for-purpose action quickly. Command structures were flatter, and decisions could be made on the ground by those closest to the activity.  

Other popular literature focuses on similar concepts, as seen below.   

The overall premise of this new type of “ideology” is that disruption forces teams to pivot autonomously and act confidently with the information they have. Or else progress is not possible. 

Rethinking Corporate Function Structures: Organizing Around End-to-End Teams

Many companies have a connected, end-to-end mindset with corporate processes and technology.  However, most organizational structures still haven’t evolved from traditional functional and matrix structures. The resulting silos limit the ability to adapt quickly in a crisis. 

As seen below, when key activities are conducted top-down, innovation can’t occur between teams. In the future, however, a flatter, more flexible process architecture enables greater collaboration and efficiencies to organically rise to the surface. Small teams (and even individual staff) will be capable of solving problems between, among, and across different activities without red tape. 

corporate functional models across processes and departments

Future corporate functional models should have the following characteristics: 

1. Cross-Functional Teams Centered Around End-to-End Processes Rather Than Traditional Functions

The traditional labels of Finance & Accounting, Supply Chain, HR, and IT will be a thing of the past. Instead of those traditional functions, we’ll see interconnected teams such as Order to Cash, Source to Pay, Record to Report, and Hire to Retire.  

Each of these teams will have a team lead and could have employees with different backgrounds and capabilities – e.g., FP&A, App Development, Procurement, and Sourcing. 

2. Flatter and More Individual Decision Authority: A Leader-Leader Model

Captain L. David Marquet, commander of the USS Santa Fe nuclear submarine and author of “Turn the Ship Around,” overhauled the traditional Leader-Follower structure in place of a Leader-Leader model in which decisions moved further down the chain of command to where information sat.  

The results were incredible. The USS Santa Fe transformed from one of the lowest to highest performing submarines in one year.   

The U.S. Military in Iraq worried not only about delegating decision-making but about making quick decisions without deep discussion and analysis. However, they found that speed improved decision-making – it was typically a 90% answer today versus a 70% answer tomorrow. 

How does this happen?   

Individuals with authority will become more invested in outcomes. But individuals will still need to be knowledgeable and have the right insights to make good decisions.   

3. Centralized Hubs That Enable Teams to Be More Effective and Make Better Decisions

People will ask, “How do you set direction, maintain standards, assure quality, and manage performance in this type of model? And where do CFOs, CIOs, and other leaders sit?” 

There will be centralized hubs that work like a hub-and-spoke model and provide the necessary resources to teams: 

4. Adequate Low-Cost Support in Key Areas to Balance Cost

Terms like outsourcing, offshoring, and low-cost centers can scare people away and are often associated with lower service levels and quality.   

However, modern low-cost centers are staffed with more experienced labor than in the past decade, as the focus of outsourcing shifted away from labor arbitrage and toward tech-enabled outcomes. The shift toward managed services providers will accelerate. That means there will be plenty of opportunities to place some functions such as Payroll, Tax, and Treasury – that are harder to automate – in low-cost centers, whether onshore or offshore.  

Momentum for cross-functional models is already here, and the leaders willing to experiment with structural change can enable forward progress ahead of competitors – beginning with the approaches provided here.

To build a high-performing functional structure at your organization, contact CrossCountry Consulting. 

Background 

On Nov. 10, 2022, the Federal government released a proposal to amend the Federal Acquisition Regulation (“FAR”) to ensure that federal contractors disclose their greenhouse gas (GHG) emissions, climate-related financial risks, and set science-based targets (SBTs) to reduce their GHG emissions.  

The proposal, titled the Federal Supplier Climate Risks and Resilience Rule (“the Rule”), will cover 85% of the emissions associated with the federal government supply chain. The comment period for the Rule ended Feb. 13, 2022.  

With the federal government being the world’s largest purchaser of goods and services, spending more than $637 billion on contracts in 2021 alone, the proposal will have a broad impact on the contractors in the federal government’s supply chain. Below is a summary of the proposal subject to updates based on comments provided and further reviews by the government

Proposed Requirements  

The Rule would define two types of federal contractors: 

  1. Significant contractor. 
  1. Major contractor. 

A contractor is a significant contractor if it received more than $7.5 million but less than $50 million in Federal contract obligations in the prior Federal fiscal year. There were approximately 4,413 entities considered “significant contractors,” of which 2,835 are estimated to be small business (64%) in FY 21, according to the proposal.  

A contractor is a major contractor if it received $50 million or more in federal contract obligations in the prior federal fiscal year. There were approximately 1,353 entities that received more than $50 million in federal contract obligations in FY 2021, of which 389 (29%) are estimated to be small businesses.  

Major contractors that are considered a small business, according to the definition from the North American Industry Classification System (NAICS), have fewer requirements relative to other major contractors.  

The requirements for each type of contractor vary with a major contractor having more substantial requirements than others.  

The table below summarizes the requirements by type of contractor.  

federal contractor esg rules

Certain entities are exempt from the proposed rules, including but not limited to higher education institutes, non-profit research entities, and state or local governments. 

GHG Inventory 

Contractors would be required to do an inventory and report the total of the following emission types within the current or previous fiscal years: 

  • Scope 1: GHG emissions that occur from sources controlled or owned by an organization. 
  • Scope 2: GHG emissions that a company causes indirectly when the energy it purchases and uses is produced.  

The inventory analysis must follow the GHG Protocol Corporate Accounting and Reporting Standard. Contractors are also to report Scope 1 and Scope 2 emissions through the Systems Award Management (SAM) following its most recent GHG inventory. SAM is the system used by the federal government to collect information about suppliers. 

In addition, only major contractors would need to do an inventory of their Scope 3 emissions and report these through the SAM. Scope 3 emissions are GHG emissions that result from assets or activities not owned or controlled by an organization but that still indirectly affect its value chain.   

Annual Climate Disclosures 

A major contractor is required to complete an annual climate disclosure within its current or previous fiscal year. The disclosures are aligned with Taskforce for Climate-Related Financial Disclosures (TCFD). TCFD is an international initiative created in 2015 by the Financial Stability Board (FSB) to develop a set of recommendations for disclosing climate-related financial risks and opportunities. The disclosure will also include a description of an entity’s climate risk assessment process and any risks identified.  

An entity would submit its annual climate disclosure by completing the CDP’s Climate Change Questionnaire. CDP is an organization that runs the global environmental disclosure system and supports companies and cities in measuring and managing risk and opportunities on climate change. The annual climate change disclosure must be made available on a publicly accessible website that includes either the contractor’s own website or the CDP website.  

Science Based Targets 

Major contractors are required to develop science based targets (SBTs). An SBT is a target to reduce GHG emissions in line with reductions to meet the goals of the Paris Agreement. These targets need to be validated by the Science Based Targets Initiative (“SBTi”) every five years. The SBTi is a partnership between CDP, United Nations Global Compact (UNGC), World Resources Institute (WRI), and the World Wildlife Fund (WWF). The targets must be made available on a publicly accessible website. 

Compliance Timeline 

Contractors are required to have completed an inventory of their Scope 1 and Scope 2 GHG emissions starting one year after the publication of the final rule. Major contractors are required to submit annual climate disclosures via the CDP questionnaire and set SBTs to be validated by the SBTi starting two years after publication of a final rule.  

If the significant or major contractor is unable to meet the requirements of the Rule, they will be presumed to be a nonresponsible federal contractor for federal procurement. The identification as nonresponsible may impact the ability for contractors to obtain further contracts with the government.  

Comparison With SEC proposal on Climate-Related Disclosures 

On March 21, 2022, the Securities and Exchange Commission (SEC) proposed rule changes that require registrants to include climate-related disclosures in annual reports and/or registration statements.  

There is some overlap between the proposed Rule and the SEC’s proposal. Both include a disclosure of Scope 1 and Scope 2 GHG emissions. The SEC disclosure is at the individual greenhouse gas level while this proposal is in aggregate. Both proposals include disclosures based on already-accepted standards like the GHG Protocol and TCFD.  

The federal contractor rule proposal and SEC proposal diverge in some ways, too. Only the federal contractor proposal requires the use of the CDP questionnaire for its disclosures. Additionally, SBTs are not required to be set by a registrant under the SEC proposal. Although, if targets are set, additional related disclosures would be required. 

Next Steps 

The proposed federal contractor rule is a mechanism to drive consistent and comparable reporting across federal contractors.  

With the broad push globally for more ESG-focused reporting, it’s now time for these organizations, if they have not begun already, to think about how these proposals will begin to impact them. Companies can start preparing themselves by understanding the requirements, assessing personnel needs, and changing processes related to data collection, reporting, and control activities.  

For support understanding and implementing new requirements, contact CrossCountry Consulting.

As privacy regulation evolves, so must our approach to compliance. Now more than ever, it’s essential to build a foundation for your privacy program based on common-sense concepts and controls. Privacy processes should foster sustainable growth of your program and enable you to quickly and impactfully respond to new or changed requirements and surpass consumer expectations.

Below we outline a few basic principles required to achieve long-term success with your privacy program. Even if your organization has an existing program, these concepts can be used as a guide to assess against basic requirements.

What Fuels Your Privacy Program?

Identifying and communicating the “why” behind your privacy program is necessary to gain buy-in from business stakeholders, secure funding, and obtain the fundamental culture shift required across the organization. Three key drivers are:

1) Consumer trust and public image: Customers care about their privacy and are loyal to brands that simply do the right thing. By treating data with respect, you are more likely to build and maintain lasting and trusted relationships.

2) Risk management: Beyond regulatory risk, there has been a significant increase in the collection and use of data across industries, and data processing technology continues to evolve. More data means more risk, and your program must be one step ahead to proactively manage or mitigate these risks.

3) Resiliency: It’s not a matter of if a breach will happen, but when. Organizations must prepare accordingly and have processes in place to respond to breaches swiftly.

What Do You Need to Be Successful?

The trifecta of people, process, and technology are all necessary to build a cohesive and sustainable program. Consider the below priorities in each category:

People– Tone-at-the-top and a seat at the table
– Partners and privacy champions across the organization, especially within cybersecurity and compliance
– Either in-house or outside privacy counsel for legal expertise
– A team that is passionate about building a privacy-aware culture and protecting data
Process– Clearly defined goals that tie back to the broader business mission
– Quantifiable metrics to communicate impact and measure progress
– A complete understanding of the data landscape
– Periodic risk assessments to confirm applicable requirements and identify gaps
– Policies, procedures, training, and communication
– Third-party risk management
– Testing of key privacy and data protection controls
Technology– Data discovery
– Data protection controls
– Automation of business and compliance processes

What Is the Path to Building a Privacy Program?

There are many ways to approach building a privacy program. Here are three key initiatives you can undertake to jumpstart your program:

1. Identify Sensitive Data

Appropriately protecting data is not possible unless you know what data you have and where it’s located. Building a data inventory allows you to gain a comprehensive view of your data footprint and helps you prioritize data so that in the next phase of assessing privacy risk, you can apply risk-based controls. Not all data needs to be protected equally.

There are several methods of inventorying data, and the right selection depends on a variety of factors (e.g., size, maturity, and available resources). One of our favorite methods is a hybrid approach. This approach combines automated data discovery scanning with interviews of key business owners, who provide context on the types of data they use. Scan results are validated by the owners and data is classified and ultimately protected accordingly.

2. Assess Privacy Risks

Once your data footprint is mapped, assessing associated privacy risks is a logical next step. There are several types of risk assessments you can conduct based on your company’s unique needs:

· Program: holistic program assessment based on an industry standard or framework such as NIST Privacy Framework or ISO 27701.

· Regulatory: compliance assessment focused on industry (e.g., GLBA), geographic (e.g., GDPR), or data subject-specific (e.g., COPPA) requirements.

· Project: specific assessment to help identify and minimize data protection risks of a project, typically using a Data Protection Impact Assessment (DPIA).

· Technology: assessment to determine privacy protections considered for an information system throughout the data lifecycle, usually via a Privacy Impact Assessment (PIA).

3. Implement Privacy Processes

To successfully operationalize your privacy program, you must strategically implement supporting processes based on risks identified during assessment(s). Putting together a pragmatic, prioritized, and actionable roadmap that outlines next steps will help you rationalize resources needed, gain important buy-in from stakeholders, and develop metrics to demonstrate progress and impact. A few key areas to consider for your roadmap include:

· Privacy policy and notices.

· Training, awareness, and communication.

· Data protection controls and technologies.

· Privacy-by-Design (PbD).

· Third-party risk management (TPRM).

· Compliance, metrics, and reporting.

Get Help

For more in-depth guidance on meeting regulatory requirements, check out U.S. Privacy Compliance Checklist: What to Know for 2023.

CrossCountry Consulting’s robust privacy and data protection team is actively involved in the industry, holds leadership roles within IAPP, and is passionate about data protection and the evolution of the field. Contact CrossCountry today with questions or to discuss how we can best partner to achieve your goals.

As the ESG metrics revolution ushers in new reporting frameworks, industry-specific benchmarks, and technology solutions, private equity firms face critical challenges, such as: 

  • A dearth of agreed-upon, comparable ESG data sets within private markets (emerging SEC regulations apply to public organizations). 
  • Collecting and interpreting ESG metrics, such as board diversity or renewable energy usage, is tedious and inconsistent at best. 
  • Aggregating ESG metrics across a large group of portfolio companies is challenging as these organizations often have no dedicated ESG resource(s) and/or are still deciding which stakeholders own the ESG function (CFOs, General Counsels, CAOs, ESG Controllers, etc.). 

Fortunately, momentum is building to address these pervasive issues, including the adoption of standardized ESG metrics for private equity from which dashboarding tools that ingest, aggregate, and report portfolio-level data insights to limited and general partners (LPs and GPs) can be constructed. 

Transparency for ESG Progress 

A very worthwhile effort toward standardizing private company ESG data has been organized by the ESG Data Convergence Initiative (EDCI). This group has defined a set of ESG data elements to be collected across portfolio companies, enabling private equity to report and act upon meaningful ESG metrics. 

The EDCI is a consortium of more than 260 GPs and LPs holding $25 trillion in assets under management (AUM) across 2,000+ portfolio companies. Data sourced from these members is useful for individual sponsors and is also aggregated across sponsors to create a set of comparison benchmarks. Metrics included in the EDCI initiative include:  

  • Work-related accidents.
  • Employee engagement. 
  • Renewable energy.
  • Greenhouse gas emissions.
  • Demographics (age, gender, sex, and racial representation). 

Below is an example of CrossCountry Consulting’s ESG experts generating sample datasets based on EDCI principles. Metric categories are customized to the unique needs of individual sponsors. 

private equity esg metrics

Private Equity ESG Data Comes to Life 

As raw data is converted and compiled into visual insights, sponsors gain access to real-time, scalable analytics across their entire portfolios, including key metrics shown below: 

esg metrics private equity portfolio dashboard

Depending on the audience or sponsor, viewers can further slice the data to take a more nuanced view of a specific metric. With this level of data on hand, sponsors can fulfill their ESG goals and meet the growing demand for greater private equity reporting and visibility into ESG. 

Why now? 

Harvard Business Review cited three motivating factors responsible for private equity’s swing toward ESG in recent years: 

  1. Large asset owners, like pension and sovereign wealth funds, are placing increasing emphasis on ESG, specifically climate change. 
  1. ESG-influenced investment decisions can enable LPs and GPs to outperform public markets and continue delivering adequate returns to investors. 
  1. The inevitable interconnectivity of private equity to consumer opinion, public markets, and regulation. If investors and regulators are valuing ESG over a long time horizon, private equity must appropriately move in concert with these forces. Those faster to act can define value in new terms beyond just returns. 

Private equity’s ESG vision is already prompting new markets for dedicated ESG software or expanded applications of existing risk management or financial reporting tools. LPs and GPs don’t need to wait for new technology solutions to emerge; clean, accessible, automated ESG portfolio insights based on portfolio company-level disclosed data are already here. 

For expert technical and strategic ESG support, contact CrossCountry Consulting today. 

When navigating procurement software packed with a variety of user pathways, it’s not always easy to know exactly where to begin the intake process. There are forms, fields, pop-ups, links, buttons, and other navigation cues – are some better or faster than others? 

You don’t know until you go down each pathway. Until now.

Coupa’s largest release of the year, R35, is packed with new features like Guided Experience that specifically addresses user indecision and promotes a frictionless, practical interface.

Available to all Coupa customers in January and February of this year (depending on your release schedule), Guided Experience centralizes the point of origin for all procurement requests, improving system adoption and solving the intake-to-request challenge facing procurement, finance, and legal teams.

A Closer Look at Guided Experience 

From the moment R35 hits your Coupa instance, you’ll notice a fresh homepage.  

For users unsure where to start, the Guided Experience feature – located to the right of the familiar search bar titled “Not sure? Let us guide you” – facilitates intuitive navigation. 

By using this feature, users are guided step-by-step through their purchases within Coupa. Users are asked simple questions, such as type of purchase or new vendor addition, and all requests start with a centralized intake location. Workflows and documents including contracts, new vendors, and purchase requests can be launched from here. 

Another key feature within Guided Experience – “Guided Buying” – will be a game-changer in user adoption due to its ease of use and ability to remove user guesswork. Guided Buying expedites user navigation through a native search engine, enabling you to quickly find answers to questions. 

The familiar search bar is still available at the top of the homepage and throughout the application, but it has taken on an upgrade.

Not finding what you’re looking for from the search results? A link at the bottom of the search results page directs you through the Guided Experience.

Alternatively, if you use Guided Experience and are looking for an item that’s available via a catalog, you’re automatically redirected to relevant search results and prompted to place your order. 

Increasing Personalization Within Guided Experience 

Want to get even more powerful?  

With a few configuration updates by your Coupa admin, you can personalize the experience for your users and organization. You can also highlight popular commodity categories and frequently used forms to point users directly to where they need to go. Of course, the option to write a request remains available but is now needed only for infrequent purchases and forms.  

Guided Experience further simplifies searches and workflows with Forms. Highlights include: 

  • Through artificial intelligence (AI), frequently completed, and even previously completed, forms are suggested to users.  
  • Admin users can label Preferred forms.  
  • Forms are streamlined by showing only required fields. 
  • Fields are still available to complete by selecting the option “View advanced fields.”   
  • Forms appear and are completed within the pop-up module, limiting unnecessary movement throughout the interface. 

Out of the Box for New and Existing Coupa Customers 

Coupa’s Guided Experience is available right out of the box with R35; however, customization does need to be configured by your Coupa admin.  

Are you an existing Coupa customer needing help maximizing Guided Experience? Still deciding on which business spend management (BSM) application is right for your organization? 

Contact our Release Management team to ensure your application centralizes purchasing requests. 

Permacrisis: The Collins English dictionary’s 2022 word of the year meaning “an extended period of instability and insecurity.”

What will 2023 bring? A recession? More instability? 

According to the Fed, rate hikes to battle inflation could ease in 2023, but most leading economists still believe a recession is looming, even if they don’t agree on the exact timing, magnitude, or duration. Because recessions trigger severe stock declines, high unemployment, lower consumer spending, and a reduction in investment activity, companies with ample cash to fund operations and continue growth investments will emerge stronger coming out of recession than undercapitalized competitors. 

CFOs have their work cut out for them. In 2023, it’s time to go on offense before the market forces you to play defense

Here are five counter-cyclical measures all CFOs should consider (in order of effort, starting with the least):

1. Change Payment Cycles to Generate Quick Cash

Turn receivables into cash by giving customers discounts for early payments, resolving large-dollar disputes, and generating invoices through automation. Secondly, stretch or reduce liabilities by asking vendors for early-payment discounts, extending payment deadlines, and rethinking non-essential payments.

Most companies, particularly smaller private ones, lack formalized cash-management processes. A comprehensive 13-week cash flow model with associated weekly reporting processes can help identify near-term opportunities to optimize working capital and more proactively manage cash.  

Opportunity indicator: Useful for all firms of all industries and sizes. 

2. Control Third-Party Spend

Strategically plan for and source all future third-party spend, gain visibility into current vendor spend, and identify opportunities to rationalize current spend by completing one or more of the following:

  • Consolidating vendors.
  • Negotiating better terms.
  • Eliminating non-essential discretionary expenses like subscriptions, travel, meals, and entertainment.    

Most companies have procurement capabilities or departments, but fewer have strategic sourcing. As seen time and again, companies with sourcing capabilities typically have lower costs. As a solution, a rapid spend diagnostic locates opportunities to optimize current vendors and spend, which helps establish sourcing capabilities that better control spend long term.

Opportunity indicator: Useful for firms with no sourcing team and/or that only have visibility into <70% of supply chain spend.

“Companies with ample cash to fund operations and continue growth investments will emerge stronger coming out of recession than undercapitalized competitors. To separate from the pack, CFO must go on offense.”

Blake Baptist, Strategic Cost Improvement Director

3. Materially Reshape and Resize the Org

Build a blank-sheet org and delivery model that is more strategically aligned to the business’s needs, has optimal spans and layers, leverages automation for repetitive activities, and uses low-cost centers for non-essential activities.  

When the market sours, companies react by reducing workforces and trying to do the same work with fewer people. These companies tactically look for places to cut, leading to incremental savings (e.g., 10%), which cannot be sustained. Take a more strategic approach by:

  • Setting a clear vision.
  • Benchmarking functional costs versus peer group companies.
  • Conducting activity surveys to find waste or opportunities for automation.
  • Building a blank-sheet org and delivery model that is materially lower cost (e.g., 20-30%) and supports sustainable growth.  

Opportunity indicator: Useful for firms with general and administrative costs divided by revenue (G&A/revenue) >10%. 

4. Develop Dynamic Planning and Forecasting Processes Adaptable to Market Swings

Enterprise Performance Management (EPM) shifts planning from Finance alone to the entire company. This makes forecasts more realistic and prompts individual departments to become more accountable for hitting numbers. Supported by a comprehensive EPM tool like Onestream, EPM makes enterprise data and planning more visible and accessible, converting key planning and forecasting processes into continuous actions rather than a single event that occurs annually. 

Planning processes must be integrated into the business to achieve an EPM-ready operating model.

Opportunity indicator: Useful for firms in which solely Finance performs planning and forecasting and/or CFOs are unsure where to begin on the aforementioned counter-cyclical measures.

The Fed rate approaching 20-year highs adds further pressure to CFO’s strategic decision-making.

5. Monetize Non-Core Businesses That Drain Cash

Carve out an underperforming or less-synergistic business from the rest of the portfolio to generate value or tax savings from a divestiture

All deals, even smaller carve-outs, are difficult because they require expertise and capacity firms often lack, especially in tough economic times. Key specialties required include running a separation management office (SMO), establishing transition service agreements (TSA), assigning contracts, distributing comms, and everything in between. 

Opportunity indicator: Useful for firms whose primary segment/product is <50% the market share of the market leader, has <10% annual growth, and/or spends more to grow relative to other business units.

For expert support navigating recessionary pressures, contact CrossCountry Consulting today.

(more…)

(more…)

 

(more…)

 

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)

(more…)