OneStream has become a cornerstone platform for modern FP&A organizations, enabling integrated planning, forecasting, and reporting at enterprise scale. Yet many finance teams still struggle to unlock its full value, not because of limitations in the technology, but because the assumptions feeding their models are incomplete, outdated, or disconnected from how the business actually operates.

As volatility increases and planning cycles compress, FP&A leaders are rethinking how assumptions and operational drivers enter OneStream in the first place. The next frontier of OneStream value creation sits at the intersection of process design, intelligent data ingestion, and continuous planning.

Who This Is For

This perspective is designed for FP&A leaders and finance transformation teams who have already selected or implemented OneStream and are focused on accelerating time to value, improving forecast relevance, and scaling planning capabilities beyond static annual cycles.

For teams earlier in their CPM journey, see our guide on maximizing your CPM investment across Finance and IT.

Below are five proven best practices FP&A organizations are adopting, supported by CrossCountry Consulting and Sensible AI, to move from static planning to adaptive, insight driven decision making within OneStream.

1. Treat Unstructured Data as a Strategic Planning Asset

Many of the most critical planning assumptions don’t originate in financial systems. They live in contracts, pricing schedules, vendor agreements, and headcount files that sit outside OneStream.

Leading FP&A teams design OneStream models around true business drivers and establish scalable ways to transform unstructured source data into inputs that are ready for system use, reducing reliance on spreadsheets and increasing confidence in planning assumptions.

2. Anchor Driver-Based Planning in Real-World Business Signals

Driver based planning is only as effective as the relevance of its drivers. Updating assumptions on a fixed cadence, regardless of how the business changes, limits responsiveness.

High-performing teams connect drivers to commercial and operational signals such as pricing terms, renewals, volume thresholds, and cost escalators, ensuring financial impact is reflected as the business evolves.

3. Make Scenario Modeling Fast, Repeatable, and Scalable

Scenario modeling is essential for executive decision-making, yet many FP&A teams limit scenarios due to the effort required to gather and validate assumptions.

By standardizing scenario frameworks in OneStream and reducing friction in assumption ingestion, FP&A teams can run more best, base, and worst case scenarios per cycle and respond faster to leadership questions.

4. Eliminate Manual Effort to Reinvest in Strategic Analysis

Even mature OneStream environments often rely on manual extraction and spreadsheet-based workarounds that slow planning cycles and introduce risk.

Automating assumption ingestion and standardizing planning workflows frees FP&A capacity for higher-value activities such as variance analysis, business partnering, and strategic storytelling.

5. Shift from Periodic Forecasting to Continuous Planning

Annual planning and static forecasts are no longer sufficient in dynamic business environments.

Leading organizations operationalize continuous planning in OneStream through rolling forecasts supported by continuously refreshed inputs, improving forecast accuracy and decision relevance throughout the year.

What Leading FP&A Teams Measure

FP&A leaders embracing these practices typically track improvements in forecast accuracy, time to update forecasts after assumption changes, number of scenarios modeled per cycle, and manual hours eliminated. More importantly, they see FP&A repositioned as a strategic partner delivering timely, trusted insight when it matters most.

Ready to Unlock More Value from OneStream?

If you’re looking to accelerate OneStream outcomes, modernize your planning operating model, or move toward continuous, driver-based planning, we’d welcome a conversation.

Meet with our team of OneStream and FP&A transformation experts to discuss your goals and identify practical next steps.

Contact us to schedule a conversation.

Regional banking institutions evaluating  new ERP or EPM systems often focus on improving how transactions are captured, closed, and consolidated within the Record-to-Report process.  When the emphasis centers on general ledger design and system implementation, reporting strategy is frequently addressed too late in the process.

Yet the largest consumers of financial information are rarely considered early in technology design and implementation. Reporting strategies must support regulatory reporting across agencies such as the FDIC, Federal Reserve, and SEC, while also enabling internal management reporting across financial performance and operational activity. When implementations focus primarily on ledger design and transaction processing, the needs of these reporting stakeholders are often addressed too late.

This raises an important question: how should financial institutions design reporting architecture that meets the needs of all stakeholders from the beginning, rather than retrofitting solutions after an implementation is already underway?

The answer is to anchor system design in reporting requirements from the start. Instead of treating reporting as a downstream output of the general ledger or EPM platform, institutions must first define the reports they need to produce—from regulatory filings to board materials and profitability analyses—and then design the supporting data architecture accordingly. While formats may differ, all reporting should be drawn from consistent, multi-dimensional, and governed source data. Without that foundation, even the most advanced platforms simply accelerate existing fragmentation rather than resolve it.

Neglecting Reporting During Implementation

Across institutions, as much as 75% of resource time is spent gathering, reconciling, and validating data rather than analyzing it. Instead of enabling insight and automation, finance teams devote significant effort to manual processes across fragmented data sources simply to produce required reporting.

This misallocation of effort begins with a single misstep: treating reporting as an afterthought. When reporting requirements are not defined upfront, “shadow reporting” is developed to fill the gap. Regulatory, management, and statutory outputs evolve along separate paths, creating data silos without a single version of the truth producing unreliable data and increasing operational reporting risk.

Reversing this pattern requires more than incremental fixes. It requires designing reporting architecture deliberately, with clear multi-dimensional structure, governed data foundations, and defined methodologies from the outset. Only then can institutions redirect effort away from reconciliation and toward insight.

Crafting a Holistic Reporting Strategy

Institutions must also support multiple categories of reporting, including regulatory reporting (SEC, FINRA, FDIC/Federal Reserve), management reporting (business reviews, board reporting, ALCO), and other internal reporting across accounting, tax, credit risk, and operations. While these reports serve different audiences, they are largely derived from the same underlying data at varying levels of granularity.

The starting point for these institutions is to catalog the full inventory of required reporting and define the data outputs necessary to support each use case, with a clear focus on delivering value to the end user. Once defined, the reporting strategy becomes a north star, guiding the evolution of reporting capabilities as well as supporting data and technology infrastructure. When aligned properly, this foundation enables institutions to meet all reporting needs from a single version of the truth, driving consistency, efficiency, and more meaningful insight.

When planning a reporting strategy, it is important to consider the different timing scenarios that may arise. An example of common situations and related strategies include:

It’s not uncommon for institutions to define target and interim states to deliver value on an incremental and manageable basis. Typical timelines range from 3-24 months, delivering notable functionality on a quarterly/semi-annual basis.

Single Version of The Truth

Achieving a single version of the truth begins with rethinking the data foundation. While the general ledger is essential for financial reporting, it is inherently too summarized to support deeper strategic insight.

The path forward is to establish an instrument-level foundation that captures transaction detail at its natural level of granularity, including loans, deposits, securities, and other financial products. From there, dimensions must be harmonized across the enterprise so that regulatory and management reporting draw from the same governed data source.

When reporting frameworks originate from a common foundation, reconciliation becomes embedded in the architecture rather than dependent on manual effort. The result is a reporting environment that supports statutory requirements while remaining flexible enough to generate meaningful business insight.

Optimizing Reporting for Strategic Insights

Once the data foundation is in place, the focus shifts from assembling numbers to generating insight. For regional banks and diversified financial institutions, this means moving beyond static P&L statements toward multi-dimensional reporting.

The most meaningful insights emerge when performance can be evaluated across consistent enterprise dimensions. At a minimum, institutions should be able to analyze activity by Customer or Client, Product, Account, Organization, at the Instrument level, and at intersections across enterprise dimensions. By examining these dimensions, leaders not only gain insight into the numbers themselves but also uncover the reasons behind their changes and identify where genuine value is generated.

Achieving this requires more than layering attributes onto the general ledger. Each dimension must be defined, governed, and structured hierarchically so that activity rolls consistently from instrument to product, product to line of business, and into enterprise reporting without manual reclassification. When that structure is in place, finance, risk, treasury, and regulatory reporting can view the same activity through different lenses.

That is what transforms reporting from a compliance obligation into strategic analytics that drive business objectives.

The Reporting Landscape

Financial institutions operate in one of the most complex reporting environments of any industry. Regulatory filings, statutory financials, and internal management reporting each impose distinct structural requirements and levels of granularity, and none map cleanly across reports or to the general ledger. Regulatory reports such as the Federal Reserve Y-9C or FDIC Call Report require highly specific classifications and cross-report integrity, while management reporting demands flexible views across clients, products, segments, and business lines.

These requirements rarely align naturally with the structure of the general ledger chart of accounts. Without intentional design, institutions typically resort to developing parallel reporting processes for regulatory, statutory, and management outputs, increasing reconciliation effort and operational risk.

The objective of a modern reporting architecture is not to eliminate multi-dimensional reporting differences, but to anchor them to a common data foundation. When reporting frameworks draw from the same governed source of instrument-level data, institutions can satisfy multiple reporting obligations while preserving transparency, consistency, and reconciliation across report outputs. The same loan can satisfy a Call Report schedule, an FRB submission, or an SEC maturity bucket disclosure simply by applying the right attribution logic — no separate pipelines required.

This foundation becomes especially important when management reporting evolves beyond financial statements into profitability and performance analytics.

The Role of Management Accounting Methodologies

With a consistent reporting architecture in place, institutions can move beyond producing numbers to understanding performance. This is where management accounting methodologies become critical.

Multi-dimensional profitability and planning are only as credible as the methodologies that support them. When poorly designed or inconsistently applied, business lines lose confidence in the numbers, and management reporting stops driving decisions. Four areas consistently distinguish institutions that generate meaningful insight from those that do not.

Funds Transfer Pricing (FTP)

Without a disciplined FTP framework, business lines appear more or less profitable than they actually are. FTP transfers interest rate and liquidity risk to a central function where it can be properly managed, leaving business lines with a stable, comparable margin that reflects true commercial performance.

Expense and Cost Allocation

When costs are not allocated to the deal or instrument level, product profitability becomes guesswork and accountability breaks down. A well-designed allocation model assigns costs based on actual consumption and rolls them into meaningful product and business-line views. Whether an institution allocates fully or excludes corporate overhead matters less than making that decision deliberately and applying it consistently.

Revenue Sharing and Allocation

In relationship-driven institutions, deals frequently involve multiple teams. When attribution rules are not defined upfront, disputes inevitably follow. Upfront sharing, ongoing splits, and double-counting each create different behavioral incentives and reporting outcomes. Establishing clear governance around revenue attribution is therefore as much a cultural decision as a technical one.

Capital Allocation

Business lines that do not bear the cost of capital have little incentive to use it efficiently. Allocating regulatory capital to products and lines of business, and measuring returns against that cost, allows institutions to evaluate performance in terms of shareholder value rather than revenue alone. As with other management accounting methodologies, capital allocation must balance analytical precision with decision-making value and long-term maintainability; excessive granularity can add complexity without improving insight.

Governance and Transparency

The fastest way to undermine any of the accounting methodologies is opacity. When business lines cannot explain how allocations are calculated, they quickly stop trusting the results. Tying charges to understandable activity drivers—accounts serviced, transactions processed—transforms allocation from a political debate into a practical tool for running the business.

Technology-Enabled Reporting Done Right

The journey to optimized reporting and analytics is not simply a technology upgrade. By building reporting frameworks rooted in instrument-level data, governed multi-dimensional structures, and disciplined management accounting methodologies, regional banking institutions transform how the finance function operates and delivers value to the organization.

Teams that once spent as much as 75% of their time gathering and reconciling data can redirect that effort toward generating insight and informing decisions. For institutions seeking to scale, this shift represents a meaningful and sustainable competitive advantage.

The institutions that define their reporting and analytics strategy at the beginning of a transformation position themselves to extract far greater value from ERP and EPM investments. CrossCountry Consulting helps financial institutions develop these strategies to deliver scalable insight, stronger governance, and long-term business value.

Migrating off SAP ECC and on to S/4HANA in the near future? SAP maintenance of ECC is sunsetting in 2027, with some support available into 2030. Don’t underestimate the time and complexity involved.  

Most organizations materially under-budget and under-plan their S/4HANA transformations because they anchor on software and system integrator costs while underestimating internal effort, data complexity, and operating model change. Now’s the time to set up your organization for success and lay the foundation for an efficient, profitable transition. 

Here’s where to begin. 

Phase 1: Strategic Planning, Project Budgeting, and Migration Planning 

Timeline: 3–6 Months 

Goal: Define the “What,” “Where,” and “How Much.” 

1. SAP Readiness Check (Technical Foundation) 

Before you budget, run an SAP Readiness Check. It provides: 

• Simplification items: Which ECC functions are deprecated or changed in S/4HANA. 
• Custom code impact: An automated scan of your custom “Z” objects to identify incompatibilities with S/4HANA and expose embedded technical debt that must be remediated, retired, or redesigned. 
• Sizing recommendations: The HANA memory requirements (this dictates your cloud/hardware costs). 
• Data readiness assessment: Existing database and data structures can have a big implication on the transition timeline, data strategy, and transition options. If data isn’t in a unicode format, doing a Brownfield RISE conversion is more complex compared to a Greenfield GROW conversion where there is no impact. 

2. Architecture Decision and Hosting Model 

Decide between SAP RISE versus GROW. Each has public vs private cloud options and slight functionality differences. From there, various kinds of bundling, licensing, and management options are available.  

Note: With GROW, you can only do Greenfield implementations; with RISE, you can do Greenfield, Brownfield, or Bluefield (see below). 

3. Selection of Migration Strategy (The ‘Big Three’) 

You must choose your path now, as it can change the budget by millions: 

• Greenfield (new implementation): Best if your ECC processes are “broken” or highly customized. Start fresh by adopting “Clean Core” and standard best practices. 
  • Cost profile: Higher upfront consulting; lower long-term maintenance. 
• Brownfield (system conversion): A technical “lift and shift.” Best if your current processes work well, you want to preserve historical data, and you’re under a tight timeline. It’s not ideal, but in certain situations, it’s the most feasible. 
  • Cost profile: Lower upfront; carries over technical debt. 
• Bluefield/selective data transition: Carve out specific data or company codes. 
  • Cost profile: High complexity; requires specialized third-party tools (e.g., SNP or Natuvion). 

4. Budgeting: Beyond the Software 

A common mistake is budgeting only for licenses and the system integrator. Ensure your budget includes: 

• Backfill costs: Budgeting for temporary staff to cover the “day jobs” of your SMEs while they work on the project. 
• Data cleansing: SAP won’t fix your “bad data.” You may need a dedicated data project before the migration starts. 
• Third-party integrations: Budget for updating tax engines (Vertex/Avalara), EDI, and WMS systems. 

Phase 2: Implementation Planning and Resource Allocation 

Timeline: 2–4 Months 

Goal: Define the “Who” and “When.” 

1. Assembling the Dream Team 

You cannot rely solely on external consultants. Your internal team must include: 

• Executive sponsor: A C-suite leader who can break ties when departments disagree on process changes. 
• Process owners (SMEs): Your best people from finance, supply chain, and sales. If they aren’t “too busy” to be on the project, they probably aren’t the right people. 
• Global process leads: Empowered individuals who can authorize moving from “custom” back to “SAP Standard.” 
• Project Management Office (PMO): A PMO is a critical cross-functional team that can design and enforce a governance model and manage the execution of tasks, resources, deadlines, budgets, and change. An implementation is not just an IT project; it’s an integrated business transformation. A PMO can help remove blockers, secure approvals, and streamline global versus local decisions. 

2. System Integrator Selection 

Don’t just pick the lowest bidder. Evaluate partners based on: 

• Conversion experience: Ask for references specifically for ECC to S/4 migrations, not just Greenfield builds. 
• Accelerators: Do they have proprietary tools to automate custom code remediation or data transformation? 

3. The ‘N+1’ Landscape Strategy 

Planning your environments is a major cost and resource driver. 

• Project landscape: You will need a sandbox, development, and QA environment for the S/4 project. 
• Maintenance landscape: You still need to support your existing ECC system for 18 months. 
• Strategy: Define how you will “double-maintain” (dual entry) transports between the old ECC world and the new S/4 project. 

4. Data Purging and Archiving (The ‘Weight Loss’ Phase) 

HANA is memory-intensive. 

• Action: Implement an archiving strategy now. Identify “cold data” (7+ years old) that can be moved to a low-cost archive rather than the high-performance HANA database. This can reduce your infrastructure costs by 20–40%. It’s important to note that this action introduces its own level of cutover complexity. 

5. Change Management Strategy 

S/4HANA introduces the Fiori UI, which is a radical departure from the “Blue Screens” of ECC. 

• Planning: Budget for a dedicated change management lead. This isn’t just training; it’s the strategy for how you will convince users that a new way of working is better, preventing shadow IT and resistance. 

With the 2027 deadline fast approaching, your migration strategy should be a top priority. For expert planning, support, and implementation advisory, contact CrossCountry Consulting. 

The 2026 Sage Intacct R1 release delivers high-impact enhancements designed to elevate automation and precision for finance departments. For administrators and power users leading digital initiatives, these updates streamline core operations, bolster internal controls, and significantly accelerate the month-end close. 

Ready to maximize the value Sage Intacct can deliver to your business? View our demo of key updates: 

• Improved bank reconciliation with document numbers: A new Document Number field on Bank Interest and Charges now links fees with related transactions for better traceability. This improves bank reconciliation by matching payments and fees with shared identifiers, saving time, and improving audit trails. 
• Unified transaction management: Imported bank transactions via Bank Transaction Assistant now flow directly to the Banking Cloud tab, consolidating all banking activity in one place and simplifying reconciliation workflows. 
• Multi-entity bank register enhancements: Bank register report now auto-populates entity location filter within entities, saving time and reducing errors in multi-entity environments. 

General Ledger: Advanced Reconciliation Capabilities 

Organizations can now reconcile balance sheet accounts, tracking debit and credit activity systematically. High-value use cases include prepaid expenses, payroll clearing, accrued expenses, and fixed assets. The GL Account Reconciliations Activity report provides visibility into matched and unmatched transactions, improving accuracy and audit readiness. 

Accounts Receivable: Better Customer Insights 

Three new fields added to the customer record – health score, health status, and churn risk – allow teams to track customer account health. Use these insights for renewal risk identification, credit risk assessment, and prioritizing collections to improve revenue retention. 

Additionally, new billing groups streamline recurring invoicing by allowing organizations to group customers with similar billing needs and automate invoice generation on a defined schedule. Teams can set start dates, limit occurrences, review invoices before posting, and monitor run results, including detailed errors. The feature supports non‑inventory items, requires future‑dated schedules, and includes new permissions for access control, reducing manual work while preserving flexibility. 

Fixed Asset Management: Full Lifecycle Tracking 

• Construction in Progress (CIP) support: CIP functionality tracks asset acquisition costs from initial spending through capitalization, streamlining visibility and transitions to active asset status. 
• Asset cost adjustments: Teams can now adjust asset costs post-service using AP memos, addressing errors, capital improvements, or revaluations, with full transparency in the cost adjustments tab. 
• Roll-forward reports: New roll-forward reports provide clear visibility into asset cost, depreciation, and net book value changes over periods, supporting GL to sub-ledger reconciliation. 
• Flexible GL account assignment: Organizations can now assign the same GL account to multiple asset classifications, simplifying chart of accounts management. 

Tax Management: Simplified Reporting 

• Enhanced VAT/GST display: Order entry and purchasing transactions now consolidate net amounts and tax totals into a single line for better clarity. 
• Custom tax reports: Organizations can create tailored tax reports using configurable detail boxes and rules, streamlining compliance for jurisdictions with complex tax requirements. 

Automation and Efficiency: Smarter Tools 

• AI-powered import tools: Enhanced import capabilities include automated field mapping, data transformation, and preview functions, reducing manual data prep and improving accuracy. 
• Predictive tax details: AP automation predicts tax details at the line level using historical trends, speeding up invoice processing and reducing errors. 
• Secure email enhancements: A new allowed email addresses list strengthens security by ensuring outgoing emails originate from approved sources, reducing phishing risks. 
• AP automation improvements: Improvements include auto-forwarding, broader file format support, and predictive text-based transaction creation, streamlining AP processes for high-volume operations. 
• Bulk-update projects: Users can bulk‑update multiple projects at once, adjusting shared fields via a background job with email confirmation. Additionally, projects can link directly to CIP assets, automatically connecting transactions to streamline capitalization tracking and reduce reconciliation effort. 
• Dynamic allocations: In the GL, a single allocation definition can now cover an entire account group and automatically include newly created accounts, minimizing maintenance for organizations managing large, multi‑entity expense structures. 

Purchasing and AP: Advanced Tools 

• Multi-currency close automation: Close automation is now supported for multi-base currency organizations, enabling faster, more reliable reconciliations globally. 
• Line-level PO matching: Three-way matching now works at the line level for purchase orders, receivers, and invoices, improving accuracy and reducing manual intervention. 
• Centralized AP advances: Multi-currency organizations can now manage AP advances at the top level, simplifying workflows and improving consistency. 
• Recurring transaction notifications: Automatic email alerts notify teams of failed recurring transaction schedules, ensuring timely issue resolution. 

Moving Forward 

Sage Intacct R1 updates empower CFOs to optimize operations, improve controls, and gain strategic insights. Review the release notes and align features with your priorities in 2026 and beyond. CrossCountry Consulting’s Sage Intacct implementation experts can help you capitalize on the latest updates to maximize your investment. Contact us today to get started. 

Private equity (PE) margin plans rarely fail because the math is wrong. They fail because the organization lacks a shared, operationally grounded view of how margin is created and destroyed – day to day, SKU by SKU, customer by customer. 

As SKU economics become visible, leaders often realize that margin targets rely on price increases the market will not accept. In many situations, this leads the organization to debate assumptions rather than address root causes. 

There is a practical way out: Make contribution margin the common economic language across finance, operations, and sales – then embed it into a contribution-driven KPI framework that refreshes at the pace of decisions. 

The Trap: When the Model Is ‘Right’ but the Business Can’t Execute 

Many manufacturing portfolio companies set margin targets at the top of the P&L (gross margin, EBITDA) ahead of SKU‑level cost and pricing visibility. 

As soon as a reliable cost foundation is built – grounded in accurate bills of material, routings, labor standards, and overhead logic – the required price to hit the target can jump to levels customers simply won’t take. At that moment, the margin plan turns from a target into a source of internal friction. 

This is the PE margin trap: Pricing is expected to close a gap that is largely driven by operational behavior and portfolio mix – not by commercial execution alone. 

Why Pricing Gets Blamed 

Pricing becomes the focal point because it appears to be the fastest lever. But when SKU‑level costing is transparent, pricing is effectively used to pass operational inefficiencies – overtime, low efficiency, scrap, and overhead – on to customers. 

Sales teams can’t defend increases customers don’t value. Operations teams can’t change fundamentals overnight. Finance teams can justify the math, but the business still stalls. 

The result is predictable: Leaders debate assumptions (OEE, labor rates, overhead burdens) instead of aligning on what must change and where it matters most. 

Springing the Trap: Contribution Margin as an Operating Signal 

The breakthrough is to treat contribution margin not as a finance output, but as an operating signal. 

Contribution margin sits at the intersection of price, material, labor, and efficiency. It’s close enough to operations to be actionable and clean enough financially to guide decisions. 

When contribution margin becomes the shared language, finance and operations stop debating who is “right” and start focusing on the few constraints and behaviors that actually move EBITDA and cash. 

A Contribution-Driven KPI Framework (What It Is and What It Changes) 

A contribution‑driven KPI framework makes clear how day‑to‑day operational decisions create or destroy economic value. Contribution margin reflects what remains after direct materials, direct labor, and variable manufacturing costs – showing how pricing, efficiency, and execution combine at the SKU and customer level. 

Instead of optimizing activity metrics in isolation, teams use contribution margin to see where value is actually created: at constrained resources, within specific products, and across customers. 

Optimally, the framework is delivered through near-real-time KPI dashboards (e.g., Power BI) that connect financial outcomes directly to operational drivers. 

Characteristics of an effective framework: 

• Clear, drillable views that flow from enterprise → plant → product family → SKU → customer. 
• Explicit contribution margin components, showing how price, material cost, labor, and operational performance combine to drive contribution (in dollars and percent). 
• A margin bridge that explains changes in contribution through price, volume, mix, and cost drivers. 
• Operational KPIs translated into contribution‑based measures, so shop‑floor priorities align with economic impact rather than activity alone. 
• Direct traceability to ERP and source‑system data, ensuring the insights are credible, explainable, and trusted. 

Translating Plant KPIs Into Contribution-Lens KPIs 

KPI Area	Traditional KPI	Contribution-Lens KPI
Equipment	OEE%	Contribution per Machine Hour
Labor	Efficiency % / Utilization %	Contribution per Direct Labor Hour
Quality	Scrap % / FPY	Scrap Cost at Contribution
Throughput	Units per Hour	Contribution per Constrained Hour
Inventory	Turns / DIO	Cash Tied in Low-Contribution SKUs
Complexity	SKU Count	Contribution per SKU

How the Framework ‘Springs the Trap’ 

Once contribution margin becomes visible and explainable, the margin plan becomes executable because leaders can sequence decisions instead of applying blunt force. 

Here’s what a practical sequencing looks like: 

• Short term: Protect contribution margin with targeted pricing actions and mix decisions where the economics are structurally strong. 
• Medium term: Focus continuous improvement on the handful of drivers that destroy the most contribution at constrained resources (yield, labor, changeovers, downtime). 
• Long term: Hardwire contribution margin insights into portfolio choices (rationalization, product innovation/PLM discipline, and capital allocation). 

The Questions That Separate Aspiration From Execution 

Instead of asking “Why can’t we hit the margin target?” leaders can ask questions that force clarity: 

• Where is contribution margin being destroyed: price, material, labor, or overhead behavior? 
• Which SKUs/customers consume constrained capacity but contribute the least value? 
• Which operational improvements move the most contribution per constrained hour? 
• What portion of the margin plan depends on improvements we have not yet made – and how will we measure progress weekly? 

Strategic Value Creation From the Start 

You don’t spring the private equity margin trap by pushing harder on price. You spring it by giving finance and operations a shared, contribution-margin view of reality – current enough to matter, clear enough to act on, and grounded enough to be trusted. 

When contribution margin becomes the operating language, operational excellence stops being “efficiency theater” and becomes value creation. 

CrossCountry Consulting helps sponsors and portfolio companies overcome the margin trap by restoring clear, actionable margin insight. Connecting SKU‑ and customer‑level economics to operational KPIs and working capital helps teams move from reactive financial analysis to proactive decisions that drive sustained improvements in margin and cash flow. 

Contact CrossCountry Consulting to get started. 

With audit season occupying so much time for financial reporting and audit teams, it’s easy to lose momentum after audits wrap up. But planning for a strategic, successful debrief is imperative. By making the most of this valuable opportunity, the post-audit debrief can be a productive, transformative exercise for the future, rather than just a review of past results.  

Today’s Audit Progress Is Tomorrow’s Audit Efficiency 

Even the most meticulous audits can benefit from a debrief. The best debriefs happen soon after the audit is completed, when pain points and ideas for future efficiencies are top of mind for everyone. Plus, a timely debrief allows financial reporting and audit teams to make investments over the traditionally slower summer months.  

This time of reflection, ideally conducted between both internal management and your external audit team, allows you to identify areas for improvement and implement the types of technology and workflows needed to proactively avoid and address audit issues. 

Using this time wisely can look differently for every organization. In addition to working through audit findings and implementing remediations, management teams should do the following: 

• Gather feedback from all levels involved in the audit. Create an open and honest environment that allows everyone involved in the audit to provide their point of view. What worked? What didn’t? Take extensive notes and ask questions to understand the root cause of the issues. Analyze the volume, timing, duplication, and clarity of PBC requests. Streamlining requests and aligning them to the close calendar can significantly reduce audit fatigue and rework.
• Identify themes. Inefficiencies in an audit can typically be narrowed down to a few key themes. Are there communication issues that would benefit from a clearly defined schedule or standing status calls? Do certain processes or departments need dedicated attention?  
• Develop an action plan. What are some of the top change priorities in the next several months? Who should own specific responsibilities and tasks moving forward? What are some benchmarks and milestones you’d like to achieve ahead of the next audit cycle? Make a plan with clear ownership, and then hold all parties accountable. 

In our experience, here are three highly effective ways to capitalize on this phase of the audit journey: 

1. Focus on Technology-Enabled Enhancements 

As audit firms look to improve audit quality and efficiency amid rising regulatory scrutiny, there’s immense opportunity for management teams to proactively implement a modern data architecture to help achieve those very goals. While there’s obvious appetite for better use of technology in the audit process, it all starts with the quality of data. Adding more cloud-based systems or automation tools without addressing data concerns will add more IT bloat and potentially create more challenges.  

To start, consider the source systems and flows of data. Tools like Snowflake can simplify data architectures and create a clean foundation for automating inefficient audit workflows and data compilation while maintaining traceability. Other platforms, like AuditBoard and Workiva, can help automate, visualize, and manage audit processes and enable decision-makers to surface risks before they reach the level of a deficiency.  

Incorporate AI-Enabled Support

Many organizations are also now piloting GenAI and advanced analytics tools to accelerate audit readiness. These tools can help summarize supporting documentation, identify anomalies in large datasets, track PBC requests, and draft variance explanations.

During the debrief, teams should evaluate where AI reduced manual effort, where outputs required significant review, and what governance controls are needed (documentation standards, model validation, access controls) before expanding use in the next audit cycle.

By reducing reporting timelines now and going through several test runs of new technology-enabled reporting or audit workflows, the audit process at year-end can be less siloed, more flexible, and more enjoyable. Plus, the labor and time savings can help ease bandwidth and burnout concerns. 

2. Implement a Control Rationalization Program 

It’s often the case that, over time, auditors may recommend additional controls to be implemented. Sometimes, it’s healthy to step back and reassess the entire control environment to ensure the continual addition of controls isn’t causing more problems than it’s solving. 

Control rationalization streamlines and validates controls to remove redundancies, overhead, and outdated frameworks. Building a rationalized control structure is a one-time investment that can save time in perpetuity for every future audit cycle – and the post-audit filing period is a prime opportunity to execute on this investment since tangible rewards will become evident in a matter of months and there’s more bandwidth to work on a project like this sooner versus later. 

Rationalizing controls isn’t just a matter of adding or subtracting controls where necessary. It’s critical to deeply understand the process and risks of material misstatement, and then consider the types of controls necessary and how they can be organized more effectively and with less effort. For example, increasing your reliance on IT controls can reduce reliance on a number of manual controls; however, close attention must be paid to IT general controls.  

Control rationalization will ultimately save labor and time in the long run but necessitates an investment today, along with proper implementation, training, and change management for maximum effect. Additionally, organizations should consider whether controls adequately address emerging risk areas such as cybersecurity, third-party/vendor oversight, and nonfinancial reporting processes (e.g., ESG metrics). These areas are increasingly reviewed by auditors and regulators and may require new or enhanced controls.

3. Conduct Interim Testing 

In an audit, when you do the work matters. If aspirational audit projects from the summer are backlogged indefinitely, these tasks will only add to the mounting pile of work to complete during the end of the year. When optimizing the audit experience, the work should start months in advance of crunch time. While this may be standard for public companies with robust audit support, private companies may need to place added emphasis on a fast start, especially if this is their first time working this way.

Interim testing is a good practice for every firm to adopt. By evaluating and testing the company’s controls in advance, teams gain early insights into the effectiveness of the control environment.

Interim testing requires both management and the audit team to plan in advance, which may include acceleration of certain processes and reallocating resources on both sides. Dedicated resources and accountability are key to making interim testing worthwhile – and additional external resources may be required to alleviate any internal workload concerns. 

Leading organizations are also moving toward continuous control monitoring and rolling testing throughout the year rather than relying solely on traditional interim procedures. This approach distributes workload, reduces year-end pressure, and enables earlier identification of control gaps.

Maintaining Audit Agility 

By making some of these enhancements in the coming months, it’s possible to execute every future audit more efficiently and with greater confidence in the outcome. Additionally, as evolving risks and regulations emerge, the tools and processes you put into place today should be adaptable.  

When preparing action plans from the debrief, organizations should account for several shifts shaping audit readiness today:

• Expanded use of automation and AI in finance and audit workflows.
• Heightened focus on cybersecurity and data governance controls.
• Increased expectations around ESG and other nonfinancial reporting.
• Ongoing accounting and internal audit talent constraints.
• Hybrid and distributed work environments requiring stronger coordination.

Addressing these factors early can prevent recurring issues and position teams for a more efficient audit next year.

CrossCountry Consulting’s unique position as a technology-enabled audit advisor means our accounting advisory, risk advisory, and business transformation teams work cross-functionally to design, build, and deploy leading technologies that meet the objectives of auditors and management. Our audit specialists speak the language of auditors and take the burden off management teams by driving value at all points in the process before, during, or after an audit – wherever support is needed, we plug in.   

To maximize your audit debrief period, contact CrossCountry Consulting. 

Across finance organizations, automation and AI have shifted from experimental pilots to a strategic necessity. The leaders making real progress aren’t “doing AI” for its own sake – they’re building fluency, anchoring change in business goals, and starting with targeted, low‑risk processes that show results fast.

When leaders align the three pillars of people, process, and data with the appropriate governance, AI ROI can be visible in days or weeks, not years. To accelerate AI adoption and manage risks along the way, finance teams must evolve to be AI-fluent.

From Noise to Fluency

The most effective finance teams cut through AI hype by building organizational fluency first: a shared understanding of what automation is (and isn’t), how it will be used, and why it matters to the business right now. Fluency lowers resistance to change, encourages experimentation, and clarifies where automation can remove low‑value work so people can focus on higher‑value analysis and decisioning.

Fluency isn’t a one‑time training – it’s an ongoing practice. Leaders who communicate purpose early, invite feedback often, and celebrate quick wins create a durable change curve that outlasts any single tool or project.

Start Small, But Start Now

The best AI and automation programs begin with three to five low‑risk, high‑impact processes (for example, a repetitive reconciliation, a recurring reporting package, or a manual review task). Teams automate it, measure the outcome, and share the story internally to build momentum. This is CrossCountry’s Jumpstart AI methodology, and the approach compounds over time: each small win lowers the barrier for the next wave of improvements, which eventually lead to a larger finance transformation where clusters of agents can be created and deployed across common business processes. See it in action here: Jumpstart AI Adoption in Record-to-Report: A Practical Path for CFOs

In practice, this includes:

• Clear objectives and ROI analysis before technology selection.
• Process mapping to remove inefficiency prior to automation.
• Stakeholder alignment across finance, accounting, IT, and compliance teams.
• Phased rollouts with defined guardrails and KPIs.

What ‘Good’ Looks Like in 2026: People, Process, Data

• People: Upskill teams in analytics and AI literacy, and foster adaptability and critical thinking. Empower front‑line users to learn, test, and propose improvements. Recruit for curiosity and systems thinking as much as for tool‑specific experience.
• Process: Standardize and streamline before you automate. Design for controls, auditability, and compliance from day one. Treat AI projects with the same rigor as ERP or close‑accelerator implementations: objectives, owners, and measurable outcomes.
• Data: Treat the general ledger and subledgers as operational assets, not just reporting repositories. Push for transaction‑level granularity and consistent data models so AI can orchestrate workflows on the front end and surface insights on the back end. Invest in data governance and permissions from the start to reduce risk and speed audits.

Real‑World Momentum: Practical Use Cases

Leaders are already unlocking value by pairing targeted training with pragmatic pilots:

• Close and reconciliation automation: By connecting bank data and the GL, teams are achieving high match rates and substantially faster cycle times, and using AI to propose and refine rules. The human stays in control while throughput and consistency increase.
• Knowledge enablement behind the firewall: Organizations are consolidating SOPs and tribal knowledge into secure, searchable assistants that accelerate onboarding, reduce rework, and protect sensitive data.
• Natural‑language access to structured data: Instead of wrangling spreadsheets and dashboards, teams are asking direct questions of billing, customer care, and finance systems (“Who are our top 10 customers by December billings?”) and getting instant, governed answers.

The throughline: measurable efficiency gains without compromising control. When AI is positioned as an orchestrator – routing, proposing, and enforcing business rules – finance teams free capacity for analysis, business partnering, and scenario planning.

Managing Risk Without Slowing Down

Security and privacy concerns are valid and manageable. There are two complementary tracks:

1. Enable safe experimentation: Provide enterprise‑licensed tools with clear data‑handling guidance (what’s in‑bounds vs. out‑of‑bounds), plus short “master class” sessions to help teams try, learn, and de‑risk.
2. Productionize with governance: When pilots prove value, harden the solution: enforce role‑based access, integrate with source systems via supported connectors, and embed controls/monitoring in the workflow. The right vendor/partner should help make permissions and auditability first‑class citizens.

This balanced approach keeps velocity high while protecting sensitive information and preserving audit trails.

The Payoff: Better Decisions, Faster Scaling

With a clearer data foundation and AI‑assisted workflows, organizations can:

• Accelerate closes and audits with standardized, explainable outputs.
• Improve forecast quality by connecting operational drivers to accounting outcomes.
• Reinvest capacity from manual tasks into pricing, margin, and growth analyses.
• Scale efficiently without linear headcount increases while improving employee engagement by removing repetitive, low‑value work.

The Path Toward Org-Wide AI Fluency

Plan, pilot, and scale automation with confidence:

• Readiness and roadmap: Rapid assessments to prioritize use cases aligned to strategic goals, risk posture, and regulatory requirements.
• Process and control design: Standardize workflows and embed guardrails to ensure audit‑ready outcomes.
• Secure enablement: Stand up governed, behind‑the‑firewall AI capabilities and connect them to your finance tech stack.
• Change leadership: Build fluency with targeted training, communications, and a “start small, scale smart” playbook.

Bottom line: Automation is about progress, not perfection. Start with three to five processes, measure the impact, and build a culture that continuously looks for the next improvements. The organizations that cultivate fluency and align people, process, and data will lead the next wave of finance transformation.

To jumpstart your AI transformation journey, contact CrossCountry Consulting.

Defense programs in 2026 are advancing at unprecedented speed, and government officials continue to press contractors to increase production capacity and deliver more units faster. Networked satellites monitor assets in orbit. Autonomous systems and drones compress development timelines. Supply chains span advanced manufacturing, software, and hardware at scale.

In this environment, automation of back-office processes is no longer optional. As regulated technologies evolve, tolerance for supplier risk, manual controls, and fragmented data is eliminated.

Coupa’s FedRAMP-authorized spend management platform reduces risk by delivering a compliant, scalable way to onboard suppliers quickly, enforce three-way match consistently, and maintain regulatory controls without slowing the business. Manual, error-prone workflows are replaced with validated data, audit-ready records, and end-to-end automation from requisition through invoice, enabling companies to achieve compliance without sacrificing speed or agility.

Today’s Procure-to-Pay

CrossCountry Consulting combines deep experience implementing Coupa with hands-on knowledge of regulatory requirements for companies doing business with the government. Experience navigating FAR, CMMC, DFARS, purchasing system audits, and related requirements is applied during implementation to align procurement and finance operations with scalable, secure processes.

This platform-and-services combination is built for defense organizations that must scale procurement at mission speed while maintaining uncompromising compliance.

What defense leaders gain from modernizing Procure-to-Pay:

• Faster supplier onboarding without compliance tradeoffs.
• Standardized procurement across the business.
• Improved spend management with greater visibility into direct purchases across contracts and indirect spend, and the ability to track purchases by assigned categories.
• Improved cash flow with fewer invoice exceptions.
• Ability to maintain audit-ready documentation in a centralized, controlled repository.
• Better capacity utilization and working capital control from faster procurement and onboarding.
• A FedRAMP-ready foundation that scales with mission growth.

The Secret to Scaling Supply Chains: Automating the Mundane

Hypersonics and autonomous systems can seem easy with elite engineering talent. The ability to match parts to approved vendors, purchase orders, and invoices is where many programs slow down.

Defense innovation depends on controlling risk across suppliers, purchases, and payments. Back-office speed must match the pace of innovation, but speed without control introduces exposure.

Coupa’s FedRAMP-enabled platform allows companies doing business with the government to scale procurement and accounts payable without breaking controls. Integrations with PLM, CAD, MRP, and ERP systems ensure supply chain and manufacturing remain tightly governed while vendor onboarding and invoice matching move from manual to automated. Manual processes become systematic workflows with traceable audit trails, reduced rework, and faster cycle times. Compliance stops being a drag on execution and becomes part of how the mission is delivered.

The Real Bottleneck: Supplier Onboarding

Sometimes it seems easier to design an aircraft than to onboard a new supplier. This critical first step can involve numerous forms, approvals, and validations. Each day a supplier remains stuck in review, production slows, capacity utilization costs rise, and contracts face risk.

Coupa automates supplier onboarding through a single workflow driven by need, sourcing events, or integrated bills of materials. That workflow:

• Standardizes intake for banking, tax forms, and certifications.
• Automates approval routing to eliminate inbox bottlenecks.
• Ensures clear access controls for sensitive data.
• Creates a complete compliance record in one system on day one.

Coupa’s FedRAMP solution keeps data secure while accelerating onboarding timelines. Faster supplier activation directly supports mission execution.

Reducing Exposure by Eliminating Match Errors

Three-way match remains one of the strongest financial controls for companies doing business with the government. When purchase orders, receipts, and invoices align consistently, exceptions shrink, audits run smoother, and confidence in contract compliance increases.

Coupa’s automated FedRAMP solution applies built-in rules and logic that business users can maintain without IT involvement. Common exceptions are handled consistently and with accountability.

 Coupa’s automated matching provides government contractors with: 

• One version of the truth across purchasing, receiving, and invoicing.
• Fewer disputes and faster payment cycles.
• Reduced manual effort and rework.
• Reports and audit trails to ensure compliance at every step.

Small improvements within AP compound into real operational stability to ensure innovation isn’t slowed down by paper pushing. 

Fast-Tracking Procure-to-Pay in Government Contracting: Case Study

CrossCountry’s implementation model, developed from more than 900 Coupa projects, is designed to help clients move quickly while navigating complex compliance requirements.

One of our high-tech defense clients helps companies analyze and act on complex data in high-stakes situations, but internally, they struggled with slow supplier onboarding, frequent AP errors, and compliance challenges. By implementing Coupa’s FedRAMP-authorized platform, the company:

• Cut supplier onboarding time.
• Reduced AP cycle times and disputes.
• Achieved centralized, audit-ready compliance records.

Finance teams shifted focus from paperwork to mission priorities, helping the organization innovate and grow.

Why FedRAMP Matters for Scale

With increased emphasis on cybersecurity compliance, government contractors can’t compromise on security. With FedRAMP authorization, Coupa provides a cloud platform designed for regulated environments and capable of handling covered defense information.

From Day 1, Coupa brings the level of control expected in regulated environments.

• FedRAMP-authorized cloud infrastructure.
• Security roles aligned to data sensitivity and access eligibility.
• A single, auditable record across procurement operations.

For organizations operating at extreme speed, retrofitting security can stall growth. With Coupa, security is foundational rather than reactive.

Getting the Implementation Right

Government contractors operate under different constraints. Governance is rigorous. Risks must be addressed early.

CrossCountry Consulting focuses on the practical details that make automation work in regulated environments, including:

• Matching alignment between Coupa and ERP.
• Clear definition and distinction of direct and indirect purchasing workflows.
• Restricted material rules embedded in process stages.
• Supplier compliance integrated at onboarding.
• Structured change management, RAID discipline, and decision ownership.

What Fast-Growing Contractors Gain

When procurement is automated with the right structure, growth accelerates.

• Suppliers onboard in days, not weeks.
• Audit readiness becomes continuous.
• Working capital improves through faster invoice processing.
• Teams focus on mission priorities instead of administrative work.

The organizations defining the future of defense aren’t waiting for supply chain friction to slow them down. They’re modernizing now, not after they stall.

Coupa provides the platform built for mission speed. CrossCountry Consulting ensures it’s designed to thrive in the realities of government contracting. Contact CrossCountry Consulting today for a Coupa readiness assessment.

The software/system development lifecycle (SDLC) has taken on even greater significance in recent years due to the proliferation of digital tools used in virtually every facet of modern work. Today, finance, accounting, risk, operations, HR, IT, and customer-facing functions, for example, are powered by an ecosystem of cloud-based platforms, automated technologies, and digital assistants.

As a result, system development projects have evolved from isolated IT initiatives into business-critical, compliance-sensitive efforts that impact every corner of the organization. With AI and digital transformation investments accelerating, the stakes for getting system implementations right have never been higher. However, roughly 70% of large-scale transformations fail to achieve their intended outcomes. 

The Internal Audit Opportunity

Increasing regulatory demands, especially around SOX compliance, mean that failures can have material impacts on financial reporting and reputation. At the same time, the pace of innovation driven by AI, automation, and new development methodologies creates both opportunity and risk.

Internal audit teams are uniquely positioned to help organizations navigate this complexity. By moving from a traditional, post-mortem assurance role to a proactive, strategic partnership, internal audit can embed risk management and controls throughout the SDLC. To drive better outcomes, reduce surprises, increase business alignment, and provide transparency for senior leadership, internal audit has a critical role to play.

The New SDLC Reality: Rapid Change and Increasing Complexity

Adding value to the SDLC requires a forward-looking approach that anticipates complexity and addresses risk across these essential areas:

• Dynamic tools and technology: Organizations are navigating an expanding ecosystem of technology and tools to support every phase of digital transformation and SDLC initiatives. This environment increases the need for a strong data foundation, centralization, and reporting to deliver meaningful analytics, KPIs, and metrics to key stakeholders.
• AI and automation: Teams are expected to deliver more with less and faster. Automation and AI can accelerate innovation, but they also introduce new risks if control design isn’t keeping pace. To capture value safely, organizations need a clear AI strategy that embeds governance, control design, and ethical considerations into every stage of development.
• Tailored methodologies: The starting point should never be yesterday’s waterfall, agile, or DevOps playbook. It should be a deliberate decision informed by governance, risk, and value realization. By treating methodology as a strategic choice rather than a default, companies can ensure that technology investments drive transformation outcomes, not just project completion.
• Third-party risk: Whether you’re leveraging external tools to build or implement purchased software, third-party risk often goes under the radar during project execution. Organizations must move beyond ad-hoc vendor checks and embed third-party risk considerations into an integrated risk management framework. This means assessing vendor security, compliance, and operational resilience alongside internal controls, ensuring that external dependencies don’t compromise project outcomes.

Effective assurance requires aligning technology strategy to business activities within the organization. Controls should be designed and tested to fit the real-world process, not just the theoretical model.

‘Shift Left’: The Case for Early and Continuous Internal Audit Engagement

The earlier internal audit is involved in the SDLC, the greater the impact. Waiting until implementation means missed opportunities to influence design, governance, and risk mitigation. Internal audit’s value is maximized when it “shifts left,” engaging early and often and becoming a trusted strategic partner to management and the executing teams in risk identification and control implementation. Visualized below are some of the key opportunities and best practices for internal auditors to make a demonstrable impact during each phase of the SDLC:

Elevate the Impact of Your Internal Audit Function

Internal audit’s expanded role in the SDLC is a strategic advantage. By engaging early, embedding controls, and partnering with stakeholders, internal audit can drive project success, strengthen compliance, and deliver measurable business value.

Ready to shift left? Connect with CrossCountry Consulting to learn how your internal audit function can become a true partner in system development.

The Coupa R44 release brings a mix of platform-wide enhancements, procurement efficiencies, and critical security updates that every administrator and power user needs to know. Want to explore all things R44 in more detail? Watch our recent webinar. 

Understanding this schedule is vital for ensuring your team has adequate time to test new features in sandboxes before they hit live environments. For enterprise clients with Premier support, Wave Zero (December 8, 2025) offers an early preview in test environments. This “early access” group helps vet features before broader release. For most organizations, however, we recommend targeting Wave 1 for test environments and Wave 3 for production. This strategy provides the longest runway to validate workflows and troubleshoot any potential issues before they impact daily operations. 

Maintenance and Daily Updates 

Beyond the major release waves, Coupa is more aggressively including features in its maintenance updates. These updates, occurring every two weeks after a major release, often include smaller but impactful features. Additionally, daily updates provide regular bug fixes. 

To stay on top of these frequent changes, ensure your user record has the Upgrade Administrator role assigned. This role guarantees you receive direct notifications from the environment regarding when these specific updates will land, complete with links to detailed release notes. 

GPG File Transfer Encryption Cipher Deprecation 

Security remains a top priority in R44. A critical update in this release involves the deprecation of older, less secure encryption ciphers for GPG file transfers. Starting with the January 2026 release, Coupa will exclusively support AES256 or stronger ciphers. 

Why this matters: This change specifically impacts file-based integrations. If your organization relies on older encryption methods for exchanging files with Coupa, those integrations may fail if not updated. Note that this generally does not affect corporate card integrations (like Visa or Mastercard), as those providers typically already adhere to higher security standards. However, for other custom file-based integrations, it’s imperative to verify your encryption settings now to avoid service disruptions. 

Multi-Factor Authentication Support 

As part of Coupa’s rollout of the Coupa Identity Provider, R44 introduces support for Multi-Factor Authentication (MFA) for users logging in via username and password (Non SSO/SAML login). 

While this rollout is managed and currently limited to a small number of customers, it signals a broader shift toward tighter security protocols. Once enabled, users accessing the platform directly will be required to enroll in MFA using applications like Google Authenticator or Microsoft Authenticator. This is distinct from the step-up authentication used for high-risk actions (like changing payment details) and focuses specifically on the initial login process. 

Procurement and CSP Enhancements 

R44 isn’t just about backend maintenance. It also delivers tangible improvements for procurement teams and suppliers. 

Workbench Tasks 

New tasks in the Unified Workbench bring visibility to issues that previously required digging into specific tables. You can now resolve Purchase Order transmission failures (both email and cXML) and cXML ASN errors directly from the Workbench. This centralization streamlines troubleshooting and ensures critical documents don’t get stuck in limbo. 

AI Suggestions for Requisitions 

Building on R43, R44 enhances the “Pending Buyer Action” stage. When enabled, AI can suggest missing field values, such as commodity or contract, based on historical data. This allows buyers to apply updates individually or in bulk, significantly speeding up the requisition approval process without consuming AI credits. 

Supplier Portal Controls 

For suppliers, R44 introduces tighter controls within the Coupa Supplier Portal (CSP). New permissions allow supplier admins to restrict who can manage payment methods. Additionally, the “Remit-To Address” has been removed as a standalone payment method option during onboarding, forcing a cleaner data structure under Legal Entities. This change reduces confusion and prevents the creation of duplicate or erroneous remit-to records. 

Stay Informed 

With the pace of updates increasing, proactive management is key. 

• Check your wave: If you’re unsure which wave your production environment is assigned to, open a ticket with Coupa support. 
• Review integrations: Audit your file-based integrations for compliance with the new encryption standards. 
• Enable key features: Many enhancements, such as the Workbench tasks and AI suggestions, are “opt-in” and require configuration in the Company Information setup. 

A proactive approach today will prevent disruptions and unlock the full potential of the new release. For hands-on Coupa expertise and maximum value from R44, contact CrossCountry Consulting. 

ESG’s New Reality 

ESG reporting has shifted from voluntary, narrative-driven disclosures to regulated, data-focused disclosures. New rules, like California’s SB 253 and the EU’s CSRD, along with increased stakeholder scrutiny, now require sustainability information to be complete, consistent, and reliable.  

Limited assurance is evolving to the baseline standard for sustainability-related data, providing users with greater confidence in the reported data. This trend is particularly evident in climate-related disclosures. California’s SB 253 mandates large companies to report greenhouse gas emissions (Scopes 1, 2, and 3), with assurance requirements phased in over time, as summarized below. 

GHG Emissions Scope	Reporting Deadline	Assurance Requirement
Scope 1 (direct)	20261,2	– Limited assurance expected by 20273 – Reasonable assurance expected by 2030
Scope 2 (indirect from purchased energy)	20261,2	– Limited assurance expected by 20273 – Reasonable assurance expected by 2030
Scope 3 (indirect upstream and downstream across the supply chain)	2027	– Without assurance in 2027 – Limited assurance by 2027

¹As of 2025, and following stakeholder feedback, CARB is proposing a first-year-only reporting deadline of August 10, 2026. 

²CARB clarified that entities with fiscal year-ends between January 1, 2026, and February 1, 2026, will report on data from the fiscal year ending in 2026, while entities with fiscal year-ends between February 2, 2026, and December 31, 2026, will report on data from the fiscal year ending in 2025.  

³CARB has clarified that it will exercise enforcement discretion for first-year reporting in 2026, meaning companies may submit Scope 1 and Scope 2 emissions data based on the information they already had or were collecting when the enforcement notice was issued, even if that data has not undergone limited assurance.  

What Does Limited Assurance Actually Mean? 

Limited assurance is a moderate level of confidence provided by an independent assurer over the sustainability-reported data and quality of reporting. In practice, this means the assurer performs targeted procedures such as analytical reviews, interviews, and selective testing to determine whether anything suggests the information is materially misstated.  

Unlike reasonable assurance (think: full financial audit), the work is narrower in scope but still requires transparent, well-defined processes. However, “limited” does not mean “light.” Assurance providers still expect structured processes, defensible methodologies, clear ownership, and effective governance, along with clearly documented assumptions, consistent calculation methods, and evidence that management can confidently substantiate how each metric was developed and whether the resulting metrics are reasonable. Although controls are generally not tested during limited assurance, a strong control environment plays a critical role in supporting the completeness and accuracy auditors look for in the reported information. 

Essential Steps for Assurance Readiness 

With a practical, step-by-step approach, organizations can strengthen assurance readiness. The steps below define a clear path to limited assurance preparation: 

1. Clarify Scope and Ownership

Clear roles and scope help prevent reporting errors and increase auditor confidence in ESG oversight.

• Identify which ESG disclosures fall under limited assurance (e.g., GHG emissions, workforce metrics, value-chain data).
• Clearly define boundaries to avoid gaps or ambiguity in what must be reported.
• Assign ownership across sustainability, finance, risk, internal audit, IT, and operations to ensure accountability and active governance.

2. Assess Current Maturity

Early discussions with SMEs and auditors help identify high-risk areas and remediation priorities before formal assurance begins.

• Review current data collection processes for completeness, consistency, and auditability.
• Evaluate existing documentation, calculation methods, assumptions, and controls to understand your true readiness level.

3. Strengthen Governance and Controls

Effective governance frameworks allow ESG information to withstand independent scrutiny.

• Establish formal ESG policies, procedures, process documentation, and oversight mechanisms that mirror the rigor of financial reporting.
• Align ESG controls with SOX-like principles like segregation of duties, documented review and approval processes, evidence retention, and escalation protocols to ensure consistency and reliability.

4. Test, Refine, Prepare

Early testing reduces surprises during the formal assurance engagement and accelerates readiness.

• Conduct mock or dry-run assurance reviews to identify weaknesses early.
• Use findings to develop targeted remediation plans, refine data, enhance documentation, strengthen methodologies, and improve audit trails before auditors arrive.

These four steps establish the foundation for credible, repeatable ESG reporting under assurance. While limited assurance may be the starting point, the disciplines required to achieve it set organizations up for longer-term regulatory resilience, and as ESG reporting matures, limited assurance will eventually evolve into reasonable assurance. By approaching assurance readiness as a journey rather than a one-off exercise, organizations can reduce audit friction, build stakeholder confidence, and position themselves for the increasing scrutiny that lies ahead.  

Accelerate Readiness Today 

Translating assurance requirements into operational reality is where many organizations encounter complexity. ESG data cuts across functions, systems, and geographies, often without the benefit of mature controls or standardized processes.  

CrossCountry Consulting is uniquely positioned to guide organizations through the complexities of ESG assurance readiness. Our team delivers: 

• Deep expertise in sustainability, financial reporting, and risk advisory. 
• Tailored solutions that meet both regulatory requirements and strategic objectives. 
• Targeted training for management and internal teams, fostering ESG awareness and embedding compliance into daily operations.  
• Technology enablement for data management and evidence trails, helping automate and streamline ESG processes. 

To accelerate your ESG assurance readiness with the partnership of a strategic ally, connect with CrossCountry Consulting.  

Sage Intacct is designed to evolve alongside your business. With quarterly product releases and continuous innovation, organizations that actively manage and optimize their Sage Intacct environment consistently realize greater efficiency, stronger reporting, and a higher return on investment.

Yet many organizations still approach Sage Intacct reactively – adopting new features sporadically and relying on legacy configurations that no longer reflect how the business operates. Ensure your Sage Intacct ERP scales with your organization with these best practices:

1. Establish a Quarterly Sage Intacct Release Management Process

Sage delivers new functionality every quarter across financial management, reporting, automation, and integrations. Without a structured review process, valuable enhancements often go unused.

Best practice: Implement a formal quarterly release review that includes:

• Reviewing Sage Intacct release notes relevant to your modules.
• Evaluating new features against current pain points.
• Identifying process, reporting, or automation opportunities.
• Assigning clear ownership for adoption and change management.

Organizations with a defined release management process are better positioned to reduce manual work, avoid unnecessary customizations, and stay aligned with Sage’s product roadmap.

2. Ensure Your Sage Intacct Configuration Reflects Today’s Business

Most Sage Intacct implementations are designed for a specific moment in time. As companies grow and evolve, the original configuration may no longer support current operational needs.

Common triggers for misalignment include:

• New revenue models or pricing structures.
• Mergers, acquisitions, or new legal entities.
• Increased reporting, audit, or compliance requirements.
• Expanded use of automation and third-party integrations.

Best practice: Periodically reassess whether your chart of accounts, dimensions, workflows, and reports still reflect how the business actually operates, not how it operated at go-live.

3. Define Clear Ownership and Governance for Your ERP

Sage Intacct often sits at the center of finance, operations, and leadership decision-making. Without defined governance, enhancements stall and inefficiencies compound over time.

High-performing organizations clearly define:

• ERP strategy ownership versus day-to-day administration.
• A structured intake and prioritization process for enhancements.
• When to leverage external Sage Intacct advisory support.

Best practice: Treat ERP governance as an ongoing discipline so the platform continues to deliver value as the business scales.

4. Get a Sage Intacct Health Check

Even well-managed environments benefit from an independent review. A Sage Intacct Health Check provides an objective assessment of how effectively your system is configured, utilized, and integrated within the broader business ecosystem.

Best practice: Conduct a Health Check every 2-3 years, or following major events such as:

• Rapid growth or organizational change.
• M&A activity.
• Leadership or strategy shifts.
• Persistent close, reporting, or data challenges.

A comprehensive Sage Intacct Health Check goes beyond core configuration and includes a holistic review of how Sage Intacct supports end-to-end business processes.

This often includes assessing:

• Core configuration and dimensional structure to ensure scalability and reporting flexibility.
• Reporting, dashboards, and data accuracy, including executive and operational visibility.
• Automation opportunities and manual workarounds that impact close, billing, or reconciliations.
• Customizations, integrations, and technical debt, with a focus on long-term maintainability.
• How Sage Intacct interacts with upstream and downstream systems, such as CRM, billing platforms, payroll, AP automation, or data warehouses.
• Cross-system business processes that traverse Sage Intacct, including Order-to-Cash (O2C), Procure-to-Pay (P2P), revenue recognition, and financial close.

In many cases, inefficiencies are not isolated to Sage Intacct itself but arise at the intersections between systems, where data handoffs, ownership, or controls may be unclear or outdated.

The outcome of a Health Check is a prioritized optimization roadmap, helping organizations address immediate risks while positioning Sage Intacct and the surrounding systems to support future growth.

5. Embed a Culture of Continuous Optimization

Organizations that get the most from Sage Intacct view optimization as continuous rather than episodic.

Best practice: High-performing finance teams consistently improve efficiency, strengthen reporting, and avoid costly re-implementations by combining:

• Quarterly release management.
• Intentional ERP governance.
• Periodic Sage Intacct Health Checks.

To integrate the latest best practices in your Sage Intacct environment, contact CrossCountry Consulting.

For decades, the Record-to-Report (R2R) process has been marked by late nights, manual work, and a scramble to finalize financial reporting by month-end. Despite significant investments in ERPs and planning/reporting tools, many accounting and finance teams still wrestle with inefficiencies like lengthy month-end closes, extended budgeting and planning cycles, and financial data that doesn’t provide real-time visibility. The result? An accounting and finance function that’s more reactive than strategic. 

Today, a fundamental shift is underway. AI systems, particularly agentic AI, are transforming the R2R process. By moving beyond basic automation to intelligent systems, finance leaders can finally unlock a real-time close, enabling faster turnaround on financial reporting, enhanced compliance, and improved process accuracy.  

• Batch processing: Financial data is often processed in overnight or mid-month batches, delaying visibility into key financial statements and metrics. 
• Reactive reporting: Variance analysis and flux reporting are typically completed after the books are closed – sometimes as late as 20 days post-month-end. 
• Manual effort: High volumes of manual journal entries, reconciliations, and adjustments waste time and reduce overall process accuracy. 
• Regulatory compliance risks: The reliance on manual processes and disconnected systems increases the risk of errors, non-compliance, and audit complications. 
• Skill gaps: Modern financial reporting demands both traditional accounting expertise and data fluency, a combination many teams still lack. 

These inefficiencies not only slow down financial reporting but also prevent accounting and finance teams from delivering the timely insights businesses need to make strategic decisions. 

AI in Record-to-Report: From Automation to Intelligence 

Agentic AI and other AI systems are revolutionizing R2R by automating repetitive tasks and introducing intelligence to financial data analysis. This shift allows accounting and finance teams to focus on strategy, compliance, and accurate, real-time financial and management reporting. 

Orchestrating the Budget With AI 

Budgeting is one of the most time-consuming parts of the R2R process. But AI systems can significantly reduce this burden by automating data orchestration and preparation. Agentic AI can summarize meetings, generate documentation, and stage financial data sets automatically. This can cut budgeting cycles from 60 to <30 days and improve accuracy by eliminating manual errors. 

The Real-Time Close: Fact or Fiction? 

The real-time close is rapidly becoming a reality for organizations leveraging AI systems. Instead of waiting for month-end, AI enables continuous monitoring of financial data and reporting in real time. 

• Continuous controls: AI systems can flag unapproved transactions or unusual financial entries on day five of the month, rather than waiting until month-end. 
• Automated accruals: AI agents can analyze contracts, scrape terms from PDFs, and automatically generate accruals, eliminating delays in financial reporting. 
• Instant flux analysis: AI can draft flux explanations as variances occur, allowing teams to focus on reviewing and ensuring compliance rather than generating reports from scratch. 

This level of automation and intelligence ensures financial statements are not only accurate but also delivered faster, driving better decision-making. 

Enhanced Forecasting and Financial Data Insights 

AI systems excel at ingesting diverse data sets, from daily cash flows to market trends, to generate rolling forecasts. While these forecasts may not be perfect immediately, they provide “directionally correct” insights that help CFOs make agile decisions without waiting for finalized financial statements. This capability bridges the gap between historical reporting and forward-looking strategy. 

The New Finance Skill Set: Storytelling With Financial Data 

As automation through AI systems takes over manual tasks, finance professionals are shifting their focus toward interpreting financial data and crafting compelling narratives. The future finance analyst must be both a data storyteller and a strategic thinker. 

Key skills include: 

• Data literacy: Understanding how to stage and analyze financial data in platforms like Snowflake or Databricks. 
• Prompt engineering: Using agentic AI and Large Language Models (LLMs) effectively to generate financial reports and insights. 
• Compliance expertise: Ensuring AI-driven processes and financial reporting meet regulatory standards and remain audit-ready. 
• User experience: Presenting financial data through dashboards and reports that are easy to understand and act on. 

This evolution empowers finance teams to deliver strategic value while maintaining compliance and accuracy in all financial processes. 

Getting Started: The ‘Jumpstart’ Approach to AI in Finance 

Many CFOs hesitate to adopt AI systems, believing that messy data or immature processes will hinder success. However, perfect data is not required to begin reaping the benefits of AI in R2R. A “Jumpstart” approach can help finance teams integrate AI incrementally: 

1. Start small: Identify one high-friction process, such as cash flow forecasting or contract review, to automate first. 
2. Focus on manual efforts: Apply AI systems to transactional tasks while leaving strategic judgment to humans. 
3. Iterate with existing tools: Many ERP, EPM, and data platforms include built-in AI capabilities that can enhance financial reporting and process efficiency immediately. 
4. Integrate AI as a coworker: Treat agentic AI like a member of your team, with governance, access controls, and compliance protocols to ensure audit-ready outputs. 

This approach allows organizations to build confidence in AI models while delivering tangible improvements in financial reporting and process accuracy. 

Embrace the Shift: AI as an Enabler for the Office of the CFO 

By introducing automation and intelligence, accounting and finance teams can reduce risk, improve accuracy, and focus on strategic objectives. The real-time close is no longer a dream – it’s a competitive advantage waiting to be realized. 

Don’t let perfection hold you back. Start small, build momentum, and see how AI can revolutionize your R2R process, delivering faster, more accurate financial reporting and unlocking the full potential of your financial data. Contact CrossCountry Consulting to get started on your AI transformation journey. 

Family offices managing diverse investment portfolios, intricate entity structures, and the sensitive dynamics of generational wealth are limited by traditional, spreadsheet-heavy accounting methods. Every manual process takes time and resources away from strategic decision-making and creates unnecessary risk.

That’s why family offices are modernizing their financial tech stack, moving from outdated systems like QuickBooks to robust platforms like Sage Intacct. CrossCountry Consulting’s Megan Smith recently joined leaders from Sage Intacct, Spyglass Capital, and Scott Holdings to discuss how family offices are approaching this transition and the value they’re generating along the way.

View the on-demand webinar here:

As a multi-entity, cloud-based accounting solution that scales with organizational growth, Sage Intacct offers dimensional reporting, which allows for granular analysis across various metrics, family members, and trusts. This flexibility is crucial for family offices that often manage dozens, or even hundreds, of entities.

“We actually have 151 entities on the platform today,” noted Keith Varney, CFO at Scott Holdings, on transitioning to Sage Intacct. “We have saved so much time in this process of being able to come up with an allocation method to take the complex ownership structures that are in place and get these results each month, and we’ve cut down significantly our time in our closing process.”

Handling this volume in a system like QuickBooks involves tedious, error-prone manual work. With Sage Intacct, the process is streamlined into a single login, providing access to all entities and automating intercompany transactions.

Modernizing Your Financial Tech Stack

Implementing a solution like Sage Intacct is more than a software upgrade; it’s a fundamental transformation of financial operations. The benefits are immediate and far-reaching, enabling a new level of strategic insight and operational efficiency.

Gain Real-Time Visibility

The most significant advantage of a modern financial platform is access to real-time data. Dashboards in Sage Intacct can be customized to provide key stakeholders – from the CEO to trustees – with instant visibility into the metrics that matter most.

Kristen Brugos, Director of Accounting and Finance at Spyglass Capital, highlights this benefit: “Our CEO actually logs into Sage and looks at the different dashboards. I’ve also created a profits interest dashboard. Previously, that was all done in Excel.” This shift empowers leadership with the confidence that they’re making decisions based on accurate, up-to-the-minute information.

Automate Complex Consolidations

Family offices often deal with layered ownership structures that make consolidations a nightmare in spreadsheets. Sage Intacct’s Advanced Ownership Consolidations and Dynamic Allocations modules are purpose-built to automate these complex processes. This automation saves time and significantly improves the accuracy of financial reporting, which is critical to fulfilling fiduciary responsibilities.

Create an Integrated Technology Ecosystem

An effective financial tech stack operates as a connected ecosystem, not a collection of siloed applications. Sage Intacct is built with an open API, allowing seamless integration with other critical systems like investment management software (e.g., Addepar), bill pay solutions (e.g., Bill.com), and document management platforms (e.g., SharePoint).

This integration eliminates redundant data entry and creates a single source of truth for financial data. The result is a more efficient workflow and more reliable reporting, which enhances collaboration with external partners like auditors and tax providers.

The Path to Financial Clarity

Modernizing your family office’s financial operations with Sage Intacct provides the tools necessary to manage complexity, drive efficiency, and deliver strategic value. The ability to automate processes, gain real-time visibility, and create a connected tech stack transforms the finance function, allowing you to focus on growth and strategy rather than manual data entry.

With a dedicated practice of Sage Intacct implementation experts, CrossCountry Consulting helps family offices maximize the value of their investment and achieve strategic objectives. To get started, contact us today.

Are you still managing multi-tiered ownership structures, intercompany eliminations, and partnership payouts with spreadsheets and manual calculations? For family offices contending with increasing complexity in their entity structures, the traditional approach to partnership accounting is inefficient and a strategic liability. 

To navigate multi-generational wealth structures, private equity investments, and evolving regulatory requirements, leaders are turning to Sage Intacct, which offers the ability to accurately and efficiently allocate partnership income.  

To remain ahead of the complexity curve, how effectively can you modernize allocation processes and implement scalable systems?  

The Partnership Accounting Challenge: Beyond Traditional Methods 

Consider this typical scenario: A family office manages 15 different partnership entities across three generations, with ownership percentages that change quarterly based on new investments and distributions. Each entity generates income from multiple sources – rental properties, private equity investments, and liquid securities – all requiring precise allocation to partners with varying ownership stakes. 

The traditional approach of manual calculations and static allocation methods breaks down quickly. More concerning, it introduces significant risk exposure through calculation errors and compliance gaps that can have material financial and reputational consequences. 

Strategic Framework: 3 Pathways to Allocation Excellence 

1. Transaction-Level Allocation: The Foundation Strategy 

Transaction allocation serves as the cornerstone for partnerships with stable ownership structures. This method applies allocation percentages at the individual transaction level, making it ideal for entities where ownership changes infrequently and transparency is paramount. 

Strategic Applications: 

• Single-tier partnerships with consistent ownership. 
• Real estate ventures with fixed partner percentages. 
• Investment vehicles with established profit-sharing agreements. 

Key Benefits: 

• Complete audit trail for every allocated transaction. 
• Real-time visibility into partner distributions. 
• No additional licensing costs (part of core ERP functionality). 

2. Dynamic Allocation: The Scalable Solution 

For organizations managing multi-tier structures with frequently changing ownership percentages, dynamic allocation provides the automation and flexibility necessary to maintain accuracy while reducing administrative burden. 

This advanced approach enables CFOs to establish allocation rules based on various criteria – statistical accounts tracking ownership percentages, fair market value calculations, or financial account balances – and automatically apply these rules across multiple entities and time periods. 

Strategic Applications: 

• Multi-generational family office structures.
• Private equity funds with diverse investor bases. 
• Partnership entities with quarterly ownership adjustments. 

Key Benefits: 

• Automated journal entry generation with full audit trails. 
• User-defined books for allocation tracking are separate from operational accounting. 
• Batch processing capabilities for multiple partnerships simultaneously. 
• Real-time validation and error checking. 

3. Advanced Ownership Consolidations: The Reporting Revolution 

Advanced ownership consolidations address the critical need for comprehensive wealth reporting across complex entity structures where partial ownership interests create consolidation challenges. 
 
This functionality enables family offices to generate accurate net worth statements that reflect proportional ownership across multiple tiers of entities, providing the strategic visibility required for wealth planning and investment decision-making. 

Strategic Value Propositions: 

• Complete family wealth visibility across all entity levels. 
• Accurate proportional consolidation for minority interests. 
• Automated validation and reconciliation processes. 
• Enhanced due diligence capabilities for external stakeholders. 

Implementation Strategy: Aligning Technology with Business Requirements 

Assessment Framework 

The selection of appropriate allocation methodologies requires careful analysis of your organization’s specific requirements: 

Complexity Indicators: 

• Number of partnership entities under management. 
• Frequency of ownership percentage changes. 
• Reporting requirements for external stakeholders. 
• Volume of transactions requiring allocation. 

Strategic Considerations: 

• Growth trajectory and anticipated entity additions. 
• Regulatory compliance requirements. 
• Integration needs with existing systems. 
• Resource allocation for implementation and maintenance. 

Best Practices for Implementation Success 

Phase 1: Foundation Building 
Establish clear entity structures within your ERP system, ensuring proper dimension setup for partners, investments, and allocation tracking. This foundation work is critical for all subsequent allocation processes. 

Phase 2: Allocation Rule Configuration 
Develop and test allocation definitions based on your partnership agreements and ownership structures. Utilize statistical accounts for tracking ownership percentages that change over time. 
 
Phase 3: Process Automation 
Implement automated workflows for periodic allocation processing, whether monthly, quarterly, or annually. Build in validation checkpoints to ensure accuracy before posting allocation entries. 

Phase 4: Reporting Integration 
Configure reporting tools to provide clear visibility into allocation results, partner equity balances, and distribution requirements. Ensure reports support both internal management needs and external stakeholder communications. 

Technology Integration: Maximizing Efficiency Through Automation 

Modern partnership accounting extends beyond standalone ERP functionality to encompass integrated ecosystems that automate data flow from investment management systems, custodial platforms, and external data sources. Middleware tools, such as KnowLedger, leverage Sage Intacct’s open API to integrate investment data to enable streamlined, high-level reporting directly within your ERP system.   

KnowLedger Integration Capabilities: 

• Automated transaction import from investment management systems. 
• Real-time application of allocation rules to incoming transactions. 
• Consolidated journal entry creation with full allocation detail. 
• Exception handling and validation processes. 

This integration approach eliminates manual data entry, reduces processing time, and ensures consistent application of allocation rules across all partnership entities. 

Risk Management: Ensuring Accuracy and Compliance 

Audit Trail Requirements 

Modern allocation systems must provide comprehensive audit capabilities that trace every allocation from source transaction through final partner distribution. This includes: 

• Complete transaction lineage documentation. 
• Allocation calculation validation and verification. 
• Partner notification and approval workflows. 
• Regulatory reporting compliance features. 

Error Prevention and Detection 

Automated validation processes should include: 

• Mathematical accuracy verification for all allocations. 
• Ownership percentage reconciliation against legal documents. 
• Distribution calculation validation before processing. 
• Exception reporting for transactions requiring manual review. 

The Strategic Imperative: Future-Proofing Your Partnership Accounting 

As partnership structures continue to evolve and regulatory requirements increase, the organizations that thrive will be those that have invested in scalable, automated allocation systems.  

Key Success Metrics: 

• Reduction in month-end close time for partnership entities. 
• Elimination of allocation calculation errors. 
• Improved partner satisfaction through timely and accurate reporting. 
• Enhanced audit readiness and compliance confidence. 
• Scalability to support organizational growth without proportional resource increases. 

Taking Action: Your Path to Allocation Excellence 

Ready to transform your partnership accounting processes and eliminate the risks of manual allocation methods? Discover how Sage Intacct’s comprehensive allocation capabilities can streamline your operations while ensuring accuracy and compliance. Contact CrossCountry Consulting to learn more.

The private lending and private credit industry has experienced rapid growth as institutional investors and borrowers seek alternatives to traditional bank financing. Within this market, collateral underpins lending structures, acting as both a risk mitigant and a liquidity enhancer. However, the bespoke nature of private credit transactions introduces challenges that require robust collateral management frameworks.

This sentiment has been reinforced with major investment by a number of leading banking institutions all participating in the HQLAx collateral mobility initiative, which seeks to improve the speed and accuracy of collateral management, while reducing costs and risks – risks that have driven the demise of First Brands and Tricolor.

With collateral being the foundation of most lending structures, effective management in private credit and lending provides the strategic function that protects lenders, enhances investor confidence, and supports long-term portfolio growth. Given the bespoke and often illiquid nature of collateral in this space, collateral plays a crucial role in protecting investors, enhancing transparency, and supporting portfolio resilience.

The Management of Collateral in Private Lending and Credit

With the U.S. Lending Market amounting to $12.5 trillion and growing 2-3% annually, the industry’s requirement for effective collateral management has become a key requisite for success.

Not only does effective management form an integral part of treasury and liquidity functions, but having a robust collateral platform can deliver significant enhancements to businesses’ compliance in adhering to collateral-related regulations (e.g., FR 2052a and Regulation YY (12 CFR part 252)).

Challenges in Collateral Management

The nature of transactions within private lending and private credit are highly nuanced and negotiated. As a result, effective collateral management presents great challenges in accurately allowing a business to monitor the performance of its portfolio and its underlying assets. This in turn can present operational and financial risks for the business:

• Valuation and monitoring: Illiquid or bespoke assets are difficult to value accurately, and market shifts can erode protection quickly.
• Operational risks: Manual processes and fragmented systems increase the risk of oversight.
• Transparency limitations: Investors and stakeholders often lack visibility compared to traditional markets.
• Poor deal structures: Poor understanding of collateral can lead to unfavorable loan terms and expose organizations to deal risk from the inception of the transaction.
• Increased recoverability risk: Without an effective way to evaluate collateralized assets, significant risks around viability and recoverability of the transaction are introduced.
• Ineffective analysis capabilities: The inability to analyze and monitor the performance of collateral means businesses can’t perform the necessary scenario modeling or anticipate the need to trigger their margin call.

Why Effective Collateral Management Matters

Optimizing collateral is fundamental for liquidity, capital, return, cost reduction, and risk management. By prioritizing effective collateral management, business lending operations can significantly improve:

1. Risk mitigation: Protect lenders and investors against borrower defaults.
2. Investor confidence: Strong governance and transparency are essential for institutional capital.
3. Liquidity and flexibility: Well-structured collateral supports refinancing and secondary financing.
4. Regulatory alignment: As scrutiny grows, lenders must adopt practices aligned with evolving compliance requirements.
5. Performance enhancement: Proper oversight improves recovery rates and portfolio resilience.

Best Practices for Collateral Management

As market complexity, asset diversity, and cross-jurisdictional exposures increase, institutions must adopt robust frameworks that balance operational efficiency with transparency and legal certainty. The following best practices outline a comprehensive approach to strengthening collateral governance, enhancing asset quality oversight, and safeguarding financial stability throughout the collateral lifecycle.

Standardized Valuation and Reassessment

Implement consistent valuation methodologies across all asset classes and conduct periodic reassessments. For illiquid or complex assets, incorporate third-party appraisals and scenario-based valuation models to ensure precision, transparency, and comparability.

Risk-Based Haircuts and Margining

Adopt haircut and margining frameworks that reflect each asset’s volatility, liquidity, and credit profile. Thresholds and margins should be dynamically adjusted in response to changing market conditions, borrower behavior, and asset performance metrics.

Covenant Monitoring and Additional Trigger Events (ATEs)

Continuously monitor financial covenants and define ATEs – such as management turnover, reputational issues, or repeated margin calls – to trigger proactive margining, collateral reassessment, or escalation procedures.

Legal Enforceability and Jurisdictional Mapping

Conduct comprehensive legal due diligence to confirm collateral enforceability across jurisdictions. Employ clear lien structures, perfected security interests, and escrow mechanisms to strengthen legal certainty and recovery potential.

Collateral Liquidity Scoring

Assign quantitative liquidity scores based on factors such as time-to-liquidation, bid-ask spreads, and historical trading activity. These scores should guide collateral eligibility decisions and inform liquidation strategies.

Stress Testing and Value-at-Risk (VaR) Modeling

Perform regular stress tests and VaR analyses to evaluate collateral resilience under extreme but plausible market conditions, helping identify vulnerabilities and capital adequacy requirements.

Collateral Substitution and Cross-Collateralization Protocols

Enable controlled asset substitutions and structured cross-collateralization to mitigate concentration risk, enhance flexibility, and improve overall portfolio recoverability.

Custodial Oversight and Counterparty Risk Assessment

Assess custodians’ operational robustness, legal status, and creditworthiness. Recognize and manage custodian-related risks, as these can significantly influence collateral protection and recovery outcomes.

Collateral Lifecycle Auditing

Ensure complete traceability of collateral from onboarding through release. Comprehensive lifecycle records support transparency, dispute resolution, compliance verification, and audit readiness.

Technology as an Enabler

With the use of collateral engines, either in existing platforms such as Oxane and Broadridge CollateralPro, or the internal development of bespoke solutions, companies can identify opportunities to optimize collateral. To capitalize on the full benefits of these tools, companies must prioritize modeling efforts, validation of clean data, and streamlining business processes.

AI, as one example, can significantly enhance the automation of collateral management in private lending by streamlining valuation, monitoring, and risk assessment processes. Machine learning models can continuously reassess asset values, detect early warning signals, and recommend margin adjustments based on real-time market data. Additionally, AI-driven document processing and smart contract systems can automate collateral onboarding, verification, and release, reducing operational friction and improving accuracy across the collateral lifecycle.

Provided the aforementioned is achieved, technology will play a central role in modernizing collateral management and supporting key outcomes, such as:

1. Real-time monitoring and optimization: Enables dynamic tracking of asset values, exposures, and margin thresholds, which allows entities to optimize their collateral.
2. Centralized data management: Improves transparency, reduces operational risk, and supports audit readiness.
3. Compliance and controls: Flags regulatory breaches and enforces policy adherence automatically.
4. Integration with custodians: Facilitates secure asset handling and real-time reconciliation with third-party custodians.
5. AI-leveraged automation: Streamlines operational workflows such as valuation, margin calls, substitutions, and reporting (e.g., activating AI capabilities within existing platforms such as Copilot, ChatGPT, etc.)

By combining disciplined risk management with smart technology, institutions can transform collateral management from a back-office function into a strategic advantage, driving portfolio growth, enhancing efficiency, and protecting lenders.

How CrossCountry Can Help

CrossCountry Consulting delivers tailored collateral management solutions to overcome common industry challenges.

In-House Platform Design and Integration

Design and implement in-house collateral management solutions with centralized document capabilities, while overseeing large-scale projects, integrating client systems into custom technology architectures, and managing end-to-end delivery from testing through post–go-live support.

Vendor Implementation

Lead the selection and implementation of vendor solutions, ensuring seamless integration with existing systems and business architecture, while coordinating across functions and managing testing, go-live, and post-implementation support.

Operating Model Frameworks

Develop and operationalize business frameworks – including SOPs, risk controls, and process flows – while defining roles and responsibilities and executing change management programs to drive adoption of the target operating model.

Business Analytics and Scenario Modeling

Build dynamic dashboards and custom reporting tools that enable users to simulate market scenarios, analyze risk, and review performance, while implementing security controls for customized, role-based access.

Reporting and Compliance

Develop business and regulatory reporting capabilities, including compliance with industry standards (e.g., 2052a, FRB, Regulation YY), and enhanced document management systems that improve visibility into counterparty compliance, liquidity, and debt covenant monitoring.

Collateral management is not an administrative afterthought – it’s a core function that determines portfolio performance, investor trust, and the long-term credibility of the private lending industry. Lenders and credit managers must prioritize frameworks, adopt technology, and embrace transparency to ensure sustainable growth in 2026 and beyond. To get started, contact CrossCountry Consulting.

The final Sage Intacct release of 2025, R4, delivers a powerful suite of enhancements designed to accelerate financial close, strengthen data integrity, and boost team efficiency – critical factors as we head into year-end planning. 

This release focuses on smarter automation, faster reconciliation, and more flexible reporting across key modules. Ready to maximize the value Sage Intacct can deliver to your business? View our demo of key updates:

Import Service Upgrades 

Users can now update key dimension IDs – including GL accounts, classes, and vendors – via the new Import Service. This eliminates the need for manual workarounds for simple ID changes. The new Import Service provides a massive time-saver by allowing for real-time error handling and fixing import issues directly within the import interface without needing to re-upload the file multiple times. 

Cash Management Improvements 

A major update allows users to combine debits and credits in reconciliation matching rules. This is particularly useful for transactions split between a main payment and an associated fee (like bank charges), enabling a much higher rate of accurate and automated bank reconciliations. 

1099 Tax Reporting Updates 

Ensure compliance ahead of the 1099 season with necessary form adjustments. Sage Intacct has implemented the IRS change moving Golden Parachute Payments from Box 14 to Box 3 on the 1099-NEC form. Also, to ensure proper printing and compliance, entity-specific 1099s now require an assigned contact with a valid address. This simple check prevents common printing and mailing errors. 

Accounts Payable and AP Automation 

Gain better control and traceability over vendor activity and payment processing. The AP Ledger report now supports multi-vendor filtering and custom vendor groups, significantly enhancing your reporting flexibility for focused analysis on specific vendors. Additionally, the introduction of unique payment IDs for AP advances improves financial traceability across reports, making it easier to reference and track prepayments. Also, AP automation benefits from a new email domain (@AISage.com), facilitating highly requested features like setting up auto-forwarding, receiving bounce-back notifications, and supporting expanded file formats. 

Accounts Receivable Enhancements 

Customer statements now offer more granular transaction filtering options. Users can tailor statements to show all transactions, only open invoices, or show invoices with associated credits providing greater clarity and customization to your customers. 

Fixed Asset Management and General Ledger 

Reduce manual entries with Sage Fixed Assets Management (SFAM) and gain deeper visibility into your financial status. Users can now partially dispose of assets, create multiple assets from a single bill line, or skip asset creation. Dimension edits no longer require asset transfers within the same entity, eliminating unnecessary journal entries. In addition, the General Ledger report now includes unposted transactions and a new “Transaction State” column. This provides immediate, real-time visibility into draft and adjusting entries, significantly aiding your close process. 

Contracts, Purchasing, and Consolidations 

Contract renewal management is now more efficient, benefiting from automated bulk actions and new tracking reports for enhanced visibility into recurring revenue. In Purchasing, you gain greater control and quicker resolution thanks to an exception summary for match tolerances. Furthermore, AP Automation for Purchasing now supports more detailed line-level matching. Finally, for complex corporate structures, Advanced Ownership Consolidation has been expanded to include crucial equity consolidation methods.  

Overall, Sage Intacct R4 delivers meaningful improvements that enhance efficiency, accuracy, and user control across financial operations. CrossCountry Consulting’s Sage Intacct implementation experts can help you capitalize on the latest updates to maximize your investment. Contact us today to get started. 

While institutional investors have long dominated the alternatives landscape, a fundamental shift is underway as leading asset management firms recognize the untapped potential of high-net-worth individuals and family offices. 

Alternative investments currently account for less than 3% of high-net-worth individual portfolios, yet industry projections suggest this allocation could expand dramatically over the next decade. This presents a compelling opportunity for asset managers willing to adapt their infrastructure, products, and go-to-market strategies for the private wealth sector. 

The transformation extends beyond simply creating new products – it requires a comprehensive reimagining of operations, technology, compliance frameworks, and client service models.  

The Strategic Imperative for Private Wealth Expansion 

Several market forces are converging to make this expansion necessary for long-term competitiveness: 

• Massive market opportunity: The global high-net-worth individual population holds combined assets of approximately $90.5 trillion. Meanwhile, the mass-affluent segment represents roughly $21 trillion in assets, with 80% having never worked with a financial planner, creating a significant greenfield opportunity for scalable wealth management services. 
• Structural market changes: Recent regulatory developments are opening 401(k) and retirement plans to private market strategies, potentially unlocking a $10 trillion defined contribution market. The traditional 60/40 portfolio model faces increasing challenges as public markets become more concentrated and correlation increases during market stress. Owning competitive advantages in both institutional and individual markets enhances market positioning. 
• Revenue model advantages: Private wealth offers asset managers the opportunity for more predictable, fee-based revenue streams compared to traditional carry structures. This recurring revenue model provides stability and can boost firm valuations. Additionally, with 84% of wealth managers expecting alternative allocations to rise over the next 12 months, the demand-side momentum is clearly building.  

By capitalizing on these opportunities, asset managers can devote more resources toward individualized relationships that can lead to higher client lifetime value and increased referral opportunities.  

Industry Leaders Setting the Standard 

The top alternative asset managers have moved aggressively into private wealth, each taking distinct approaches based on their strengths and target markets. 

• Top-tier firms (>$100B AUM) have established dedicated private wealth platforms designed to serve individual investors directly while maintaining institutional-grade investment quality. 
• Mid-tier managers ($50-$100B AUM) are pursuing acquisition strategies, creating business development companies (BDCs), and offering private credit products for high-net-worth individuals. 
• Smaller managers (<$50B AUM) are forming strategic partnerships to access established distribution networks without building comprehensive in-house capabilities. 

Infrastructure Requirements 

Successfully entering private wealth requires addressing six critical areas, each presenting both obvious needs and potential blind spots. 

1. Product and Service Design 

While product adaptation seems straightforward, the real challenge lies in understanding the distinct needs of individual investors versus institutions. Entrepreneurs seek liquidity and growth opportunities, family offices prioritize legacy and governance structures, and retirees focus on income generation and capital preservation. 

The key is developing tailored offerings that address these distinct client personas while maintaining operational efficiency. This might include concepts such as hybrid portfolios for diversification, BDCs for high dividend yields, trust structures for estate planning optimization, and product wrappers like interval, evergreen, and tender offer funds. 

2. Distribution and Strategic Partnerships 

Selecting optimal distribution channels requires balancing control with reach. Direct-to-client models offer brand consistency but require significant investment in marketing and client acquisition. Partnerships with RIAs, independent broker-dealers, and wirehouses provide access to established client bases but may dilute brand control. 

Strategic alliances with custodians, fintechs, and white-label solution providers can accelerate market entry while reducing operational complexity. The most successful firms often pursue a multi-channel approach, tailoring their strategy to different market segments. 

3. Operating Model and Technology Enablement 

The shift from institutional to retail clients demands fundamental operational changes. Institutional clients typically require quarterly reporting and can tolerate complex onboarding processes. Individual investors expect more real-time access to information, intuitive digital interfaces, and responsive customer service. 

Technology infrastructure must support digital onboarding with e-signatures and automated KYC processes, provide secure client portals for reporting and account management, and integrate CRM systems for relationship tracking and segmentation. Many firms underestimate the complexity of building scalable, client-centric operations. 

4. Regulatory Compliance and Risk Management 

Private wealth introduces new regulatory and licensing requirements, including FINRA and SEC oversight, enhanced AML and KYC procedures, and jurisdiction-specific compliance for cross-border investments. Risk frameworks must be adapted for retail clients, incorporating stress testing and scenario analysis tailored to individual portfolios rather than institutional mandates. 

Governance structures become critical, with oversight committees and escalation protocols ensuring appropriate suitability assessments and ongoing client monitoring. Many firms find that their institutional risk management frameworks require significant modification for individual investor protection. 

5. Talent and Cultural Transformation 

Success in private wealth requires different skill sets than institutional asset management. Teams need professionals with CFP, CFA, and CPA credentials who understand financial planning, estate strategy, and behavioral finance. Equally important is developing soft skills for client interaction and building the high-touch service culture that individual investors expect. 

Performance metrics must shift from purely quantitative measures to include client satisfaction and retention indicators, which impact compensation plans. Collaboration becomes essential as clients often require coordinated solutions across investment management, tax planning, and estate strategy. 

6. Brand Positioning and Pricing Strategy 

Messaging must resonate with individual aspirations while maintaining professional credibility. Pricing strategies should balance perceived value with client preferences, often requiring tiered service models that provide flexibility and scalability (e.g., flat fee, basis points, or subscription). Many firms find that their institutional pricing models don’t translate directly to individual clients, necessitating comprehensive pricing strategy overhauls. 

Proactively Addressing Transformation Challenges 

Entry into private wealth can be streamlined with the support of an advisor who can help navigate several key workstreams. 

• Regulatory compliance represents perhaps the greatest challenge, requiring new licenses, disclosure procedures, and reporting obligations.  
• Client education becomes essential as individual investors often need significant guidance to understand alternative investments and their role in portfolio construction. 
• Operational complexity increases dramatically when serving individual clients rather than institutional investors. Cost management becomes critical as serving high-net-worth clients requires higher per-client service levels while fees face downward pressure, particularly at higher AUM tiers. 
• Technology integration issues are common, as firms must connect institutional-grade investment platforms with retail-oriented client service systems.  

Successfully entering private wealth requires a phased approach that builds capabilities while managing risk and complexity.  

• Phase 1: Focus on market assessment and product development, understanding target client segments, and adapting existing investment strategies for individual investors. Strategic partnerships with established wealth management platforms can provide valuable market insights while building initial distribution capabilities. 
• Phase 2: Develop infrastructure, including technology platform integration, regulatory compliance framework establishment, and initial team hiring. Many firms benefit from pilot programs with select client segments to test operational capabilities and refine service models. 
• Phase 3: Execute full market launch with comprehensive marketing strategies, expanded distribution partnerships, and ongoing optimization based on client feedback and market response. 

Positioning for Future Growth 

The expansion into private wealth is a fundamental transformation that positions asset managers for long-term success in an evolving market landscape. However, success requires commitment to comprehensive infrastructure development, cultural transformation, and ongoing innovation in client service delivery. 

The window for competitive advantage in private wealth is narrowing as more firms enter the market. Asset managers who begin their transformation now, with careful planning and phased implementation, will be best positioned to capitalize on this significant growth opportunity. 

To execute on a structured transformation roadmap in service of institutional and individual investors, contact CrossCountry Consulting. 

Closing the books doesn’t mean you’re ready for an audit. True audit readiness goes beyond financial statements – it ensures internal controls, documentation, and disclosures can withstand scrutiny from auditors and regulators.

Gaps in accounting, controls, or disclosures can lead to restatements, material weaknesses, and regulatory inquiries. Many organizations don’t discover these issues until an audit or regulatory review brings them to light. 

As year-end approaches, finance and accounting teams must focus on key areas that drive audit success, including common risks, why they matter, and practical steps to address them before they become costly.

The Regulatory Lens

The Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC) are two key bodies that shape the audit and reporting landscape for public companies. Their insights and priorities provide a roadmap for where companies need to focus.

PCAOB Inspections: Persistent Deficiencies

While PCAOB inspections target audit firms, many findings, especially around internal control, stem from client-side weaknesses. Auditors frequently cite poorly designed client controls, insufficient documentation, and incomplete management review evidence as key drivers of recurring deficiencies.

Despite improvements in audit quality, issues persist year after year. From 2022 to 2024, two areas continue to stand out:

• Controls with a review element: Auditors often find client review procedures and supporting evidence lacking, particularly for complex estimates like business combinations or goodwill impairment.  
• IT and system-generated data and reports: Reports and data extracted directly from ERP or financial systems aren’t automatically reliable. Auditors expect evidence of completeness and accuracy. Without validation controls, accounting and finance teams risk relying on inaccurate data, a common misconception because these processes feel “automated.”

SEC Comment Letters: Disclosure Under the Microscope

The SEC reviews filings for compliance and issues comment letters when disclosures are unclear or incomplete. In 2025, the most frequent focus areas include:

• MD&A: Companies often fail to explain why results changed, not just that they changed.
• Non-GAAP measures: Issues with prominence, reconciliations, and misleading adjustments.
• Segment reporting: New ASU 2023-07 rules require disclosure of significant segment expenses and management’s use of reported measures.
• Revenue recognition: Disaggregation and clarity on performance obligations.
• Goodwill and intangibles: Transparency on impairment testing, assumptions, and sensitivity analyses.
• Emerging risks: Cybersecurity, AI, and crypto asset disclosures.

These comments often go beyond presentation. They challenge technical accounting conclusions, such as how revenue is recognized, how segments are defined, or how impairment is assessed. Addressing these areas requires both strong internal controls and robust technical accounting expertise.

Material Weaknesses: The Hidden Risk

Material weaknesses (MWs) remain a growing concern, even for companies not preparing for an IPO. A recent study found that in FY24, 8% of companies disclosed MWs, and 31% had recurring issues across multiple years.

A material weakness occurs when internal controls cannot reasonably prevent or detect a material misstatement. Common causes include inadequate documentation and policies, insufficient accounting expertise, IT and access control gaps, poor segregation of duties, and weak disclosure controls. The most impacted areas are nonroutine or complex transactions such as M&A and restructurings (72%), financial close and reporting processes (31%), and the control environment (48%), which reflects weak oversight and tone at the top. These weaknesses are not just technical; they appear in filings, affect investor confidence, and drive higher audit costs.

Connecting the Dots: How These Issues Intersect

PCAOB findings, SEC comment letters, and material weaknesses share a common thread: technical accounting, internal control, and disclosure quality. Weaknesses in these areas often emerge when processes and accounting judgments fail to keep pace with complexity, growth, or regulatory change.

It’s not just about control. Many SEC comments relate to accounting conclusions, such as revenue recognition, segment reporting, and impairment testing. These areas require both strong documentation and sound technical analysis.

If you’re thinking, “We’ve never had a material weakness, so we’re fine,” consider this: Many companies didn’t know they had issues until auditors identified them.

Practical Steps for Audit Readiness

Here’s how finance teams can take control:

• Strengthen ICFR design and documentation: Review controls for financial close, revenue, and nonroutine transactions. If using manual spreadsheets, implement documented reviews and version control. Validate IT controls and user access. If AI assists with reconciliations, document oversight and logic checks.
• Enhance disclosure quality: Go beyond boilerplate in MD&A and quantify drivers of change. Instead of “Revenue increased due to demand,” disclose “Revenue grew 12% from a 15% volume increase and 3% price adjustment.” If AI drafts MD&A, ensure human review and compliance checks.
• Resource planning: Confirm your team has expertise for complex areas like business combinations and impairment testing. Engage technical accounting specialists for purchase accounting. AI can assist with valuation modeling or scenario analysis, but finance teams must confirm that AI outputs align with GAAP.
• Focus on high-risk areas: Nonroutine transactions need tailored controls. For business combinations, controls should extend to the valuation specialist calculations. If AI is used to identify anomalies or predict risk areas, document how these insights are incorporated into control design and ensure they don’t replace required manual reviews.
• Prepare for emerging risks: Address cybersecurity and AI in risk assessments and disclosures. Example: If using AI for forecasting, disclose governance policies and validation processes. Regulators expect transparency on AI usage and its financial impact.

How CrossCountry Consulting Can Help

CrossCountry Consulting helps finance teams close gaps before auditors find them, through ICFR readiness assessments, technical accounting support, remediation planning, and guidance on new standards like ASU 2023-07. Our approach is practical, collaborative, and focused on reducing risk while enabling confidence.

Ready to strengthen your audit readiness? Contact us today to get started.

Mainstream maintenance of SAP ERP Central Component (ECC) ends in 2027, with extended support available until 2030. While that might seem like plenty of time to plan your next move, including a potential migration to SAP S/4HANA, the reality is far more urgent than most organizations realize. 

With average ERP implementations (bringing in entirely new systems) taking 12-18 months and system migrations (moving from one existing system to another) often extending even longer due to complexity, the clock is already ticking. The tens of thousands of organizations still running on SAP ECC, including a high percentage of Fortune 500 companies, face a critical decision point that will define their technology strategy for the next decade. 

The Time Crunch: 2027 Is Closer Than It Appears 

System end-of-life (EOL) transitions are deceptively complex undertakings. What appears to be a straightforward technical migration quickly reveals itself as a comprehensive business transformation touching every corner of your organization. 

Consider the typical timeline breakdown: 

• Strategic planning, budgeting, and system selection: 3-6 months. 
• Implementation planning and resource allocation: 2-4 months. 
• Core implementation and testing: 12-18 months. 
• User training and change management: 3-6 months ongoing. 

Even starting today, organizations are looking at implementation windows stretching into 2026 and beyond. Factor in the inevitable scope creep, resource constraints, and integration challenges that plague most ERP projects, and the 2027 deadline becomes a very real constraint. 

The Complexity Challenge: Why System EOL Requires Strategic Expertise 

EOL system migrations carry unique risks that standard implementations don’t face. Most SAP ECC environments have evolved over 10-15 years, accumulating layers of customizations, integrations, and workarounds that have become mission-critical to daily operations. 

These heavily customized systems present several strategic challenges: 

• Legacy integration complexity: Years of acquisitions and system additions create interconnected webs that must be carefully untangled and rebuilt. 
• Knowledge transfer risks: The institutional knowledge required to understand current system configurations often resides with a small group of employees, creating significant project risk. 
• Compliance and control gaps: Existing manual controls and compliance processes may not translate directly to new system architectures, requiring comprehensive redesign. 
• Business continuity concerns: Unlike greenfield implementations, EOL migrations must maintain full operational capability throughout the transition. 

The Strategic Advantage of Independent Advisory 

Most organizations attempt system migrations with internal resources and direct vendor relationships. However, this approach often falls short when facing the strategic complexity of an EOL transition. 

The most successful migrations leverage independent implementation advisors who bring several critical advantages: 

• Unbiased system selection: Unlike vendors who are incentivized to sell specific solutions, independent advisors can objectively evaluate whether SAP S/4HANA, Oracle Cloud, Workday, or other platforms best align with your strategic requirements. 
• Proprietary selection methodologies: Experienced advisors utilize structured evaluation frameworks that consider technical requirements alongside business strategy, implementation complexity, and total cost of ownership. 
• System integrator support: Rather than replacing your chosen system integrator, independent advisors work collaboratively to ensure successful project delivery while providing an additional layer of project governance and risk mitigation. 
• Cross-platform expertise: With deep knowledge across multiple ERP platforms, independent advisors can identify the best-fit solution for your specific organizational needs and growth trajectory. 

Building Your Strategic Roadmap 

The first step in any successful SAP migration is developing a comprehensive technology architecture strategy that extends beyond the immediate EOL challenge. This strategic foundation should address: 

• Business alignment assessment: Understanding how your technology investments will support broader business objectives over the next 5-10 years. 
• Integration architecture planning: Designing a scalable technology ecosystem that can adapt to future acquisitions, divestitures, and business model evolution. 
• Risk management framework: Establishing controls and governance structures that will protect your organization throughout the transition and beyond. 
• Change management strategy: Building organizational capability to successfully adopt new systems while maintaining operational excellence. 

Organizations that invest in this strategic foundation early in the process consistently achieve better outcomes, shorter implementation timelines, and higher user adoption rates. 

Taking Action: Your Strategic Next Steps 

The window for strategic SAP migration planning is narrowing rapidly. Organizations that begin their evaluation process now will have the luxury of thorough analysis and measured decision-making. Those who delay will find themselves forced into reactive decisions with compressed timelines and limited options. 

The most effective approach starts with engaging an independent advisor who can provide unbiased guidance through the complex landscape of modern ERP solutions. This strategic partnership ensures you select the platform best aligned with your business objectives while building the implementation roadmap that delivers maximum value with minimum risk. 

Don’t let the 2027 deadline catch your organization unprepared. The time to begin strategic planning is now. Contact CrossCountry Consulting to get started. 

For decades, private equity has used financial engineering and cost reduction as primary levers of value creation. More recently, operational transformation and digital enablement became the new playbook. Today, AI represents the next frontier, offering efficiency, growth, and competitive advantage – but also complexity and risk. 

For sponsors and their portfolio companies, the question is no longer if AI should be part of the value-creation strategy but how to adopt it responsibly and at scale. 

From Deal to Exit: A Picture of AI-Enabled Value Creation 

Consider the trajectory of a successful AI-enabled PE deal: 

• Deal sourcing and diligence: AI-driven market scans and sentiment analytics reveal a target overlooked by competitors. AI-enabled diligence surfaces revenue drivers, operational risks, and synergies, enabling sharper pricing and accelerated underwriting. 
• Post-close transformation: The portfolio company invests in a holistic AI capability model, building data infrastructure, embedding AI into core functions, and cultivating a workforce confident in AI-enabled tools. 
  • Key transformations include AI-powered forecasting, dynamic pricing, supply chain optimization, and automated finance processes, all governed by a consistent risk and compliance framework. 
• Exit and value realization: Over the hold period, revenue accelerates, margins expand, and AI maturity itself becomes a differentiator, with data and AI-enabled processes boosting buyer confidence and valuation multiples. 

The result is not just a successful deal, but a repeatable playbook for portfolio-wide advantage. 

Laying the Groundwork for Sustainable AI Value Creation 

Portfolio companies have different levels of AI maturity. Some are still building basic digital and data capabilities, while others are piloting advanced models. Sponsors must meet each company where it is, while keeping an eye on a future where AI is a core capability. 

Holistic AI adoption cannot be solved purely from the top down. Leadership sets the vision and governance, but real value often comes from engaging those closest to the work: line-level staff who know the daily bottlenecks and friction points. Their input ensures AI solutions address real problems, generate practical efficiency gains, and are embraced by those who use them. 

Without a roadmap, companies risk “pilot purgatory” – where projects never scale – or creating vendor sprawl that increases cost without impact. Poorly governed AI can also expose companies to reputational, ethical, and regulatory risk. 

The lesson: AI adoption is about building capability, with governance, risk awareness, and alignment to value-creation goals driven by insights from leadership and frontline staff. 

A Framework for Responsible AI Implementation 

CrossCountry Consulting evaluates companies using a simple framework to determine where they are on their AI journey and how they can most effectively execute on an implementation roadmap: 

A clear roadmap is critical to ensuring the right foundation is in place and that investment is focused on high-value, scalable initiatives. 

A human-centered approach ensures AI solutions are shaped by the actual people who will use them every day. By engaging CFOs, functional leaders, and frontline staff, technology investment aligns with real-world business problems, improving adoption and accelerating impact. This holistic model promotes four key AI capabilities for PE: 

1. Strategic transformation toward an AI-powered organization: New operating models, innovation hubs, process design, cross-functional command centers, and digital workers. 
2. AI solutions that solve business challenges: AI use case development, system selection, intelligent AI agent orchestration, and embedded AI for greater organizational insights, predictive modeling, and ROI quantification. 
3. AI enablement that ensures successful employee adoption: Playbooks, starter packs, templates, training toolkits, and hands-on enablement programs tailored to organizational maturity. This can also include upskilling, certifications, and end-to-end change management. 
4. Governance, security, and risk for enterprise AI: AI governance frameworks, risk monitoring, cybersecurity assessments, continuous agentic oversight, and compliance with ethical and regulatory standards. 

The Next Lever for PE Value Creation 

AI is not a plug-and-play solution; it’s a strategic capability that requires intentional investment, governance, and cultural alignment. For PE sponsors, holistic AI deployment is poised to become the next big lever for value creation, much like lean operations or shared services in past decades. 

The opportunity is clear: Sponsors who adopt responsible AI practices today will enjoy sustainable competitive advantage, stronger portfolio performance, and potentially higher exit multiples. 

Ready to take the next step? Contact CrossCountry Consulting today.  

Modern CFOs face unprecedented challenges as they lead organizations through digital transformation, growth initiatives, and complex regulatory landscapes. From accelerating the financial close process to managing risk and AI investments, the demands on financial executives have never been greater. Amid these pressures, organizations often overlook one of their most valuable strategic assets: operational accounting.

Operational Accounting Today

Operational accounting refers to the hands-on, day-to-day management of financial processes such as month-end, quarter-end, and year-end closes, as well as financial controls, reporting, and compliance. But today, operational accounting goes far beyond bookkeeping tasks. It integrates with corporate strategy and other functional areas to optimize processes, provide actionable insights, manage risks, and ultimately empower the Office of the CFO to focus on growth and innovation.

No longer just recording transactions and reconciling accounts, operational accounting has evolved into a strategic function that can drive efficiency, enhance decision-making, and enable competitive advantage when aligned with enterprise goals. An experienced operational accounting partner acts as an extension of companies’ finance teams, serving as a catalyst for transformation and delivering expertise to meet strict audit deadlines, implement new standards, and navigate periods of transition.

Leveraging advanced technologies like AI and automation, operational accounting professionals create an efficient foundation for controllership operations, special CFO projects, project management, systems implementations, and core accounting acceleration.

Overcoming Common Challenges in Finance and Accounting Operations

Operational accountants are uniquely positioned to address many of the key challenges CFOs face, including:

• Complex accounting standards and regulations: Keeping up with changing SEC, PCAOB, EU, and IFRS rules can strain existing processes and resources, leading to reporting errors and compliance risks. With deep backgrounds navigating these requirements, operational accountants serve as trusted advisors to executives, boards, audit partners, tax, legal, and compliance.
• Demand for data-driven decision-making: Organizations must move beyond reactive reporting to provide forward-looking insights that inform strategy, including predictive analytics, dynamic scenario planning, and transaction readiness. Operational accountants sit at the nexus of data and strategy and can help connect the dots between historical financial information and future planning, utilizing expertise in AI and automation tools and technologies.
• Inefficient financial processes: Inefficient workflows, manual tasks, and bottlenecks can stretch close times into weeks, limiting the finance function’s agility. By re-engineering and automating key workflows, operational accountants eliminate close fatigue and increase job satisfaction.
• Technology integration and AI adoption: Integrating new technology, including AI-enabled solutions, requires expertise to ensure smooth implementation and maximize ROI. With expertise in project management, human capital management, and SaaS platforms, operational accountants have the perspective and insights to support technology initiatives.
• Talent development: Upskilling financial staff to be data-savvy and AI-ready is crucial for maintaining efficiency and competitive advantage. As the accounting industry undergoes significant change, professionals with the greatest tech literacy can open up more career opportunities.

How an Operational Accounting Partner Adds Value

Partnering with an experienced operational accounting provider offers specialized benefits that empower the Office of the CFO:

1. Accelerated Financial Close Process

Best-in-class organizations complete the financial close in four days, while many companies take weeks. An operational accounting partner evaluates your current processes, identifies bottlenecks, and implements tailored solutions to streamline workflows and reduce the time-to-close. A faster close enables CFOs to access financial data sooner, empowering them to make timely, informed decisions.

2. Enhanced Reporting Accuracy

Operational accountants bring deep expertise in accounting principles and standards, ensuring compliance and accuracy in financial reporting. They work alongside your internal audit teams to prepare for smoother audits, reduce errors, and enhance credibility with stakeholders.

3. Optimization Through Technology

By leveraging AI and automation, operational accounting professionals eliminate manual errors and inefficiencies, freeing up resources for higher-value tasks. For example:

• AI tools can reduce data entry during the close process. As the market for accounting AI technology is expected to reach $37 billion by 2030 (up from $6 billion in 2025), a partner that integrates AI with accounting keeps finance teams ahead of the curve.
• Advanced analytics platforms provide real-time insights that enable proactive decision-making.

Common accounting-specific tools include Sage Intacct and FloQast.

4. Integrated Financial Functions

The modern operational accountant provides more than just controllership services. They seamlessly integrate across FP&A, systems, procurement, and transformation initiatives to create cohesion within the finance function. This holistic approach ensures that operational goals align with enterprise-wide objectives.

5. Strategic Partnership

An operational accounting partner doesn’t just execute tasks; they provide strategic guidance to help financial leaders achieve their broader objectives, from IPO readiness to M&A activities. By acting as a trusted advisor, they enable CFOs to focus on long-term enterprise value.

Expertise That Makes the Difference

Not all operational accounting providers are created equal. The right partner will bring a combination of technical skills, industry experience, and strategic insights to the table. Here’s what to look for:

• Comprehensive expertise: Professionals with CPA qualifications or equivalent credentials ensure compliance with rigorous reporting standards. Their experience spans industries and business scenarios, making them adaptable to various challenges. With 75% of CPAs nearing retirement age, an accounting partner that can still staff and train high-quality public accountants is critical.
• Proven track record: Operational accountants with hands-on experience in controllership, audit readiness, and ERP implementations are better equipped to drive efficiency and accuracy.
• Holistic approach: Look for a partner with knowledge in technical accounting, FP&A, AI implementations, and data integration. This ensures they can lead cross-functional initiatives and create value in more ways than one.
• Focus on transformation: Best-in-class operational accountants go beyond managing processes. They identify areas for improvement, implement technology solutions, and develop your team’s skills to future-proof your organization.

Building Operational Accounting Excellence

Ready to experience the benefits of operational accounting at its best? For expert operational accounting support, contact CrossCountry Consulting to get started.

When external auditors discover control deficiencies, especially those that rise to the level of a significant deficiency or material weakness, the remediation process can quickly tie up substantial internal resources public and private companies often lack. Persistent accounting and audit staffing shortages in the last three years have compounded the matter further.  

If there’s no one (or no team) on the bench with the required skills and capacity to make remediation their top priority or even full-time job, what’s the next step? 

To navigate the maze of remediation efficiently, management should look to strategic audit advisors capable of: 

• Filling gaps immediately as a flexible extension of management. 
• Leveraging deep technical expertise and technology solutions free of conflict. 
• Structuring remediation efforts around proven program management methodologies and frameworks. 
• Designing strategies to solve near-term issues while simultaneously establishing proactive best practices and audit-readiness infrastructure for use in every future audit cycle. 
• Aligning cultures of all parties engaged in the audit process to promote seamless execution, productive collaboration, and ultimate confidence in the results. 

A World of Difference: Audit Support That Frees Up Key Staff for Value-Add Activities 

Remediation will stretch internal capacity, prompt the reallocation of resources, and force management to make difficult decisions on whether to delay or abandon core business objectives. In fact, 71% of organizations believe they don’t have the talent or bandwidth to manage emerging risks – when an audit identifies deficiencies that need urgent attention, this gap will widen further. 

Plus, the Public Company Accounting Oversight Board (PCAOB) notes that companies typically take 6-18 months to fully address a material weakness. That’s valuable time companies will never get back. 

Will the months or yearslong remediation effort overlap with enterprise digital transformation programs, systems implementations (AI, ERP, etc.), complex transactions (IPO, M&A, etc.), or expansion into new markets? These high-value initiatives are vital to current/future growth and competitive advantage – and will themselves take years of work and investment to orchestrate. 

Balancing these activities with the regulatory and investor demands resulting from an audit report represents a serious fork in the road for even the largest enterprises at a time when PCAOB-identified deficiencies are on the rise.  

There’s a real opportunity cost involved with how these concurrent efforts are shepherded – not to mention the total “true” cost on the balance sheet.  

Beyond Root Cause Analysis: An Audit Liaison 

Material weaknesses rarely stem from a single, isolated issue. They often involve intricate interdependencies between processes, people, systems, and data. Identifying the root cause of each deficiency is time-consuming and requires a meticulous, well-trained team. 

CrossCountry Consulting, a strategic audit advisor with extensive Big 4 audit experience, can manage all aspects of an audit, including remediation of deficiencies, significant deficiencies, and material weaknesses. This work entails: 

• Total immersion in the issue, including a full understanding of the root cause of the deficiency. 
• Defining a clear path to remediation as urgently and effectively as possible, including preparation of all necessary documentation. 
• Training internal staff on what to look for, avoid, and better understand in future remediation efforts. 
• Auditor communications, including responding to auditor questions and inquiries. 
• Executive reporting of issues, remediation progress, results, and opportunities, including board and audit committee communications. 
• Other operational enhancements, including automation, technology systems deployment, or process re-design, within Finance, Accounting, IT, and Risk functions. 

Audit support tackles all the issues dropped in the lap of management and impacted stakeholders without sacrificing critical ongoing initiatives outside of the audit process. 

That means: 

• Devoting full-time focus to the remediation without unnecessarily distracting internal staff with complex requests. 
• Propelling forward momentum daily so remediation is wrapped up on time and on budget. 
• Reducing staff burnout and low morale during a high-pressure period. 
• Removing information silos within the organization, which generates enduring downstream benefits even after remediation. 

Audit Impact Where It Counts 

As much as companies, auditors, regulators, and investors would appreciate remediation being a one-and-done housecleaning, the truth is that remediating deficiencies is often a multi-year process. A strategic audit advisor can assist management in architecting a control environment that prevents recurring issues and anticipates future risks, in addition to realizing long-term cost savings that avoids increased audit fees, regulatory sanctions, and loss of investor trust. 

As a firm built with Big 4 pedigree, CrossCountry Consulting’s audit-readiness specialists speak the language of auditors and take the burden off management teams. We drive value at all points in the process, with the ability to get involved before, during, or after an audit – wherever support is needed, our team plugs in. 

To get started on your remediation journey, contact CrossCountry Consulting. 

An integral component of the divestiture process is the Transition Services Agreement (TSA). A well-crafted TSA can make the difference between a seamless transition and a chaotic handover. Explore how to minimize operational risks and business disruptions during the transition while maximizing deal value.

Understanding the TSA

A Transition Services Agreement is a contract between the buyer and the seller (or divesting parent, RemainCo, and the new organization, NewCo, in the case of a spin-off), where RemainCo agrees to provide certain services to NewCo for a specified period post-divestiture. In some cases, although less common, NewCo will agree to provide services back to RemainCo for a period of time, called a Reverse TSA.

Common services in TSAs include IT infrastructure and systems support, access to historical data, system cutover assistance, HR and people services, and finance and accounting assistance. Whether due to accelerated deal timelines or strategic priorities while executing the separation, an effective TSA ensures business continuity while NewCo establishes its own capabilities and/or successfully integrates into a buyer’s operations.

Key Elements of a TSA

1. Scope of services: Clearly define the services to be provided. This includes detailed descriptions of the service, expected outcomes, and any specific service requirements. Ambiguity in service descriptions can lead to misunderstandings and disputes, so precision is crucial.
2. Duration: Specify the duration for which services will be provided. This period should be realistic, giving NewCo enough time to set up its own processes and systems while being reasonable and minimizing undue pressure on RemainCo’s ongoing business operations. A process for service extensions and/or early terminations should also be addressed in the TSA. It’s critically important to consider divestiture tax goals when contemplating service durations, as the IRS considers TSA services in its tax treatment rulings.
3. Service levels: Establish clear service level agreements (SLAs) to set expectations for performance. This includes reasonable response and resolution timelines as well as quality standards. Well-documented SLAs ensure the services provided meet the service recipient’s needs and minimize potential conflicts.
4. Exit criteria: Include language on what “completes” the required service and an understanding of the service recipient’s plan to exit. A clear understanding of how the TSA is ultimately satisfied will ensure both parties are aligned on expectations post-close. Termination clauses may also be relevant to define conditions of early termination of the service, contemplating scenarios such as breach of contract, changes in business circumstances, or mutual agreement.
5. Pricing and payment terms: Outline the cost of services and the expected invoice and payment schedules. Consider the costs associated with providing the service, the headcount required to deliver on the service, and any recurring or ongoing charges associated with technology or other infrastructure required to support the service. Companies should also contemplate whether penalties for late payments or escalating pricing are appropriate; transparency in pricing helps avoid financial disputes.
6. Confidentiality and data security: Address how confidential information and data will be handled. This includes data protection measures, access controls, and protocols for data transfer. Ensuring data security is paramount, especially when dealing with sensitive business information.
7. Governance and management: Define the governance structure for managing the TSA. This includes appointing key contacts, determining individual service owners from both parties, and establishing a schedule to review the execution of the TSA and resolve issues after launch. An effective governance model ensures that both parties remain aligned and conflicts are resolved promptly.

Best Practices for Crafting a TSA

• Define TSA strategy early: An upfront expectation of a company’s approach to TSAs will aid in decisions around operational readiness and set the stage for day 1. Does the organization wish to minimize continuing commitments and services and avoid TSAs? Then additional work pre-deal is required to accelerate stand-alone operations and/or immediate day 1 integration plans. Alternatively, will the organizations accept more services provided through the TSAs, allowing for a quicker deal timeline but likely creating a longer timeline to separation and/or integration? 
• Conduct thorough due diligence: Understand NewCo’s needs and RemainCo’s capabilities to align on a TSA that’s realistic and achievable. Involving key stakeholders across functions early and leveraging their expertise is invaluable in identifying critical services. Subject matter experts can help simplify potential complexities and challenges that, with proper planning, can be solved.
• Consider impact of Bi-Lateral or Reverse TSAs: While most TSA services are typically provided by RemainCo, there may be situations in which key personnel or technologies are part of, or go with, the divested business.  RemainCo must plan and schedule the definition of its service needs to avoid disruption to existing business processes.
• Remember atypical or irregular services: Some TSAs will be required to deal with activities that occur on irregular or infrequent schedules. Examples like rebates, benefits or expense reimbursements, and tax or audit services fees are important to capture, although they may not occur as frequently as recurring processes. 
• Coordinate with the pro forma financials process: Arrangements under the TSA are often a component of NewCo’s autonomous entity adjustments in the pro forma financial statements. To ensure the accuracy of amounts disclosed in pro formas, close collaboration is required by finance, accounting, and investor relations during the TSA process.
• TSA processing and management: A TSA will require a new process to manage execution and billing related to the defined services. Evaluate both organizations’ ability to perform the services and meet the SLAs. How will you measure expectations, collect costs, establish a process to bill for the services rendered, and assess service winddown progression?

Delivering Value in the Deal and Beyond

Alignment of all impacted parties during a divestiture creates the conditions for a smooth transition, faster time-to-value, and reduced risk. TSAs lay an important foundation for post-divestiture success and should be supported with strategic planning, clear communication, and ongoing collaboration.

CrossCountry Consulting aids organizations across the deal lifecycle and helps drive toward maximize exit value. Contact us today for expert support in your next transactions.

 

As the Cybersecurity Risk leader for CrossCountry Consulting and a longtime Chief Information Security Officer (CISO) advisor at a leading consulting firm, I’ve witnessed firsthand how the digital threat landscape has fundamentally transformed the way private equity firms approach investments and portfolio management. The stakes have never been higher: cyberattacks now routinely target PE funds and their portfolio companies, seeking to exploit vulnerabilities for financial gain, corporate espionage, or simple disruption.

Now more than ever, cyber threat evaluation and cyber diligence are not just prudent best practices – they’re cornerstones for PE success.

The Evolving Threat Landscape for Private Equity

PE firms and their portfolio companies are uniquely attractive targets for cyber adversaries. Attackers know that PE-backed organizations often undergo rapid change – acquisitions, integrations, and divestitures – which can create security gaps. The sensitive nature of deal data, intellectual property, and personal information handled by PE firms only increases the risk.

Moreover, attackers are increasingly sophisticated. Ransomware gangs, nation-state actors, and organized cybercriminals all recognize the potential payoff of breaching a PE firm or its portfolio. The interconnectedness of today’s business ecosystems means a compromise in one company can quickly cascade across the entire portfolio.

Why Cyber Diligence Must Be Integral to M&A

Cyber diligence is the process of rigorously assessing a target’s cyber risk profile during M&A. This capability is now a non-negotiable element of any deal. As a CISO advising PE clients, I’ve seen deals derailed or dramatically repriced due to undisclosed breaches, regulatory non-compliance, or the discovery of systemic vulnerabilities during diligence.

Critical Reasons Why Cyber Diligence Is Vital During M&A

• Valuation accuracy: Hidden cyber risks can significantly erode a company’s true value. Unaddressed vulnerabilities or a history of past breaches may lead to extensive remediation costs and regulatory fines, which was the case when Yahoo’s purchase price famously fell by $350 million after it failed to disclose two cyberattacks to its acquirer, Verizon.
• Regulatory compliance: Evolving regulations, such as SEC rules and global data privacy laws, mean acquirers could inherit serious liabilities if diligence is superficial.
• Operational continuity: Overlooked cyber weaknesses can derail business operations after acquisition, delaying integrations or tarnishing reputations.
• Exit strategy: Buyers in secondary transactions increasingly scrutinize cyber posture. A comprehensive cyber program can mitigate risk and enhance a portfolio’s attractiveness during secondary transactions.

What Comprehensive Cyber Diligence Looks Like

CrossCountry Consulting’s approach to cyber diligence is holistic and risk-driven. We move beyond basic checklist assessments to deliver actionable insights that inform investment decisions and post-close planning.

• Threat landscape assessment: Gain an in-depth understanding of sector-specific threats and recent attack trends relevant to the target.
• Technical vulnerability scanning: Leverage best-in-class tools (e.g., Tenable, Rapid7) to identify weaknesses in infrastructure, applications, and endpoints.
• Policy and governance review: Assess the maturity of cybersecurity governance, incident response planning, and regulatory compliance frameworks.
• Third-party risk evaluation: Scrutinize the exposure stemming from key suppliers and partners, which are often the weakest link in any security chain.
• Historical incident review: Examine prior breaches, the effectiveness of responses, and lessons learned.
• Remediation roadmap: Quantify the cost, timeline, and complexity associated with closing identified gaps, information that is crucial for both negotiation and integration.

Ongoing Cyber Risk Management: Beyond the Deal

Cyber diligence is not a one-time activity. The threat environment continues to evolve as portfolio companies grow, digitize, and adopt advanced technologies. Leading PE firms now require continuous cyber risk management across their portfolios.

Core Elements of Effective Portfolio Cybersecurity

• Baseline security controls: Adoption of enterprise-grade controls, such as multi-factor authentication, endpoint detection and response, and data loss prevention, is standard practice.
• Centralized monitoring: Dashboards and managed services provide real-time visibility over the cyber health of portfolio companies.
• Incident response readiness: Develop and test incident response plans to ensure rapid and coordinated action in the event of an attack.
• Ongoing training: Given that human error remains a leading cause of breaches, security awareness programs (e.g., KnowBe4) are an indispensable component of risk reduction across the portfolio.
• Regulatory and compliance tracking: Staying on top of global regulations is vital to avoiding fines, sanctions, and reputational damage. Tools like OneTrust help automate privacy and compliance management.

The Business Case for Proactive Cyber Risk Management

Embedding cyber diligence and ongoing risk management into PE operations yields undeniable benefits:

• Value preservation: Preventing catastrophic breaches preserves investment value, avoids costly remediation, and ensures operational continuity.
• Competitive advantage: Demonstrating a robust cyber program differentiates firms during deal sourcing and creates value at exit.
• Regulatory confidence: Proactive compliance instills confidence among regulators and reduces the risk of fines, sanctions, and reputational damage.
• Investor assurance: Limited partners (LPs) are increasingly demanding greater transparency and demonstrable assurance around cyber risk management.

Case Study: Turning Cyber Risk into Portfolio Value

A PE client responsible for a global portfolio of mid-market companies faced recurrent ransomware attacks that threatened operations and company valuations. By instituting a centralized cyber risk management program combining technical controls, continuous monitoring, and incident response readiness, they not only reduced the frequency and impact of incidents but also enhanced the attractiveness of their portfolio to future buyers. This case underscores that proactive cyber risk management is not just about damage control – it’s a robust value-creation strategy.

Recommendations for PE Leaders

Drawing on decades of experience as a CISO and cyber advisor, my advice to PE  leaders is clear:

• Make cyber diligence mandatory: Integrate cyber risk assessment into every stage of the M&A process.
• Standardize security across the portfolio: Establish and enforce minimum security standards for all portfolio companies.
• Invest in talent and technology: Leverage top-tier cybersecurity tools and collaborate with experienced consultants who understand the nuances of the PE landscape.
• Foster a culture of cyber awareness: Regular training and executive engagement are essential to maintain vigilance.
• Prepare for the inevitable: Assume incidents will occur; readiness and rapid response are your best defenses.

Cyber Resilience as a Strategic Imperative

PE firms that integrate cybersecurity throughout their investment lifecycle will be best positioned to protect and grow value, satisfy regulators and investors, and forge resilient, future-ready portfolios.  As cyber professionals, our role is to help PE firms use cybersecurity as a lever for growth rather than just a shield against threats.

If you’re a PE leader seeking to strengthen your approach to cyber risk, now is the time to act. With the right strategy, partners, and a commitment to continuous improvement, cyber risk can be managed – and even harnessed – to drive lasting value creation. Contact CrossCountry Consulting to get started.

Divestitures and demergers are complex transformations that require more than just financial and operational restructuring. A successful separation strategy includes plans to effectively manage employee entanglements, including considerations for the interconnected contracts, roles, responsibilities, and compensation structures that link employees between the existing organization (RemainCo) and the newly formed entity (NewCo).

What Are Employee Entanglements?

Employee entanglements occur when workforce responsibilities, reporting lines, compensation structures, or operational dependencies are not fully separable between RemainCo and NewCo. Employee entanglements can create complexity across any deal size. Consider:

• Cross-functional roles: Employees who support multiple business lines may have unclear responsibilities in NewCo or RemainCo.
• Compensation and benefits complexities: During separation, salary structures, incentive plans, equity programs, and benefits must be carefully considered and aligned where possible to keep employees whole.
• Legal and regulatory dependencies: Employees in different jurisdictions may require specific entity structures, corporate sponsorship, visas, or other third-party employment solutions when their employer is changing.
• Retention and operational risks: Either RemainCo or NewCo could lose key talent that supports their organization in the current state. “Stranded work” (unassigned business-critical responsibilities) or “stranded cost” (retaining employees no longer essential to the business) can increase separation challenges.

Failure to proactively address entanglements can lead to employee attrition, business disruption, financial misalignment, and regulatory non-compliance, jeopardizing the success of the transition.

Key Considerations for Managing Employee Entanglements

1. Lead With Legal and Regulatory Compliance

Divestitures and demergers often involve employees working across multiple jurisdictions, each with distinct legal requirements. Organizations must:

• Ensure compliance with local employment laws: Review contracts, severance obligations, and work council requirements in each geography.
• Evaluate legal entity needs: Determine whether NewCo requires new legal entities or if third-party Employer of Record (EoR) or Professional Employer Organization (PEO) solutions can reduce complexity and cost.
• Address cross-border regulatory challenges: Navigate visa sponsorships, tax implications, and payroll compliance.

2. Create a Plan for Change Management and Communications

Employee uncertainty is one of the biggest stressors during workforce transition. Poor communication can lead to change resistance, disengagement, and attrition. A well-managed employee transition should include:

• A structured communication plan to provide employees with clear, consistent, and transparent updates on their roles, benefits, and timelines.
• Aligned messaging from leadership and HR teams to deliver a unified story and address employee concerns proactively.
• An understanding of cultural expectations and implications, especially in cross-border transactions where employment expectations and corporate values may differ.

3. Focus on Talent Retention and Workforce Transition Planning

Divestitures often create talent uncertainty, making it crucial to retain key employees and ensure workforce continuity for both RemainCo and NewCo. When navigating a divestiture, organizations should:

• Identify and secure mission-critical employees early (through retention incentives, where needed) by mapping workforce needs against business objectives.
• Develop structured transition and knowledge transfer plans to prevent gaps in leadership, expertise, or operations.
• Mitigate the risk of stranded work and stranded costs by regular reviews of key business processes, ensuring RemainCo is not left with operational shortfalls due to unexpected gaps in human capital.

4. Ensure Compensation and Total Rewards Alignment

Any misalignment in benefits and compensation structures can create legal or compliance risks, increase the risk of retention challenges, and impact overall company culture. Organizations should aim to:

• Analyze total compensation packages, including salary structures, bonuses, and equity programs, to ensure employees remain whole post-separation.
• Review and harmonize benefits programs and offerings across healthcare, retirement, allowances, and leave policies to prevent employees from losing core benefits, wherever possible.
• Develop an accurate, standalone financial budget that accounts for total rewards transition costs and ensures NewCo has a sustainable compensation and benefits model.

5. Program Management and Day 1 Readiness

Ensuring operational stability on Day 1 requires meticulous planning, execution, and risk management through project planning and governance. An effective program management office will:

• Establish a regular governance cadence and mechanism for tracking workforce transitions, mitigating employee risks, and managing dependencies across the organization.
• Ensure operational continuity for both RemainCo and NewCo by preventing disruptions in HR, payroll, IT, tax, and finance by increasing cross-functional collaboration.
• Capture lessons learned to refine best practices for future organizational changes.

Ready for a Divestiture or Demerger?

CrossCountry Consulting is a trusted advisor and divestiture execution partner with deep expertise in workforce transition planning, program management, and change leadership. Resolve employee entanglements with minimal disruption by navigating workforce separations, ensuring Day 1 operational readiness, transitioning talent, and prioritizing organizational stability. Contact CrossCountry Consulting to get started.

Enterprise Resource Planning (ERP) implementations promise significant operational improvements and better decisions, yet research reveals a stark reality: 75% fail to stay on schedule or within budget, and two-thirds deliver negative ROI. The reasons are rarely technical. They’re usually design and governance issues that surface late because of a fundamental oversight in how organizations approach complex implementations. 

One root cause lies in neglecting risk and control during the implementation phase. While system integrators focus on technical deployment and meeting go-live deadlines, critical elements like risk mitigation, internal controls, and compliance frameworks often take a back seat. The result is costly rework, inefficient manual processes, and audit challenges that can undermine the business case for the system. 

A successful ERP implementation treats controls as design requirements, not afterthoughts. When you integrate risk management and control frameworks from day one, you lower total cost, reduce audit pain, and accelerate value realization. 

The Hidden Pitfalls That Stall ERP ROI 

Leading With Technology 

When IT configures the system without a clear link to business objectives, you end up with a technically sound platform that may not match how the business operates. This disconnect leads to costly post-implementation modifications, extended timelines, or users working around the system. Misaligned requirements are one of the most common failure drivers. 

Insufficient Upfront Focus on Risk and Control 

Many teams defer risk, control, and compliance requirements to post-design. Instead of embedding them into the system, they’re handled reactively, often through manual detective controls and late-stage fixes. This reactive approach adds unnecessary cost and compliance burden.     

Change Management Limitations 

Underestimating the importance of effective change management is a major reason ERP implementations fail. It’s more than training and communication. It requires clear ownership and defined handoffs so that people, processes, and technology stay aligned. Assign a process owner and a control owner for each key process, with handoffs documented in the runbook. 

Strategic Advantages of Early Risk and Control Integration 

Lower Cost of Compliance 

Identifying risks early prevents costly remediation later. When controls are designed alongside system configuration, they become seamless parts of daily operations instead of bolt-ons. With effective IT general controls, automated and preventive checks built into the workflow are far less expensive to operate than manual detective steps added after go-live.    

Less Audit Friction 

Teams that integrate risk and control from the start demonstrate greater audit readiness. A documented control framework embedded in business processes leads to faster, smoother audits and fewer findings. It also builds confidence with leadership and stakeholders. 

Scalable Control Architecture 

Modern ERP systems support global operations with complex structures. Control frameworks designed during implementation can scale as the organization grows, supporting future expansions, acquisitions, and regulatory changes without major redesign. 

How to Integrate Risk and Control Early 

Early Implementation Priorities 

1. Define process outcomes. For each key process, set measurable goals (for example, 98% three-way match compliance). 
2. Map risks to controls. Identify potential process risks and start defining automated, preventive controls where practical. 
3. Design roles and segregation of duties (SoD) early. Build a role catalog and SoD rulebook before user provisioning. 
4. Include control validation in testing. Test both business outcomes and control functionality during UAT. 
5. Treat data migration as a control activity. Define ownership, reconciliation rules, and sign-offs for all data loads. 

Quick examples: 

• Configure three-way match tolerances at purchase order approval, not after invoice posting. 
• Design user roles with least-privilege access and run SoD analysis on both roles and users before go-live. 

An Integrated Risk and Control Approach to ERP Success 

Strong implementations address organizational, process, risk, and data needs alongside technical ones. A capable risk and control partner brings process, security, data, and compliance expertise together, and holds themselves accountable to measurable KPIs such as: 

• Automated control coverage. 
• Preventive control coverage. 
• SoD conflicts at go-live. 
• Control pass rate.   

Achieving these outcomes requires more than a checklist. It takes a team with the right blend of process, technology, and control expertise working in sync. The partner you choose should combine deep functional knowledge with technical and compliance strength. 

Cross-Functional Expertise 

• Regulatory environment: Deep knowledge of SOX and other regulations that apply to your business.  
• Technology, data, and security: Hands-on experience with integrations, data migration, cybersecurity, privacy, and governance. 
• Program and change management: Clarity on dependencies and decision impacts that affect adoption. 
• IT general controls: A solid foundation in identity and access management and change control. 
• Functional business perspective: Real experience in core business processes like Record-to-Report, Order-to-Cash, and Source-to-Pay. 

A well-rounded team with these capabilities can guide the program from design through stabilization, maintaining control integrity and business alignment through every phase of the implementation. 

Transforming Risk into Strategic Advantage 

Early investment in risk and control integration pays off throughout the system’s life. Making risk and control a core part of your implementation strategy ensures compliance, strengthens governance, and helps your ERP deliver on its promise. 

To get started, contact CrossCountry Consulting. 

The 2025 overhaul of the Global Internal Audit Standards (GIAS) provides far more than a checklist for compliance. It offers a framework for internal audit leaders to set strategy, govern their functions, and deliver measurable value.

The Standards emphasize purpose, ethics, independence, governance, management, and performance – but more importantly, they invite internal audit teams to move beyond compliance and demonstrate how assurance can accelerate risk responsiveness, enhance stakeholder trust, and integrate with enterprise value creation. These expectations coincide with rapid advances in technology and AI, creating both the requirement and means for internal audit to modernize.

AI’s Expanding Role

AI has fundamentally shifted how internal audit, risk, and compliance leaders strategize, prioritize, and operate. Rather than a bolt-on tool, AI now informs risk sensing, testing depth, reporting speed, and continuous improvement, forcing a redesign of operating models, talent mix, and assurance approaches.

Yet adopting AI alone is not enough; success depends on embedding these tools within a strategy anchored to leading professional practices and the Standards themselves. This requires a quality management system, supported by enabling technologies such as GRC platforms and AI. Equally important is connecting those capabilities to integrated risk management and a broader model of organizational assurance, positioning internal audit as a coordinated partner across the enterprise rather than a siloed reviewer. This begins with the foundation – modernizing internal audit’s mandate, strategy, and governance structures.

Modernizing Strategy

Internal audit teams are updating policies, charters, and escalation protocols to align with new expectations around independence, oversight, and risk tolerance. The Standards require clear documentation of the audit mandate and formal acknowledgement of the CAE’s reporting line to the board. And, many organizations are digitizing these policy updates through AI-enabled technologies that promote real-time escalation and greater transparency in how internal audit responds to fast-evolving threats.

The Standards also call for a published internal audit strategy (Principle 9.2), linking assurance priorities directly to enterprise objectives. Leading functions are formalizing this process by building audit strategies that not only reflect the organization’s risk appetite but also demonstrate how internal audit optimizes its resource model, integrates with other assurance providers, embeds feedback loops, and strengthens stakeholder relationships.

Dashboards, AI-driven analytics, and real-time engagement tools are increasingly common mechanisms to ensure this alignment. Some strategies now explicitly reference enabling technologies, including AI, as part of how internal audit sustains agility, transparency, and responsiveness. But strategies only gain credibility when paired with robust quality systems.

Quality and Continuous Improvement

At the heart of the new framework is the requirement for a Quality Assurance and Improvement Program (QAIP). This program is not just a periodic exercise; it must operate as a system, incorporating ongoing monitoring, periodic self-assessments, and a 5-year external quality assessment cycle. The Standards emphasize transparency, requiring boards to receive regular reporting on quality results, remediation actions, and continuous improvement initiatives.

In practice, technology and AI are redefining quality by standardizing execution, surfacing exceptions earlier, and shortening review cycles. Functions are adopting workflow tools such as AuditBoard and Workiva to standardize workpapers, automate documentation, and accelerate reviews. Some are deploying AI agents for routine audits, continuous monitoring, and anomaly detection – not replacing judgment, but freeing human auditors to focus on higher-risk and more judgment-intensive areas.

Over time, these tools also support the maturity journey outlined in the Standards: moving from “Initial/Reactive” practices to “Optimizing/Strategic Value” functions that contribute directly to organizational success.

Advancing Internal Audit Maturity

The GIAS outlines a path for how internal audit functions evolve in maturity – from ad-hoc activities to fully optimized, AI-enabled value creators. This model illustrates the progression and provides leaders with a tool to assess where they stand today and what capabilities are needed in the future.

Internal audit leaders can use this model as both a diagnostic and a roadmap for transformation. And as functions progress along this maturity journey, transparent and timely communication with the board becomes essential.

Reporting, Transparency, and Board Communication

The Standards also raise expectations for how internal audit communicates with boards. Reporting is no longer about delivering static documents. Instead, audit leaders are adopting dynamic, digital-first approaches:

• Dashboards that consolidate findings, remediation status, and value metrics in real time.
• Generative AI tools to prepare draft summaries, automate trend analyses, and shorten reporting cycles.
• Scorecards to highlight risk coverage, issue aging, closure velocity, and stakeholder feedback.

Boards gain not only visibility into issues but also confidence in how internal audit drives accountability. Independence remains paramount: While AI accelerates analysis, conclusions must always be owned and signed off by human auditors. Alongside improved reporting, the Standards expand what must be reported on through the introduction of Topical Requirements.

Topical Requirements as Strategic Inputs

One of the most significant evolutions in the Standards is the addition of Topical Requirements. These are mandatory when a subject is part of the audit plan, identified during fieldwork, or requested ad hoc by management or the board. Internal auditors must not only assess applicability but also document the rationale for excluding a requirement.

This approach ensures consistent, high-quality coverage of critical themes such as cybersecurity, third-party risk, organizational culture, and business resiliency. For example, the Cybersecurity Topical Requirement – effective February 5, 2026 – provides structured evaluation criteria and aligns directly with frameworks such as NIST and COBIT. By embedding these requirements into the audit plan, CAEs can show their function’s relevance to the most pressing organizational risks.

Meeting these new requirements at scale depends on technology and, increasingly, AI.

Technology and AI as Enablers

Innovation is an explicit objective of the GIAS. The Standards encourage internal audit functions to maximize the use of technology, enhance coordination, and expand value delivery. Teams are increasingly leveraging GRC platforms to automate workflow, manage documentation, and centralize assurance provider inputs.

AI is rapidly becoming indispensable. Advanced analytics expands scope through full-population testing and anomaly detection, and predictive models allow proactive risk identification. Generative AI, meanwhile, is being used to automate documentation, accelerate draft reporting, and benchmark continuous improvement efforts. These technologies must be governed within the same principles of objectivity, competence, and confidentiality that underpin the Standards. Many organizations are already aligning their AI programs with external frameworks such as the NIST AI Risk Management Framework to safeguard against bias and preserve independence.

With these opportunities come risks, making governance and guardrails essential.

AI Guardrails for Quality and Independence

As AI becomes embedded in audit processes, clear safeguards are essential to preserve independence, transparency, and trust. Leading functions are putting the following controls in place:

Of all the guardrails, the most critical are people themselves – supported by skills development and collaboration.

People, Skills, and Collaboration

Another critical dimension of strategy is people. The Standards require that internal audit functions demonstrate adequate financial, human, and technology resources. Forward-thinking functions are using competency frameworks tied to the Standards, with training delivered through platforms like Workday and tracked through formal attestations. AI is also being used to identify skill gaps, optimize staff deployment, and match resources to complex audits.

Collaboration with other assurance providers is a key component of the new framework. Cross-functional teams are increasingly using shared GRC platforms to streamline communication, coordinate findings escalation, and avoid duplication. This integration reinforces the value of internal audit not just as an independent assurance provider but as a strategic partner in enterprise risk management.

Together, strategy, quality, technology, and people move internal audit beyond conformance into a true value driver.

From Conformance to Value

The new Global Internal Audit Standards set a higher bar, but they also provide a clear roadmap. Audit leaders who act now are realizing measurable benefits:

• Accelerated QA cycles and earlier risk detection.
• Deeper insights enabled by analytics and AI-driven monitoring.
• Meaningful continuous improvement metrics that strengthen the QAIP.
• Real-time board communication through dashboards and interactive reports.

The next era of internal audit will be defined not just by compliance, but by how effectively these elements – strategy, quality, technology, and people – come together to drive resilience and enterprise value. Ready to transform your internal audit function in the age of AI? Contact CrossCountry Consulting to get started.

How different could audit life be if you had the resources to move a significant amount of audit effort from January and February 2026 up to October or November this year instead? 

Suddenly, you can: 

• Allocate time to socialize critical accounting conclusions with various impacted parties, allowing them to consider audit’s impact on planning and budgeting cycles. 
• Manage workloads, burnout, and stress that often occur in Q1. 
• Improve the quality of deliverables and drive audit efficiencies. 
• Reduce last-minute surprises and create capacity to collaboratively work through issues. 

As is the case every year, the year-end audit process presents significant challenges and resource demands for companies and their auditors. That’s why it’s critical to proactively address certain accounting tasks during the interim period. So how do you make this a reality? 

Why Now? Key Interim Activities for Maximum Audit Value and Time Savings 

Management may not have the bandwidth to frontload audit work. But the challenge grows more pronounced the longer they wait. The sooner auditors can start their work, the better the outcome for all parties: public and private companies, auditors, regulators, and strategic audit advisors that may be introduced to the project. 

By taking a “help us help you” approach to interim accounting activities, management teams can generate more lift and value at this point in the audit cycle. Four functions in particular are critical to making this happen: Controllership, FP&A, Internal Audit, and IT. 

Get started on: 

1. Goodwill Impairment: Assess goodwill, identify potential impairment indicators, and gather necessary documentation. 
2. Long-Lived Asset Impairment: Evaluate the value of long-lived assets and conduct impairment testing. 
3. Acquisitions: Address post-acquisition accounting considerations, including purchase price allocation, intangible asset valuation, and revenue recognition. 
4. Internal Controls: Review and strengthen internal controls to ensure accurate financial reporting, especially if changes to control strategy were recently implemented. The evaluation of material weaknesses or significant deficiencies can also occur as they’re identified rather than letting them pile up. 
5. Going Concern: Assess the company’s ability to continue operations and address any potential concerns, especially those that may push out filing dates. Testing of projected financial information used in the going concern analysis is getting more and more attention from auditors and the Public Company Accounting Oversight Board (PCAOB). 
6. Financial Reporting: Begin drafting disclosures and pro-forma financial statements (Form 10-K). 
7. Third-Party Valuation Experts: Engage valuation experts in advance to avoid delays, lock in the scope, document rationale for any anticipated changes in methodology, and ensure timely completion of valuations. 
8. Projected Financial Information (PFI): Scrutinize PFI used for valuations and impairment testing to ensure its reasonableness. When the PFI is overly optimistic, it’s helpful to “sensitize down” starting in Q3. 
9. Technology: Ensure accounting systems and data extraction processes are efficient and compatible with audit requirements. The cleaner and more accessible the data is now, the faster the audit process. Be particularly careful with AI deployments across the firm, as auditors must be able to understand explainability, traceability, and audit implications of companies using AI systems.
10. Financial Statement Close Process: Improve the quality of account reconciliations and analysis (common auditor-identified pain points) now since close capabilities are a routine issue. 

The cascading effects of an intense audit period can negatively impact operational accounting, FP&A, and other key finance cycles, which will need to be considered and guarded against ahead of time. By accelerating the above activities – either in total or individually – management can get ahead of the audit curve, enhance their ongoing ability to meet audit responsibilities, and spare other teams from being pulled into fire drills. 

Practical Tips for Implementing an Interim Focus 

Management teams and their advisors can help streamline and advance interim accounting by: 

• Establishing a dedicated interim review process or governance structure to maintain a coherent approach to the pre-audit period. 
• Assigning resources to specific accounting areas, with process owners and milestones guiding progress. 
• Developing checklists and templates for efficient data gathering to free-up staff from manual compilation work. 
• Leveraging technology such as Oracle, NetSuite, SAP, or another ERP of record for more effective reporting, data analysis, and automation. 
• Fostering collaboration between accounting and other departments to facilitate information-sharing and accountability. 
• Creating AI risk management and governance documentation around the company’s use of AI systems within key functions like accounting. 

CrossCountry Consulting’s audit specialists speak the language of auditors and take the burden off management teams by driving value at all points in the process before, during, or after an audit – wherever support is needed, we plug in.     

To maximize your interim audit period, contact CrossCountry Consulting. 

Are you confident you know where your employees are using AI? If you answered yes, you’re likely wrong – and that overconfidence could expose your firm to unprecedented audit risk. 

AI in accounting, financial reporting, operations, HR, and legal is happening faster than most management teams and auditors realize. Consider: Agentic AI use in finance is projected to increase 6X in the next year; AI in recruitment is up nearly 500% since 2023; and 96% of legal professionals are using AI daily. 

While leadership focuses on traditional risk areas, staff have been deploying AI solutions across critical processes, from accounts payable (AP) and contracts to revenue recognition and technical accounting. The problem isn’t just that they’re using AI – it’s that they’re often doing it without proper governance and audit awareness, likely rapidly increasing risk in numerous areas of the business. 

The Hidden AI Adoption Crisis 

Companies are increasingly implementing AI solutions in areas that directly impact financial statements, yet auditors remain largely unaware of these implementations when they occur. This knowledge gap creates a perfect storm of audit risk that threatens the accuracy of financial reporting and the credibility of audit reports while simultaneously introducing cyber and data risks. 

Consider this scenario: In Q4, a manufacturing company implements an AI-powered contract analysis system to automate revenue recognition decisions at a subsidiary. The AI processes thousands of contracts, making materiality judgments and revenue timing determinations. HQ was never made aware of this implementation, and it never came up in quarterly review inquiries. Auditors discover this during fieldwork – not through disclosure, but through observation. How do you assess the completeness and accuracy of a quarter’s worth of AI-driven revenue decisions when you have no understanding of the system’s parameters, training data, or error rates? 

Too often, AI deployments are done by individuals who likely aren’t authorized to use specific tools or aren’t aware of the policies and risks associated with them. Because some AI tools don’t follow typical software deployment processes, it’s virtually impossible for management to grasp the company’s AI inventory. Still, when AI tools are implemented in compliance with firm policies, they may be the first of their kind, thus creating inevitable risk. Management’s process for evaluating and addressing relevant ITGC risks may not be mature. 

Accounting AI Deployment Without Auditor Awareness 

AI adoption is most prevalent in these financial reporting areas: 

Document Processing and OCR Technology 

The lowest-hanging fruit for AI implementation includes automated processing of invoices, contracts, and supporting documentation using optical character recognition (OCR) software and intelligent document processing (IDP) tools. While seemingly routine, these systems directly impact: 

• AP accuracy and completeness. 
• Contract liability recognition. 
• Revenue timing and measurement. 

Common platforms include UiPath, Klarity, and Rossum. 

Revenue Recognition Automation 

Companies are leveraging AI to interpret contract terms, determine performance obligations, and calculate revenue allocation. This is particularly complex for AI solution providers themselves, who face intricate revenue recognition challenges under ASC 606 due to varied monetization models, including flat fees, token-based pricing, and usage-based billing. 

Trullion, HighRadius, and FloQast in particular are commonly leveraged for enhanced revenue recognition capabilities. 

Predictive Analytics for Estimates 

AI systems are making increasingly sophisticated estimates for allowances, reserves, and fair value measurements – areas traditionally requiring significant auditor judgment and testing. 

The Governance Gap: Why AI Controls Are Failing 

The fundamental issue isn’t AI adoption itself – it’s the absence of appropriate AI governance frameworks. Most organizations implementing AI solutions lack: 

• Explainability requirements: Finance teams often cannot articulate how their AI systems reach conclusions, making audit trail reconstruction impossible. 
• Traceability standards: Without clear documentation of data inputs, processing parameters, and output validation, auditors cannot assess the reliability of AI-generated financial information. 
• Quality control measures: The distinction between Large Language Models (LLMs) with high hallucination rates and Small Language Models (SLMs) with better accuracy is lost on most teams, leading to inappropriate tool selection for critical processes. 
• Centralized AI inventory: Many organizations fail to maintain a comprehensive catalog of all AI systems in use, leading to fragmented oversight, redundant tools, and blind spots in risk management. 
• Model risk assessment and monitoring: Continuous evaluation of AI models for performance degradation, bias, and unintended consequences is often overlooked, leaving organizations vulnerable to risk. 
• Ethical and legal compliance: Teams frequently deploy AI without ensuring adherence to ethical guidelines or regulatory requirements, exposing the organization to potential lawsuits, fines, and public backlash. 
• Third party/vendor AI controls: Companies often rely on external AI solutions without thoroughly vetting vendor practices, data security measures, or compliance with industry standards, creating hidden vulnerabilities in their operations. 

Modern AI governance frameworks such as NIST AI RMF and ISO/IEC 42001 will require these types of controls for comprehensive risk management. 

The Materiality Assessment Challenge 

When AI is deployed without auditor knowledge, stakeholders are forced into reactive assessment mode. The key questions become: 

• Where has AI been used in processes affecting financial statements? 
• What is the materiality of AI-generated or AI-influenced transactions? 
• What additional audit procedures are necessary to validate AI outputs? 

This reactive approach is inherently risky and inefficient. With the support of management, auditors should be positioned ahead of their clients’ AI adoption, not behind it. 

Building an AI-Aware Audit Readiness Approach 

Organizations should implement comprehensive AI assessment protocols that include: 

Current-State Analysis 

Inventory all existing AI tools across the organization, including: 

• System parameters and functionality. 
• Documentation facilitating the audit of the AI tool or function being used. 
• Data sources and quality controls. 
• Output validation procedures. 
• Human oversight mechanisms. 
• Number of controls to ensure completeness and accuracy of input data. 
• Expanded attack surface. 
• Model positioning/data integrity. 
• Role-based access and privilege controls. 
• Audit trail/forensics. 

Future Roadmap Review 

Management must rationalize and align future AI implementation plans to proactively understand potential audit implications. This strategic approach allows for proper control design and testing methodology development before systems go live, which auditors will be looking for. Recommendation: Plan for data privacy impact assessments and cyber testing aligned with ISO/IEC 42001 and NIST AI RMF. 

Enhanced Risk Assessment 

Develop AI-specific risk assessment procedures internally that evaluate: 

• Completeness and accuracy of AI training data. Which corporate function or group of stakeholders is best positioned to lead this effort? 
• Appropriateness of AI model selection for financial processes. How are AI-enhanced operational processes subsequently feeding into and impacting financial reporting? 
• Adequacy of human oversight and exception handling.  
• Effectiveness of AI output validation controls. 
• Vulnerability scanning. 
• Incident response for AI-driven processes. 

Specialized Skill Development 

Accounting and IT teams need enhanced technical capabilities to evaluate AI systems effectively. It’s not enough for staff to deploy AI in line with corporate policy; they must be capable of ongoing maintenance, monitoring, and testing of AI system performance. This includes understanding different AI model types, their appropriate applications, their inherent limitations, and cybersecurity literacy for audit and AI teams. 

As audit scrutiny of AI increases, additional third-party audit support will likely also be needed to augment the lack of internal capabilities in this space. 

Summary Action Plan 

Management should codify and communicate a high-level summary AI action plan that steers the governance and implementation of AI systems. This plan should address: 

• Adoption of formal AI governance frameworks. 
• Integration of cybersecurity risk management. 
• Expanded documentation to include both AI and security controls. 
• Cross-functional collaboration recommendations. 

This approach can also support audit efficacy and employee satisfaction. 

A Call to Action: Embrace AI Advisory 

AI transformation of financial statement reporting requires organizations to collaborate with strategic partners who understand both the opportunities and risks of AI adoption in financial processes.  
 
Ready to transform your firm’s AI audit capabilities? CrossCountry Consulting helps management teams and their auditors understand, assess, and validate AI implementations in financial reporting. For the strategic insights and technical expertise needed to maintain audit quality while enabling innovation, contact CrossCountry Consulting today. 

Finance and accounting teams spend countless hours on manual variance analysis, yet critical decisions still get made without proper review. The infamous “3-day scrub for a 5-minute review” has become an all-too-familiar reality in corporate finance departments worldwide. This inefficient process not only wastes valuable resources but also undermines the strategic potential and critical control of financial analysis. 

AI is increasingly proving capable of automating routine, time-consuming, and repetitive tasks that once required significant human capital within the accounting function. Through automation, AI empowers finance professionals to focus on what truly matters: data-backed strategic analysis and decision-making. This transformation is shifting teams from tactical preparers to strategic reviewers, unlocking critical thinking and professional judgment. 

The Hidden Problems in Traditional Financial Analysis 

Modern finance teams face a fundamental challenge: outdated workflows that misallocate talent and create unnecessary risk. Consider the typical monthly variance analysis process in which teams spend days extracting data, building spreadsheets, and formatting reports – only to have executives review the results in minutes. 

This workflow gap reveals several critical issues: 

• Time misallocation: Finance professionals dedicate the bulk of their time to data preparation and formatting rather than analysis. This manual process consumes resources that could be better spent on strategic initiatives. 
• Data reliability: Manual workflows hinder the ability to extract consistent, reliable, and strategic insights. Without trusted data, organizations struggle to uncover trends or opportunities that can add meaningful business value. 
• Talent underutilization: In an era of lean teams, talent shortages, and the constant pressure to “do more with less,” organizations cannot afford to use skilled analysts as data processors. Yet that’s exactly what happens when manual workflows dominate. 
• Compromised quality: Rushed preparation leads to errors, incomplete analysis, and missed opportunities. The pressure to deliver on time often overrides the need for a thorough review. 
• Lost professional judgment: When teams focus on correctness rather than analysis, they lose sight of the bigger picture. Strategic insights get buried under operational tasks. 

How AI Addresses Core Financial Analysis Problems 

AI transforms financial analysis by automating the manual work that traditionally consumes most of the process. Rather than replacing human judgment, AI provides more time for it by handling the routine tasks and surfacing meaningful insights. 

• Automated data processing: AI systems can extract, clean, and organize financial data from multiple sources in minutes rather than days. This automation eliminates the manual export-and-pivot workflows that plague traditional analysis. Learn more: CrossCountry Consulting’s AI-powered data automation accelerator reduces processing times by 80% at 99% accuracy. 
• Intelligent variance detection: Advanced algorithms identify significant variances and anomalies automatically, flagging items that require human attention while filtering out routine fluctuations. 
• Dynamic reporting: AI-powered platforms generate real-time reports with interactive dashboards and drill-down capabilities, allowing stakeholders to explore data rather than waiting for static presentations. 
• Pattern recognition: Machine learning algorithms identify trends and correlations that might escape human notice, providing deeper insights into financial performance. 

Driving Strategic Solutions Through AI Enhancement 

The true value of AI in financial analysis extends beyond efficiency gains. By leveraging AI tools such as FloQast for flux and variance analysis, finance teams can focus on high-value activities that drive business results. 

• Enhanced decision-making: With AI handling the data processing, analysts can spend more time interpreting results and developing recommendations. This shift from reactive reporting to proactive analysis significantly improves decision quality. 
• Improved accuracy: Automated processes reduce human error while maintaining consistency across reporting periods. AI systems also provide audit trails and validation checks that enhance assurance over data integrity. 
• Real-time insights: Traditional monthly cycles give way to continuous monitoring and real-time alerts. Finance teams can identify issues as they emerge rather than discovering them weeks later. 
• Strategic focus: When tactical preparation becomes automated, entire teams can elevate to reviewer status. This transformation unlocks critical thinking and strategic perspective across the organization by adding an additional layer of review from those closest to the data and best equipped to provide the analysis. 

The Future of AI-Powered Finance 

The evolution from manual analysis to AI-enhanced decision-making represents more than a technological upgrade. It’s a fundamental reimagining of the finance function’s role within organizations. 

Forward-thinking CFOs recognize that AI doesn’t threaten finance jobs; it enhances them. By automating routine tasks, AI creates opportunities for finance professionals to become strategic business partners rather than data processors. 

The organizations that embrace this transformation will gain competitive advantages through faster decision-making, improved accuracy, and better resource allocation. Those that cling to manual processes will find themselves increasingly disadvantaged as AI adoption accelerates across the industry. 

The question isn’t whether AI will transform financial analysis, it’s whether your organization will lead or follow this transformation. Ready to maximize the value AI can bring to your finance and accounting operations? Contact CrossCountry Consulting today.

Traditional approaches to balance sheet planning are often mired in siloed operations and reactive measures. The time for a fundamental re-evaluation of your balance sheet planning process is now. 

For too long, the pursuit of enhancing earnings while managing credit, capital, interest, and liquidity risks has been a high-wire act, often addressed in isolation. To make matters worse, the aftermath of the 2023 banking crisis saw many institutions preoccupied with remediating Matters Requiring Attention (MRAs) within individual treasury risk stripes, further entrenching this fragmented approach.

Additionally, the 2023 regional banking crisis and the 2024 collapse of Synapse Financial Technology prompted greater scrutiny from regulators in the areas of KYC/AML and financial risk management. The current regulatory environment, far from inviting complacency, presents a unique chance to adopt a truly holistic approach to balance sheet planning. 

Forces at Play: What’s Driving This Imperative? 

Several powerful drivers are promoting this shift: 

• Changing regulatory outlook: While the immediate post-crisis focus was on addressing specific regulatory gaps, the current environment allows for a more strategic, integrated view of risk management. Given the rapid increase in rates in 2022 and 2023, coupled with changing capital rules (i.e., Basel endgame), banks are identifying ways to proactively integrate balance sheet planning to maximize earnings while robustly managing all financial risks in concert. 

• Rise of new entrants and channels: 
  • Private credit: This is a double-edged sword. While private credit offers avenues for earnings diversification with limited impact to bank capital ratios, the growing off-balance sheet exposure introduces new liquidity risks and an elevated need for sophisticated collateral management. Planning processes must be equipped to fully understand and model implications of on- and off-balance sheet exposure.
  • Fintech charters: As regulators champion a competitive banking environment, technology organizations that once served as partners in balance sheet growth are now applying for their own charters. This signals a fundamental shift in the competitive landscape, demanding that financial institutions be more innovative in their business models and agile in their planning processes to continue to drive shareholder value. 

• Threat of disintermediation: The emergence of stablecoins, despite ongoing regulatory uncertainties, demands immediate attention. Financial institutions must proactively model various scenarios and assess the potential impact on their balance sheets and earnings. Some questions to consider include:  
  • What if your bank acts solely as a custodian for stablecoins? 
  • What if stablecoins appear on your balance sheet? 
  • What if both scenarios unfold? Crucially, what is the impact on liquidity, capital, and interest rate risk under each scenario, and how does your cost model adapt? Ignoring these questions is no longer an option. 

Key Focus Areas for Integrated Balance Sheet Planning 

Banks must prioritize the following to truly integrate balance sheet planning with the rest of the functional areas across finance, including the various risk stripes: 

1. Rethink the planning process: 
   • Break down silos: The legacy siloed approach across different Asset Liability Management (ALM) and risk disciplines must be dismantled. A truly integrated planning process fosters collaboration and a comprehensive understanding of risk and opportunity. This includes reducing the number of offline models in use from disparate data sources and re-committing to fully leveraging the capabilities of existing platforms. 
   • Embed cash flow-based planning: To genuinely pursue balance sheet optimization, move beyond traditional accounting-based planning. Embrace detailed cash flow-based planning to gain granular insights into funding strategy, liquidity risk management, interest rate sensitivity, and capital utilization.
   • Integrate next-generation performance management: Implement methodologies that support advanced performance management and enable timely, sophisticated analytics. This means moving beyond basic reporting and fire drills to predictive modeling and scenario analysis that takes hours instead of days. 

2. Data strategy and governance:  
   • The adage “garbage in, garbage out” remains profoundly true. As the use cases for AI become more advanced and discussions around governance frameworks intensify, the need for clean, structured, and well-governed data is paramount. Without it, even the most sophisticated models will yield unreliable results. 

3. Optimize your technology stack:  
   • Bridging ALM and CPM: Integrated balance sheet planning starts with clear objectives and constraints that dictate reporting needs. The ALM modeling process plays a critical role, but the question is how it integrates with your broader corporate performance management (CPM) framework. Consider these approaches: 

Technology Stack Options 

Noted below are organizations’ approaches to integrated balance sheet planning and how they incorporate components such as pricing, credit loss modeling, and capital and liquidity planning. Each is unique to company ‘DNA.’

ALM-Heavy Process

• Illustrative example: In this model, cash flows for both existing and new business are primarily generated via ALM systems. Funds Transfer Pricing (FTP) rates are also derived from the ALM system. Driver-based models within a CPM tool like OneStream handle non-interest income and expense, with multi-dimensional reporting (cost center, legal entity, department, etc.) also managed within the CPM. 

• Observed benefits: This approach provides a single source for all forecasted cash flows and FTP assignments. It also fosters better alignment between treasury and interest rate risk (IRR) modeling and the application of behavioral assumptions on products. 

• Observed drawbacks: A significant downside is the elongated timeline, as planning and forecasting are heavily reliant on treasury/ALM subject matter experts to generate cash flows. Data management and governance can become more involved due to multiple hierarchies and assumption sets across different solutions, potentially leading to a cumbersome “back and forth” management process. 

Hybrid Approach (ALM/CPM Tool)

• Illustrative example: By no means a linear process, this approach strikes a balance between ALM and a CPM tool. Conceptually, cash flows for the current book are generated via ALM, while cash flows for new business are generated within the CPM tool. FTP rates still come from the ALM system, but allocation methodologies are modeled in the CPM. Consolidations and multi-dimensional production are also handled by the CPM tool.  

• Observed benefits: This hybrid model gives FP&A/planning teams greater flexibility with cash flows from new originations. It reduces reliance on treasury/ALM SMEs for forward-looking views and enables better strategic planning through well-defined workflows within the CPM. FP&A gains a clearer “line of sight” into financials ahead of the close, with cleaner alignment and linkage between driver-based models and balance sheet planning. 

• Observed drawbacks: Building cash flows for new business in a CPM tool can be complex and lengthy, depending on the scope of products and assumptions. The reporting process can be more involved due to the need to merge existing and new cash flows. Crucially, this approach does not eliminate the need for a dedicated ALM tool to measure and monitor interest rate risk. 

CPM-Heavy Process 

• Illustrative example: In this model, cash flows for both existing and new business are exclusively driven from the CPM tool. FTP rates are still sourced from the ALM system, but allocation methodologies, consolidations, and multi-dimensional reporting are all managed within the CPM. 

• Observed benefits: This approach offers the least reliance on treasury/ALM SMEs for forward-looking views, simplifying coordination. 

• Observed drawbacks: Similar to the hybrid approach, building comprehensive cash flows directly within the CPM can be complex and time-consuming depending on the breadth of products and assumptions. It also doesn’t replace the fundamental need for an ALM tool for granular interest rate risk measurement and monitoring. Furthermore, it requires strong coordination and alignment between IRR and planning assumptions. 

The sweet spot often lies in a hybrid approach, leveraging the strengths of both ALM systems for granular risk modeling and CPM tools for comprehensive financial planning, forecasting, and multi-dimensional analysis. This minimizes reliance on siloed expertise and streamlines the planning cycle, offering greater flexibility and line of sight into financial performance. 

The Path Forward 

The future of financial services demands a proactive, integrated, and data-driven approach to balance sheet planning. Banks that embrace this transformation will unlock new opportunities for growth, efficiency, and sustained profitability. The time to rethink your balance sheet planning process is now. 

To get started, contact CrossCountry Consulting. 

As public and private companies accelerate their efforts to comply with SB 253 and SB 261, one thing is clear: Climate disclosure is no longer a theoretical exercise. Regulatory expectations are months away. 

The California Air Resources Board (CARB) has provided early-stage flexibility, stating “best faith efforts” will be sufficient in the first year of reporting. While this provides some relief, it also underscores the importance of using this initial period to lay a strong foundation for credible, long-term compliance. 

Based on our ESG reporting experience supporting companies with SB 253 and SB 261 compliance, several key lessons have emerged. 

Lesson 1: Establish a Foundation With a Forward-Looking Plan 

Companies making the most meaningful progress understand the first year is not the finish line – it’s the starting point. Success in year one depends on both foundational action and a clearly articulated plan for future compliance. 

Several core activities have proven essential: 

• Conduct an initial climate risk assessment to assess any financial material impacts on your organization. For many companies, full quantification or climate scenario analysis won’t be feasible right away. A thoughtful qualitative review throughout your operations and company strategy still demonstrates that you’re asking the right questions and making best faith efforts. 
• Document a forward-looking roadmap. Codify how you’ll advance your risk analysis and other disclosures over time. 
• Establish Scope 1 and 2 greenhouse gas emissions baselines. These are often the most accessible metrics, as well as the most critical metrics to guide future action. 
• Build institutional readiness. Set up basic reporting workflows, establish a cross-functional team to represent the interests of internal and external stakeholders, and develop accountability structures now to avoid scrambling later. This work lays the foundation for year two, year three, and beyond. 

For companies subject to SB 261, the 2-year period following initial disclosures presents a unique opportunity to demonstrate progress. Capitalizing on that timeframe requires structured planning now, not later. 

Lesson 2: Governance and Strategy Are Critical Enablers 

Disclosure isn’t just about data; it’s about ownership, strategy, and decision-making. 

Establishing clear governance early helps avoid confusion and rework later. Basic questions matter: Who owns climate risk? How are decisions made? How often is progress reviewed? Do we have mitigation plans? 

Your strategy should also link directly to business value: 

• Risks: Commodity price volatility, supply chain disruptions, customer demands. 
• Opportunities: Energy efficiency, greenhouse gas emissions reductions, cost savings. 

When climate considerations are integrated into core business strategy, the benefits go beyond compliance. Companies see greater efficiency, stronger cross-functional collaboration, and clearer prioritization of resources, ultimately spending less time on reactive disclosures and more time on value-generating activities. 

Lesson 3: Don’t Let Perfection Get in the Way: Start with What’s Practical and Use the Right Tools 

For many companies, this is the first formal climate reporting requirement they’ve encountered. While gaps and uncertainties are expected, delaying action until everything is fully resolved isn’t effective. 

CARB’s “best faith” flexibility in year one is intended to encourage action, not inaction. What matters most is taking the first step – even if every element isn’t yet fully developed – such as making reasonable and supportable assumptions, clearly documenting your current state and any known gaps, and outlining a realistic and phased plan for improvement over time. 

For companies building disclosures from scratch or looking to create greater efficiencies in their regulatory compliance process, AI tools can be a valuable accelerator. AI-enabled platforms can support: 

• Data collection and extraction.  
• GHG calculations and analytics based on accepted methodologies. 
• Drafting disclosures and narrative reporting aligned with regulatory frameworks. 

Used appropriately, AI can help reduce manual lift and allow lean teams to meet their obligations with greater confidence and speed. 

Lesson 4: Resource Allocation 

Climate disclosure requirements are evolving, not just in California, but globally. With CSRD shifting following the Omnibus legislation and the SEC dropping its defense of its climate disclosure rules earlier in the year, many companies are struggling to plan and resource appropriately. 

This uncertainty is placing additional pressure on already lean teams. Legal, finance, and operations leaders are being asked to take on sustainability reporting responsibilities, often without added capacity or expertise. That’s why effective resource allocation is a strategic enabler that can help organizations meet regulatory requirements, enhance transparency, build stakeholder trust, and reduce compliance risk 

Taking the Next Step to California Climate Compliance 

CrossCountry Consulting empowers companies to adapt swiftly and strategically. Whether you’re building a climate risk program from the ground up or enhancing existing processes, we provide the structure, insight, and support needed to move forward with clarity and confidence. 

For private companies, we offer tailored guidance to navigate California’s climate legislation while maintaining discretion and honoring internal context. Our approach meets you where you are – ensuring compliance without overexposure. 

To establish and execute a climate reporting roadmap aligned with California’s Climate Bills, connect with CrossCountry Consulting. 

Preparing for an exit – whether public or private – requires more than strong financials. It demands a clear, credible story about business performance, told through the right key performance indicators (KPIs). For organizations looking to maximize value, developing and refining KPIs is not a last-minute task; it’s a strategic discipline that starts early and evolves with the business.

Define Outcomes Before Selecting KPIs

Successful KPI development starts by clarifying what matters most to the business and its stakeholders. Instead of tracking every possible metric, focus on those that directly reflect strategic outcomes. Ask: “If these goals are achieved, will customers and stakeholders view the company as successful?” This approach ensures KPIs are relevant and actionable, not just numbers on a dashboard.

• Identify the business’s most important goals.
• Align KPIs with these goals so they communicate value to potential buyers or investors.
• Evaluate which metrics your peer group shares with investors.
• Prioritize clarity and relevance over quantity.

Build KPIs With Accountability and Balance

Once outcomes are clear, translate them into measurable targets. Each KPI should have a single point of accountability, even if it reflects cross-team efforts. This builds trust and transparency qualities that both public investors and private buyers value.

• Assign ownership for every KPI to ensure follow-through.
• Balance leading indicators (predictive) with lagging indicators (results).
• Regularly review and refine KPIs as the business evolves.

Start Early: Timeline for KPI Readiness

The best time to prepare KPIs for an exit is now. Organizations that operate with “exit-ready” data every day are better positioned to act quickly and confidently when opportunities arise. Waiting until a transaction is imminent can lead to rushed, incomplete, or inconsistent data, potentially eroding value or delaying the process.

• Begin KPI development as soon as exit is a consideration, ideally one to three years in advance.
• Maintain consistency in tracking and reporting to build a credible performance narrative.
• A strong data governance model ensures data remains accurate and consistent for reporting KPIs.
• Use periodic reviews to adapt KPIs as market conditions and business strategies shift.

Customize KPIs for Industry and Growth Stage

While standard financial metrics are essential, industry-specific and non-GAAP (generally accepted accounting principles) KPIs often provide a more accurate picture of value. For example, software companies may highlight customer retention or annual recurring revenue (ARR), while manufacturers might focus on operational efficiency.

• Identify which non-GAAP or industry-specific KPIs matter most for your sector.
• Ensure these metrics are calculated consistently and transparently.
• Stay informed about evolving regulatory expectations, especially as standards for KPI disclosure continue to develop.

Distinguish Between Public and Private Exit KPI Needs

Public and private exits share some KPI requirements, but there are key differences.

Public exit (IPO)	Private exit (acquisition/PE)
– Emphasize transparency and regulatory compliance	– Focus on operational efficiency and growth
– Prioritize predictable, sustainable growth metrics	– Highlight cash flow and customer concentration
– Prepare for detailed, standardized disclosures	– Tailor KPIs to buyer’s investment thesis

Public markets demand rigorous, standardized reporting and clear benchmarking against peers. Private buyers often seek more granular, operational KPIs that reveal near-term value-creation potential.

Take Action: Make KPI Development a Strategic Priority

Organizations that treat KPI development as an ongoing, strategic discipline, not a one-time project, are best positioned for a successful exit. Start early, focus on what matters, and build a culture of accountability around your metrics. The result is a compelling, credible story that resonates with buyers and investors, no matter the exit path.

Ready to take the next step in your exit-readiness journey? Contact CrossCountry Consulting today.

The Coupa R43 release delivers powerful updates designed to transform procurement workflows, enhance visibility, and improve efficiency across your organization. Whether you’re focused on simplifying approval workflows, optimizing analytics, or leveraging AI for smarter decision-making, these changes deliver tangible benefits for procurement leaders and their teams.  

Want to explore everything you need to know in more detail? Watch our recent webinar.    

Improved Scheduled Reporting  

If your team relies on scheduled reports, Coupa R43 has extended the duration before report confirmations expire. For example: 

• Daily reports now extend from 45 to 70 days. 
• Weekly reports cover 15 weeks instead of 10. 
• Monthly reports last for 15 months instead of 10.  

These changes reduce the risk of report disruptions and ensure a seamless flow of critical data.  

Smoother Approval Workflows  

Approval chains have received a critical upgrade to prevent unnecessary escalations. Now, if a valid approver exists within a delegation, the workflow won’t skip approval nodes or get stuck.  

Additionally, approvers now see enhanced notification banners, which summarize the key details of pending approvals, including supplier name, requester, total value, and approval dates. This feature allows for quicker, more informed approval decisions.  

Enhanced Document Access  

Document visibility has been streamlined for mentioned users. When tagging a colleague in a comment, you’ll see a pop-up giving you the option to add them as a document watcher, provided they already have access permissions. This enhancement simplifies collaboration, ensuring everyone involved has the necessary context without infringing on content grouping rules.  

Smarter Requisitions With AI  

Procurement professionals know that incomplete requisitions can disrupt workflows. With R43, Coupa introduces AI-driven suggestions for missing fields, such as commodity codes, contract details, supplier sites, and payment terms. This means less back-and-forth for approvals and faster requisition submission.  

Bulk Upload of Billing Codes  

Managing expense reports with split billing lines has been simplified. The ability to bulk upload billing codes means more efficiency when dealing with complex expense allocations. This update is especially useful for teams managing numerous billing accounts or extensive split billing scenarios.  

Virtual Payments with Coupa Card  

R43 introduces Coupa Card, a new virtual payment feature integrated directly into the Coupa platform. Accessible via the Coupa Mobile app, Coupa Card supports tap-to-pay functionality and is ideal for prepaid expenses like work trips. This feature is currently in limited rollout through the remainder of 2025 and will be generally available in 2026.  

Requisition Scheduling for Purchase Orders  

Another significant enhancement is the ability to schedule purchase order (PO) issuance directly from requisitions. This ensures that orders are sent at precisely the right time, helping manage inventory levels and avoid premature delivery. Need to adjust? The unschedule feature makes it easy to override original dates as business needs change.  

Key Financial Updates  

Financial workflows get a performance boost through features such as: 

• Daily $2M TransferMate direct debit limits for improved payment visibility and control.  
• Autofill for payment instructions, saving time for repeat transactions by copying information from previous successful payments.  

These updates aim to streamline financial approvals and minimize processing errors.  

Actionable Insights With Enhanced Health Views  

Coupa has expanded its health insights functionality across various documents, including POs, invoices, expense reports, and contracts. This provides real-time visibility into where workflows may be experiencing delays, enabling teams to identify and resolve bottlenecks quickly.  

Empower Your Team With Coupa R43  

The R43 update offers significant upgrades across Coupa’s platform, from smarter automation to improved user experiences and advanced analytics.   

Are you ready to harness the full potential of Coupa R43? Contact CrossCountry Consulting today to get started.  

Overall transaction volumes in the first half of 2025 remained stagnant, consistent with M&A trends since 2023. While continued interest rate pressure, geopolitical conditions, and increased market uncertainty have materially impacted the market for exits, many shareholders and boards are becoming increasingly eager to divest underperforming assets, rationalize their portfolios, or complete corporate restructuring initiatives.

Maintaining an Exit-Ready Posture

Increased uncertainty has led business leaders to adopt a more conservative approach to deals. As the corporate transaction markets turn, companies should start preparing now so they can act decisively when an exit opportunity arises. Executing a successful carve-out sale, a promising deal option in today’s market, requires meticulous planning and execution with the support of experienced internal resources and third-party advisors.

To deliver on an effective and efficient path to separation, meet necessary milestones, and maximize value, the critical steps below merit careful consideration:

Evaluate Tax and Legal Strategy

• A company’s tax function, or outside advisor, should be engaged to evaluate the tax implications of a proposed carve-out sale ahead of any final decision to proceed with the transaction, as tax impacts may influence deal structure and timing.
• The deal perimeter should also be clearly defined at a legal entity level and mapped to the company’s ERP system to ensure the book and tax bases match appropriately. Establishing these connections beforehand can accelerate the carve-out sale process and ensure the right legal and tax infrastructure is in place before proceeding.

Establish the Separation Management Office (SMO)

• Establishing an SMO ensures effective cross-functional coordination during a critical initiative for the company. Carve-out sale execution is an all-hands-on-deck effort requiring significant expertise in project and change management, stakeholder management, and structured transformation governance.
• An effective SMO also augments the ability of key stakeholders to navigate the deal timeline and assess the impact of cross-functional dependencies. By tackling the day-to-day details of the carve-out sale – proactively removing roadblocks and maintaining change momentum – the SMO allows senior leaders to maintain focus on the underlying business, condensing their involvement to only critical path issues.
• The SMO can empower functional leaders to quickly de-risk roadblocks and deliver value in real time. A strong SMO equips leaders with the tools and information to be agile while they meet the needs and realities of the transaction process.

An SMO manages execution against a structured roadmap, which is a path of matrixed activities across the company and key third parties, both internally and externally, as illustrated below:

Prepare Deal-Basis Financials

• In addition to carve-out financials, deal-basis financials may be required to facilitate due diligence procedures by prospective buyers. Deal-basis financials should be prepared in collaboration with management along with corporate development teams to ensure all due diligence and pro-forma adjustments are identified.
• In addition to quantifying and planning for any stranded costs, organizations should prepare working capital analysis, quality of earnings, and stand-alone costs to reflect the future state of the for-sale business.

Begin Preparation of Carve-Out Financials

• Engage advisors and align with auditors on the approach to carve-out financials and periods required. Note, divestitures can take many forms, with corresponding impacts on financial statements and audit readiness.
• Align on an approach for allocating commingled accounts and entities to the carve-out income statement and balance sheet, and determine if the transaction qualifies as “Significant” for a potential buyer (e.g., requires SEC 3-05 financials).
• Ensure the carve-out results bridge to historical financial information as well as any deal-basis financials for a sale.
• Support basis of presentation with appropriate technical documentation to facilitate an efficient audit of carve-out information.

The base system and management reporting information are the same for all types of carve-out financial information. It’s critical to be able to explain, reconcile, and bridge the various pieces of carve-out information as laid out in the graphic below:

Prepare Operations for Separation

The structure of the sale for the carve-out entity will determine the timeline and complexity of pre-transaction readiness activities. In addition to the expected disentanglement of operations, separating a business intended to operate independently requires a robust systems architecture roadmap, clear process transition strategies, well-defined stand-up activities, and a draft of potential organizational hiring needs.

Alternatively, selling a business intended to be integrated into a buyer’s existing business will require planning and analysis around the RemainCo’s ability and willingness to support Transition Services Agreements (TSAs). Critical activities of focus, regardless of sale type, include:

• Reviewing inter-company entangled services/processes, employee matters, contracts, and systems, and developing separation strategies to limit the impact of the transaction on continuing operations.
• Understanding required novation/disposition and communication requirements related to vendor, customer, and commercial contracts impacted by the transaction.
• Considering employee transfer requirements and communication strategies for both impacted and remaining employees.
• Determining which core business processes require independent operations and which may require a TSA. Additionally, prepare the business to support TSAs and determine scope, cost, service level, duration preferences, and exit criteria.
• Define any stranded costs associated with remaining operations. Companies should review and plan for stranded costs, likely stemming from contracts, technologies, and other shared services like IT infrastructure, marketing, or human resources that are not fully allocated (100%) to the divested or remaining business.

Go to Market

• Engaging the right banking and legal counsel partners is a critical decision for management to facilitate the sales process, prepare the offering memorandum, and support the negotiation of the sales terms and conditions, including TSAs.
• Diligent preparation of roadshow materials, talking points for fireside chats, and seamless management of the data room will further support the due diligence process, allowing the company to support its equity story and increase value in the eyes of potential buyers.
• As part of the Go to Market playbook, many buyers today expect visibility into KPIs, operating trends, and margin drivers of the business. Preparing to tell the exit story will accelerate the diligence process and expand potential

Taking the Next Step

CrossCountry Consulting provides a suite of accounting, risk, compliance, systems, and deal expertise that empowers sellers to confidently and profitably navigate divestitures and carve-outs. To establish and execute a divestiture roadmap at your organization, contact CrossCountry Consulting.

This information is for general knowledge and informational purposes only and does not constitute legal or professional advice. A comprehensive spin-off strategy requires careful planning and consideration of various factors, which is why consulting with legal, financial, tax, and other relevant experts is crucial.

Preparing for an exit, such as an IPO, M&A, or other strategic transaction, offers a prime opportunity to optimize your risk and control environment. This is no longer a “check the box” exercise; it’s about using this period as a catalyst to innovate, streamline operations, and build a more resilient, valuable company.  

A strong, efficient risk and control framework enhances optionality and value, irrespective of the chosen path: 

• Initial Public Offering (IPO): Readiness hinges on demonstrable SOX compliance, adherence to PCAOB audit standards, and rigorous disclosure controls. Early, efficient preparation shortens IPO timelines. 
• Mergers & Acquisitions (M&A): Buyers place high value on companies with mature risk management. This can increase deal value and reduce diligence-related delays or price adjustments. 
• Future-proofing: Adapt controls for evolving ESG demands and leverage AI for ongoing efficiency enhancements. 

Why Optimize? Strategic Value Beyond Compliance  

Designing this fit-for-purpose framework is part art: thoughtfully tailoring to your company’s unique risk profile and appetite, operating model, growth stage, and transaction goals. And part science: applying proven methodologies and technologies.  

A proactive, tailored approach offers compelling benefits for companies heading toward an exit: 

• Accelerate due diligence and boost investor confidence: Efficient, well-documented controls significantly smooth the diligence process for potential buyers, private investors, or underwriters. 
• Protect and enhance valuation: Demonstrating operational maturity, reliable financial reporting, and effective risk management directly supports and can increase valuation. 
• Catalyze scalable operations and technology adoption: The rigor of reviewing processes and designing controls often drives re-engineering of inefficient workflows and implementation of better technology (ERP, GRC, automation) fit for future growth. 
• Drive long-term efficiency and lower compliance costs: Designing controls with automation and integration in mind from the outset substantially lowers the ongoing effort and cost associated with compliance post-exit. 
• Ensure reliable financial information: Accurate, timely reporting is vital for stakeholder trust, capital access, and informed strategic decisions. 
• Sharpen management focus on key risks: Allows leadership to concentrate efforts on strategic and operational priorities, rather than firefighting control issues. 
• Simplify M&A integration: A well-controlled and documented environment makes your company easier for an acquirer to integrate. 

Maximize Value: Avoid the Check-Box Mentality 

To truly leverage this as a strategic opportunity, shift your mindset: 

• Focus decisively on material risks and impactful process improvements. 
• Integrate controls seamlessly into redesigned, efficient processes. 
• Automate relentlessly where it adds value and reliability. 
• Communicate the strategic value and efficiency gains to all stakeholders. 
• Aim for a sustainable, efficient control environment that supports business objectives long after the exit. 

Core Controls: Efficient and Scalable by Design  

Control design starts with several fundamental building blocks that help produce strong corporate governance and enhance valuation at exit. Where possible, these key controls should be designed to be scalable, efficient, and automated: 

• Entity-level controls: Include a dynamic risk assessment process and clear “tone at the top.” 
• Financial integrity (ICFR-ready): Robust and reliable financial reporting processes should leverage system capabilities and automation. For IPO candidates, early SOX 404 readiness is crucial. 
  • Preparing for SOX 404(a) and 404(b) compliance requires careful planning and coordination. While both focus on internal controls over financial reporting (ICFR), they differ in scope and level of scrutiny, particularly when transitioning from management’s self-assessment under 404(a) to external auditor attestation under 404(b). 

• IT and cyber controls: Implement efficient IT General Controls (ITGCs) and a comprehensive cybersecurity framework, leveraging automation and modern tooling. This is essential for all exits and a consistent PCAOB hot topic. 
• Data governance and privacy: Integrate controls efficiently within data lifecycle processes. 
• Streamlined operations: Embed effective controls directly within core business processes to ensure operational reliability. 

The Approach: Innovative and Efficient Implementation 

• Data-driven risk assessment: Utilize process mining, data analytics, and periodic robust risk assessments to rapidly identify and scope material risks and automation opportunities. 
• Design for automation and scalability: Embed controls during ERP or key system implementations before go-live to prevent costly rework. Use control design as a trigger for impactful process re-engineering. Evaluate automated functionality as part of this process. 
• Leverage technology strategically: Implement scalable GRC tools early for centralized visibility, documentation, and ongoing monitoring. Explore how AI, automation, and analytics can enhance continuous monitoring, fraud detection, and audit procedures. 
• Strive for automated assurance: Explore continuous control monitoring (CCM) opportunities to reduce manual testing burdens and gain real-time insights. 

Investing in a robust, fit-for-purpose risk and controls program is far more than a compliance exercise – it’s a strategic enabler of business value. For companies pursuing IPOs or other strategic transactions, this investment differentiates them in the market, builds stakeholder trust, and supports a smoother journey through transformational change. 

To accelerate exit readiness and build an optimized control environment, contact CrossCountry Consulting.

The latest Sage Intacct R3 release delivers powerful enhancements designed to accelerate finance transformation initiatives while reducing operational complexity. These updates provide CFOs with the strategic tools needed to drive efficiency, enhance decision-making capabilities, and maintain competitive advantage now and in the future. 

Enhanced Email Security and Reliability 

To ensure continued email delivery through Sage Intacct, all customers using a custom email domain must authenticate and validate their domain with the enhanced email delivery service. This is a required step that improves deliverability, protects against phishing, and aligns with email security best practices. Please have your Sage Intacct administrator work with your email administrator to complete the necessary DNS setup as soon as possible. 

Efficient AP Processing Through Delegated Approvals 

Advanced delegation capabilities for accounts payable (AP) approvals eliminate bottlenecks in your approval processes. This feature enables continuous operations even when key approvers are unavailable, supporting business continuity while maintaining proper financial controls. The system automatically manages AP bill approval routing, reducing manual intervention and associated delays. 

Advanced List Management and Data Visualization 

Enhanced list views with split-screen functionality and dynamic column management enable faster data analysis and decision-making. These improvements reduce the time your team spends navigating between screens and provide more intuitive ways to access and analyze critical financial information. 

Streamlined Vendor Payments with MineralTree Integration 

Sage Intacct has partnered with MineralTree to offer a more seamless way to pay vendor bills directly. The integration with MineralTree provides a comprehensive solution for payment processing, offering multiple payment methods including ACH, check, and virtual card options. If you use AP Automation, you can add Vendor Payments to your existing automated transaction and approval workflows for a complete end-to-end automation solution.  

Simplified Payments and Credit Application from Lists 

You can now pay vendors and customers directly from their respective lists, eliminating extra navigation and improving team efficiency. Additionally, credits can also be applied directly from the AR Adjustments and AR Advances lists, further reducing processing time and manual effort for routine transactions. 

Accounts Receivable and Cash Flow Optimization 

R3 introduces customer refund functionality that streamlines cash management processes and improves working capital efficiency. This enhancement eliminates manual journal entries and provides better audit trails for refund transactions, supporting both operational efficiency and compliance requirements. 

New filtering capabilities in AR Ledger reporting enable more sophisticated cash flow analysis, allowing CFOs to quickly identify trends and potential issues across customer groups and payment patterns. 

Fixed Assets and Capital Management 

Sage Fixed Asset Management enhancements include bulk update capabilities and more flexible historical depreciation handling. These improvements support more efficient asset lifecycle management and provide better data accuracy for financial reporting and tax compliance. 

The new cumulative depreciation reporting feature enhances visibility into asset values and depreciation trends, supporting more informed capital allocation decisions. 

Smarter Purchasing Workflows and New eProcurement 

This release brings key enhancements to purchasing and procurement workflows. You can now consolidate multiple purchasing documents into a single transaction, automate vendor invoice processing without purchase order (PO) matching, and access clearer match tolerance exception histories. The new eProcurement product also simplifies procurement by integrating vendor catalogs and automating purchase order creation directly within Sage Intacct.  

Enhanced Contract Management and Flexibility 

Users can now reassign dimensions (e.g., department, class) for in-progress contracts with posted transactions, eliminating the need for journal entries. Reversal dates for accounts receivable (AR) payments can also be edited, offering greater flexibility for corrections. These updates exclude contracts with revenue recognition or specific statuses like canceled or renewed.  

Improved Project Task Management and Revenue Recognition 

Standard tasks can now be added to projects in bulk, reducing manual effort. Enhanced revenue recognition features allow users to preview and update percent-complete schedules before posting, improving control and accuracy. These updates streamline project management and ensure better visibility into financial progress. 

Preparing Your Organization for R3 Implementation 

System Preparation Steps 

1. Configuration review: Assess current system settings and identify areas where new features can be implemented. 
2. User training planning: Develop training programs to ensure team members can leverage new capabilities effectively. 
3. Process documentation: Update existing procedures to incorporate enhanced workflows. 
4. Testing protocol: Establish testing procedures for new features before full deployment. 

Team Readiness 

Successful R3 adoption requires coordinated change management across your finance organization. Focus on identifying power users who can champion new features and provide peer-to-peer training. Consider the impact on existing workflows and plan for gradual feature adoption to minimize disruption. 

Next Steps: Strategic Implementation 

To fully capitalize on the R3 release benefits, CrossCountry Consulting’s certified Sage Intacct specialists can help you identify which features align with your strategic priorities and develop an implementation roadmap that maximizes value while minimizing disruption. 

Contact CrossCountry Consulting today to get started.  

Companies that have decided to spin off divisions of their business must quickly execute on other key transaction-readiness initiatives, in close succession or in parallel. To ensure timelines are met and that all business units, processes, and technologies are successfully separated to operate independently, it’s time to achieve the next big milestone on the critical path: preparing the operating model for Day 1.

Establish the Separation Management Office (SMO)

With more transaction expertise and industry-specific practices than traditional PMOs or TMOs, the SMO is the driving force and governing body throughout the spin-off process. When preparing for a Day 1 operating model, the SMO is the most effective channel through which to accomplish this.

The Role of the SMO

An SMO leads effective cross-functional communication and coordination during the divestiture and helps develop/manage project timelines, mitigate risks, and maintain momentum toward a successful transaction.

Key Functions of the SMO

• Project management: Develop and oversee the divestiture timeline and ensure all milestones are met. This includes proactively removing blockers, clearing milestones, and maintaining change momentum.
• Stakeholder management: Enable connection and communication between leaders and key functional and third-party stakeholders to navigate the deal timeline and the impact of cross-functional dependencies. 
• Risk mitigation: Identify and address potential risks and issues in real time, empowering functional leaders to mitigate risks and issues quickly. The SMO also identifies value-driving synergies, which can increase project velocity and accelerate time-to-market.
• Resourcing: Leading up to the spin closing date, critical staff will be wearing many hats on top of their daily responsibilities. As such, the reallocation of resources and priorities will be critical to ensuring consistent team performance before, during, and after separation. Evaluate the need to support these teams with additional resources to enable them to successfully execute separation activities and meet transaction deadlines (e.g., HR, IT, Treasury).

Design the Day 1 Operating Model

Designing a robust Day 1 operating model ensures both the SpinCo and RemainCo can operate independently and successfully post-separation. Here’s what the SMO should be targeting:

Key Components of the Day 1 Operating Model

• Target operating model: Determine the required systems, processes, and policies (e.g., benefits plans, insurance, etc.) to support the standalone business, including the standalone cost budget. This plan will chart the future success of the SpinCo, so it’s imperative that months of Day 1 preparation are conducted ahead of the official separation.
• Inter-company entanglements: Review inter-company entangled services/processes, employee matters, contracts, and systems, and establish disposition and cut-over plans to take action on required novation/disposition and communication requirements related to vendor, customer, and commercial contracts.
• Employee transfers: Create a robust employee transfer strategy and clearly document and communicate this strategy to all impacted personnel in multiple formats (via email, individual meetings, company town halls, etc.). The strategy should address transfer mechanisms, handling of compensation and benefits discrepancies, processing of visas and work permits, and the continuity of HR systems.
• Transition Services Agreements (TSAs): Define which activities must be covered by a TSA and for how long, such as IT, real estate, HR, and accounting services in the event that separation before day 1 is not achievable. TSAs should be developed at a granular level, with specific activities, cost to deliver, and a strategy/timeline to exit the TSA. 
• Change management: Implement robust change management activities to ensure the NewCo is prepared to operate independently on Day 1, including stakeholder impact assessments and training plans.

With an effective SMO, you can build a structured, efficient spin-off process while focusing on a comprehensive Day 1 operating model. This model sets the foundation for future success while minimizing disruptions and maximizing value.

Taking the Next Step

CrossCountry Consulting provides a suite of accounting, risk, compliance, systems, and deal expertise that empowers RemainCos and NewCos to confidently and profitably navigate a spin-off. To establish and execute a divestiture roadmap at your organization, contact CrossCountry Consulting.

This information is for general knowledge and informational purposes only and does not constitute legal or professional advice. A comprehensive spin-off strategy requires careful planning and consideration of various factors, which is why consulting with legal, financial, tax, and other relevant experts is crucial.

Every business runs on cash generation. But what if your process is quietly draining profits, delaying deals, and frustrating customers?

The lead-to-cash (L2C) process – covering everything from customer identification, opportunity development and refinement, quoting, contracting, billing, revenue recognition, collections, and credits/refunds/concessions – is the heart of how companies manage and grow their revenue, profitability, and cash flow. It should be a seamless flow, yet too many companies are stuck with broken workflows, manual bottlenecks, and disconnected data.  

The result? Lost opportunities. Slower growth. Lower margins. 

The Hidden Challenges Holding Companies Back 

L2C may be the most important business process because it touches every operational department and impacts the bottom line. Forward-thinking organizations are embracing advanced technologies to streamline workflows, from customer acquisition to customer billing and collections, thus accelerating and maximizing revenue realization. 

But despite major advancements in automation, businesses continue to struggle with inefficient lead-to-cash workflows.  

• Manual workflows and “death by a thousand spreadsheets” have become the norm, slowing down invoicing and creating data confusion. Fragmented CRM, CPQ, operating systems, ERP, billing platforms, and order management systems prevent smooth operations, leading to time-consuming billing issues – especially when handling complex pricing structures and varied contract terms. 
• Collections often lag due to inaccurate AR aging reports and detail, making it difficult to track outstanding balances and enforce timely payments. Meanwhile, customer frustration grows as errors in quoting, billing, and contract execution create friction, eroding trust and driving churn. 
• Many companies develop processes that don’t scale. They work well initially, only to realize later that their systems can’t keep pace with growth. For example, SaaS companies increasingly have usage-based products that make it more complex to integrate operating systems that were not developed to focus on back-end reporting and connecting to adjacent systems. Compliance risks pile up, auditability becomes a headache, and operational inefficiencies threaten long-term success. 

So, how are leading companies turning this chaos into cash flow? 

The Blueprint for Lead-to-Cash Success

Leading organizations aren’t just fixing problems – they’re reinventing the way revenue flows through the business. A key enabler is standardization: standardizing contracts, processes, metrics, and workflows. It all starts with a foundational data strategy, ensuring clarity in key metrics, governance frameworks, and integration across platforms. 

From there, a fully integrated system architecture connects CRM, CPQ, CLM, OMS, billing, and ERP, leveraging solutions like Salesforce, NetSuite, and Coupa alongside middleware like Fivetran and Tray.ai to enable real-time data exchange and automated workflows. 

Touchless contracting and billing are quickly becoming industry standard. Rather than manual negotiations, companies are shifting to automated agreements, enabling customers to digitally accept standard contract terms and be billed directly through ACH or credit card payments. 

Meanwhile, centralized data warehouses like Snowflake and Databricks are reshaping analytics and reporting. Businesses can aggregate historical and real-time data effortlessly, empowering CFOs with insights that drive smarter forecasting and customer strategies. The data warehouse is the central repository to collect subscription and user data for SaaS, or fulfillment data for complex manufacturing and inventory, and facilitates the integration between other systems, as the warehouse can “normalize” the data to the format required. 

Finally, deal governance (“deal desks”) ensures companies minimize excessive customizations and enforce standardized pricing and approvals, streamlining negotiations and reducing complexity. 

The Business Impact: Why Automation is a Game Changer

By embracing automation, CFOs are transforming L2C processes into revenue-generating powerhouses. The results? 

• Faster revenue recognition: Automating journal entries and reducing manual accounting work.
• Greater sales efficiency: Freeing up reps to focus on customers instead of administrative tasks. 
• More accurate forecasting: Giving FP&A teams better visibility into customer trends and financial projections. 
• Enhanced customer experience: Eliminating billing errors and seamless contract execution. 

AI: The Future of Lead-to-Cash Optimization 

Artificial intelligence is revolutionizing the way companies manage their revenue processes. AI-driven pricing models suggest optimal discounts based on customer behavior, while machine learning algorithms predict payment risks, prompting proactive collection strategies. 

AI-powered contract data extraction identifies key renewal clauses and compliance requirements, helping businesses optimize revenue streams and reduce financial risk. And as predictive analytics grow more sophisticated, finance leaders can anticipate demand trends, forecast revenue with pinpoint accuracy, and automate invoicing like never before. 

How We Can Help

At CrossCountry Consulting, we specialize in transforming lead-to-cash workflows through some of the following ways: 

• Accelerated future-state design and roadmap (setting the stage for transformation): Leveraging CrossCountry’s rapid assessment methodology, gaps are identified in current-state process flows, future-state workflows are designed, a roadmap sets the stage for transformation, and stakeholders quickly align. 
• Quick-win reporting and analytics (generate immediate cash and value): Utilize data transformation tools (e.g., Alteryx) to link data across systems regardless of current architectural gaps and build live dashboards (e.g., billing amounts, AR) to find missing dollars and facilitate collections. 

• End-to-end system and data architecture integration (automate revenue recognition): Implement technologies, optimize configurations, or integrate core systems and workflows (e.g., CRM, CLM, Billing, ERP) through built-in connectors or middleware, and automate revenue recognition calculations and logic. 
• Role and organization optimization (enable future scalability): Clarify roles and responsibilities across the new process, optimize and centralize positions as applicable, train users in new ways of working, manage change, and institutionalize documentation. 

Ready to optimize your process and accelerate cash flow? Contact CrossCountry Consulting today. 

As firms strive to grow Assets Under Management (AUM) without a proportional increase in headcount, the relationship and value received from their third-party administrator (TPA) becomes a key consideration for future growth.  

Many firms are reassessing their current TPA relationships against potential alternate providers. It’s imperative that firms approach this assessment strategically, considering a selection and migration process. Key considerations to keep top of mind are included below.  

Key Trends and Challenges with TPAs 

The TPA technology landscape is undergoing significant evolution, driven by several key trends: 

• Focus on integration and interoperability: Seamless integration between the TPA’s systems and the asset manager’s internal technology infrastructure is make or break, as everyone wants access to their data. This ensures efficient data flow, reduces reconciliation efforts that can slow financial reporting cycles, and provides a holistic view of operations. 
• Focus on data and analytics: Asset managers require TPAs that can provide robust data analytics capabilities, offering deeper, context-aware insights into fund performance, investor behavior, and operational efficiency. This includes completing or assisting managers with standard compliance reporting, such as Form ADV or Form PF, through automated reporting engines. 
• Increased demand for automation: Asset managers expect greater automation in core operational processes handled by TPAs to enhance efficiency, reduce manual errors, and lower costs. In addition to core fund accounting, asset managers are seeking automated and AI-enabled solutions to streamline issuing quarterly Partner Capital Statements (PCAP) and the processing and dissemination of Capital Calls and Distributions.  
• AI innovation: To maximize the cost benefit of the relationship, many firms are looking for partners who are using automation and GenAI to increase accuracy and reduce manual reconciliation efforts. Intelligent document processing (IDP) – through the combined power of optical character recognition (OCR), natural language processing (NLP), and computer vision – enhances data extraction, source linking, and auditability. AI can also support anomaly detection, report generation, and more. 

• Cybersecurity and data privacy: With increasing cyber threats and stringent data privacy regulations, asset managers are prioritizing TPAs with robust security protocols and data protection measures. 

These trends present both opportunities and challenges. While TPAs have scaled with automation and intelligence tools, selecting the right provider requires a formal and deliberate evaluation approach. 

TPAs in the Market 

There’s a rich market of TPAs, each with its own strengths and focus areas. These providers can broadly be categorized as: 

• End-to-end providers: These comprehensive providers offer a wide array of functionalities, covering core administration tasks, investor relations, accounting, reporting, treasury, and compliance. They aim to provide a unified platform for managing fund operations across all strategies.   
• Specialized providers: Some providers choose to focus on specific fund strategies (e.g., PE, Credit) or client size based on AUM (e.g., <$10B). Asset managers might benefit from a more specialized approach these providers offer and consider their solutions to complement existing TPA arrangements or address specific pain points. 

To recoup the investment, asset managers must thoroughly research the market and identify providers that align with their specific needs and operational model. 

Selecting the Right TPA  

TPA selection involves assessing the overall service model, operational capabilities, and the underlying technology platforms. For a systematic evaluation of potential providers and alignment with the asset manager’s long-term goals, consider the following:  

• Defining business and technology requirements: Clearly articulate the firm’s strategic objectives, operational needs, service needs, and specific technology requirements. This includes identifying critical capabilities the TPA must deliver, such as data accessibility, timely reporting, and integrations through their technology platform. 
• Developing a Request for Proposal (RFP): Create a tailored RFP that captures both functional and service-level requirements. The RFP template is a vital tool for ensuring potential providers submit their proposals in a way that allows for efficient evaluation of capabilities and alignment with the organization’s requirements. This ensures vendors present their offerings, including platform capabilities, service model, and support structure, in a standardized approach that facilitates a fair and meaningful comparison.    
• Evaluating potential providers: Utilize a consistent scoring matrix to evaluate, assess, and compare the capabilities and performance of TPAs. This tool transparently evaluates TPAs, their operational model, platform scalability, client service approach, fees, and ability to support future growth and regulatory change to ensure the selected provider aligns with the company’s operational needs. 
• Conducting comprehensive due diligence: Thoroughly assess the shortlisted providers’ technological infrastructure, security protocols, service-level performance, and client references. This step ensures the vendor’s platform is not only technically sound but also operationally resilient. 
• Onboarding and transition planning: Ensure the selected provider has a proven transition roadmap and project management approach that includes onboarding milestones, platform configuration, integration planning, and finalization of contract details. Early collaboration with the fund administrator ensures a smooth path to go-live and long-term partnership success. 

The selection process flows into the migration phase to ensure the complete alignment of people, process, technology, and data within the TPA environment. 

Transitioning to a New TPA 

A comprehensive migration plan outlining key milestones, delivery workstreams, activities, tasks, and roles for the TPA selection and implementation is essential for a successful transition. Key considerations include: 

• Data migration strategy: Develop a comprehensive data migration plan for securely and accurately transferring data from the incumbent provider or internal systems to the new TPA technology platform. This includes data mapping, cleansing, validation, and governance to ensure integrity throughout the migration process. 
• Integration planning: Coordinate closely with the incoming TPA to align on integration points with the asset manager’s internal systems, ensuring seamless data flow and operational continuity. 
• Testing and validation: Conduct thorough testing of the new system and migrated data to ensure accuracy and functionality. 
• Training and change management: Equip internal teams with the knowledge and tools to work effectively with the new TPA, their systems, and processes. Effective and proactive change management strategies are essential to drive adoption and minimize disruption. 
• Project management: Establish a project governance structure with clearly defined roles and responsibilities across internal teams and the incoming administrator. Strong program and change management practices are critical to enable teams to navigate the complexities of the implementation. 

Migration timelines and activities may vary based on the asset manager’s operating model and the complexity of services being transitioned.  

TPA Next Steps 

Selecting and onboarding the right TPA is a strategic imperative for asset management firms seeking to enhance operational efficiency, improve data insights, and navigate the evolving regulatory landscape. CrossCountry Consulting stands ready to guide asset management firms through this transition, ensuring a smooth selection process and successful migration of a TPA that aligns with unique needs and long-term business goals.  

To get started, contact CrossCountry Consulting today. 

From the early stages of spin planning, the CFO and finance team must be engaged in five core financial reporting areas to enable long-term spin-off success:

1. Preparation of carve-out financials: These documents will form the “F-pages” within the Form-10 registration statement. Annual periods will be subject to audit procedures.
2. Carve-out audit considerations: There are important distinctions from the parent audit that must be strategically addressed in relation to a spin.
3. Assembling the Form-10: Subject to SEC review, compilation of the Form 10 involves close stakeholder coordination to appropriately present the SpinCo to investors.
4. Investor roadshow process: The investor roadshow process will include financial information, which often differs in certain areas from what was presented in SEC filings, and a linkage between the financial information is critical to manage.
5. Post-spin reporting matters: Plan for the post-spin SEC reporting requirements of both the SpinCo and RemainCo.

Preparing for a spin-off? Each of these critical finance activities is discussed in detail below:

1. Preparation of Carve-Out Financials

• Deal perimeter alignment: Close collaboration with management, corporate development teams, and strategic advisors helps inform how historical financial information will be compiled in a manner consistent with the deal perimeter of SpinCo.
• Carve-out methodology: Consider the level of complexity in compiling the carve-out financial information and determine the methodology for compiling the financial information of the SpinCo by evaluating the following:
  • Approach for specific identification of assets, liabilities, revenues, and expenses related to the carve-out entity within the company’s ERP system.
  • Identification of commingled accounts and application of appropriate allocation methodologies to each account, which is consistent with guidance from Big Four accounting firms (e.g., headcount, revenue).
  • Carefully consider historical audit differences, which may be material to the carve-out financial statements.
• Reconciling bridges: Ensure carve-out results bridge to historical financial information. Expect to explain, reconcile, and bridge various pieces of carve-out information.

2. Carve-Out Audit Considerations

• Auditor liaison: Involve auditors early in the process to establish alignment on the basis of presentation, carve-out approach, and cadence of touchpoints to proactively address audit issues.
• Technical documentation: Support the basis of presentation with appropriate technical documentation and audit-ready bridge files for the carve-out to facilitate an efficient audit. Separate analysis related to impairment, segments, intercompany, stock compensation, and other areas specific to the carve-out financials will likely be required for the audit file.
• Additional resources: Evaluate the need for dedicated audit assistance to ensure the carve-out audit is completed in accordance with the deal timeline. Subsidiaries may require additional support when subject to different audit requirements and materiality for a carve-out audit, further requiring hands-on expertise.

3. Assembling the Form 10

• Ownership: The Form-10, similar to other registration statements, requires input from a range of stakeholders and external parties. Assigning ownership of each section (and in some cases subsections) can help ensure a complete document is prepared efficiently and by the most appropriate stakeholder(s).
• MD&A: Preparation of a Management, Discussion & Analysis (MD&A) section will be required for inclusion in the Form-10. While the Parent’s MD&A may be an appropriate starting point, the specific dynamics of the SpinCo’s business must be reflected to present and discuss period-over-period variances accurately. Additionally, it’s common for SpinCo MD&As to include more granular information on variances compared to a Parent’s MD&A given the document is subject to SEC review.
• Pro forma statements: Compile adjustments to present pro forma income statements and balance sheets under Regulation S-X, Article 11. Preparers must be aware of the different classifications of potential pro-forma adjustments (e.g., autonomous entity adjustments), so SpinCo pro-formas are consistent with SEC guidelines, including disclosures around standalone and one-time costs.
• Peer benchmarking: Review and understand recently prepared Form-10s to gain an understanding of the structure of the document and the standard disclosures contained within. Performing this review before preparing the SpinCo’s Form-10 can ensure broad awareness among stakeholders of the information required.
• SEC comments: Maintain vigilance for potential areas of SEC comment within the Form-10 to facilitate a more efficient comment letter response process. Reviewing published SEC comment letter trends and comment letters issued to peer companies can provide valuable insights. Proper planning will contemplate the anticipated SEC review process and timing, and the periods required for amendments.

By preparing accurate and comprehensive financials, supported by a seamless audit process, you can enhance the attractiveness of the Spin-Off and ensure a smooth transaction process.

4. Investor Roadshow Process

• Roadshow process: The investor roadshow process is an opportunity for the management team to communicate the value of the SpinCo to potential investors. The materials will include financial information, including historical and projected.
• Linkage to SEC filings: The financial information included in the roadshow materials will often have certain differences compared to what’s presented in SEC filings, including Non-GAAP presentations of historical information and projections. It’s critical to have a linkage to what’s reported in SEC filings and the projections based on historical information.
• Communication: The team involved in preparing the roadshow materials will include various stakeholders across the company and its external advisors. Communication and project management are crucial for consistent messaging and managing the required inputs and outputs.

5. Post-Spin Reporting Matters

• RemainCo: RemainCo will have reporting requirements as a result of the spin-off, including discontinued operations and Form 8-K reporting after the spin-off.
• SpinCo: SpinCo must maintain quarterly SEC filings as an independent public company after the effective date of the spin-off (Form 10-Q and Form 10-K).

Taking the Next Step

CrossCountry Consulting provides a suite of accounting, risk, compliance, systems, and deal expertise that empowers RemainCos and SpinCos to confidently and profitably navigate a spin-off. To establish and execute a divestiture roadmap at your organization, contact CrossCountry Consulting.

This information is for general knowledge and informational purposes only and does not constitute legal or professional advice. A comprehensive spin-off strategy requires careful planning and consideration of various factors, which is why consulting with legal, financial, tax, and other relevant experts is crucial.

Family offices manage extraordinary wealth, making them prime targets for cybercriminals seeking high-value payouts. Recent data reveals that 43% of family offices globally have experienced cyberattacks within the past 12-24 months, with 25% suffering three or more incidents. These attacks represent more than financial losses – they threaten family privacy, reputation, and generational wealth preservation. 

Understanding these risks and implementing robust protection strategies has become essential for family office leadership. Below is an outline of critical threats facing family offices and actionable cybersecurity frameworks to safeguard valuable assets. 

The Growing Threat Landscape 

Cybercrime represents the largest transfer of economic wealth in history, with costs projected to reach $10.5 trillion annually by 2025 – up from $3 trillion in 2015. This staggering 15% year-over-year growth rate demonstrates why cybersecurity must be a top priority for family offices. 

The financial sector faces particularly sophisticated attacks. Half of all family offices know another office that has been compromised, indicating the widespread nature of these threats. More concerning, attacks are now specifically tailored to family offices, with threat actors targeting deal data, credentials, and sensitive family information for maximum impact. 

Primary Cyber Threats Targeting Family Offices 

AI-Powered Social Engineering 

Modern attackers leverage artificial intelligence to craft convincing phishing emails and impersonation schemes. AI analyzes public and private data rapidly, creating targeted communications that bypass traditional security measures. These attacks often feature: 

• Deepfaked video calls mimicking trusted executives. 
• AI-generated documents that appear legitimate. 
• Automated reconnaissance gathering detailed intelligence about family members and staff. 

Over 60% of family offices have reported phishing attacks, with 45% experiencing direct impersonation attempts targeting senior leadership. 

Sophisticated Ransomware Operations 

Ransomware attacks against family offices involve multiple extortion tactics beyond simple data encryption. Attackers threaten to leak sensitive information on dark web platforms, sell stolen credentials to other criminals, and freeze critical assets during deal closures. 

These coordinated attacks specifically target periods of heightened activity, such as mergers and acquisitions, when information exchange increases vulnerability. The impact extends beyond immediate financial losses to include costly system rebuilds, privacy violations, and lasting reputational damage. 

Third-Party Vendor Vulnerabilities 

Family offices rely heavily on external service providers, creating complex vendor ecosystems that expand attack surfaces. Research indicates that 98% of organizations globally work with at least one vendor that suffered a breach within the past two years. 

Portfolio companies present additional risks, particularly smaller entities lacking mature cybersecurity defenses. A breach at one portfolio company can compromise the entire family office network, creating cascading security failures across investment holdings. 

Why Family Offices Face Unique Vulnerabilities 

Family offices operate with characteristics that make them particularly attractive targets for cybercriminals. Limited cybersecurity resources combined with heavy reliance on third-party providers create multiple entry points for attackers. 

The interconnected nature of family office operations means a single vendor compromise can expose portfolio-wide data. High-value assets and trust-based operations make these organizations lucrative targets, while smaller office structures often lack the sophisticated security infrastructure found in larger financial institutions. 

Additionally, the concentration of wealth and sensitive family information creates opportunities for targeted attacks that can have devastating financial and reputational consequences from a single successful breach. 

Essential Protection Strategies 

Implement Comprehensive Security Frameworks 

Adopt industry-standard cybersecurity frameworks tailored to family office operations. Regular risk assessments should evaluate both internal systems and third-party vendor security postures. These frameworks must address AI governance, given the increasing use of artificial intelligence in both attack vectors and defensive strategies. 

Strengthen Identity and Access Management 

Deploy multi-factor authentication across all systems and implement robust access controls limiting data exposure. Regular credential audits ensure former employees and contractors cannot access sensitive information. These controls become critical when managing complex vendor relationships and portfolio company integrations. 

Develop Incident Response Capabilities 

Create detailed incident response plans that address various attack scenarios, from ransomware to data breaches. Regular tabletop exercises prepare teams for real-world incidents, while clear communication protocols minimize confusion during actual emergencies. 

Establish relationships with cybersecurity partners and legal counsel before incidents occur. Understanding how these partnerships function during crisis situations prevents delays in critical response activities. 

Invest in Employee Training 

Implement comprehensive cybersecurity awareness programs addressing current threat landscapes, including AI-powered attacks and social engineering tactics. Regular phishing simulations help staff recognize suspicious communications, while ongoing training ensures awareness of evolving attack methods. 

Training should extend beyond technical staff to include family members and senior leadership who may be targeted in spear-phishing campaigns or social engineering attacks. 

Building Cyber Resilience for the Future 

Consider partnering with cybersecurity experts who understand the unique challenges facing family offices. To ensure your security investments address the most critical risks while supporting your family’s long-term wealth preservation objectives, contact CrossCountry Consulting. 

It’s hard to believe that July 2025 marks the 23-year anniversary of the Sarbanes-Oxley Act (SOX). 

On the heels of the dot-com boom in the early 2000s, companies changed the way they operated and incentivized senior leaders: Financial fraud became rampant. 

Flagship financial fraud cases of the era included Enron (overstated revenue and concealed debt obligations), WorldCom (inflated earnings by $11 billion), and Tyco (inflated company income). These events helped catalyze more rigorous financial reporting and internal control requirements created under SOX. 

The bipartisan law, sponsored by U.S. Senator Paul Sarbanes and U.S. Congressperson Michael Oxley, has had lasting impacts on public companies of all sizes, helping to create strong control environments, standardize processes, and mitigate financial reporting risks. 

SOX Milestones

Below is a timeline of some of the biggest milestones related to the evolution of SOX over the past 23 years:

While many organizations and their auditors have grown accustomed to annual compliance requirements, they must still remain vigilant toward further rule changes and emerging trends. SOX programs must adequately provide insight to stakeholders and regulators as the market and regulatory landscape continue to evolve. 

SOX Today and Tomorrow

As organizations consider going public and seek to establish a SOX program of their own, numerous, more recent trends are influencing the design, scope, and urgency of reporting standards and control environments. 

Some of the most prominent emerging factors include: 

Innovation: AI, Automation, and Data Analytics 

In tight labor markets, organizations are increasingly leveraging innovative technologies to enhance efficiency and focus on value-added activities. Automation, data analytics, and, more recently, AI transform how companies and auditors manage processes and controls. For example, financial reporting tools and governance, risk, and compliance (GRC) platforms use robotic process automation (RPA), data analytics, and AI-driven solutions to reduce manual errors, streamline evidence collection, and proactively detect fraud and anomalies.

These technologies enable SOX teams to analyze larger volumes of structured and unstructured data, improve real-time monitoring, and optimize the efficacy of SOX testing programs. By reducing the overall cost of compliance and minimizing the burden of audit seasons, these advancements empower professionals to concentrate on tasks that require expert judgment and strategic insight.   

Environmental, Social, and Governance (ESG) 

More public companies than ever are disclosing sustainability data, both voluntarily and for regulatory purposes. This enhanced reporting requires companies to design and implement relevant financial reporting controls over ESG data, much of which is non-financial data outside of the general ledger. As companies incorporate testing of their ESG-related data into their overall SOX program, these new disclosures must stand up to regulatory scrutiny. 

Cybersecurity Requirements 

The rapid evolution of technology continues to shape the scope and rigor of SOX compliance. In 2024, the SEC adopted enhanced cybersecurity disclosure rules that are now fully in effect for public companies. These rules require: 

• Disclosure of material cybersecurity incidents within four business days via Form 8-K. 
• Annual reporting on cybersecurity risk management, strategy, and governance under Regulation S-K Item 106. 
• Clear articulation of the board’s oversight and management’s role in assessing and mitigating cyber risks. 

As a result, cybersecurity controls are now being evaluated alongside traditional IT general controls (ITGC) during SOX testing. Companies must ensure their incident response protocols, data governance frameworks, and cyber risk assessments are operationally sound and aligned with financial reporting requirements. The SEC’s enforcement actions underscore the importance of accurate and timely cyber disclosures, making cybersecurity a central pillar of modern SOX compliance. 

For SOX cybersecurity compliance best practices, start here: 

• Continuous monitoring of controls and risks. 
• Automated identity and access governance. 
• Zero-trust architectures for sensitive systems. 
• Active incident response drills (e.g., red team exercises focused on financial systems). 
• Ongoing vendor risk reviews and robust documentation of security controls and incidents. 

A Profitable, Compliant Future 

Twenty-three years later, the legacy of SOX stands as a powerful testament to the enduring value of transparency, accuracy, and accountability in financial reporting. While regulatory requirements will continue to evolve, the core principles that safeguard trust in our capital markets remain as vital and unshakeable as ever. 

For expert SOX advisory support, contact CrossCountry Consulting. 

An effective strategy to generate shareholder value, streamline operations, and focus on core competencies can be accomplished through a corporate spin-off. Recent headlines included planned spin-offs at Honeywell, Medtronic, and Warner Bros. Discovery as these companies look to create agile businesses focused on revenue growth and earnings leverage.

A spin-off is a type of corporate restructuring in which a company creates a new, independent company by separating part of its operations, assets, or divisions. The new entity, often referred to as a “SpinCo,” builds its own management team and operates independently from the parent company, known as a “RemainCo.” Spin-offs can be executed in a tax-free manner if structured and executed properly.

Spin-offs are often used to enhance shareholder value and provide greater strategic flexibility, including capital allocation, for both the parent company and the new entity.

A Closer Look at the Market for Spins

Historically, the “sum of the parts” value pre-spin often exceeds the parent’s consolidated value over an 18-24 month period. Companies facing activist investor pressure or regulatory scrutiny may find spin-offs an attractive option. Similarly, companies hoping to unlock new value creation by separating under-performing assets from value-creating assets may be able to achieve faster growth and return to the types of activities they do best.

In recent months, industry experts and market participants have signaled 2025 as the “year of the spinoff,” reflecting the increasing value of U.S. corporate spin-offs and the size of established corporations that have displayed interest in undertaking a spin this year.

• Key characteristics of a spin-off: The new company operates independently with its own management and decision-making processes.
• Ownership: Shareholders of the parent company receive shares in the new company, maintaining their investment in both entities.
• Strategic flexibility: The spin-off allows both the parent company and the new entity to focus on their core businesses and strategic goals.
• Market value: Spin-offs can unlock value by allowing the market to better assess and value the separated entities individually.

Benefits of a Spin-Off

• Enhanced focus: Both companies can concentrate on their specific business areas without the distractions and capital allocation competition of non-core operations.
• Improved performance: Independent management teams, with specific industry skillsets, can drive performance improvements tailored to their entity’s business needs.
• Increased transparency: Investors gain clearer insights into the financial health and performance of each entity.

Navigating the Spin-Off Process

To gain clarity on an effective and efficient path to separation, achieve key milestones throughout the process, and prepare to operate successfully post-close, explore the critical steps below:

Taking the Next Step

A successful spin-off requires meticulous planning and execution, with the support of experienced RemainCo and SpinCo stakeholders and third-party providers.

CrossCountry Consulting provides a suite of accounting, risk, compliance, systems, and deal expertise that empowers RemainCos and SpinCos to confidently and profitably navigate a spin-off. To establish and execute a divestiture roadmap at your organization, contact CrossCountry Consulting.

This information is for general knowledge and informational purposes only and does not constitute legal or professional advice.

Companies are facing unprecedented uncertainty and challenges in the market, driven by a combination of macroeconomic, strategic, and regulatory factors. These forces are prompting executives to more closely manage and evaluate their portfolios, including divesting non-core assets.

Considering a divestiture in the near future? Here’s what’s top of mind for today’s leaders:

• Portfolio management: The most successful companies actively analyze their portfolio, which may result in divesting non-core or underperforming assets.
• Macroeconomics and geopolitics: Rising interest rates, geopolitical tensions, tariff volatility, and changes in valuations are motivating companies to consider portfolio optimization. Divestitures are a key path to optimizing capital allocation strategies and focusing on core capabilities.
• Regulatory and political pressures: Regulatory scrutiny around mergers and acquisitions (M&A) may require divestitures to ease antitrust concerns.

Finding and Executing the Right Exit Opportunity

Amid a robust market for companies considering divestitures, including tax-free spin-offs, split-offs, carve-outs, asset sales, joint ventures, and Reverse Morris Trust exits, there are an array of critical topics and decisions to take into account. Decisions today will set the future trajectory of the transaction roadmap and influence ultimate exit value.

Based on market analysis, client conversations, and decades of experience, CrossCountry Consulting’s team of Divestiture & Carve-Outs experts has compiled a series of core themes and discussion points that are integral to companies exploring divestitures as an exit strategy:

1. Mastering the Spin: Understanding Your GTM Path: Explore strategies for effectively navigating a corporate spin-off. Understand recent market dynamics, benefits, and a roadmap for success.
2. Mastering the Spin: 5 Finance Focus Areas During a Separation: Understand the steps involved in preparing carve-out financial statements, pro-forma models, and filing with the SEC. Gain insights into audit requirements and how to ensure a smooth audit process for carve-out financials.
3. Mastering the Spin: Day 1 Operational Readiness: Discover the importance of a separation management office (SMO) in managing cross-functional communication and driving the divestiture process forward. Explore a proven approach to creating a robust operating model that supports the standalone business post-separation, including considerations for Transition Services Agreements (TSAs).
4. Mastering the Carve-Out Sale: Create a comprehensive roadmap for successfully navigating the complexities of carve-out sales, with valuable insights and practical steps for a smooth and profitable transition. From strategic planning to valuation and financial analysis, learn how to ready your organization for Day 1 and beyond.
5. Navigating Employee Entanglements in Divestitures and Demergers: Prepare for complex transitions that must factor in legal compliance, effective communication, talent retention plans, compensation structures, cultural integration, and strategic decisions on legal entities. Learn more about the crucial activities required for smooth transitions and operational excellence.
6. A Seller’s Guide to Crafting Effective Transition Services Agreements: Ensure a smooth business transition with an effective TSA. Gain insight into the TSA process, best practices, how to minimize risks, and how to maintain business continuity throughout the transition process.

Maximize Exit Value

Aiming to leverage a divestment strategy that’s right for your organization and its corporate objectives?

CrossCountry Consulting provides a suite of accounting, risk, compliance, systems, and deal expertise that empowers RemainCos and SpinCos to confidently and profitably navigate a divestiture. To establish and execute a divestiture roadmap at your organization and to stay current on the latest valuation-enhancing strategies, contact CrossCountry Consulting.

This information is for general knowledge and informational purposes only and does not constitute legal or professional advice.

Asset managers are under increasing pressure to harness the power of artificial intelligence – not just to stay competitive, but to lead. Yet the journey from experimentation to enterprise-wide transformation is anything but straightforward. 

At CrossCountry Consulting, we’ve seen firsthand how asset managers can move beyond point solutions and pilot projects to build scalable, strategic AI capabilities. Here’s what we’ve learned from working with leading firms across the industry. 

AI Maturity Is a Journey, Not a Destination 

Many firms begin their AI journey to increase productivity, crafting specific use cases to address manual processes, fragmented data, and isolated tools. However, to unlock true value, organizations must evolve toward a proactive, enterprise-wide AI strategy. This means embedding AI into core business processes, aligning it with strategic goals, and driving continuous improvement with human-in-the-loop models and integrated data platforms. 

Organizations have seen implementation success by using an AI strategy maturity model, which outlines five stages of evolution that reflect increasing levels of automation, data trust, and strategic alignment: Performed → Managed → Defined → Measured → Optimized 

AI Roadblocks Are Real, But So Are Opportunities 

AI adoption in asset management presents its own set of challenges. From legacy systems and fragmented data to regulatory uncertainty and ethical concerns, firms must navigate a complex ecosystem. Key barriers include: 

• Integration with legacy technologies that lack the power or flexibility to support AI tools. 
• Data immaturity is often present in environments with siloed systems and inconsistent governance. 
• Security and privacy risks are heightened and must be addressed when deploying generative AI and LLMs. 
• Cultural resistance occurs as employees become fearful of job displacement and place low trust in AI outputs. 

But these challenges also present opportunities. With the right strategy, firms can modernize infrastructure, enhance controls, and generate operational efficiencies that drive real business outcomes. 

A Structured Approach to AI Transformation 

CrossCountry’s approach to AI maturity is grounded in practical, phased execution: 

1. Discovery: Assess current tools, governance, infrastructure, and readiness. 
2. Prioritize and prepare: Define use cases, evaluate vendors, and align with business strategy. 
3. Deploy: Implement pilots, operationalize governance, and scale based on impact. 

This structured roadmap ensures AI investments are not only technically sound but also strategically aligned and culturally adopted. 

Real-World AI Use Cases in Private Markets 

AI is already delivering value across the asset management value chain. Some high-impact use cases include: 

• Unstructured data extraction for fund documents and due diligence. 
• Generative analytics to visualize trends and support decision-making. 
• Deal sourcing through automated research and third-party data ingestion. 
• Compliance and legal reviews that accelerate contract analysis and reduce risk. 
• Relationship intelligence that personalizes LP communications and enhances CRM insights. 

These applications demonstrate that AI is not just a back-office tool. It’s a front-line enabler of growth, efficiency, and insight. 

Next Steps With AI

AI is no longer a futuristic concept – it’s a present-day imperative. For asset managers, the question is no longer if  to adopt AI, but how  to do so in a way that’s scalable, secure, and strategically aligned. 

To maximize the value AI delivers to your organization, contact CrossCountry Consulting today. 

Since 2002, the Sarbanes-Oxley Act (SOX) has been the cornerstone of corporate accountability, ensuring robust internal controls over financial reporting. As business priorities evolved and pressures mounted, many SOX programs quietly shifted into autopilot. Consequently,  internal controls became outdated, inefficient, and misaligned with today’s strategic goals. The result? Governance is a burden rather than a value driver.

Why a Future-Ready SOX Program Matters More Than Ever

Today, transformation isn’t a choice – it’s a necessity. The traditional approach to SOX compliance – characterized by extensive manual testing and documentation – is proving unsustainable in a world of AI and automation. Modernizing your SOX program ensures it remains relevant, agile, and future-ready while aligning with strategic priorities.

To do more than just check compliance boxes, a SOX program should:

• Align with strategic priorities: Ensuring that internal controls support – not hinder – business agility and growth.
• Drive operational efficiency: Leveraging automation, analytics, AI, and risk-based approaches to reduce manual effort and increase insight.
• Enhance stakeholder confidence: Demonstrating a proactive commitment to transparency, accountability, and long-term value creation.
• Support resilience and adaptability: Enabling organizations to respond quickly to emerging risks and regulatory changes.

By reimagining your SOX program as a strategic enabler, you can unlock new value, reduce risk, and position your organization for sustainable success.

Important Strategies for Updating Your SOX Program

Industry leaders have identified several key strategies for optimizing SOX compliance programs. Here are four strategies to help you transform your SOX compliance into a forward-looking, value-driven function:

1. Modernize the Risk Assessment and Optimize Control Structure

A critical component of optimizing your SOX program is right-sizing it to focus resources on the most significant risks. The risk assessment process involves validating your SOX scope aligns with the company’s most significant risks and prioritizing testing and remediation efforts based on the severity and likelihood of risks. Risk assessment factors for modernization should include:

• Back to basics: Quantitative and qualitative risk factors remain the foundation on which the SOX risk assessment should be built. These factors – such as financial statement impact (e.g., materiality), complexity, volume of transactions, and susceptibility to fraud – help ensure the control environment is aligned with the areas of greatest exposure and business relevance. Aligning with the external auditor on this view will ensure control assessments are focused on the most significant areas of the company.
• Cybersecurity and data privacy: As cyber threats and data breaches become increasingly sophisticated, it’s crucial for organizations to integrate cybersecurity and data privacy assessments into their SOX programs. This includes evaluating IT general controls (ITGCs) related to access management, change management, and data integrity, which are foundational to protecting financial systems and sensitive information. Additionally, ensure your IT and Legal teams have sufficiently defined “material breach” for your organization and have a clear process for assessing whether a cyber breach needs to be disclosed.
• Incorporate data analytics: Leveraging advanced analytics can significantly enhance the detection and identification of anomalies in financial transactions. By incorporating data analytics into the SOX program, organizations gain deeper insights, improve oversight, and make informed decisions based on data-driven findings. Common areas where data analytics can be leveraged include user access reviews, change management, Order-to-Cash and Procure-to-Pay cycles, and manual journal entries.

Once you’ve ensured your focus is on the most material risks and accounts, the next step is to streamline your control environment. This involves reducing the number of key controls by identifying redundancies and reclassifying those that are no longer critical. Over time, key controls often accumulate in response to specific issues, leading to an over-engineered control framework. Each year, management should critically assess whether each key control is truly essential and confirm the associated risk isn’t already effectively mitigated by other controls. Additionally, organizations should prioritize replacing manual controls with automated ones wherever feasible, as automation enhances consistency, reduces human error, and improves testing efficiency.

2. Technology and Automation

One of the most impactful opportunities to optimize a SOX program lies in leveraging technology and automation across both control execution and testing. The integration of AI can significantly enhance multiple stages of the SOX lifecycle, such as identifying transaction anomalies during risk assessments, automating control testing documentation, and compiling results for streamlined SOX reporting. By embedding AI and automation, organizations can reallocate resources from repetitive, manual tasks to more strategic, value-added analysis.

• In management’s control environment, organizations are focusing on designing and implementing automated application controls within enterprise systems to reduce reliance on manual controls. These embedded controls – such as automated approval workflows, system-enforced segregation of duties, and configurable exception alerts – help ensure consistent execution and reduce the risk of human error. Additional areas for automating finance controls include account reconciliations, generating journal entries, evidencing review of close schedules, and other close activities.
• For the testing of SOX controls, automation tools and data analytics streamline evidence collection and exception reporting, significantly reducing manual effort and increasing the coverage over transactions. Generative AI tools assist in drafting process documentation, mapping risks to controls, and analyzing control effectiveness.
• Finally, in project managing the SOX program, cloud-based workflow tools and robotic process automation (RPA) are being used to coordinate tasks, track progress, and ensure timely compliance, while also facilitating collaboration among cross-functional teams. These innovations are transforming SOX compliance from a reactive, labor-intensive process into a strategic, tech-enabled function.

To fully realize these benefits, management should assess and maximize the capabilities of existing technology. This includes thoroughly evaluating current tools, engaging with vendors to understand recent enhancements, and ensuring available features are fully utilized before pursuing new investments.

3. Fostering Collaborative Relationships

Collaborative working relationships among key stakeholders remain one of the most powerful drivers of SOX compliance success. Even the most advanced technologies cannot replace the human element – true compliance excellence is led by people, not platforms.

• Control owners play a pivotal role by fostering transparency and embracing a mindset of continuous improvement. When they proactively share control challenges and potential gaps, it minimizes year-end surprises and allows sufficient time for remediation. Their deep operational knowledge also positions them to identify opportunities for control efficiency and risk mitigation – insights that become actionable when shared with internal audit.
• External auditors carry significant responsibility in issuing opinions on internal control effectiveness. Management can strengthen this relationship by understanding the expectations auditors must meet – both from the PCAOB and their own firm’s standards – and collaborating on streamlined approaches that meet compliance goals without overburdening control owners. Moreover, external auditors bring a broad perspective from working across industries and can offer valuable insights to enhance control design and execution.
• Internal audit serves as a strategic partner in SOX programs, supporting control owners through process updates, independent testing, training, and remediation efforts. With their objective lens, internal auditors are well-positioned to identify emerging risks and control weaknesses early, before they escalate into significant issues.

Ultimately, SOX compliance thrives when these stakeholders operate as coordinated team – communicating openly, aligning on expectations, and working toward a shared goal of strong, sustainable internal controls.

4. Monitor Continuous Improvement with KPIs

Drive continuous improvement in your SOX program by defining and monitoring a set of well-aligned KPIs that go beyond compliance and reflect operational and strategic value. By establishing clear metrics, organizations gain actionable insights into the effectiveness and efficiency of their internal controls. KPIs may include:

• Control failure rate over time, including repeat findings.
• Average time to remediate a control deficiency.
• Automated vs. manual controls ratio, including trend over time.
• Timeliness of control execution.
• Deficiencies identified by management or internal audit vs. external audit.
• SOX hours per FTE, or total SOX hours year-over-year trend.
• Total key controls year-over-year trend.
• Percentage of external auditor reliance, year over year.

Regularly tracking these KPIs enables proactive identification of gaps and promotes accountability among control owners. Moreover, integrating business-value KPIs, like cost per control and stakeholder satisfaction, helps demonstrate the broader impact of the SOX program on organizational performance. This continuous feedback loop fosters a culture of improvement, enhances risk management, and ensures the SOX program evolves in step with business priorities.

Looking Ahead: Value Creation and Strategic Alignment

As organizations continue to evolve their SOX programs, the focus will increasingly shift toward value creation and strategic alignment. The most successful programs will be those that can demonstrate clear business benefits while maintaining robust compliance capabilities. This requires ongoing investment in technology, process improvement, and talent development. To modernize your SOX program and maximize the value of your investment, contact CrossCountry Consulting.

When risks are increasingly interconnected, rapidly evolving, and often vague, fragmented approaches to risk management aren’t sustainable. Organizations are facing rising pressure – from regulators, boards, and the broader market – to not just demonstrate control but to inspire confidence. That confidence stems from alignment across people, processes, systems, and, most critically, the lines of defense.

Evolving Risk Frameworks Toward Integration

The IIA’s “Three Lines Model” reimagines how organizations define and coordinate risk and control responsibilities. It moves beyond the rigid hierarchy of the traditional “three lines of defense” and promotes collaboration, integration, and a shared vision of performance and assurance. Similarly, the COSO ERM Framework underscores the importance of embedding risk into strategy, decision-making, and culture – an approach that relies on coordinated, enterprise-wide engagement.

Despite the clarity offered by these frameworks, many organizations continue to operate in silos. Roles are defined but not connected. Efforts are made in parallel, not in partnership. As a result, critical risks fall through the cracks or are assessed three times over.

Understanding the Lines: Roles and Risks

To better understand the disconnect, consider the distinct but complementary roles of each line of defense:

First Line: Business and Operations

• Owns and manages risk as part of daily activities.
• Designs and executes controls embedded in processes.
• Focuses on achieving objectives while maintaining compliance.
• Challenge when isolated: Lacks visibility into enterprise-wide risk priorities and may undervalue broader governance needs.

Second Line: Risk Management and Compliance

• Develops policies, frameworks, and risk methodologies.
• Provides oversight and guidance to the first line.
• Monitors emerging risks, regulatory changes, and control effectiveness.
• Challenge when siloed: Viewed as enforcement rather than enablement; may duplicate efforts or misalign with operational realities.

Third Line: Internal Audit

• Provides independent, objective assurance to executive leadership and the board.
• Leverages risk and compliance data to inform a dynamic, risk-based plan.
• Assesses the effectiveness of governance, risk management, and control processes.
• Reports directly to the board or audit committee.
• Challenge when disconnected: May operate in hindsight, be seen as a policing function rather than a strategic partner, and react to risks that could have been addressed through earlier engagement. 

Each line plays a vital role. But when their work isn’t aligned – when responsibilities aren’t rationalized, or insights aren’t shared – the organization loses the opportunity to leverage risk oversight as a strategic capability.

Enabling Alignment: From Theory to Practice

What does alignment look like in practice?

• Establishing shared objectives across risk, compliance, and audit functions.
• Defining a unified risk taxonomy to ensure consistent language and categorization.
• Coordinating planning and reporting across the three lines for efficiency and clarity.
• Leveraging integrated GRC technology to provide a real-time, enterprise-wide view of risk.

Integrated risk management (IRM) frameworks and modern GRC technologies provide a single source of truth, enabling real-time insights and driving efficiency across assurance functions.

Forward-thinking organizations are embedding risk monitoring into frontline systems, implementing integrated planning cycles, and leveraging GRC platforms to enhance visibility across the enterprise. Internal audit is also evolving – acting as both evaluator and facilitator – convening stakeholders to close assurance gaps and ensure resources are deployed where they matter most.

As an example, internal audit is stepping into a more strategic, collaborative role, leaning into risk management or compliance advisory when needed, while maintaining its independence and adding strategic value. This may include:

• Rationalizing control frameworks.
• Counseling on policy effectiveness.
• Facilitating risk workshops to align stakeholders.
• Advising on governance around new processes or system implementations.

The benefits go far beyond compliance. Aligned assurance empowers agile responses to disruption, supports smarter decisions, and builds greater trust with boards and stakeholders. As oversight expands into areas like cybersecurity, ESG, and third-party risk, those organizations that can tell a unified, data-informed risk story will differentiate themselves.

Leading with Confidence Through Alignment

To unlock true value from assurance functions, leadership must embrace an integrated mindset – fostering cross-functional coordination, enabling tools, and a culture of shared accountability. Risk shouldn’t be managed in isolation but embedded in how the organization operates and grows. When the lines of defense are aligned and supported by smart GRC solutions, organizations move beyond compliance to build resilience, enable smarter decisions, and lead with greater confidence.

To maximize the full value of a three lines model, contact CrossCountry Consulting.

Finance leaders in manufacturing are under pressure to stretch limited resources further than ever as they contend with evolving investor expectations, supply chain disruptions, talent sourcing, rising costs, tariff volatility, and the urgent need to improve cash flow. To do so, they need real-time insights for smarter decision-making.

But one of the biggest roadblocks to finance transformation in manufacturing is cost. Unlike higher-margin industries like tech, manufacturers must justify every dollar spent on systems and automation.

Yet, many middle-market manufacturers still rely on disjointed systems and spreadsheet-heavy reporting, resulting in delays, inefficiencies, and heightened risk due to inaccessible, outdated data.

While it’s tempting to think a new ERP is the silver bullet, that’s not always the answer, especially for businesses in which margins are tight and disruption must be minimized. Today’s manufacturing CFOs need practical, cost-effective ways to modernize finance without huge expenditures.

Why It’s Time to Upgrade Your Finance Function

Finance teams at manufacturing companies face unique structural challenges that make technology transformation imperative: the complexity of physical operations, distributed facilities, and high volumes of transactions relative to other industries. These challenges force CFOs to address:

• Economic headwinds and policy uncertainty: Rising input costs, global supply chain turbulence, and shifting U.S. trade policy make it harder for teams to forecast, manage costs, and plan with confidence. Want in-depth analysis and actionable recommendations for today’s economic environment? Explore the full CFO report here.
• Inaccurate costing methods: Many manufacturers rely on outdated or overly simplistic costing models, leading to distorted margin analysis and misinformed pricing decisions.
• Financial reporting bottlenecks: With data spread across production, inventory, and various ERP systems, it can take weeks to close the books and generate reports. By then, insights are already stale.
• Lack of visibility: Siloed systems make it challenging to view performance by product line, customer, or plant, which blurs operational decisions and pricing strategy.
• Manual data entry and reconciliation: Finance teams spend hours gathering and cleaning data from spreadsheets and disconnected tools, leaving little time for value-added analysis.

Building a Finance Function That Scales: Where to Start in Manufacturing

So how can CFOs modernize their finance functions while capturing the critical metrics quickly and with minimal disruption?

The key is to focus on targeted, incremental improvements that deliver insights today. These quick wins lay a scalable, de-risked foundation for a potential future ERP, BI, or CPM implementation when the time is right.

1. Simplify Trackable KPIs

Before investing in new tools or automation, it’s critical to first define what you need to measure. One of the biggest mistakes is trying to track everything. Complexity doesn’t scale. Simplicity does.

Here is what matters most:

• Cash conversion: How efficiently are you turning revenue into cash? Track days sales outstanding (DSO), inventory turns, and payables.
• Cost structure visibility: Understand fixed vs. variable costs, labor efficiency, material usage, and how overhead is being allocated.
• Product and customer profitability: Know which products, customers, or plants create value and which are a drag on margins.
• Forecast accuracy: Are your revenue, margin, and cash flow projections consistently reliable? Misses here ripple through the business.
• Working capital trends: Monitor shifts in inventory, receivables, and supplier terms that may indicate liquidity challenges ahead. Early visibility into where cash is tied up is critical for proactive management.

By focusing on the metrics that matter – and ensuring the underlying data is accurate and accessible – finance leaders can drive sharper insights without overwhelming their teams or systems.

2. Optimize Your Costing Methodology Before Automating Anything

Does the current costing methodology obscure rather than reveal insights into drivers of profitability? A successful costing methodology should be tailored to mirror the firm’s specific manufacturing activities, without being overly complicated or burdensome. If these costing methodologies are too simplified or complex, reporting will always suffer.

• Evaluate current costing methodology: Standard, actual, or hybrid? What’s working and what’s not? Small adjustments can go a long way.
• Ensure accurate overhead allocation: Are labor, materials, and indirect costs properly assigned? Are you over- or under-absorbing costs?
• Pressure-test margin accuracy: If you can’t trust margin by SKU, customer, or plant, it’s nearly impossible to steer the business.
• Integrate costing and operational data to financial planning & analysis: Operational data is often a leading indicator into financial performance. Does the operational data you capture enable you to speak to the drivers of financial performance? Learn more: CrossCountry Consulting’s proprietary reporting and analytics framework integrates key financial and operational data from across the enterprise and surfaces insights into business drivers, new value-creation opportunities, and prescriptive analytics.

Accurate costing information is the foundation for decision-making. If it’s wrong, even the best dashboards won’t lead to better decisions – just faster bad ones.

3. Develop Manufacturing-Specific Reporting

In manufacturing environments, operations often span across facilities, systems, and shifts, making access to timely, accurate data critical but elusive. Many manufacturers operate with fragmented systems that separate financial, production, and inventory data, proving a challenge to CFOs trying to get a clear view of performance.

While fragmented data spread across various systems might suggest that a complete tech overhaul is necessary, a data warehouse strategy can offer a cost-effective, scalable, near-term solution.

This approach consolidates data from various sources and enables real-time reporting while minimizing disruptions. CFOs can then focus on improving and stabilizing processes, which will set the company up for success if the decision is ultimately made to upgrade and consolidate systems.

• Maximize existing applications: Leverage your current systems to maintain consistency, reducing the need for additional investments and the hassle of implementing a new application.
• Integrate financial and operational data: Seamlessly combine information from multiple systems to create a single source of truth.
• Automate reporting: Implement automated dashboards and reports that transform raw data into actionable insights, allowing your team to focus on analysis rather than compilation.
• Real-time performance tracking: Utilize real-time production data to monitor performance by product, production line, or shift.

By automating data transformation and reporting, finance teams can shift from manual data management to strategic analysis, driving better business decisions with timely, accurate information.

Future-Proof Finance in Manufacturing Without Incurring More Overhead

CFOs can modernize finance while controlling costs by:

• Identifying the key drivers of your business and ensuring you’re measuring what truly matters.
• Prioritizing costing before investing in reporting or new systems.
• Implementing data integration to leverage existing systems instead of replacing them.
• Using automation tools to free up finance team capacity and reduce manual work.
• Leveraging outsourced expertise to build scalable solutions without full-time hires.

CrossCountry Consulting specializes in scalable finance transformation for manufacturing and industrial companies without draining cash flow or creating more complexity. For support with costing, reporting, implementing technology, or gaining real-time data visibility, contact CrossCountry Consulting today.

You’re launching a new product suite, redesigning internal processes, or building innovative operating models and team structures to generate value. 

Immediately you run into: 

• Change resistance, misunderstanding, and employee strife. 
• Unclear or poorly envisioned roles, responsibilities, and communication. 
• Delays, false starts, and incomplete stakeholder buy-in. 
• Unexpected risks (third-party risk, legal and regulatory implications, technology systems, etc.). 

If not managed proactively, even the most well-intentioned transformation can introduce a complex web of potential risks that can erode value creation. The key is to embed practical risk management strategies into operational change management initiatives. 

Modern Operational Change Management 

Operational change management is a systematic approach to planning, executing, and monitoring new transformations within the business to ensure a smooth transition and successful adoption. For many organizations, this approach is applied to specific operational initiatives, such as re-engineering workflows, integrating technology systems, and bringing to market a new offering. 

Each of these transformations represents a significant operational shift designed to enhance efficiency, expand market reach, or improve customer experience. While the benefits are clear, it can be difficult to keep stakeholders aligned and progress on track, which is where risk management comes into play. 

Risk Management’s Role in Change Management 

For risk professionals, the critical question isn’t if change will happen, but how effectively the associated risks will be identified, assessed, and managed. Bringing risk into the conversation early and often is paramount. The goal is to minimize disruptions to operations and prevent adverse consequences that can impact financial performance, regulatory standing, or reputational integrity.  

Consider a new product offering or a significant process update. The inherent risks are multifaceted and demand a comprehensive review. For instance:  

• Third-party risk: Does this change necessitate new relationships with vendors, suppliers, or partners? What are the associated due diligence requirements and ongoing monitoring obligations? Read more: Navigating Third-Party Risks: Best Practices and Questions Answered for Today’s Businesses 
• Technology risk: Is new technology required? What are the cybersecurity implications, data privacy concerns, and integration challenges? 
• Strategic risk: Does this change align with the company’s long-term strategic vision, or could it inadvertently pull resources away from core objectives? 
• Legal and regulatory risk: Are there any new legal or regulatory obligations that arise from this change, particularly in highly regulated industries or in public markets. What are the compliance implications? 

Failing to address these questions proactively can lead to costly remediation, reputational damage, and even regulatory penalties.  

Common Pitfalls in Assessing Change-Related Risk 

Implementation of risk-informed change management practices often faces significant hurdles. More often than not, risk is an afterthought, which can lead to several issues: 

• Too late: Risk teams are often engaged too late in the product or change lifecycle, leading to a perception that they are “slowing time to market” rather than enabling informed decisions. 
• Inconsistent: Risk assessment processes often vary across different business units, leading to a lack of centralized visibility and a fragmented understanding of enterprise-wide risk exposure. 
• Repetitive: Stakeholders often find themselves answering the same questions from multiple risk groups, creating frustration and inefficiency. This signals a failure to leverage existing risk management programs effectively. 
• Opaque: Unclear accountability and ownership structures for risk management throughout the change process can lead to gaps and unaddressed exposures. 
• Point in time: Assessments are often one-off events, failing to provide for ongoing monitoring or visibility into the evolving risk profile throughout the new product or service lifecycle. 

Keys to Success: Modernizing Risk Assessment for Change 

Overcoming these challenges requires a deliberate and strategic shift in how risks are assessed within the change management process. The path to success involves:  

• Early embedding of risk stakeholders: Integrate risk management actions at the earliest possible point in product or change development. This shifts risk from a bottleneck to a strategic partner, enabling proactive management.  
• Consolidate risk assessments: Develop a product and process assessment methodology that leverages existing risk program components, covers risks within a company’s taxonomy, and is central for change stakeholders to populate throughout the change management process. 
• Tool enablement: Move beyond manual processes to leverage robust Governance, Risk, and Compliance (GRC) platforms or specialized risk assessment tools. This improves efficiency, consistency, and data capture. 
• Centralized reporting and visibility: Establish mechanisms for centralized reporting and transparent visibility into risk management decisions across all change initiatives. This fosters a holistic view of organizational risk. 
• Ongoing monitoring and key indicators: Design a program that includes continuous monitoring and the establishment of key risk indicators (KRIs) to track the evolving risk profile of new products, services, and processes. 

What Good Looks Like: A Structured Approach 

A truly effective risk management program for operational change is built on a clear, structured framework.  

1. Design the Program: 

This phase involves establishing the foundational elements of your risk assessment framework specific to new products and services that are going through the change management process. This program should align with the enterprise risk management framework (ERM) and include:  

• Visioning session: Identify the requirements of the program and key stakeholders. 
• Pain point identification: Understand current specific pain point and improvement opportunities. 
• Initial design: Create initial processes to address pain points 
• Feedback and documentation: Solicit feedback from stakeholders to ensure design complements existing process and document details of new process. 

2. Build the Program: 

Once the design is complete, the focus shifts to building and operationalizing the program. This entails:  

• Developing playbooks and tools: Creating standardized templates, questionnaires, assessment processes, and potentially leveraging technology solutions to streamline the assessment process. 
• Integration with existing frameworks: Ensuring the new program seamlessly integrates with existing ERM frameworks, compliance programs, and internal audit functions to avoid duplication and leverage existing controls. 
• Governance and metrics: Develop the program’s governance documentation (operating model, program standard, etc.) and program success metrics. 
• Maturity roadmap: Develop roadmap to continuously mature the program (staffing model to run the program, upgrading tools, etc.) over time. 

3. Pilot the Program 

• Training and awareness: Educating stakeholders across the organization on the new risk assessment process, their roles, and the importance of early engagement. 
• Pilot program: Running a pilot with select change initiatives to test and refine the process before full-scale rollout. 
• Lessons Learned: Incorporate lessons learned from the pilot program to feed into the overall program to promote continuous improvement. Add items to the maturity roadmap. 

As illustrated below, CrossCountry Consulting provides a comprehensive set of customizable operational change management deliverables, tools, and templates tailored to each organization’s project needs: 

Transform Change Management Threats into Opportunities 

Navigating complex operational changes while effectively managing risk requires specialized expertise and a pragmatic approach. CrossCountry Consulting’s Integrated Risk Management experts support organizations at every stage of their change journey with programs configured to unique needs and risk appetites. This includes developing frameworks, methodologies, and supporting documentation. 

Beyond the technical aspects of risk, successful change hinges on effective people management via a proven 3-step approach: 

1. Preparing for change: Assessing organizational readiness, identifying potential resistance, and developing communication strategies. 
2. Managing the change: Implementing detailed action plans, providing training, and ensuring effective stakeholder engagement throughout the transition. 
3. Reinforcing the change: Establishing mechanisms for ongoing monitoring, feedback, and continuous improvement to ensure the new operational paradigm is sustained and delivers intended benefits. 

To proactively integrate risk management into your operational change initiatives, contact CrossCountry Consulting. 

The game has changed for CFOs. The traditional way of running a Finance organization is not going to work in 2025. In fact, 66% of CFOs say they need to rewrite the organizational playbook to remain competitive. Why? 

The role of the CFO is expanding beyond FP&A and Accounting into a cross-enterprise role. 43% of CFOs are leading enterprise strategy and transformation initiatives. And the CFO is often leading Procurement and IT/Data teams – or at least has oversight of the key decision-maker for respective departments. This all comes in parallel to the traditional CFO roles of managing the company’s investments, balancing risk, and leading M&A activity. Doing all of this in an uncertain economic climate, and it’s a lot for the CFO and his/her leadership team.

At the same time, most CFOs (59%) say that cost reduction is currently their top strategic priority. But CFOs must balance cost improvement with investments in value creation given board and competitive pressure to adopt generative AI and ESG and avoid putting the company at risk. So how can today’s CFOs thread the needle? 

Consider zero-basing the structure of the company. 

What Is a Zero-Based Organizational Structure? 

The term “zero-base” traditionally applies to budgeting and managing third-party spend – often abbreviated as “ZBB.” It’s a great tactic to generate material EBITDA improvement. However, CFOs can extrapolate on this concept and leverage it across the enterprise to achieve similar, compounding results.

To apply ZBB to building a zero-based organization structure, you simply take a blank sheet of paper and start from scratch. Forget about what roles and key personnel you have today; draw the structure that you need to win based on company strategy and priorities, how transactional tasks could best be completed, and where technology could make efficiency gains. You’ll be amazed how different the new drawing will look versus your current structure.   

Benefits of Zero-Based Organizational Design 

• Lower cost: Companies adopting ZBB report up to 25% SG&A improvement. CrossCountry Consulting’s teams have seen similar, and sometimes greater, results by applying ZBB to organizational design. Median Finance organizations are 1% of revenue today – tomorrow they could be even leaner, or work can be more balanced in favor of value-driving FP&A and BI. 
• Faster output: Blank-sheet organizations usually have fewer management layers, allowing teams to move with higher velocity. 
• Higher integration: Newer structures blur the lines between different departments. Instead, workflows and responsibilities are tailored around end-to-end processes, not traditional job specs and hierarchical structures, which enables greater cross-functional collaboration and communication. 

Approach to Building a Zero-Based Finance Organization Structure 

1. Start with strategy: Be clear about the company’s enterprise strategy and what type of structure will best support that vision. For example, if the company is in high-growth mode and may be acquisitive, invest in FP&A to proactively identify and evaluate growth targets. 
2. Know what core vs non-core is: Talk to key leaders about what their employees are doing day-to-day. Understand what you really need to do versus tasks that are nice to have. Design a structure that focuses on core activities, automates transactional activities, and eliminates wasteful activity.  
3. Let data inform but not become your path: Benchmark your costs and headcount against industry peers and assess the number of management spans and layers. Use these data points to inform your new organization size and structure, but don’t let those numbers become the answer. Every company is different.  
4. Take a blank sheet and draw your new organization: It’s time to take a pencil and draw your new value-focused structure (boxes and wires) bottom-up. Start unconstrained with what could be (art of the possible) then seek cross-functional input from IT, Procurement, Businesses/Operations, etc. and iterate until you get it right. 
5. Don’t forget about process: Your new structure only works if you optimize the processes, people, technology, and data around the structure – otherwise you’re just doing the same work with different or fewer people in different roles. 

What Types of Finance Organizations Are Going to Win in 2025?  

Be bold. Go big with your new structure. To join the modern CFO community with leading practices, here are the attributes to fuel progress: 

• Speedy, data-driven FP&A: Separate strategic from corporate FP&A activities. Strategic FP&A contains embedded data and analytics personnel and capabilities and is immersed in the business units or functions it serves. The team is powered by a modern reporting and analytics framework. 
• Plan-to-Pay FP&A-Procurement integration: Closely integrate Procurement with FP&A to build a coordinated financial plan and budget that drive spending decisions throughout the year. Sourcing-related savings should tie back to the financial budget to enable immediate cash flow savings and allow dynamic budgeting. 
• Transformation Management Office: CFOs increasingly are responsible for enterprise transformation and should have a business transformation arm in their organization. This team is responsible for continuously prioritizing and executing operating model improvements, operating in an agile way to maximize velocity.  Done right, this function is a weapon that can be applied across function and process, allowing Finance to serve as the steward for change across SG&A. 
• Low-cost automation-powered shared services: Functions like Accounts Payable, General Accounting, Payroll, Tax, and Treasury can be highly automated if companies invest in data integration tools. Remaining tasks that require human touch should be pooled in low-cost centralized service locations. It’s important to incentivize management of these functions to find the gains and dive roadmap to efficiency. 

As the company’s zero-based transformation lead, the CFO must architect change starting with Finance and then carry those practices and designs outward to other functions. To get started on a strategy zero-based org structure roadmap, contact CrossCountry Consulting. 

Midway through 2025 and already looking toward 2026, owners of private companies are increasingly eager to exit their investments as prolonged holding periods and fluctuating market conditions impact the market for sales and public offerings.  

Interest rates, inflation, tariffs, and geopolitical developments, among other factors, have introduced uncertainty into the timing, type, and value of exits.  

Fortunately, leaders have several exit options to choose from.

Determining the Appropriate Exit Strategy 

In the current environment, multiple exit strategies are available for consideration. Owners must carefully evaluate their options and select the exit strategy that best aligns with their goals.  

This evaluation often begins with an understanding of the dual-track exit, which encompasses both a Sale or Merger and Public Offering strategies. A dual-track approach allows organizations to remain flexible while maximizing their options. This approach helps ensure the company is always in a state of readiness, prepared with the agility to pivot based on market conditions, stakeholder priorities, and evolving business objectives. 

Sale/Merger Track 

1. Full Enterprise Sale: Selling the company in its entirety to a corporation or another private equity firm. Real-world example: See how a PE-backed OSH company was sold on an accelerated timeline and cut its time spent on accounting and financial reporting in half.
2. Carve-Out Sale: Based on a Sum-of-the-Parts valuation, it may be advantageous to sell specific units separately to maximize overall value. 
3. Continuation Sale: To circumvent holding period restrictions, a company may be “sold” from one fund to another within the same private equity firm.  

Public Offering Track 

1. Initial Public Offering (IPO): Shares of a private company are offered to the public for the first time on a regulated market. Learn more: Amid Unpredictability, Now’s the Time to Get Ready for an IPO Rebound 
2. SPAC: Merging with a SPAC can be a faster process with fewer requirements than a traditional IPO, though recent SPAC regulations should be considered with legal counsel. 
3. Carve-Out IPO: This involves the same preparatory steps as a carve-out sale with additional requirements for public registration. 

Regardless of the exit type, companies transitioning to the next stage of their lifecycle require thorough exit preparation and potentially significant infrastructure investment. Fortunately, that transformation is consistent across exits, as the shift to a more efficient, de-risked operating model smooths the path toward a successful transaction. This preparation typically begins with an exit-readiness assessment, which is critical for determining the optimal exit strategy. 

The Value of an Exit-Readiness Assessment 

An exit-readiness assessment involves a comprehensive review of current business functions, historical performance, and future projections. Conducting this assessment well before initiating the exit process allows for the development of strategic roadmaps aimed at increasing value, addressing issues, and implementing necessary upgrades. 

It’s a moment of self-reflection for corporate leaders: Do they have what they need and what it takes to execute a successful transaction?  

The assessment documents the gaps in current-state operations relative to the future state and provides a roadmap for bridging those gaps, often in the form of upgrading or implementing technology, standing up a more effective process architecture, and aligning talent and investments to necessary areas of the business.  

An exit-readiness assessment delivers numerous benefits applicable to all types of exits, such as:  

• Developing an exit-ready timeline across functions.  
• Identifying potential exposures and mitigating risks before a transaction.
• Developing a plan to address any identified exposures, including hiring strategy.  
• Ensuring compliance with all applicable laws and regulations.   
• Increasing chances of a successful transaction.    
• Strategizing for deal synergies and realizing the investment thesis, including potential carve-out opportunities.  
• Accounting for integration challenges and how to overcome them.  

For public offerings, the assessment requires more time and regulation, necessitating an evaluation of timelines, stakeholders, costs, and the transformation required to meet higher reporting standards, including: 

• Improving internal controls over financial reporting. 
• Communicating effectively with investors.   
• Evaluating quality and required effort of financial statements.  
• Improving corporate governance practices. 

While these stringent requirements may not apply to a sale, process improvements can still facilitate a successful sale at a higher valuation. When exploring a dual-track exit approach, it’s advisable to differentiate between “requirements,” “needed solutions,” and “nice-to-haves.”  After conducting a successful exit-readiness assessment, companies are prepared to move into the next stage of their exit, as shown in the diagram below:

Making the Exit-Readiness Transition 

The transition from a private company to being exit-ready involves documenting operational gaps relative to the future state and creating a roadmap to bridge these gaps.  

The graphic below illustrates common differences between a typical private company and one that is exit-ready. These activities represent core areas (Accounting Close, Finance, Accounting Policies, Finance Systems and Controls, Tax, and Human Resources) of the business that must be high-functioning and high-performing prior to an exit. 

Focusing on these core areas is a good practice for aligning transformation priorities. However, as shown below, there are other areas of the business, including Cybersecurity, Internal Controls, Investor Relations, and External Audits, that should be established or optimized, especially when considering an IPO. 

Planning for an Efficient Exit Process 

Companies or funds planning an exit event in the near future should begin implementing operational enhancements well in advance to ensure consistency and success. To take the next step in the investment lifecycle and select the appropriate exit track, consider partnering with an advisor who can provide guidance across all stages and outcomes of exit-readiness planning.  

Contact CrossCountry Consulting to strategically position your organization for a value-maximizing exit. 

Vendor risk is no longer a side concern for organizations relying on third parties. As businesses expand their vendor networks, manage increased regulatory demands, and respond to real-time threats, a proactive approach to vendor risk management (VRM) has become essential.  

It’s time for risk, IT, and procurement leaders to align vendor oversight with organizational strategy and collaborate on productive vendor risk management strategies that protect and create value. 

Why Vendor Risk Management Matters Now 

Vendor risk management governs organizations’ understanding, framework, and management of all risks resulting from relationships with vendors, third parties, service providers, and suppliers. Key risk types include cybersecurity attacks, noncompliance, financial and reputational penalties, data breaches, supply chain disruption, and more. 

With global business ecosystems more interconnected than ever, the average organization works with dozens or hundreds of vendors, many of whom have direct or indirect access to sensitive systems and data. 

Recent studies highlight just how pressing these risks are: 

• 61% of organizations have experienced a third-party data breach or security incident in the past 12 months. 
• 98% of companies worldwide have at least one vendor with a documented security breach. 
• A single vendor failure, like 2024’s Crowdstrike outage, can ripple through critical sectors including airports, hospitals, financial markets, and government. 

Understanding and managing vendor risk is crucial for ensuring compliance and safeguarding business continuity and reputation. 

Demystifying Vendor Risk 

Not all vendors pose equal risk.  

• Critical vendors: Directly impact operations, financial stability, or corporate security. Examples include cloud service providers, key software developers, or payment processors. Failure in these relationships can result in data loss, extended downtime, or customer dissatisfaction. 
• Non-critical vendors: May impact operational efficiency but are easier to replace without major disruption. Examples include office supply companies, marketing agencies, or local contractors. 

Classifying your vendor base with a risk lens helps focus resources on oversight where it matters most. 

The Expanding Scope of Vendor Risk Management 

Modern VRM extends far beyond traditional contract reviews. Today’s risk surface includes: 

Key Risk Domains 

• Cybersecurity: 62% of organizations rank this as their top VRM focus. 
• Geopolitical threats: 33% see growing exposure due to global supply chains. 
• Operational resilience: 32% prioritize continuity and disaster recovery. 
• Data privacy: 29% highlight rising data protection laws and compliance obligations. 

Emerging factors such as AI risk, subcontractor risk, and concentration risk (over-reliance on a small number of core vendors) further complicate the picture. 

Proliferation of Regulations 

Organizations must comply with established frameworks like GDPR, CPRA, and HIPAA, but also anticipate new laws such as DORA, EU AI Act, and NIS2. This means VRM must evolve quickly to stay ahead of shifting compliance expectations and cross-border data obligations. 

Top Challenges in Vendor Risk Management 

Even seasoned teams encounter common pitfalls: 

Contractual Complexity 

Many organizations struggle to maintain consistency in vendor contracts. Missing or inadequate clauses related to cybersecurity, termination rights, or data access can leave organizations exposed. 

Visibility Gaps 

70% of risk managers feel they lack full visibility into their supplier risk landscape. This makes it difficult to track evolving risks, especially as vendor networks grow large and complex. 

Supply Chain Complexity 

End-to-end monitoring remains a challenge, particularly in diversified or global supply chains where risk signals can be hard to aggregate. 

Dynamic Risk Profiles 

Vendor risks are not static. Changes in market health, regulatory environment, or even vendor leadership can alter a provider’s risk posture overnight. 

Accountability and Governance 

Disconnected protocols, unclear ownership, and ad hoc communication hamper effective vendor oversight and incident response. 

Key Metrics for Vendor Risk Insights 

Data-driven VRM relies on meaningful metrics to inform strategy and prioritize action. Consider these KPIs: 

• Percentage of major cyber incidents traceable to vendors: Quantifies external attack surface risk. 
• Number of vendors at financial risk (e.g., bankruptcy or major distress): Exposes resiliency or operational vulnerabilities. 
• Count and percentage of vendors violating regulatory requirements: Helps spot compliance weak points. 
• Percentage of critical vendors performing unique (non-redundant) functions: Reveals single points of failure. 
• Vendor access to critical assets such as crown jewels: Exposes points of failure from which it’s difficult to recover. 
• Growth in vendor population and the share of critical vendors in that group: Demonstrates vendor sprawl and risk surface expansion. 

Regular tracking of these metrics gives compliance leaders early warning signals and a concrete basis for executive reporting. 

The Continuous Monitoring Imperative 

Modern organizations recognize that vendor risk is not a one-and-done exercise. Risk profiles change as vendors grow, merge, or adapt to new markets. 

• Threat actors evolve strategies and exploit fresh vulnerabilities in vendor ecosystems. 
• Regulatory pressure intensifies, requiring demonstrable, real-time monitoring capabilities and documented response protocols. 
• Automated risk platforms, third-party ratings solutions, and deep-dive audits are increasingly essential to maintain visibility and resilience across the vendor landscape. 

Strategies to Strengthen Your VRM Program 

For a practical approach to enhanced vendor risk management, leaders can take the following steps: 

1. Centralize vendor inventory: Build and maintain a live register of all vendors, their roles, risk ratings, and criticality. 
2. Standardize contracts and controls: Adopt contractual frameworks that include clear obligations, incident disclosure, audit rights, and defined offboarding procedures. 
3. Invest in technology and automation: Use AI-enabled solutions for risk assessments, automated questionnaires, and continuous monitoring. 
4. Embed cross-functional governance: Draw on compliance, IT, procurement, and legal teams to create a governance model with defined ownership and escalation paths. 
5. Cultivate executive support: Ensure executive sponsorship for VRM by framing risk management as an enabler of growth and resilience. 
6. Leverage data and analytics: Use dashboarding and regular risk reviews to inform business decisions and report progress to stakeholders. 

Building a Resilient Vendor Risk Management Program 

Vendor risk will keep rising as organizations deepen reliance on external partners and as regulatory obligations expand. The organizations that thrive will move beyond reactive approaches and instead build integrated, proactive VRM programs anchored by real-time data, cross-functional collaboration, and smart automation. 

The result is not just improved compliance, but a more resilient business with increased strategic agility. To collaboratively build a vendor risk management program that’s right for your organization, contact CrossCountry Consulting. 

Amid evolving government priorities – including the methods by which goods and services are acquired – contractors are adapting to provide customers with more products/services at less cost. One particularly valuable tool to accomplish this is to enhance the organization’s indirect rate structure for a more agile and cost-effective methodology to recover costs on government contracts.

Optimizing your indirect rate structure delivers key advantages, including:

• Costs aligned to the functions and contracts utilizing the activities.
• Consistent, best-in-class practices across the business.
• Reduced administrative requirements associated with maintaining and monitoring indirect rates, and preparing numerous Incurred Cost Proposals (ICP) and Forward Pricing Rate Proposals (FPRP).

When making these changes, government contractors are subject to regulatory requirements. However, these rules shouldn’t prevent you from implementing enhancements that ultimately improve the business and drive competitive advantage.

Regulatory Hurdles of Changing Indirect Rate Structure

For contractors subject to the Cost Accounting Standards (CAS), several regulatory requirements must be addressed when changing the indirect rate structure.

First, contractors must identify whether each of the changes will be considered a cost accounting practice change (CAPC). This is where the complexities begin because not all changes are considered a CAPC. For example, combining indirect cost pools that use the same method or technique (allocation base) to allocate costs would not be considered a CAPC. This determination is important because only changes that are a CAPC will require a general dollar magnitude (GDM) or detailed cost-impact (DCI) proposal (or potentially both), which informs the government of the prospective change in costs on CAS-covered contracts.

Once changes that are a CAPC are determined, the complexities continue with the onerous and complex requirements for preparing GDM or DCI proposals.

Recent court cases and regulatory changes have added even greater confusion to these requirements. For example, the Defense Contract Audit Agency’s (DCAA) 2023 guidance on unilateral cost accounting practice changes reignited a debate stretching across four decades on how fixed-price contracts should be accounted for in these cost impacts.

Additionally, forthcoming court decisions will determine whether changes made to FAR 30.606 in 2005 (yes, over 20 years ago) that prohibit offsetting multiple, simultaneous CAPCs are valid. Navigating these requirements and accurately preparing GDM or DCI proposals are essential because the calculations identify whether contractors might owe the government money for increased costs on CAS-covered contracts.

For government contractors that were recently part of a merger or acquisition, evaluate the pros and cons of preparing an external restructuring proposal. One of the main pros of this approach would be to avoid the GDM and DCI requirements.

Steps to Assess and Implement Indirect Rate Structure Changes

Regulatory hurdles and implementation complexity shouldn’t prevent companies from pursuing cost efficiencies. The following are key steps that can be used to evaluate the indirect rate structure that’s appropriate for your company:

• Identify your go-to-market strategy: Changes to your indirect rate structure will be made on a prospective basis, so it’s important to not just look at the structure of your company today but understand what you want to be in the future. Identifying whether your strategy includes being a service or software provider, a software developer, a manufacturer, an integrator that relies on subcontractors, or a combination of all of these, is an important step in determining the appropriate allocation methodology for indirect costs and whether a single rate segment or multiple rate segments is most appropriate.
• Centralized vs. decentralized organization: A decentralized organizational structure could be desired to segregate your commercial and government business or to drive decision-making and accountability at a lower level in your business. However, decentralization can often prevent the proper scaling of certain functions and impede consistent practices being used throughout the company. Conversely, a centralized structure can flatten the organization and allow leadership to ensure consistent practices are implemented throughout the entire organization. Evaluating the pros and cons of a centralized or decentralized structure and analyzing how indirect cost pools can be used to implement a centralized structure are key aspects of identifying the indirect rate structure appropriate for your company.
• Understand your backlog: Understanding the impact to your backlog, as well as to outstanding proposals and key upcoming pursuits, should be an integral part of the decision-making process when evaluating changes you might implement. To properly identify this impact, ensure the data in your backlog is accurate. This includes information such as the estimated costs by cost element for your contracts, whether the contract is subject to CAS, and the contract type. This information is needed to prepare not only the GDM and DCI proposals discussed previously but also to ensure you have an accurate understanding of the financial ramifications of any changes to both CAS and non-CAS-covered contracts.
• Identify cost reduction opportunities: Implementing changes to your indirect rate structure is an optimal time to determine if cost reduction initiatives could also be implemented. Utilize a blank sheet approach that includes benchmarking headcount and costs against competitors and identifying specific savings targets across every layer of the business, which can allow you to resize the organizational structure to realize cost savings.

Next Steps

Administrative requirements shouldn’t prevent CFOs from making changes that could result in agile, efficient cost structures. CrossCountry Consulting’s team of integrated government contracting experts enables organizations to understand and integrate regulatory requirements and industry best practices. With the right tools, technology, and advisory support, your company can identify the appropriate indirect rate and cost structure to minimize administrative effort and fulfill regulatory requirements associated with these changes.

To get started, contact CrossCountry Consulting today.

Procurement and finance teams face increasing pressure to optimize spending, streamline operations, and drive greater efficiency, especially in response to ongoing economic turbulence. Among all the other responsibilities piled on their desks, achieving full visibility into direct and indirect spend feels like a distant dream they hope to accomplish eventually. 

The good news is that there’s an achievable solution within reach right now: the combined power of Coupa and NetSuite.  

To transform fragmented procurement and finance processes into a unified, productive spend management engine, the integration of these two tools provides a clear path forward. 

Bridging the Gap Between Direct and Indirect Spend  

Traditionally, managing direct procurement – the raw materials and components critical for production – has presented unique challenges. Unlike indirect spend, which supports operational needs, direct spend is intrinsically linked to the cost of goods sold (COGS) and revenue generation. Maintaining quality, ensuring continuity of supply, and fostering strong supplier collaboration are paramount to keeping production lines running smoothly.  

The integration of Coupa and NetSuite directly addresses these complexities. By leveraging Coupa’s robust capabilities in areas like supplier collaboration, negotiation, and advanced analytics, organizations can gain unprecedented control over their direct spend. Simultaneously, NetSuite’s strengths in inventory planning and financial management provide a solid foundation for managing the financial aspects of procurement.  

Key Benefits of a Unified Approach 

Capturing the full value of unified procurement and finance delivers a number of key advantages, such as: 

• Streamlined procurement workflows: Imagine a world where purchase orders flow seamlessly, and invoicing is centralized. This integration makes it a reality, optimizing operational efficiencies without disrupting your end users. 
• Enhanced spend visibility: Break down silos and gain a holistic view of all your spend categories. Centralized reporting through Coupa and NetSuite provides advanced analytics, enabling you to identify opportunities for savings and improve decision-making. 
• Faster and more accurate invoicing: Integrating purchase orders accelerates the invoicing process, reduces errors, and improves cash flow management. Below is an illustrative example of collaborative invoicing and PO management between the two tools: 

• Optimized direct spend management: Coupa’s features for supplier collaboration and advanced analytics, combined with NetSuite’s inventory planning, empower you to optimize direct spend for better quality, continuity, and cost savings. 
• Improved supplier collaboration: Foster stronger relationships with your suppliers through centralized communication and real-time interaction within Coupa, leading to fewer errors and faster processing. 
• Real-time responsiveness: The deep integration between Coupa and NetSuite allows for real-time data synchronization, enabling quick adjustments to ensure production lines remain active and supply chains are agile. 
• Maintaining existing automation: A well-planned integration ensures that your existing automated processes are not disrupted but rather enhanced by the combined power of the two platforms. 
• Actionable insights through advanced analytics: Unlock the power of detailed spend reporting across both direct and indirect categories, providing you with the insights needed to drive strategic improvements. 

Best Practices for Maximizing Integration Value  

To truly harness the potential of Coupa and NetSuite, consider these best practices:  

• Choose an experienced integration partner: Selecting a partner with deep expertise in both Coupa and NetSuite is crucial for a smooth and successful implementation. As 2024’s North American Regional Partner of the Year for Coupa and 2024’s North American Solution Provider Partner of the Year for NetSuite, CrossCountry Consulting’s integrated technology teams are the go-to option for leading organizations today. 
• Leverage NetSuite for direct PO origination: Utilize NetSuite’s core strengths in managing the initial stages of the procurement process for direct materials. 
• Empower supplier collaboration with Coupa: Utilize Coupa’s dedicated tools to centralize communication, manage negotiations, and enhance overall supplier relationships. 
• Automate routine tasks with Coupa: Free up your team’s time by automating PO generation, invoice matching, and ASN tracking within Coupa. 
• Enhance planning and forecasting with Coupa: Integrate Coupa with demand planning or NetSuite systems for smarter ordering based on inventory levels and production schedules. 
• Address issues proactively with Coupa’s PO collaboration: Utilize Coupa’s PO Collaboration features for real-time interaction with suppliers, allowing for immediate resolution of quantity or delivery date issues. When working with direct suppliers, PO collaboration also delivers enhanced profitability and other benefits:

The Bottom Line 

The integration of Coupa and NetSuite offers a powerful solution for organizations striving for greater productivity, visibility, and control over their direct and indirect spend. By breaking down silos, automating processes, and leveraging advanced analytics, procurement and finance teams can move beyond transactional tasks and become strategic drivers of business value.  

Ready to unlock unprecedented productivity for your organization? Contact CrossCountry Consulting for a free Coupa Healthcheck or estimate the cost of licensing, implementing, or configuring NetSuite for your business here. 

As firms expand globally, managing legal entities across multiple jurisdictions has become increasingly complex and costly. Legal entity management (LEM) generally involves multiple teams – accounting, tax, investor relations, compliance, and legal counsel – and requires navigating intricate legal frameworks, tax laws, and regulations, while handling large volumes of dynamic data.

Today, about 67% of firms manage entities across three or more jurisdictions, emphasizing the scale and scope facing asset managers. Fortunately, the right combination of technology, data, and process can efficiently overcome LEM challenges and provide real-time visibility to all key stakeholders, as explored below. 

Common LEM Challenges and Solutions 

Disparate and Inaccurate data 

Firms often employ complex and heavily manual processes, such as offline spreadsheets, email chains, approvals, and disjointed data repositories. These labor-intensive practices not only introduce operational inefficiencies but also increase the risk of disruptions, non-compliance, and penalties. Additionally, firms commonly encounter situations in which their entity data is outdated or does not align with the records of their registered agents, both domestically and internationally.  

Solution: Centralization and Validation 

An effective approach to mitigating this challenge is centralizing entity data so that accurate information is accessible across all teams. To avoid paying unnecessary fees or working with inaccurate information – such as mixing dissolved entities with active ones – it’s important to collaborate with Registered Agents to maintain up-to-date and accurate records in a central repository. 

Before centralizing to a system of record, validate that the data is current, complete, and accurate. Next, conduct a cross-functional audit by engaging each internal stakeholder group – finance, tax, legal, and compliance – to gather their spreadsheets, formation documents, tax information, and dissolutions. This process ensures you uncover critical data points that may be missing or outdated.

For example, the tax team might have initiated the dissolution of an entity, while the credit finance team may not yet reflect this change. By consolidating all inputs and comparing them to reports from your Registered Agent, you can identify and reconcile inconsistencies. This manual “data wrangling” phase will paint a comprehensive picture of your entity landscape before moving forward with an LEM solution.  

Lack of Automated Business Processes and Workflows 

Entity management built on manual business processes and workflows can create confusion for the business functions involved. Teams may have difficulty locating up-to-date documentation to support their business processes, leading to bottlenecks and potential errors. Likewise, correspondence and updates to entities through email can become problematic due to a lack of visibility. Often, key stakeholders may not be informed of changes, or, more often, it’s far too late in the workflow. 

Solution: Define and Automate Processes and Workflows 

Automated workflows for entity creation, modification, and liquidation streamline the lifecycle process, allowing all teams to access source data when needed. To implement automation, start with holding discovery sessions with relevant internal team members to draw a current-state process for each workflow.  

This enables the team to identify how current-state processes can be transformed into the optimal target operating state within the system of record. These sessions are critical to understanding the pain points and opportunities to enhance the process to complement a new system. 

Automating business processes related to LEM requires aligning with the broader enterprise governance agenda of an organization. Asset managers must navigate complex stakeholder dynamics, reconcile disparate data sources, and establish clear data stewardship responsibilities. Success depends on fostering strong collaboration between legal, compliance, operations, and data governance teams to ensure that automation efforts are scalable, auditable, and aligned with the firm’s strategic data policies.

An example of how to accomplish this can be conducting recurring touchpoints with designated data stewards from each stakeholder group. This consistent approach helps keep the data governance team informed of key updates, enabling them to assess and manage the broader impacts on enterprise-wide data policies, strategy, and governance frameworks.    

For organizations looking to automate their process and workflow, it’s the right time to evaluate a software solution. For LEM, firms may choose to buy a third-party solution with specific entity-management capabilities or they may consider developing an in-house custom solution to meet their exact needs. 

Tech-Enabled Legal Entity Management: Buy v Build 

Introducing technology to the entity management process is an opportunity to centralize data, increase accuracy, and automate workflows, creating a unified platform for internal teams. Companies gain the ability to adapt quickly to regulatory changes, promptly notify stakeholders of updates, and proactively enhance their legal entity risk posture. 

Further, centralizing legal entity data in a technology solution allows it to be more easily integrated and shared across other business systems, like accounting and CRMs, or into a data lake to increase visibility. 

For teams considering which kinds of software to prioritize and how to invest, a closer look at the technology market can shed light on which path to take: buy vs build. 

Buy 

Buying LEM software is often more cost-effective than building a custom solution, as it reduces upfront development costs and lowers the total cost of ownership. Many off-the-shelf solutions such as Athennian, Diligent, and hCue are specifically designed to meet the complex needs of asset managers, including efficient management of organizational charts and workflows. These platforms have teams dedicated to long-term technology enhancements and the deployment of upgrades and AI. These strategic resources help internal teams focus on daily operational tasks while the vendor supports the implementation roadmap and delivery. 

Off-the-shelf solutions can also provide strong support teams, active user communities for guidance, and easily defined workflows that are regularly updated and managed on customers’ behalf. By choosing a ready-made solution, firms benefit from ongoing improvements and scalability without the resource-intensive process of custom development. 

Build 

Building a custom LEM system allows for greater flexibility and customization for specific business needs and requirements. Asset managers may want to create a system that integrates seamlessly with existing platforms to ensure consistent data flow and real-time data availability. However, building and maintaining a system requires significant time, resources, and technical expertise. Leveraging an existing platform as a foundation for development can help reduce these costs and operational constraints. 

Regulatory Compliance and Reporting 

Regulations like KYC, AML, FATCA, CRS, and FinCEN are evolving, increasing the difficulty of maintaining accurate, updated compliance data. This becomes more complex when managing cross-border reporting, where different jurisdictions impose varying requirements.   

Solution: A Robust LEM System 

An LEM system enables faster and more efficient regulatory compliance that teams would otherwise find difficult to manage. These systems track evolving regulatory requirements, update business rules accordingly, and include reporting capabilities to verify compliance. The net effect is timely reporting and the mitigation of filing errors or penalties. 

Organizations ready to advance technology-enabled LEM capabilities can contact CrossCountry Consulting to get started. 

Private equity-backed companies face a unique challenge: scale fast, integrate bolt-on acquisitions, and produce investor-grade reporting – often with lean internal teams and high expectations from sponsors. 

To meet these demands, NetSuite is frequently the ERP of choice due to its flexibility, speed to deploy, and cloud-native foundation. But in a PE-backed environment, going live isn’t enough. There’s a full lifecycle of holistic implementation support needs that determine success, with the ultimate goal being a scalable, reporting-ready, and M&A-capable platform that supports value creation from Day One. 
 
Here’s what defines a successful target operating state for portfolio companies implementing NetSuite. 

Supports the Investment Thesis 

Whether the goal is rapid expansion, roll-up integration, or margin improvement, NetSuite must be configured with the endgame in mind. 
 
That means building not just for today’s needs, but for future scale and value creation. A well-architected NetSuite environment serves as the foundation of a broader technology platform, enabling process standardization, data visibility, and seamless integration across the finance stack. In a Buy & Build scenario, this scalability is critical. Each add-on should plug into a system that’s ready, not one that has to be rebuilt with every acquisition. 

Want to estimate the cost of licensing, implementing, and configuring NetSuite for your business? Access our custom pricing calculator. 

Scalable Chart of Accounts and Segmentation 

A future-proof COA and segment structure is essential for consolidating entities, analyzing performance, and onboarding acquisitions with minimal friction. Align current-state charts and segments to best practices while tailoring them to the company’s unique model and investor expectations. This ensures the design supports strategic reporting needs across platforms, regions, product lines, and acquisitions. 

Integrated Data Across the Stack 

NetSuite is most powerful when connected with other adjacent enterprise systems like Salesforce, payroll providers, procurement tools, and BI platforms, creating a single source of truth. 
 
The result: real-time visibility, fewer manual reconciliations, and a tech stack that works as a platform for growth and not a collection of disconnected tools. 

Real-world example: See how a PE-backed compensation SaaS generated significant time savings and streamlined operations through a custom-developed NetSuite implementation. 

Reporting Built for the Boardroom 

Traditionally, ERP implementations follow a “record to report” mindset. Today, that’s reversed. 
 
Start with “report to record”: define what leadership and investors need to see, then build the system to capture data accurately and efficiently. From board decks to operational dashboards, reporting is built into the system’s DNA, eliminating manual workarounds and enabling confident, fast decision-making.

Learn more: CrossCountry Consulting’s proprietary reporting and analytics framework surfaces hidden insights, generates prescriptive analytics, and visually integrates cross-functional dashboards to empower leaders and boards to make rapid value-creation decisions. 

M&A-Ready Infrastructure 

In the PE space, ERP implementation and M&A often happen simultaneously, which can lead to disjointed, frustrating, and lengthy integrations. That’s why an agile, phased approach that balances urgency with control is imperative.  

The goal is to deliver value quickly while laying the groundwork for long-term scale. Whether it’s a comprehensive rollout or a focused implementation for core entities, success is an evolution, not a revolution. Each phase builds momentum while maintaining business continuity. This approach also eases pressure on employees and enables change agents the latitude to properly communicate the advantages of the new system and the importance of speedy adoption. 
 
Management and sponsors should work closely to develop a tailored implementation roadmap that aligns with the company’s growth strategy, integration cadence, operational goals, and investment thesis. This way, the system grows with the business without creating friction or technical debt. 

Change Management Embedded from Day One 

A successful implementation lands technically and culturally. 
 
Change management must be embedded throughout the project by aligning early with key stakeholders, setting clear expectations, and providing hands-on training. Through the use of AI-powered tools to rapidly generate tailored SOPs and walkthroughs, companies can also help their teams adopt the new system faster and with less overhead. When users understand how NetSuite supports their day-to-day work, adoption becomes organic and sustainable. 

Final Word: From ERP to Exit Value 

A successful NetSuite implementation in private equity views go-live as a starting point, not the finish line.  When NetSuite is designed as an integrated platform, rather than a siloed system, it accelerates integration, improves reporting, and strengthens financial controls across the business. As an exit opportunity comes into focus, CFOs can proceed confidently knowing they’ve maximized the hold period and built tangible value for a sale or IPO. 
 
It creates operational leverage, supports smarter decisions, and lays the digital foundation investors expect at exit. In a competitive M&A landscape, this kind of infrastructure supports the business and enhances valuation. 
 
Ready to turn NetSuite into a value-creation engine for your portfolio? Contact CrossCountry Consulting today to get started. 

Will 2025 finally be the year finance says goodbye to manual data extraction? 

From manually keying inputs from PDF statements to reconciling values in Excel, finance remains bogged down in repetitive, error-prone tasks. But what if there was a way to make data extraction smarter, faster, and more accurate?   

CrossCountry Consulting’s AI-powered data automation accelerator is paving the way for a new era of efficiency in financial operations, enabling the Office of the CFO to transform workflows, achieve unparalleled accuracy, and redirect energy toward strategic, high-value activities. 

Here’s a closer look at transformation in action. 

Turning the Page on Manual Finance Data Extraction    

As one of the biggest operational bottlenecks and resource drains, data extraction persistently creates process inefficiencies that reverberate throughout the organization. Delays in capturing key financial inputs generate compounding delays on period close cycles and speed-to-insights. 

• Wasteful processes: Processing hundreds of PDFs and reconciling data can devour countless work hours and reduce revenue visibility. Simply getting data into a structured, systematized format is where most companies are losing time.   
• Untrusted data: Manual data entry is inherently risky, leading to inaccuracies that can delay closing cycles and create material weaknesses from an audit perspective.   
• Lack of transparency: Manual methods lack audit trails, making it harder to trace transactions or spot inconsistencies. 

For organizations ready to adapt, data extraction can now be automated with AI for greater speed, accuracy, and transparency.  

AI-Powered Data Automation Driving Rapid Results 

Replacing manual work with an auditable, systematized approach is a significant achievement for any organization. Beyond the operational efficiencies delivered, the timeliness, quality, and structured data produced elevate finance functions above transactional tasks and enhance the value they provide to the wider organization.  

To date, we’ve helped companies unlock significant results with this approach: 

• Achieving 99%+ data accuracy: A robust approach to data validation and reconciliation delivers consistent, trusted data with traceability to source systems.   
• Reducing processing times by 80%: Bulk upload hundreds of PDFs in minutes, freeing up valuable time for actual analysis and decision-making.   
• Enabling full auditability: AI-powered automation ensures a fully traceable process, with comprehensive audit logs linking input documents to ledger transactions.   
• Accelerating close and speed-to-insights: Faster data ingestion reduces time-to-close and improves accuracy of revenue snapshots. 

Here’s an illustrative example of leveraging this accelerator to automate contribution/distribution matching and the generation of associated journal entries:

The key to moving beyond the chaos of manual data extraction lies in developing an optimized, step-by-step AI workflow.  

How AI Automates Data Extraction   

Step 1: Train the AI Model 

Your AI engine is deployed with models specifically configured to recognize and ingest target fields and patterns from your documents, and, over time, it learns to increase the precision of automated extraction.  

Step 2: Upload Documents in Bulk   

Input documents (.pdfs, xls, csv, or other input files) are bulk uploaded into the system. Processing only takes a few minutes.   

Step 3: Validate Data   

Every field is automatically validated for accuracy, and thresholds for expected values can be configured to capture unexpected outliers. If issues arise, secondary AI models tackle the problem or flag it for manual intervention.   

Step 4: Consolidate Data for Reporting   

After full validation, data is consolidated across dimensions into a standard format. Business rules to enrich transaction data can then be applied before posting.   

Step 5: Reconcile Transactions 

As needed, automated reconciliation of transactions can be configured to match across datasets on specific value fields. Similar to our tiered validation approach, this reconciliation is performed automatically, and exceptions requiring manual intervention are escalated. 

Step 6: Auto-Generate Journal Entries   

Validated, enriched, and auditable transactions are now ready for posting to your ledger. Manual or automated workflows can be configured to optimize this process depending on the degree of interconnectivity between systems.   

The result? Data accuracy, auditability, operational time savings, and a more valuable finance organization. 

This flexible, dynamic approach to automating data ingestion can be applied widely across the finance function, supporting revenue recording, transaction matching, compliance-driven reconciliations, and more.  

Transform Your Finance Operations   

Automating data extraction and transformation is more than just a tactic to help CFOs stay ahead of the competition. It’s part of a larger strategy for transforming the finance function. Adopting AI to systematize key manual processes enables teams to reclaim their time, focus on forward-thinking initiatives, and supercharge growth.   

If you’re ready to unlock the full potential of AI for finance, contact CrossCountry Consulting. 

2025 marks the 23rd anniversary of the passing of the Sarbanes-Oxley Act (SOX).

In 2002, SOX requirements brought Internal Audit to the forefront, as internal auditors were and are uniquely positioned to support management with SOX compliance given their expertise in financial reporting, internal controls, and independence.  

However, one of the unintended consequences of SOX is that Internal Audit functions have been overwhelmed by the focus on SOX. Worse, Internal Audit is seen by some as purely “SOX auditors,” as opposed to risk-informed professionals with broad business acumen who serve as trusted advisors to the most senior leaders in the organization. 

So how can Internal Audit elevate beyond just compliance? 

Internal Audit’s Critical Value

An effective Internal Audit function is essential to more than just SOX. It serves to:  

• Protect company health and stability. 
• Promote sound corporate governance and ethical behavior. 
• Establish proactive risk management and risk advisory services. 
• Baseline strong compliance and compliance testing practices. 
• Identify and mitigate risks of fraud, cyberattacks, financial report misstatements, and more. 
• Assess and improve internal control operating effectiveness. 
• Collaborate with accounting firms and the audit committee/external auditor.  
• Provide assurance of the accuracy and reliability of financial information and the financial reporting process. 

If your Internal Audit function has been mired in the details of SOX compliance requirements – or if your department’s initial charge was to support management’s SOX control and testing program after going public – here are three steps to help your Internal Audit team lift up, look out, and expand risk coverage.  

1. Ask Stakeholders What Their Most Critical Priorities Are 

For Internal Audit to maximize its value and impact on the organization, it needs input from its stakeholders so it can best address unmet needs.  

If “beauty is in the eye of the beholder,” then the value of Internal Audit is in the eye of its stakeholders. So ask them what they value and need. 

Ask your stakeholders what is front of mind – what do they care about? What are their most critical priorities today? What services are needed near term and long term? 

While this process often happens during the Internal Audit Risk Assessment, don’t limit these conversations to predetermined risk assessment timeframes. Lead with continual, open lines of communication so internal auditors can strengthen working relationships and provide insights that cannot be gained elsewhere.  

2. Align With Opportunities and Address the Gaps 

With insight into what stakeholders are focused on, consider:  

• Where management is focusing yet could use an independent perspective to ensure strategic objectives are being met (e.g., robust internal controls for financial data). 
• Where management is not focusing and needs additional support (e.g., emerging non-financial risks and third-party risk management). 
• What needs to go right for management’s strategy and objectives to be successful. 

These gaps are strategic and competitive opportunities. As internal audit activity is re-oriented to more of these value-adds, the organization as a whole builds deeper and more unique core competencies. Internal auditors themselves can also inquire and assess where they can level up their departmental capabilities: 

• Where do controls and other risk mitigation strategies fall short of addressing the risk priority?  
• Can current controls be enhanced for greater coverage, or are new ones needed?  
• What is our internal control maturity, knowing the organization intends to become a public company soon or otherwise engage in a major transaction event? 
• Is additional training and follow-through needed?  

In addition to Internal Audit’s usual assurance activities, the IIA’s International Standards for the Professional Practice of Internal Auditing (“Standards”) specifically allow internal auditors to perform “consulting” activities through the Internal Audit function. This significantly increases the types of projects that Internal Audit can perform – and they don’t all have to be based in providing assurance.  

Depending on the gaps identified, below are some value-add activities that Internal Audit can, and in many cases should, perform to address those gaps:  

• Risk assessments. 
• Policy and procedure reviews. 
• Control gap assessments. 
• Root cause analyses. 
• Process efficiency reviews and benchmarking assessments. 
• Cost-benefit analyses. 
• Strategic initiative reviews – advisory input and postmortem assessment. 
• Training. 
• Culture surveys. 
• Internal Investigations. 
• Supporting the M&A lifecycle from diligence through integration. 

3. Iterate and Improve 

After working to address the gaps, go back to your stakeholders and ask, “How did the plan and activities work?”  

If you don’t receive constructive feedback – question that. Rarely is anything so perfect that no feedback can be offered.  

The priorities and gaps from last year – or even last month – have likely evolved. This is intel and feedback Internal Audit needs for a productive audit plan.  

Internal Audit should evolve in tandem with business demands, leveraging the latest automation, analytics, and AI tools to continuously innovate. For instance, use of data analytics enables internal auditors to view 100% of the population, rather than a sample, and can greatly enhance the assurance the audit function can provide. If common fraud risks appear to be mitigated, Internal Audit should think outside the box to identify unusual or unexpected risks that may be specific to the organization, its employee base, and its industry. Data analytics is one of the most effective anti-fraud controls. 

As internal auditors focus on looking beyond known risks to emerging and potential risks, breaking down silos, and increasing coordination, below are key considerations to help elevate the maturity of internal audit functions: 

• Analyze current state: Perform a needs and feasibility assessment of the department’s current state for technology integration, keeping culture and risk exposure top of mind.  
• Implement: Consider the use of advanced analytics, real-time reporting or dashboards, and integration of internal technologies with people, processes, and external technologies. Invest in a GRC tool. 
• Automation: Start thinking about a roadmap for automation. Start small. 
• Monitor: Measure realistic KPIs to assess what’s working and what isn’t. 

Twenty-three years later, SOX compliance remains critically important to the financial reporting integrity of public companies. But to maximize Internal Audit’s value to the organization, it needs to expand its focus well beyond SOX and continually assess the broader risk landscape to enable Board and C-Suite decision-making. 

To fully capitalize on the value Internal Audit can bring to your organization, contact CrossCountry Consulting today. 

You might be surprised to learn that your organization has implemented AI in more ways than is often recognized. Think about Optical Character Recognition (OCR) for document processing or even basic chatbots for customer service. However, the true power of AI lies in its ability to integrate with your core financial systems and unlock a new era of intelligent automation and predictive capabilities. 

For organizations making incremental progress on their AI journey, accelerating AI maturity is a matter of digging a little deeper into existing finance workflows and fully utilizing the tools in your tech stack. 

As visualized in our proprietary AI-driven reporting and analytics framework, let’s explore five areas of finance with the most opportunity for AI and how leading organizations are maximizing operational efficiencies in the process. 

1. AI in Financial, Risk, and ESG Reporting 

It’s estimated that nearly 20% of organizations are using GenAI in financial reporting – but that number is expected to climb to 95% in the next three years, underscoring the speed of adoption and universal use cases of AI in finance. These trends extend into other areas of the business for which finance now commonly has oversight, including risk, audit, cyber, and ESG.  

• Summarize and roll forward Management Discussion & Analysis (MD&A) for subsequent period through comparative analysis, automating the population of recurring sections, and drafting initial forward-looking statements. 
• Draft narratives, policies, procedures, disclosures, risk statements, and other key documents and descriptions. 
• Identify key factors that influence a chosen metric, highlight trends, isolate outliers, and enable further drill-down and root cause analysis. 
• Generate quick data-driven visuals and points of emphasis for reports. 
• Create visualization summaries automatically that align to executive/board business drivers. 
• Ask questions in plain English with natural language processing (NLP) and receive instant, visual answers. 

Real-world example: In what previously took days to complete, KFC Australia now generates and delivers reports in just 20 seconds while at the same time cutting database operation costs by 70% through AI data analytics. 

Expert recommendation: AI is not a standalone initiative. It must be embedded into existing frameworks and ideally through integrated reporting tools that offer cross-enterprise value rather than siloed benefits to an individual business function. 

Helpful tools: Power BI, Workiva, AuditBoard 

2. AI in Financial Planning & Analysis (FP&A) and Corporate Performance Management (CPM) 

Today’s AI-forward teams are connecting enterprise data and integrating planning processes for serious efficiencies and savings. This includes 86% faster planning processes and 30% higher forecast accuracy. 

• Machine learning (ML) to analyze vast datasets, identify complex patterns, and generate more accurate and granular forecasts compared to traditional methods. This may include techniques such as driver-based analysis, variance analysis, time series analysis, scenario planning and simulation, demand forecasting, and anomaly detection. 
• Agents for self-service analytics to empower business users without deep technical skills to perform bespoke analysis of respective data. 
• Guided analysis and data exploration that helpfully navigates users through analytical workflows with easy-to-use prompts, actions, and visualizations, which can surface relationships between data points and insights they may have been otherwise unable to achieve. 
• Rapid insights and impacts on COGS, EBITDA, liquidity, and other key financial performance metrics. Built-in AI-enabled CPM workflows and insights often come out of the box versus legacy systems that may only have AI bolted on or that require another integration or implementation. OneStream’s Sensible AI, for instance, is a suite of purpose-built AI solutions that includes ML/AI models built directly on top of OneStream’s unified data model and proprietary financial intelligence. 

3. AI in Financial Consolidation 

Gathering, mapping, and preparing repetitive financial statements is ground zero for AI value. Recent reports suggest that close cycles in particular can be completed 15–100X faster with the use of AI-powered automation tools. 

• Intelligent transaction matching that learns from historical matching patterns and user-defined rules to automatically match transactions from various sources (e.g., intercompany invoices, bank statements, sub-ledgers). AI can also identify minor variations and risks that would be difficult to spot manually. 
• Auto-validation of journal entries, including auto-compliance with company policies, reasonableness tests, and flags on entries that deviate from norms. 
• Generative close checklists that are dynamically created based on the entities being consolidated, their complexity, regulatory requirements, and historical close performance. This process can help maintain forward progress, remediate issues proactively, and provide automated updates to key stakeholders along the way. 
• Enhanced audit traceability to meticulously track all data changes, eliminations, adjustments, and approvals within the consolidation process, creating a more robust and transparent audit trail. It can also automatically map financial data to regulatory requirements (GAAP, IFRS) to ensure compliance. 

Real-world example: Costco deployed AI to unify financial results, P&Ls, forecasts, and variance commentary, which enabled the company to reallocate 25% of FTE time to higher-value work and eliminate more than 90 Excel spreadsheets. 

Expert recommendation: Use what you already have. AI is now embedded into virtually all major SaaS products in some form, especially for workflow automation and faster analytics. It’s likely the case that common cloud-based ERP, finance, and accounting software solutions already implemented in the Office of the CFO (OCFO) are being underutilized with respect to newer AI functionality. Exploring the latest AI upgrades to existing software with internal teams and vendor reps is a great way to make continued incremental AI progress without requiring a lot of time, cost, or disruption. 

Helpful tools: FloQast, OneStream

4. AI in Data Consolidation 

In the next three years, it’s projected that the fragmented data management software market will collapse into a single unified market enabled by GenAI and augmented data management architectures. This underscores the transition toward AI enablement and the future CFOs and CIOs can expect when formulating their data consolidation strategies. 

• With AI data observability capabilities, the AI automatically detects anomalies, identifies root causes of data quality issues, and even suggests remediation steps, which drives policy enforcement and compliance. 
• AI, especially NLP and computer vision, is being used to build intelligent pipelines that extract valuable information from unstructured data sources (e.g., documents, emails, social media) and external sources (e.g., market data, news feeds) for consolidation. 
• Copilots for automating complex tasks within ETL/ELT pipelines, executing desired workflows, and providing context-aware recommendations. 
• ML that facilitates the automatic mapping of data fields and the alignment of schemas from disparate systems, significantly reducing manual effort. 
• Automated cleaning and preparation in which AI algorithms identify and rectify inconsistencies, errors, and duplicate entries across diverse data sources. 

Real-world example: Entertainment data provider Luminate achieved 334% faster daily data processing through a scalable data lake architecture and AI/ML that extracts richer insights. 

Expert recommendation: If you can’t produce BI, don’t focus on AI. As much as 70% of developing a usable AI solution is spent wrangling and harnessing data. By already having a well-designed infrastructure and high-quality data structure, it makes generating and scaling AI outcomes significantly more achievable. 

Helpful tools: Alation, Alteryx, Databricks, Snowflake, Azure 

5. AI in Transactional Processing 

AI’s ability to analyze transactional data in real time to establish baseline behavior and identify deviations is helping flag fraud, errors, or other suspicious activities. That’s why 71% of banks now turn to AI to prevent and recover from payments fraud.  

• AI-powered anomaly detection across thousands of data points per transaction, which can then adapt to normal user behavior and catch anomalies as they occur. Over time, this process helps reduce false positives and can proactively identify high-risk accounts. 
• Procurement recommendations, including finding the most suitable supplier based on select criteria, analyzing internal/external news to predict supply chain disruptions, and identifying cost optimizations such as bulk discounts or better contract terms. 
• Automated activity capture through a combination of OCR and intelligent document processing (IDP) for contract analysis, invoice processing, receipt management, and transaction monitoring. 
• AI chatbots to guide users and customers through simple transactions, communicate FAQ answers, update account information, and augment customer-facing employees. 

Real-world example: Coupa reduced time spent on manual data extraction and contract reviews 85% by leveraging an NLP revenue recognition tool. 

Expert recommendation: Automated, connected data brings the entire enterprise together and unlocks faster, more informed decision-making. The sheer volume of transactions across departments and the number of systems and data sources in play require effective controls and process efficiencies that AI is perfectly suited to assist with. Invoice and expense report processing, data entry, fraud checks, payment verification, and other traditionally manual, repetitive tasks are the tip of the spear for AI in finance. 

Helpful tools: Sage, NetSuite, Coupa, SAP, Oracle 

Ready to deliver on the promise of AI within your finance function? Contact CrossCountry Consulting today. 

Sage Intacct’s latest release, R2, delivers a robust set of enhancements designed to optimize financial management across various modules. To see how your organization can maximize the value of your Sage Intacct instance, view the demo of key updates from CrossCountry Consulting’s Sage Intacct implementation experts. 

And for a rundown of changes to be aware of, our team has distilled important updates below:

Streamlined Data Handling: The New Import Service 

Data import processes are revolutionized with the New Import Service. This tool offers real-time error feedback, template-based imports, intelligent header mapping, and in-line editing capabilities. It currently supports importing and updating data for core dimensions like Locations, GL Accounts, Departments, and Classes, with a beta program for Vendors and Customers, promising a more efficient and user-friendly import experience. 

Enhanced AP Workflows: Simplified Bill Approvals 

Accounts Payable workflows are simplified with the separation of bill approval rule types from named users. This eliminates clutter in policy setup, allowing for clearer definition of approval rules based on criteria like vendor or amount, while specific approvers are now assigned under a dedicated “User Level” rule type. 

Shared AP/AR Controls: Warnings and Import Security 

Shared updates for both AP and AR enhance control and accuracy. A new warning message alerts users when attempting to void or reverse reconciled transactions, preventing unintended disruptions. Additionally, security for CSV imports of posted AP and AR adjustments and AR invoices are strengthened, now requiring “Post” permissions, ensuring greater data integrity. 

AR Advancements: Statements, Refunds, and Page Updates 

Accounts Receivable sees notable advancements, including the display of external credits (adjustments, negative invoices) on entity-level statements, ensuring perfect alignment with AR ledgers and aging reports. The retirement of the classic “Receive a Payment” page has been delayed, and an exciting new feature for recording customer refunds directly within AR is on the horizon for early adopters, promising a streamlined refund process. 

Smarter Reporting: Financial Report Writer Optimization 

The Financial Report Writer gains intelligence by analyzing report structures and offering performance optimization recommendations upon saving. This helps users identify and address potential bottlenecks, leading to more efficient and insightful reporting. 

Cash Management Evolution: Imports and Credit Card Control 

Cash Management receives significant attention with the impending retirement of the classic bank transaction import functionality. Users are encouraged to transition to the enhanced Bank Transaction Assistant, which now supports importing credit card transactions. Furthermore, a new reclassify credit card transactions feature allows for the re-categorization of directly entered and paid credit card transactions, provided the feature is enabled in configuration and appropriate permissions are granted. 

Optimized Purchasing: Price Visibility Control 

Purchasing workflows benefit from the ability to hide prices on receiver transactions at the transaction definition level. This is particularly useful for scenarios in which receiving personnel only need to focus on quantities, enhancing efficiency and potentially safeguarding sensitive pricing information. 

Streamlined Fixed Assets: Reporting, Lists, and Transfers 

Fixed Asset Management continues to evolve with the addition of a Depreciation Roll Forward Report, exportable fixed asset lists, increased records per page options, an audit trail for each asset, and expanded capabilities for inter-entity asset transfers, now including the Entity dimension for top-level assets within the same base currency. 

Enhanced Contracts: Summary, Payments, and Configuration 

The Contracts module introduces a comprehensive Contract Summary tab, replacing the billing transaction tab, providing a holistic view of all contract-related activities. Users can now directly pay associated order entry invoices from this summary. While a feature to generate invoices directly from the contract list is temporarily unavailable, it’s slated for a near-term release. Additionally, users can now update custom fields on canceled contract lines, and a new configuration setting allows for automatic adjustment of GL posting dates for evergreen renewals falling into closed periods. 

Time and Expense: Split Into 2 Applications 

A key structural update involves the separation of Time and Expense into two distinct applications, independent from Projects. While time configuration continues to be managed within Project settings, the day-to-day entry and use of timesheets now take place within the new, dedicated Time application. Previously bundled as a single application, they each now have their own menu for easier access. Both applications remain included in your subscription, and this change is designed to enhance usability by making features easier to locate and navigate. 

Smarter Consolidations: The Affiliate Entity Dimension 

Finally, for organizations with multiple entities, the introduction of the Affiliate Entity standard dimension in consolidations streamlines inter-entity reconciliation and reporting. Tagging transactions with the affiliate entity simplifies mappings and facilitates eliminations during consolidations. 

Preparing for Upcoming Transitions 

Sage Intacct R2’s powerful suite of enhancements emphasizes security, efficiency, user experience, and control. These updates empower finance teams with more robust tools and process efficiency to ensure maximum return on Sage Intacct investment. To better understand the latest ways Sage Intacct can drive value creation at your organization, contact CrossCountry Consulting. 

The Institute of Internal Auditors (IIA) announced its Cybersecurity Topical Requirement, the first in a series of mandated frameworks under its International Professional Practices Framework (IPPF). The move signals a shift from cybersecurity audits being a discretionary or ad-hoc exercise to a standard approach for all audit plans.

Standardizing Audit

The requirement mandates a baseline approach for internal audit functions assessing cybersecurity. Key scope areas include:

• Governance: Clear roles for cybersecurity oversight, aligned with strategic objectives.
• Risk management: Dynamic risk assessments to counter evolving threats.
• Controls: Rigorous evaluation of technical and procedural safeguards of data and assets.

This means standardized audits will replace inconsistent practices with a unified methodology tied to frameworks like NIST CSF 2.0 and COBIT 2019.

Breaking Down Silos

A standout theme of the requirement is collaboration. The IIA explicitly pushes auditors to partner with InfoSec teams, bridging a historical conflict and divide. The requirement’s User Guide even maps controls to NIST 800-53, offering a shared language for both functions. This is a win for organizations aiming to elevate beyond reactive, siloed responses to breaches and a callout to the DevSecOps approach brought to many organizations.

Additionally, if IT leadership is not open to cyber audits, it’s a red flag. Internal audit should work to build their credibility, add expertise where needed, and address hesitation from IT. Cybersecurity awareness should be embedded into all areas of the organization, including internal audit.

Challenges Ahead

While the requirement is a leap forward, implementation hurdles remain:

• Timeline: Conformance is mandatory by February 2026, but smaller internal audit functions may struggle with resource constraints and subject matter expertise.
• Scope flexibility: Audits are not required, but if cybersecurity is scoped, the framework applies. This balances rigor with adaptability but could lead to avoidance of cybersecurity in some organizations’ audit plan. Internal audit teams should assess cyber risk on an annual basis and, given this has been a top risk for all industries for the past several years, there is no reason not to include cyber in the audit plan.
• Privacy balancing act: Continuous monitoring must align with employee privacy norms, a tension the framework acknowledges but doesn’t resolve. Cross-training team members in privacy areas and collaborating with privacy experts is increasingly becoming more important.

What’s Next?

The IIA plans follow topical requirements for third-party risk, culture, and resilience. For now, cybersecurity takes center stage, reflecting its rank as the No. 1 global risk in the IIA’s 2025 survey.

This requirement isn’t just about compliance; it’s a call to action. Internal audit should partner with cyber leadership to:

• Review the Topical Requirement and User Guide to ensure they have a plan to meet the baseline requirements.  
• Evaluate their internal audit teams’ cybersecurity expertise and provide training or seek third-party expertise as needed for support.
• Ensure current process supports formal cybersecurity strategies, standard board-level reporting, and clear roles and responsibilities for cyber risk management.
• Prioritize continuous risk management by maintaining ongoing risk assessments, updating incident response plans, and measuring awareness program effectiveness.
• Implement continuous monitoring, effective third-party/vendor management, and regular independent control evaluations.
• Promote cross-functional collaboration, alignment, and communication between audit, InfoSec, and senior management to drive a unified cybersecurity approach.

Organizations leveraging the new requirement will gain stronger cyber resilience and standardization, empowering audit and InfoSec teams to address cyber risk and report it effectively to the board. For internal auditors, the message is clear: Cyber audits are here to stay. For InfoSec teams? It’s time to welcome audit as an ally, not an adversary.

To better understand and apply the rule at your organization, contact CrossCountry Consulting.

Rising tariffs, shifting policy, and market instability have pushed scenario planning from best practice to strategic necessity. CFOs who embed agile forecasting, cross-functional input, and data-driven modeling into their planning cycles can lead with clarity, despite volatility.  

Here’s how to turn scenario planning into a strategic advantage instead of a contingency tool.  

Shift From Static to Dynamic Budgeting and Forecasting 

Traditional annual budgets and forecasts become outdated almost immediately. To stay responsive to shifting market conditions, proactive CFOs are adopting agile planning cycles, anchored by rolling forecasts updated monthly or quarterly. As such, dynamic budgeting and forecasting must become a core finance capability. The most effective models integrate top-down strategic targets with detailed bottom-up input from departments, ensuring alignment with enterprise goals while grounding plans in operational realities. 

This hybrid approach enables more realistic, flexible resource allocation and accelerates decision-making. It also creates a foundation for cost optimization strategies like zero-based transformation, helping finance leaders unlock savings without sacrificing agility. 

Leverage Real-Time Data Analytics and AI 

Employing advanced data analytics tools, including predictive analytics and machine learning (ML), enables CFOs to identify financial trends, improve forecasting accuracy, and make more informed and timely decisions. These tools can help quickly analyze the impact of tariffs or market fluctuations on KPIs. Today’s leading organizations are finding particular success with OneStream. 

OneStream’s Sensible AI is a suite of purpose-built AI solutions that accurately derive scenarios in real time, enhancing strategic decision-making. The Sensible AI portfolio includes ML and AI models built directly on top of OneStream’s unified data model and proprietary financial intelligence. This allows finance teams to identify trends, analyze business drivers, and create forecasts from trusted enterprise data with unparalleled accuracy and speed.

Data Infrastructure as a Strategic Asset 

The impact of any scenario model is only as strong as the data behind it. That means integrating finance platforms with operational and commercial systems, unifying definitions (e.g., customer, cost center), and enforcing governance protocols to ensure clean, trusted data feeds into forecasts. 

But better forecasting also requires stronger infrastructure. CFOs should use this opportunity to assess IT spend, which often reveals redundant systems, underutilized licenses, and shadow tools that drive up cost and complexity. Rationalizing overlapping platforms across finance, procurement, and analytics reduces spend, streamlines data architecture, and accelerates access to actionable insight. 

Contingency Planning and Reforecasting 

Tariffs and economic uncertainties demand a thorough reassessment of forecasts and budgets. Account for various scenarios, such as changing FX rates, declining customer demand, and elongated procurement lead times as part of standard operating procedure moving forward. By leveraging cross-functional input from procurement, sales, operations, and FP&A, CFOs can mitigate risks and rapidly spin up new enterprise plans. CrossCountry Consulting’s proprietary reporting and analytics framework integrates cross-functional data from across the organization to surface new insights, harness the power of hidden data, and accelerate speed-to-decision in today’s environment. 

Liquidity Monitoring and Forecasting 

Accurate cash flow and liquidity forecasting enable CFOs to understand and respond to increased cost structures and shifting customer demand. The keys are near-real-time monitoring of working capital balances, late-paying customers, slow-moving inventory, material purchase orders, and sales pipeline tracking. With greater visibility into the company’s liquidity position, CFOs can balance strategic risk-taking with risk management. Plus, with direct connections between source systems, CFOs can stay on top of capital deployment in real time through reporting and forecasting engines. 

Want in-depth analysis and actionable recommendations? Explore the full CFO report here. 

Evaluation of Pricing Strategies 

Developing a pricing strategy that balances absorbing tariff costs with ensuring profitability is essential. OneStream Sensible AI assists entities in assessing their ability to increase pricing, considering factors such as product impact, customer arrangements, consumer demand elasticity, and market share. This strategic evaluation allows CFOs to make recommendations on how to take the portfolio to market while preserving margins. 

Proactive Reporting and Dashboarding 

To track economic volatility effectively, FP&A teams must develop and monitor KPIs such as tariff-adjusted COGS, pricing impacts, incremental compliance costs, and margin trends. Compiling this information into executive-friendly dashboards enables CFOs to bridge variances against budget and confidently plan for future scenarios. A comprehensive data strategy ensures these KPIs paint the right picture and enable CFOs to see around corners. Data strategy is also the cornerstone of AI enablement. 

The Rewired Finance Operating Model 

Scenario planning isn’t just for the finance function – it’s a cross-enterprise capability. To embed agility at scale, CFOs must lead the redesign of the finance operating model itself by: 

• Aligning FP&A, procurement, and business unit planning cycles. 
• Defining clear ownership for inputs, models, and decision triggers. 
• Establishing a finance center of excellence (CoE) to maintain tools, data, and best practices. 
• Training business partners to engage with rolling forecasts and scenario outputs. 
• Streamlining governance so decisions can match the pace of change. 

When these pieces are aligned, scenario planning becomes more than a response mechanism – it becomes the engine of strategic finance. 

Ready to rewire for agility? Contact CrossCountry Consulting to explore how scenario planning, data infrastructure, and operating model transformation can unlock smarter, faster decisions. 

As a cloud-based ERP solution, NetSuite enables businesses to streamline operations, scale intelligently, and, perhaps most importantly to today’s finance and IT leaders, integrate seamlessly with other systems. It serves as a central hub for digital transformation and a single source of truth for key operational and financial information that drives corporate decision-making and competitive advantage. 

So how can organizations maximize NetSuite’s value and role within their enterprise technology architecture? 

Making Enterprise Connections With NetSuite 

By enabling seamless data flow across departments and systems, NetSuite builds a strong technology backbone for your organization. This foundation creates and generates: 

• A unified system of record: NetSuite consolidates data from multiple business functions (financials, CRM, HR, and more) to offer integrated visibility and control. 
• Scalability: NetSuite grows with the business’s needs at any stage of its lifecycle and maturity. 
• Integration with SuiteApps and external systems: With over 500+ SuiteApps, NetSuite supports functionality across AP automation, supply chain, and analytics. Even better, integrations with external platforms like Salesforce and Coupa make it a flexible choice for modern enterprises. 

Want to estimate the cost of licensing, implementing, and configuring NetSuite for your business? Access our custom pricing calculator. 

While NetSuite helps unite enterprise systems, there are a series of other technology investments and capabilities that companies must have in their tech stack, as explored below: 

Key Components of a Modern Tech Stack  

To create a robust, value-driven tech stack, businesses must focus on tools that drive results across critical areas. CIOs should prioritize: 

1. Customer Relationship Management (CRM) 

Integrating CRMs like Salesforce or HubSpot with NetSuite enhances customer insights. Real-time synchronization ensures your teams have access to the latest customer activities, boosting sales and customer retention. 

Real-world example: See how CrossCountry Consulting created a custom CRM solution that provided central storage of all key company information and automation of critical processes for an insurance provider. 

2. Analytics and Reporting  

Harness the power of NetSuite Analytics Warehouse to uncover actionable insights. Advanced reporting dashboards and tools like Oracle Analytics Cloud can help transform raw data into meaningful decisions.

3. E-commerce Integration 

For businesses with digital storefronts, seamless integration with platforms like Shopify and Magento ensures smooth order processing, inventory tracking, and improved customer experiences. 

Learn more: An apparel brand achieved +50% increase in efficiency across its distribution center thanks to a custom-designed NetSuite solution. 

4. Supply Chain and Procurement Automation  

NetSuite’s suite of tools, such as the Intelligent Supply Chain Control Tower and supply chain management module, enables precise demand forecasting and real-time inventory adjustments, reducing inefficiencies. And with a strategic integration with Coupa, NetSuite users can seamlessly connect and optimize procurement processes to enhance accuracy, streamline operations, and strengthen control and compliance. 

5. Human Resources Management Systems (HRMS) 

HR teams can use NetSuite integrations with Workday or BambooHR to optimize hiring, onboarding, and employee engagement efforts. 

By carefully selecting components that align with your organization’s objectives, you can design a tech stack that drives value and supports agile operations. 

Building Your Tech Stack with NetSuite  

Here’s the step-by-step process for building a modern tech stack with NetSuite at its core: 

Step 1. Assess Current Infrastructure  

Analyze your existing technology ecosystem. Are your tools siloed? Are there gaps in data accessibility, insights, or functionality? Conduct an IT audit to determine what needs integration or replacement. 

Step 2. Define Your Needs and Goals  

Link your tech stack strategy to business objectives. Whether it’s growth, cost reduction, or efficiency gains, clarity on your goals will guide your roadmap. 

Step 3. Centralize Operations with NetSuite  

Use NetSuite as your foundation. Configure its native features like financial management, CRM, and ERP functions to establish a centralized operational framework. 

Step 4. Integrate Complementary Tools  

Identify technologies that will complement NetSuite. For instance, plug in analytics platforms for decision-making or sync with e-commerce solutions for better order fulfillment. 

Step 5. Leverage SuiteApps  

Explore 500+ SuiteApps to extend the functionality of NetSuite. Tools like Netgain for accounting or Avalara for tax compliance are great places to start. 

Step 6. Test and Optimize  

Before full deployment, test your new tech stack in a sandbox environment. Ensure seamless integration, proper function of automated workflows, and reliable data accuracy. 

Step 7. Ongoing Monitoring and Scalability  

The tech landscape evolves fast. Set up monitoring dashboards and allocate resources for regular stack optimization to future-proof your system. 

Buy vs Build: Making the Right Choice 

Organizations often wrestle with the “Build vs. Buy” dilemma when designing their tech stack.  

Buy when stability is key, such as backend ERP implementations, but build custom solutions for front-end systems to tailor the experience to your customer. This hybrid approach ensures both innovation and operational reliability. 

NetSuite offers a balanced framework to buy vs build, allowing businesses to build on the frontend for tailored customer experiences while buying on the backend for stable processes and compliance.  

When to Buy  

• The solution fits 80%+ of requirements and can be adapted for a 100% fit. 
• Direct impact on accounting or financials increases risk for DIY builds. 
• Vendor support is readily available for business-critical processes. 
• In-house resources are insufficient or have a risk of turnover. 

When to Build  

• Internal or consulting team deeply understands requirements. 
• Stable internal or consulting resources to support solution and optimizations. 
• Time and energy are present to focus on solution architecture and testing. 
• “Buy” vendor poses a risk of not supporting the tool in the near future due to size/scale. 

If building, consider the following checklist to ensure the internal resources and capacity exist to successfully execute: 

• Clear requirements? 
• Clear design options? 
• Accurate effort estimation? 
• Ability to roll out and support? 
• Is it needed or just wanted? 
• Who does it impact? 
• What problem is being solved? 
• What are the benefits and risks? 
• Is it simple enough? 
• Is there really ROI on building something? 
• Does it meet all requirements? 
• Does it create other problems? 
• Is the team qualified to build? 
• Do they understand the design? 
• Is the effort and timeline estimated properly? 
• Is the cost fixed or variable? 
• Is change management required? 
• Are process changes needed? 
• Is training required? 
• Who will support after launch? 

Leveraging a proprietary implementation support framework, CrossCountry Consulting’s integrated teams bring comprehensive solutions to every systems project and assist with vendor analysis, system selection, stakeholder alignment, transformation roadmaps, business as usual (BAU) support, controls design and testing, talent upskilling, system enhancements, continuous process improvements, and more. 

Future-Proofing NetSuite  

NetSuite is increasingly integrating AI to enhance its capabilities. AI tools can identify trends, make predictions, offer recommendations, and handle repetitive tasks, thereby increasing accuracy, speed, and employee productivity while reducing errors. Key AI services in NetSuite include anomaly detection, vision, speech forecasting, language and document understanding, and generative AI services.   

As AI continues to evolve, so must your NetSuite environment and holistic enterprise architecture. A scalable, flexible tech stack adapts to changing business needs while empowering intelligent decision-making now and in the future. 

Are you ready to transform your tech stack? Contact CrossCountry Consulting for expert NetSuite implementation and optimization. 

Corporate Performance Management (CPM) software, sometimes referred to as Enterprise Performance Management (EPM), is a powerful tool that enables businesses to quickly consolidate, plan, and budget through automation, standardization, and robust reporting capabilities. But only if they can strategically capture the full value of the system.

While the market for CPM technology is growing between 5-20% every year, the reality is that Finance, FP&A, and IT leaders are leaving money on the table when trying to recoup their CPM investments.

The ROI Reality Check: Bridging the CPM Value Gap

After buying a CPM tool, companies often fail to realize the full benefits of the system due to poor design or change management. Once live, the CPM platform is plagued by poor data governance, and many of the most value-added features go unused, including automated reporting books, robust driver-based models, and automation of standard calculations. Rather than maximize their CPM investment, companies revert to complex Excel workbooks.

By understanding these causes of failure and shifting the expectations around CPM transformation, leaders can rapidly generate ROI and accelerate speed-to-value.

Rising Above Root Causes of CPM Failure

Project teams and implementation partners must guard against a series of common issues, including:

• Lift and shift approach: Organizations often implement CPM tools to mirror their existing processes in Excel. Users then blame the CPM system rather than redesigning for real transformation.
• Resource limitations: Finance functions may not have the time and resources to revamp their data and processes when they’re already consumed by existing manual processes. The inability to change, update, or reimagine old ways of working prevents organizations from becoming more efficient.
• Cost concerns: Organizations often go with a lower-cost option to achieve a minimally viable product (MVP). The problem, though, is that they never move beyond the MVP and are left with a tool with limited capabilities and low utilization.
• Data quality issues: If organizations struggle with data quality issues, such as incomplete or inconsistent source system data, users may lose trust in the tool’s outputs. And without proper data integration mechanisms, integrating the CPM tool with other systems or data sources creates complexity that discourages users.
• Potentially limited customization: Some CPM tools lack flexibility and force teams into pre-configured options. This can make it difficult for organizations to tailor CPM tools to their specific needs. Other tools like OneStream, however, are built to be fully flexible and configurable
• Lack of clear objectives: Without clear objectives or goals for using the CPM tool, users may struggle to see its value or understand how it can benefit their work.

Accelerating Value Creation With Holistic CPM Implementation Strategies

• Embrace change: As organizations evolve and grow, they must equip stakeholders with tools to optimize their business functions and support business leaders with adapting to a best-in-class process. Interested in learning more? See how CrossCountry redesigned a SaaS firm’s enterprise planning process and technology architecture, generating significant time and labor savings in the firm’s FP&A function.
• Use driver-based planning: Shifting to driver-based planning enables a wide range of scenario analysis. Implement this approach with CPM tool calculations from business leader inputs, with built-in reporting to capture variances and inform planning adjustments.
• Phased approach: Building a CPM solution in multiple phases compartmentalizes the process shift by piloting the tool with a particular business function. It’s common for organizations to implement certain application components like consolidations first to satisfy accounting requirements, while waiting to implement planning so as not to overwhelm the business.
• Predictive modeling: Leverage a wide variety of inputs to generate near-term and long-term forecasts. How could, for example, a restaurant know how many customers to expect in a given day? They can direct the model to look at weather trends, time patterns, and customer behavior to anticipate activity.
• Strong data controls: Establish strong data controls and global data governance strategy across organizational data systems and make this part of the implementation roadmap from the start.
• Customization and configuration: Many CPM tools enable users to adapt the tool to their requirements and workflows. Training sessions typically cover how to customize reports, dashboards, and data entry forms, as well as configure calculations, allocations, and business rules. Real-world example: See how CrossCountry Consulting executed a human-centered transformation management workshop to develop a transformation roadmap and associated business case for a OneStream implementation.
• Automation and manual override capabilities: Understand the tool’s functionality and embrace the automation capabilities available, rather than leaving them unused. Keep in mind that automation is only one piece of the equation, and manual override must be included to equip management with the correct level of control over FP&A processes.

• Full-lifecycle implementation advisory services: Implementing a robust CPM software is a full-time job. Rather than pull in fractional resources or overload internal staff with project tasks outside their expertise, partner with an integrated systems implementation advisor that sits between and within your internal teams and implementer. This added resource brings expert implementation, transformation management, finance, accounting, IT, risk, and FP&A support to the project to ensure a holistic approach and maximum ROI during every phase: pre-go-live, execution, post-go-live, and ongoing fine-tuning and maintenance.

The CPM Value Advantage

With deep experience delivering CPM solutions, providing managed services, optimizing existing platforms, and helping top organizations execute on their CPM vision, our team empowers your company to extend the utility of your system and capture maximum CPM value.

Leveraging a proprietary implementation support framework, our integrated teams bring comprehensive solutions to every CPM engagement and assist with vendor analysis, system selection, stakeholder alignment, transformation roadmaps, business as usual (BAU) support, controls design and testing, talent upskilling, system enhancements, continuous process improvements, and more.

Contact CrossCountry Consulting today to get started.

Evolving risk and regulatory environments are prompting greater strategic collaboration between Internal Audit (IA) and Enterprise Risk Management (ERM) teams like never before. While internal auditors have historically served in a third line of defense (3LD) capacity and risk managers led the second line of defense (2LD), these lines are now blurring. 

To effectively support the organization and Board of Directors in fulfilling total risk responsibilities, providing a more consistent reporting experience, and improving corporate decision-making, the lines of defense have larger, more integrated roles to play. This includes, among other things, the timely identification of emerging risks, the development of risk-mitigation strategies, and serving as a strategic advisor. 

So where should these two groups begin? 

Clarify Roles of Internal Audit and Risk Management Teams 

First, it’s helpful to distinguish between IA and ERM roles. This clarification is important to building a mutually beneficial working relationship, minimizing duplicity, and maximizing impact: 

• “Internal Audit is an independent, objective assurance and consulting activity.” Its core role is to provide objective assurance to the Board on the effectiveness of risk management. While IA cannot own or manage risks, it can provide input and collaborate with risk management functions. 

• “Enterprise Risk Management is a structured, consistent, and continuous process across the entire organization that identifies, assesses, and decides on responses to and reporting for opportunities and threats that affect the achievement of its objectives.” 

Interestingly, internal audit functions that are better aligned to strategic organizational goals are better funded, an Institute of Internal Audit Report found. Additionally, Chief Audit Executives – traditionally internal auditors themselves – are more likely than ever to be responsible for ERM as well. It’s clear that alignment is a bottom-line business imperative. 

How to Optimize an Organization’s Risk Intelligence

The focus of IA and ERM is similar, yet many organizations execute these roles in silos, impacting enterprise-wide risk management and risk assessments. This hinders each function’s ability to identify and respond to changing risks, establish governance processes, and meet audit committee expectations. 

If you find yourself in this position, below are four practical yet high-impact ways to maximize your collective efforts toward dynamic risk management: 

1. Speak the Same Language 

A common risk universe and risk taxonomy are the building blocks for establishing a strong and uniform risk culture. From a strategic viewpoint, it’s hard for the executive team and the Board to engage in an effective risk dialogue if they don’t speak the same language. Imagine facilitating a conversation with a team of executives regarding an issue, with everyone using words that mean different things to different people; it’s likely that people are talking about completely different things! 

A uniform risk language is essential for executive sponsorship, engagement, and control. IA and ERM are in the perfect position to help develop risk language that will become part of the fabric of the organization, ultimately creating a risk-savvy culture and making internal auditing and risk management processes more frictionless. 

2. Share Risk Intelligence 

IA and ERM have unique access to management’s decision-making process and are privy to early information around strategic changes or future direction, be it introducing a new product to the market, implementing new technology, or considering a change in strategic direction. 

Given their distinct roles in the organization, the timing and nature of involvement may be different. Appropriately sharing information between teams that may change the organization’s risk landscape will ensure that IA and ERM priorities and efforts are spent in the most critical risk areas. Collectively, information-sharing can lead to stronger governance, collaborative risk identification, and aligned business objectives. 

3. Leverage Data Analytics and AI 

As IA and ERM coordinate to create a uniform risk language and share risk intelligence, data analytics should be leveraged to first define and then monitor key risk indicators (KRIs). A data-driven approach supports the monitoring of KRIs, which identify emerging risks of strategic business objectives and enables management to deliver a timely response, thus mitigating risk. Streamlining the data analytics program (e.g., approach and technology) and tracking KRIs will maximize cost efficiencies and increase collaboration among IA and ERM. According to IIA’s Vision 2035 survey, 92% of CAEs identify data analytics as the most important future technology skill. 

Additionally, AI-enabled capabilities are now becoming part of standard internal audit activity and risk management strategy. For example, AI can more efficiently populate risk registers by pulling information from past audits while also forecasting potential risks through scenario planning techniques. Lastly, AI also has a role to play in increasing the efficiency of financial and board reporting, anomaly detection, and enabling greater collaboration between IA and ERM teams that leverage shared platforms. 

Based on the latest survey insights from IIA’s North American Pulse of Internal Audit, 4 in 10 respondents are using GenAI for internal audit activities, with adoption expected to grow throughout 2025 and beyond.

4. Use One Source of Truth 

While it seems intuitive, organizations don’t always invest or upgrade to an enterprise Governance, Risk, and Compliance (GRC) platform. In fact, they often purchase various tools from separate buyers, creating silos within the organization. However, using a GRC platform for IA and ERM provides greater efficiency and a single source of truth. This enables continuous IA and ERM collaboration, resulting in further testing and reporting efficiencies into new realms of business operations, such as environmental, social, and governance goals. The right GRC Platform will benefit the entire organization – not just IA and ERM. 

A single source of truth is the foundation for the creation of a risk management framework that can: 

• Establish organizational risk oversight, including the appointment of risk managers and a risk owner. 
• Consolidate governance, risk, and compliance data in one platform, ensuring easy access, consistency, and accuracy across the organization. 
• Provide real-time insights and data-driven analytics, enabling more informed, timely decisions and better risk management. 
• Foster cross-functional collaboration by allowing different departments to work from the same set of information, reducing silos.  

As IA and ERM collaborate, they play a crucial role in reshaping their traditional perception – from being seen as mere risk reducers that slow processes to becoming strategic risk stewards. Embracing the right perspective is the first step toward fostering a collaborative risk culture. 

For more information on defining a risk management program in your organization, contact CrossCountry Consulting today. 

Coupa’s latest release, R42, brings a host of new features and enhancements designed to streamline procurement processes, improve user experience, and provide deeper insights for Coupa admins and power users. Want to explore everything you need to know in more detail? Watch our recent webinar. 

And for more information on some of the key changes in R42, CrossCountry Consulting’s Coupa implementation and transformation experts have distilled and selected several for procurement and business spend management leaders to focus on:   

2. Enhanced approval chain health insights: R42 offers AI-generated insights into the health of approval chains, helping procurement leaders identify and address bottlenecks. This feature aims to improve the overall performance of approval systems, ensuring smoother and more efficient workflows. These are the types of real-time insights needed to make proactive procurement decisions and drive continuous process improvement. 

3. Stage-based validation for custom fields: Admins can now specify whether custom fields are required at different stages of the requisition process, such as Submission, Approval, and PO flip. With more precise control over data collection and validation, admins can ensure necessary information is captured at the right time. 

4. Editable withholding tax amounts: Approvers can now edit withholding tax amounts directly within invoices, providing greater control and accuracy in financial management. This capability is particularly useful for complying with tax regulations and avoiding errors in tax calculations. 

5. Enhanced Supplier Payment Accounts management: Admins can now edit active Supplier Payment Accounts (SPA) without deactivating and recreating them, which simplifies the management of supplier payment details and makes updates more efficient to process. 

6. Improved mobile experience: Coupa R42 enhances the mobile experience by allowing users to upload receipts from files, in addition to photos and camera uploads. All expense documentation can be captured and submitted properly even when on the go. 

Maximizing Coupa ROI 

Coupa R42 is a significant step forward in enhancing the procurement experience for all stakeholders while also delivering greater financial control, better data management, and speedier workflows. By leveraging these new features, businesses can maximize the value of their Coupa investment and gain a competitive advantage even amid economic unpredictability.  

Contact CrossCountry Consulting to get started. 

Preparing for an IPO or an exit in 2025 or 2026? Automation empowers companies to achieve critical exit-readiness milestones while improving valuation and ensuring a smooth transition to a target operating state. When the right moment arrives, your company will be ahead of the curve thanks to the automated processes you implement today. 

To rationalize cost structures, increase efficiency, enable scale, and leverage a stronger competitive position during the lead-up to an exit, explore automation use cases below: 

Regulatory Compliance and Audit-Ready Reporting 

Regulatory complexity and penalties for non-compliance make strategic IPO readiness a financial and legal imperative. Private companies must enhance compliance and reporting processes to meet more stringent public-company regulatory requirements. Companies that remain private after a transaction can still benefit from enhanced reporting capabilities. Automated control mechanisms can help address this by: 

• Improving external audit efficiency and collaboration with audit advisory partners. 
• Decreasing compliance costs associated with traditional, more manual methods.  
• Reducing risk of control failure as operations expand.  
• Increasing transparency in controls and reporting with continuous monitoring of data and dashboarding. Tools like FloQast specialize in this capability. 

Positioning for M&A  

Integrating automation in operational and financial activities can help when buying or selling a business by: 

• Developing a productive, rationalized employee base and higher employee satisfaction, as individuals are upskilled with diverse and flexible automation skills in low-code/no-code tools.  
• Minimizing time spent attempting to integrate legacy systems. The infrastructure built with automation can be used to extract, transform, and load legacy data into unified reporting.  
• Leveraging existing automation as a buying/selling point for why the transaction would be beneficial.  
• Remaining nimble to market and technology changes can influence which types of companies are engaged for sell-side and buy-side transaction discussions. 

Operational Excellence and Decision-Ready Analytics 

Automation gives executives the data they need to confidently navigate the complexities of a transaction event by: 

• Establishing consistent financial and operational dashboarding, reporting, analytics, and forecasting to allow executive management to make real-time business decisions. CrossCountry Consulting’s proprietary reporting and analytics framework helps integrate cross-functional data and surface strategic insights, enabling leaders to quickly capitalize on value-creation initiatives and competitive advantages. 
• Minimizing points for human error in repeatable operational activities to make KPIs more reliable.  
• Significantly reducing financial close and Record-to-Report (R2R) cycle times with AI/ML-enabled workflows.  
• Maintaining a strong workforce capable of engineering new ways to maintain, analyze, and improve the business rather than “going through the motions.”  
• Maintaining strong and consistent data to use for decision-making and stakeholder transparency.   

Interested in learning more? See how automation helped save more than 1,535 hours monthly and generate $4.7 million in bottom-line savings opportunities for a growing real estate firm. 

Financial Success and Client Satisfaction  

Automation can optimize financial management and financial health while also creating better customer experiences, resulting in a profitable roadmap for recouping initial investments. Maximize the pre-exit period by: 

• Reducing operational expenses and overhead through automation-led cost transformation programs.  
• Improving working capital management as processes are automated, replacing manual efforts. 
• Improving products or services offered so that sales price or volume can increase.   
• Earning or saving with more accurate forecasting based on consistent data sources and enterprise performance management (EPM) systems.  
• Enhancing end-user experience for products and clients, rather than trying to maintain essential business operations.  
• Freeing up strategic resources to innovate, expand client relationships, and better serve the market instead of continuing to complete manual, transactional tasks. 

Real-world example: See how CrossCountry leveraged automation tools and other digital technologies like Alteryx, Tableau, Power Query, and Shared Directories to save 900 hours monthly for a multinational investment bank. 

Enabling rapid ROI through automation starts with a strong data foundation and technology architecture. Automation platforms can be quickly and affordably implemented on top of, independently from, or alongside existing traditional systems like ERP or accounting tools. When evaluating what kinds of automation programs can be deployed most effectively, in which departments, and at what time on the exit roadmap, it’s best to bring in external resources for a holistic assessment and plan of action. 

For expert automation and exit-readiness support, contact CrossCountry Consulting. 

As the global economy reacts to recently announced tariffs, the ripple effects are extending far beyond traditional trade dynamics. For business leaders, CISOs, and risk managers, the implications are reshaping the way we think about third-party risk and cybersecurity.

Macroeconomic policies like tariffs can introduce vulnerabilities in the digital infrastructure of organizations, a reality to which leaders must respond. Below are major cyber risk impacts resulting from tariff disruption and how your company can strategically address them.

1. Nation-State Cyber Retaliation

Economic pressure and geopolitical tension are likely to escalate nation-state activity in cyberspace. Historical patterns suggest increased critical infrastructure attacks from adversarial actors in response to tariffs.

What this means for your organization: Organizations need updated threat models that account for sophisticated threat actors, especially those targeting critical sectors like finance, defense, technology, and other critical supply chain industries.

2. Supply Chain Disruption Exposes New Cyber Vulnerabilities

Tariff-affected regions – like China, a major player in semiconductors and mineral production – are foundational to global IT infrastructure. As companies seek out alternative suppliers, several trends are emerging:

• Shortcuts in third-party due diligence, as companies may bypass certain security due diligence when looking for new vendors.
• A rise in counterfeit components, due to a rush to reduce costs related to affected hardware.
• Extended lifespans for outdated security infrastructure, leaving legacy systems and potential vulnerabilities in place.

What this means for your organization: With these newly imposed tariffs, many organizations will aim to reshore their workstreams in the U.S. from overseas. Every vendor transition or hardware delay introduces new opportunities for threat actors. Integrating rigorous third-party risk management into your organization is not only a best practice but a business necessity.

3. Climbing Cloud and Cybersecurity Costs

The global nature of cybersecurity tooling and public cloud infrastructure means tariff-induced costs don’t stop at the border. As U.S.-based companies seek domestic infrastructure and software alternatives, they may soon encounter higher subscription prices for cybersecurity tools and cloud services, potentially pushing some toward cheaper (and potentially less secure) alternatives. Due to the limited availability of critical hardware materials, hardware-based security tools may become less accessible.

Consequently, vendors might shift toward software-based solutions, which may not adequately align with the unique risk appetite of every organization. Hardware-based security tools may also become less accessible depending on the availability of critical hardware materials.

What this means for your organization: The true cost of cybersecurity is measured in resilience, readiness, and risk exposure. Cutting corners in the short term could open the door to costly breaches down the road.

4. Risk of Isolated Threat Intelligence

Tariffs and economic tensions can erode international trust, which has become a foundational element in effective cyber threat intelligence. We anticipate:

• Decreased cross-border collaboration, reducing the sharing of large-scale threat intelligence.
• Lack of consistency across national security standards, opening new attack surfaces as one-size-fits-all regulations become less applicable.

What this means for your organization: Organizations in both the public and private sectors must proactively build trusted threat intelligence networks to stay up to date on global threats.

5. Insider Threats and Budget Constraints

Tariffs are likely to drive up labor costs and service/subscription prices. In response, many organizations tighten their cybersecurity budgets, delaying critical upgrades and leaving defenses more vulnerable. Simultaneously, layoffs and hiring freezes are prone to insider risk, as financially stressed or disgruntled employees are more likely to become threat actors.

What this means for your organization: It’s essential to invest in employee awareness training, insider threat monitoring, and secure offboarding processes to mitigate insider risk.

Next Steps

When organizations rush through security decisions, it often leads to bigger problems down the line. Business and security leaders must avoid impulsive reactions when changing vendors, cutting costs, or de-prioritizing long-term security.

CrossCountry Consulting’s Integrated Risk Management team targets these challenges by contextualizing the security implications of business decisions, enabling leaders to make informed decisions that balance risk with desired outcomes. Now’s a great time to build resilience by:

• Maintaining up-to-date threat models that account for evolving threat actors.
• Conducting comprehensive and timely third-party risk assessments.
• Mapping and securing vulnerable segments of the supply chain.
• Enhancing cybersecurity strategy so that it appropriately balances cost, compliance, and readiness.

For expert support, contact CrossCountry Consulting.

Rising costs of drug development, evolving regulatory landscapes, and the increasing importance of data and technology continue to shape financial and operational decisions for life sciences executives in 2025. During recent executive discussions, including at the J.P. Morgan Healthcare Conference, leaders at CrossCountry Consulting joined seasoned industry experts to highlight key challenges and opportunities on the horizon. 

Here’s what’s top of mind in the current environment. 

Exit Strategies  

As the IPO market evolves, life sciences companies are preparing their transformation roadmaps to ensure seamless transactions when the right moment arrives. Earlier this year, Jen Cadigan, Life Sciences Lead at CrossCountry, led a panel on “The CFO’s Path to Maximize Value Creation During an Exit” with JPM Commercial Banking and Wealth Management teams, which highlighted key trends in the sector, including: 

• Dual/triple tracking: Many companies are pursuing multiple exit paths simultaneously, such as mergers, acquisitions, SPACs, and traditional IPOs. Preparing for these exits is similar, but the transaction type certainly impacts the timing of events. Maintaining an attractive posture to buyers of all kinds helps set the stage for any outcome in the exit-readiness journey, which requires additional resources and expertise. 
• IPO preparation: Thorough preparation is crucial for all exit paths, including building a strong financial foundation, establishing robust internal controls (SOX compliance), and developing a compelling investor relations story. Life sciences companies anticipating an IPO in the future should generally begin preparing 12-18 months in advance – earlier if they’re commercial stage or have a multinational presence. 
• Team readiness: Assessing and developing a high-performing team with the necessary skills and capacity for a public company environment is paramount. The number of core functions and third-party resources required to execute a successful transaction is often more involved than companies expect. Finance, accounting, cybersecurity, IT, risk management, legal, FP&A, audit, and other key departments will require significant transformation in processes, reporting, and technology in the lead-up to an exit. With support from a transactions advisor and consideration from a cross-functional team, the CFO should be leading the exit process from the front to ensure a profitable exit. 

Financing and Fundraising 

Taking the next step in drug development, regulatory compliance, and market expansion requires a long cash runway, which companies are finding difficult to secure. Some of the ways companies can still maintain forward momentum and access capital are through: 

• Strategic partnerships: Exploring strategic partnerships with larger pharmaceutical companies can provide alternative funding sources and accelerate drug development. With interest rates and inflation remaining elevated and life sciences companies approaching capital markets with caution, financing through M&A and pharma investment can be more attractive and less risky. 
• Investor relationships: Building strong, transparent relationships with investors is critical to securing private funding. Even without going public, companies should engrain a culture of disclosing everything that could be material and revealing uncertainties in their future operational potential. With the right set of investors, mutual trust can go a long way toward obtaining future rounds of funding. 

Financial and Operational Excellence 

Back-office efficiencies can free up labor and cash that are better allocated to science or research activities. To mature some of these foundational functions, enable scalable growth, and respond effectively to unexpected events, companies are looking toward: 

• Technology adoption: Implementing robust ERP systems like NetSuite can enhance operational efficiency, improve financial reporting and governance, and provide valuable insights into business performance, all of which will be critical in 2025 as companies navigate the markets. Finance and IT teams leveraging a systematic, cross-functional implementation methodology can ensure all technology investments are cost-effective and purpose-built for unique life sciences needs. 
• Treasury management: Optimizing treasury functions, including cash management and banking relationships, is essential for maximizing liquidity and minimizing financial risk. CrossCountry’s proprietary reporting and analytics framework enables companies to generate meaningful enterprise insights through a holistic approach to automation, integrated dashboards, prescriptive analytics, and real-time close capabilities – all driving toward maximum value creation and risk mitigation.  
• Capital effectiveness: Optimizing costs throughout the drug development process is top of mind given the rising costs of innovation. Because small M&A deal costs are beginning to normalize, companies needing to raise more cash to get a drug across the finish line may find success through M&A. 
• Data security and compliance: Ensuring data security and compliance with evolving regulations, such as GDPR and CCPA, continues to be a top priority and challenge. A transition into a public environment will only bring heightened scrutiny to internal controls, data integrity, reporting, and compliance programs many life sciences firms already struggle with. 

Minding the Cap Table 

To help set up finance teams for success with the tax, wealth, and estate planning components of transaction events, CrossCountry partners with external commercial banking and wealth management advisors. This work helps facilitate and maximize: 

• QSBS eligibility: Understanding and maximizing the benefits of the Qualified Small Business Stock (QSBS) tax incentive is crucial for founders and investors, as careful planning and tracking of equity ownership is required to maintain eligibility. 
• Wealth and estate planning: As founders and executives approach liquidity events, planning for personal wealth, tax, and estate matters comes into closer focus. It’s difficult to track tax impacts after the fact. It’s much easier 2-3 years in rather than several years down the road once thinking about a transaction. 

Looking Ahead 

While the current environment presents challenges, there’s also a sense of optimism within the life sciences sector. Continued innovation, strategic partnerships, and a focus on operational excellence will be key to navigating the evolving landscape and achieving long-term success. Ready to get started on your value-creation journey? Contact CrossCountry Consulting.

As internal audit undergoes significant transformation as a result of technological advancements, skills gaps, and emerging risk responsibilities, 2025 is shaping up to be a pivotal period for the profession. The latest data shows that internal audit budgets and staff growth have nearly recovered to pre-Covid levels, but at the same time, internal auditors are increasingly expected to contribute to activities outside of traditional functional requirements like SOX compliance. 

When CrossCountry Consulting’s Integrated Risk Management leaders tapped into and contributed to the latest conversations driving the industry at the Institute of Internal Auditors’ Great Audit Minds conference, a number of key realities came to light or were re-emphasized. 

Here are the top takeaways that resonated: 

1. The 2024 Global Internal Audit Standards: A Catalyst for Change 

The new Global Internal Audit Standards are spurring organizational value and elevating the profession through: 

• Enhanced focus on championing ethics and integrity: The standards emphasize the importance of addressing ethical considerations and directly challenging management when necessary. 
• Balancing board reporting and management relationships: Auditors must navigate the delicate balance of fulfilling enhanced board reporting requirements while maintaining strong, trusted relationships with management. 
• Value-driven audit strategies: Internal audit strategies should be directly aligned with the organization’s value-drivers to close business gaps and capitalize on potential competitive advantages. 
• Effective communication and understanding: Strong relationships at the C-suite and board level hinge on clear communication and mutual understanding, which goes a long way toward not just the execution of internal audits but for fostering sound corporate governance. 
• Topical Requirements:  
  • Cybersecurity (effective February 5, 2025): Provides a baseline for assessing cybersecurity governance, risk management, and control processes. 
  • Third Party (open for comment until April 20, 2025): Addresses full third-party lifecycle, contracting, onboarding, monitoring and offboarding. 
  • Future Topical Requirements: Culture and Organizational Resilience (drafts in 2025/2026). 

For internal audit departments that have not yet fully complied with the new standards, the question is no longer “why?” but “why not?” Just as robust risk management practices safeguard and elevate an organization’s value, the GIAS ensure internal audit is squarely aligned with mission-critical objectives. This includes optimizing the internal audit team and its technology and upholding the highest standards of integrity and excellence. 

2. Navigating Cyber and AI Risk 

Cyber risk remains a top concern for audit leaders, and internal audit’s role places increasing emphasis on cyber threats. 

• Top technology risks: Data breaches, third-party cyber risk, cloud security weaknesses, and AI-driven threats are paramount.  
• Cyber-AI integration: AI’s growing threat surface and impact is a noted risk vector; however, internal auditors are simultaneously hoping to harness the productive impact of AI as well. As of 2025, though, just 2-4% of internal auditors have made progress on AI. Cyber and AI risk must be considered together, and internal auditors must adapt their strategies to address these risk domains effectively. 
• Auditing cyber program effectiveness: Internal auditors are focusing more attention on several components of cyber risk, including: 
  • Proactive evaluation of incident management actions. 
  • Alignment with industry frameworks and standards (e.g., NIST, ISO 27001). 
  • Clear RACI across all functions. 
  • Tracking key metrics, such as mean time to detect and recover. 

• Future-looking trends: Here’s what’s on the horizon according to internal audit experts: 
  • Enhancing team skills in AI and AI-driven threats. 
  • Using real-world examples to develop defense strategies. 
  • Assessing the adaptability of governance frameworks. 

3. Enterprise Risk Management (ERM) Continues to Be Mission-Critical 

ERM is increasingly central to managing uncertainties and aligning risk with strategic objectives, and internal audit’s role in this process is expanding.  

• Organizations are recognizing ERM as a critical function, one that needs close collaboration with internal audit. Internal auditors must play a greater role in assessing ERM effectiveness. 
• Integrating ERM into business decision-making remains a challenge. 
• The evolving risk landscape necessitates a proactive ERM approach. 
• ERM maturity levels vary across organizations, but the use of technology solutions is enhancing ERM’s value and capabilities. 
• Board and executive involvement is essential to ERM program success. 

4. Redesigning Audit Delivery Models for the Future 

To keep pace with the evolving risk landscape, audit departments must redesign their delivery models through: 

• Technology integration: Leveraging advanced analytics and real-time insights can validate and enhance decision-making while also supporting a scalable systems and process architecture. 
• Automation: Automating routine tasks with GenAI allows auditors to focus on higher-value activities. This might include routine report generation, fact-finding and traceability, predictive threat detection, and more. 
• Outsourcing: Relying on external experts for specialized skills, especially as the internal audit function transitions into broader responsibilities. 
• In-house capabilities: Invest in ongoing skill assessment and training, which might include cross-training, reorganizing into cross-functional teams, supporting continuing professional education, and leveraging new enterprise platforms. 
• Change management strategies: Implementing new internal audit operating models must be done with risk-informed insights and cultural alignment. 
• Expanding the audit role: Moving beyond compliance to become a strategic partner in innovation and risk management has influenced the arc of internal audit in recent years and is expected to continue. 
• Forward-thinking approach: Embrace ambiguity and complexity by analyzing the current state, implementing technology and automation, and monitoring KPIs. 

By embracing the new Global Internal Audit Standards, addressing cyber risks, strengthening ERM, and redesigning delivery models, auditors can effectively deliver enterprise value and convert threats into opportunities. 

To maximize internal audit at your organization, contact CrossCountry Consulting.

Picture this: Your organization has spent millions on a cutting-edge digital transformation. The strategy is flawless. The tech is revolutionary. The roadmap is meticulously plotted. But six months in, employees are confused, leaders are frustrated, and adoption rates hover at a dismal 20%. What went wrong?

The answer lies not in the what of transformation, but the how. While most companies obsess over processes and technology, they overlook the invisible force that derails even the most ambitious initiatives: human behavior. So how do we get this right the first time, every time? By merging the value of the Transformation Management Office (TMO) and its most critical ally, change management, into the Transformation and Change Management Office (TCMO).

This isn’t just about managing resistance. It’s about rewiring organizational DNA. Let’s unpack how the fusion of change management and TMO expertise turns chaotic transitions into competitive advantages.

The TMO: So Much More Than Project Management

A TMO isn’t your grandfather’s Project Management Office (PMO). While traditional project offices track timelines and budgets, a TMO operates like an organizational central nervous system. It ensures every transformation initiative – whether a merger, digital overhaul, or cultural shift – aligns with strategic goals while navigating complicated human behaviors.

Key differences that set TMOs apart:

• Holistic focus: They balance technical execution (processes, tech) with adaptive challenges (culture, mindsets).
• Agile governance: Instead of rigid Gantt charts, they prioritize rapid iteration and stakeholder feedback loops.
• Stakeholder alignment: TMOs help connect cross-functional teams across the end-to-end process to settle disagreements and secure buy-in from skeptical VPs and frontline employees.

When Microsoft shifted to a cloud-first strategy under Satya Nadella, its TMO didn’t just track deadlines – it dismantled silos between engineering and sales teams, fosteringcollaboration that drove Azure’s 26% annual growth.

But without change management and executive sponsorship, even the best TMO becomes a glorified spreadsheet manager.

Change Management: The ‘People Code’ Embedded in Every Great TMO

Change management isn’t a soft skill – it’s hard science. Change management research firm Prosci reveals that initiatives with strong change practices are 6x more likely to achieve ROI and 5x more likely to stay on schedule. Here’s how world-class TMOs are maximizing the value of change management:

1. Strategic Alignment: From ‘Why Us?’ to ‘Let’s Go!’

Kotter’s famous 8-Step Model starts with creating urgency, but most TMOs miss this step. They flood teams with data about market threats but fail to connect to personal motivations.

What works:

• Tie transformation goals to individual KPIs: When Ford launched its $11 billion electric vehicle overhaul, its TMO tied factory retooling to workers’ job security pledges, securing union buy-in and slashing resistance by 40%.
• Use “storyselling” instead of storytelling: Southwest Airlines’ TMO transformed safety training by having pilots share near-miss experiences, making abstract policies visceral, and introduced a program to collect stories of positive safety behaviors to reinforce best practices.

2. Stakeholder Engagement: The Art of Mining Coalitions

While change management models emphasize building awareness and desire, TMOs without embedded change management risk misidentifying who really holds power.

Pro tip: Map stakeholders using the Power-Interest Grid:

• High power, high interest: Engage them as co-designers (e.g., a union leader in a factory automation project).
• High power, low interest: Simplify their burden. Microsoft’s TMO slashed executive meeting times during its cloud pivot, keeping leaders engaged without burnout.

3. Communication: Killing the ‘All-Hands Email’ Mentality

Generic town halls and laminated posters don’t cut it. Tailoring content via layered messaging ensures that each audience is met with a message that engages them at the right level and sells “what’s in it for them.” Consider instead:

• Leaders get real-time dashboards on performance and adoption.
• System users receive TikTok-style micro-training videos.
• Change skeptics can be paired with peer ambassadors who’d initially resisted changes.

4. The Feedback Loop: Turning Whispers into Wisdom

Most TMOs measure success through milestones met. Smart ones track emotional metrics. As Salesforce leaned into its GenAI transformation, its TMO recognized the seismic shift that would be needed within its workforce and the insights that would be required for its change management team to help with the journey.

• Sentiment analysis: AI tools can be used to scan Slack channels for emerging concerns (e.g., a spike in “confused” emojis triggers intervention).
• Behavioral data: Salesforce continuously measured adoption and usage rates of its new features to help accelerate rollout and increase value.

Getting Started: Your TCMO Change Checklist

1. Assess your change maturity: CrossCountry’s TCMO framework can assess your current TMO and change management capabilities and provide a roadmap for improvements.
2. Co-create with naysayers: Invite your loudest critics to design the rollout.
3. Measure what matters: Track leading indicators like meeting participation quality, not just attendance.
4. Invest in hybrid skills: Train change managers in data analytics and upskill tech teams in empathy mapping.

Tools and timelines don’t transform organizations – people do. By embedding change management into your TMO’s DNA, you turn the messy human elements of transition into your greatest accelerant.

The question is whether your path to organization transformation will be a competitive advantage or become a weakness your competition will exploit. Will your TMO be ready to lead with change – or left scrambling to contain the fallout? Contact CrossCountry Consulting to get started.

Third-party relationships with business partners, suppliers, vendors, and software providers may drive operational efficiency and innovation, but they also introduce significant security, compliance, and resilience risk. As a result, business leaders are struggling to keep up with an expanding supply chain risk universe into which they have minimal insight. 

At a time when nearly 70% of functional stakeholders lack visibility into third-party risks, organizations need a reset on their third-party risk management (TPRM) programs. 

Drivers of Increased Third-Party Risk  

An overreliance on third parties can lead to concentration risks, where disruptions in a single vendor can have widespread consequences. This makes these points of failure attractive to threat actors who are targeting third-party relationships to exploit vulnerabilities and access sensitive data.  

Regulatory requirements are also expanding, necessitating robust TPRM programs to ensure compliance with laws such as GDPR, CPRA, and upcoming regulations like NIS2 and the EU AI Act. While complying with existing rules is difficult enough, adapting to continuous regulatory sprawl presents new challenges for companies with particularly complex third-party ecosystems. 

Key Program Components Across the TPRM Lifecycle 

A comprehensive TPRM program includes several critical components at various stages of the TPRM lifecycle. 

• Identification: Understanding the purpose and risk profile of potential third parties. 
• Diligence: Conducting risk-based, actionable due diligence. 
• Monitoring: Continuously managing third-party risks as their profiles change. 
• Offboarding: Ensuring proper termination of third-party relationships when no longer needed. 

These components are supported by enterprise-level policies, automated vendor tiering, continuous monitoring diagnostics, integration with other tools, training plans, and role/responsibility matrices.  

TPRM Governance Structure 

Effective TPRM requires a strong governance model with clearly defined roles and responsibilities across three layers:  

• Risk managers and relationship managers: Responsible for day-to-day management and oversight of third-party relationships. 
• Board of Directors and TPRM committee: Providing oversight, guidance, and ensuring alignment with the organization’s risk appetite and regulatory requirements. 
• Internal audit: Offering independent assurance on the effectiveness of the TPRM framework. 

Common Challenges  

Organizations face several challenges in implementing effective TPRM programs, including:  

• Third-party inconsistencies: Duplicated efforts and irrational vendor costs. 
• Missing legal and technical protections: Inadequate contractual clauses. 
• Unknown and unmanaged risk exposures: Limitations in identifying and managing risks. 
• Unclear roles and responsibilities: Inadequate change management and training. 
• Operational inefficiencies: Lack of standardized protocols leading to shadow procurement processes. 

These challenges present opportunities for transformation, however. Organizations able to harness cross-functional synergies and clearly execute on their TPRM roadmap stand a better chance of proactively mitigating risk of implementation failure. 

Measuring Program Success 

To measure the success of a TPRM program, organizations should track key metrics such as:  

• Cybersecurity: Percentage of major cyber incidents caused by vendors. 
• Resiliency: Number of vendors in financial distress. 
• Regulatory compliance: Number of vendors in violation of local laws. 
• Concentration risk: Percentage of critical vendors performing unique functions. 
• Data privacy: Percentage of vendors with access to critical assets. 

Q&A: Insights from Industry Experts  

Explore frequently asked TPRM questions and answers below, sourced from common pain points and real client conversations our Integrated Risk Management team has recently had:

As organizations continue to expand their reliance on third parties, the importance of a robust TPRM program cannot be overstated. By understanding the drivers of third-party risk, establishing strong governance structures, and enhancing program success, leaders can deliver new value from the risk function. 

Ready to build or optimize your TPRM program? Contact CrossCountry Consulting to get started. 

Business combinations in private or public companies can be complex and infrequent, leading to potential errors due to unfamiliarity. Unlike routine transactions, companies may lack established procedures or controls, which complicates the work of those in technical accounting and financial reporting roles. Additionally, manual intervention in accounting for these combinations increases the risk of human error.  

At a time when the PCAOB continues to identify numerous audit quality issues and areas of improvement, companies must place greater emphasis on business combination procedures and controls in their financial statement audits. These transaction events require significant estimation and judgment, making well-designed and effectively implemented procedures and controls crucial to their success. 

Use of a Specialist 

It’s common for companies to use third-party valuation specialists in business combinations. These specialists provide expertise in valuing intangible assets acquired during the transaction and navigating the complex requirements of purchase price allocations and fair value measurements, which are critical for accurate financial reporting.   

While third-party valuation experts bring significant knowledge and technical skills, company management must properly oversee, review, and evaluate the specialist’s work. Unsurprisingly, errors are often found in the work produced by valuation specialists. Below are a few reminders when reviewing the work of a specialist:  

Clerical Accuracy Check

All schedules, exhibits, or analyses prepared by the specialist should be checked for clerical accuracy. Valuation reports, for example, often involve complex calculations and large amounts of data, increasing the likelihood of clerical errors. Many valuation tasks are performed manually in Excel, which can lead to mistakes such as data entry errors or miscalculations. As part of your review procedures, test the clerical accuracy of all calculations performed by the specialist.  

Understand the Valuation Methodology

Valuation specialists often employ unique methodologies or practices specific to their firms. While the fundamental principles of valuation are generally consistent across the industry, each firm may develop proprietary models, techniques, and approaches to address specific valuation challenges. For instance, a specialist might calculate the Internal Rate of Return (IRR) at 13.6% but round it up to 14.0%. Although common practice for that firm, rounding up the IRR could materially affect the fair value of a recorded intangible asset. 

Additionally, a specialist might use a range (e.g., 13% – 15%) to determine the weighted-average cost of capital (WACC). This range accounts for inherent uncertainties and variations in the inputs used to determine the WACC. Companies should understand the valuation firm’s methodology in selecting a point within the range (often the midpoint) and evaluate the potential variability in the fair value of recorded intangibles when using a discount rate at the high or low end of the range. By understanding the valuation specialist’s methodology, company management can better assess whether the specialist’s practices could result in potential accounting issues. 

Company-Specific Data

Specialists often include company-specific data in their valuations. For example, historical attrition rates are crucial in customer relationship valuation, especially with methods like the Multi-Period Excess Earnings Method (MPEEM). These rates help estimate future customer retention and forecast revenue streams. However, the specialist doesn’t test this company-specific data. Therefore, company management should design procedures to verify the accuracy and completeness of the data used by the specialist, often involving detailed testing back to source documents. In situations in which there is limited historical data, it might be necessary to benchmark attrition rates with other similar businesses. 

Although an assembled workforce (“Assembled Workforce”) is not recognized as a separate intangible asset apart from goodwill, its value impacts the valuation of other intangible assets. Determining the fair value of an Assembled Workforce involves using company-specific data such as salaries, wages, benefits, and other compensation. Additionally, productivity levels and workforce efficiency are considered. Company management must design procedures to test the company-specific data used in valuing the Assembled Workforce. 

Selection of Discount Rates

Often, valuations don’t include sufficient quantitative support from the specialist for the discount rate selected. Reconciling the internal rate of return (IRR), weighted average cost of capital (WACC), and weighted average return on assets (WARA) is a common analytical tool in valuation. Ideally, these rates should be closely aligned. This comparison provides insights into transaction economics and potential biases in prospective financial information (PFI). Valuation specialists might often include a company-specific risk premium (CSRP) to reconcile the WACC to the IRR. Adjustments to the CSRP should be quantitatively supported and not arbitrary. Company management should work with the specialists to fully understand and document the rationale behind CSRP adjustments, including specific risks and methodologies used. 

Additionally, it’s not uncommon for specialists to use the same discount rate for all intangible assets and for discount rates to be arbitrarily reduced by 100 or 200 basis points (bps) to the WACC. This might be done, for example, to ensure the implied return on goodwill in the WARA is higher than on intangible assets. While it could be expected that the goodwill’s return should be higher than the intangible assets, subjectively adjusting discount rates by 100 or 200 bps to achieve that outcome is inappropriate. Company management should work with the specialist to understand and document the risk differences between assets and validate that the implied return on goodwill is reasonable, supportable, and consistent with the company’s growth profile.  

Selected Royalty Rates

Typically, a valuation specialist selects the royalty rate based on a comparable set of licensing agreements. However, the resulting data points can produce a large range of possible royalty rate assumptions. The valuation specialist often calculates the minimum, average, median, and maximum selected range of royalty rates. Potential issues arise when the valuation specialist selects a royalty rate using subjective methods or the specialist might improperly weight the comparable agreements, giving undue influence to certain transactions that aren’t representative of the specific characteristics of the trademarks being compared.

It’s essential for valuation specialists to use a rigorous and transparent methodology, ensure the comparable agreements are truly comparable, and thoroughly review all calculations and assumptions. Company management should review the selected royalty rates, understand the specialist’s methodology for the selection of the rate, and determine if another selected rate within the range would be more comparable.  

Prospective Financial Information 

Prospective Financial Information (PFI) often relies on assumptions about future events and conditions. Auditors critically evaluate and challenge these projections to ensure they’re reasonable. PFI could involve complex calculations and significant judgment, and errors or misjudgments in these areas can lead to material misstatements. Proper execution of well-designed procedures and controls over PFI is essential.   

As company management prepare to review PFI, don’t forget to implement these common procedures or controls:  

Defining Expectations

An important first step in reviewing prospective financial information is to establish quantitative and qualitative expectations and thresholds for each significant assumption (see further discussion below). Reviewers should apply these metrics to identify results that are unusual or unreasonable. For example, setting a 5% revenue growth rate for the next five fiscal years based on historical growth, industry projections, and materiality considerations can guide the review process. If revenue growth in these periods exceeds this threshold, it would require further investigation and explanation. By defining expectations for each assumption, reviewers can address and resolve discrepancies before concluding on the reasonableness of the projection.   

Determine Significant Assumptions

Significant assumptions in prospective financial information require the most scrutiny due to their materiality, sensitivity to variations, and high estimation uncertainty. Reviewers often focus on revenue growth rates or EBITDA margins, but all significant assumptions should be identified and individually reviewed. The identification of significant assumptions is performed in the context of materiality to the company’s financial statements. Assumptions that when changed or sensitized produce a material change to the recorded fair value are considered significant assumptions. Specific procedures or controls should be designed for each significant assumption. Start by listing all significant assumptions in the PFI model. For example, typical significant PFI assumptions may include:  

• Annual revenue growth rates. 
• Annual gross profit margins. 
• Annual selling and marketing as a percentage of revenues. 
• Annual general and administrative expense as a percentage of revenues. 
• Annual EBITDA/EBIT margins. 
• Annual depreciation and amortization as a percentage of revenues. 
• Annual effective tax rate. 
• Annual capital expenditures as a percentage of revenues. 
• Annual debt-free net working capital requirements as a percentage of revenues. 

Review Each Time Period Separately

Reviewers of PFI models often focus on immediate-term cash flow projections (1 to 5 years), which typically align with deal models or other forecasts. However, greater attention is needed for the later years of the cash flow period (years 5+ into the terminal year), which have higher estimation uncertainty and less scrutiny from management and typically are forecasted or normalized by the specialist into the terminal period. Understanding the method used for this normalization and the basis thereof is crucial, as a manual (e.g., not straight-line) normalization can sometimes lead to unusual volatility or unstable cash flow patterns in the terminal period. Additionally, terminal period assumptions, carried into perpetuity, often drive a large component of the overall value and require robust review procedures to ensure accuracy and reasonableness. 

Reconcile the PFI Used in the Valuation to the Deal Model

Aligning the PFI with the deal model ensures consistency and accuracy in financial projections. Differences are common, as the deal model may include aggressive growth assumptions for strategic decision-making, while the PFI for valuing intangibles is more conservative and adheres to accounting standards. Reconciling these differences is crucial for a robust and defensible PFI, with clear documentation and understanding of assumptions and methodologies used in both models.    

Careful Selection of Guideline (Peer Group) Public Companies

Company management will identify selected guideline (peer group) public companies in a business combination. The peer group provides a basis for comparison, helping to ensure that the forecasted projections align with industry expectations and reflect relevant market participant assumptions. Using an inappropriate peer group can result in misleading financial projections and inaccurate valuations.     

Typical Procedures to Review PFI Assumptions

When reviewing the PFI in a business combination, reviewers should assess the company’s ability to accurately forecast and execute its business plans. It’s crucial to ensure projections align with peer group and industry expectations. Robust review procedures must be in place to conclude financial projections are reasonable. Here are some example procedures that should be performed for each significant assumption:  

• Compare the assumption to historical experience of the company. For instance, comparison of revenue growth rates in the immediate-term (e.g., 1-5 years) cash flow projections to historical average or median growth rates of the company. 
• Compare the assumption against the peer group historical actuals or projected trends, such as forecasted EBITDA margins in the PFI to projected EBITDA margins of the peer group.  
• Compare assumptions to current industry and economic trends, both historical and projected. For example, compare projected revenue growth rates to industry growth rates within the company’s sector.  
• Evaluate any changes to the company’s business model, product mix, or customer base that may impact projected cash flows. 
• Evaluate management’s ability and intention to carry out any specific actions (e.g., expansion plans) embedded in the underlying assumptions.  

When assessing the reasonableness of financial projections, reviewers should clearly document why assumptions are (or are not) reasonable compared to evaluated information (e.g., peers, industry trends, economic trends, historical performance). Reviewers should also obtain and evaluate underlying information (e.g., copies of new contracts) supporting management’s assumptions. 

Synergies Identified

Management often includes company-specific synergies in the deal model to justify the acquisition’s purchase price and demonstrate potential financial benefits, making the transaction more attractive to investors and stakeholders. However, cost or revenue synergies in the PFI model must reflect market participants’ perspectives and provide a realistic view of the acquisition’s benefits. One common procedure to evaluate the estimate of synergies could be reviewing management’s ability to forecast synergies in previous acquisitions. Comparing forecasted synergies to actual synergies achieved in previous acquisitions provides a basis for management’s track record for forecasting. In addition, reviewing actual synergies identified and realized post-acquisition will help support the estimate.  

Evaluate the Assumptions Collectively

Lastly, take a step back and evaluate the assumptions collectively and in conjunction with one another. Significant revenue growth projections in the discrete period may be inconsistent with the assumption of selling and marketing expense reductions. Also consider the level of risk in the PFI and related discount rate. If the estimates appear to have a degree of risk, is there a company-specific risk premium incorporated into the calculation of the discount rate? For example, if a 1% CSRP is included in the discount rate, quantify what that compares to in terms of dollars or percentage revenue growth.   

As a final reminder, for those companies subject to internal controls, given that PFI involves significant judgment and is inherently subjective, auditors frequently find that the documentation supporting the review of PFI, known as management review controls (MRCs), is often insufficient. Simply having a signature or a brief note is not enough; detailed documentation of the review process for each significant assumption and the resolution of any issues identified is required. The standards and expectations for MRCs have evolved, and what was considered adequate in the past may no longer meet current expectations. This can lead to control deficiencies, including material weaknesses if companies have not updated their controls documentation to align with relevant requirements.  

Maximize Enterprise Value, Minimize Risk 

By addressing these matters during the valuation process, financial preparers can minimize unwanted surprises and create a strong foundation for business combination success. For expert support in overcoming business combination challenges and generating audit-ready financials, contact CrossCountry Consulting. 

Accounting and financial operations in a SaaS business model can be challenging for small- and medium-sized businesses without the right accounting software. Finance teams are often saddled with manual processes, countless spreadsheets, and unintegrated systems, meaning they can’t elevate beyond basic back-end activities. 

What’s needed is a single source of financial truth that frees up valuable time and streamlines core tasks like subscription billing and revenue management. As the winner of five key categories in the 2025 SaaS CFO Tech Stack Report, Sage Intacct delivers on this promise, making it the cloud product of choice for SaaS leaders outgrowing their antiquated accounting software. 

Looking to make the switch to Sage Intacct? Here’s what to expect: 

Prebuilt Salesforce Integration 

Real-time, bi-directional synchronization between Salesforce and Sage Intacct is pre-built on the Salesforce platform and maintained by Sage Intacct. The integration gives you a complete view of every customer, streamlined accounting workflows, and a smarter quote-to-cash process. The sales team will see the fundamental data they need in SFDC, such as how contract items are being billed and payment histories for their customers. The integration also eliminates the time-consuming rekeying of data and fosters productive communication between your sales and finance teams. Plus, it can automatically create contract records in Sage with a click of a button from Salesforce. 

Similar Sage integrations with other CRMs like HubSpot generate comparable value for users as well.  

Contract-Based Billing that Supports a Variety of Billing and Revenue Models  

Position yourself for unified billing that’s automatically and directly driven from the contract record in your Sage Intacct environment. Sage Intacct supports unified billing across subscription pricing, usage billing, professional services, and perpetual licensing, which gives you the flexibility to handle a variety of models. 

End-to-End Revenue Management  

Automating a single revenue stream throughout the customer lifecycle can save your staff hours of calculations and reconciliations. The solution provides fully integrated contracts, billing, revenue recognition, collections, general ledger, and customer payment automation. Not only does Sage Intacct automate your routine revenue and billing schedules, but it also automates exceptions and less-routine activities such as add-ons, cancellations, holds, credits, and renewals.  

Real-Time GAAP and SaaS Metrics Dashboards  

A single source of truth across the subscription lifecycle, along with robust reporting tools and the ability to slice and dice your data, allows you to get real-time GAAP and SaaS metrics in a matter of seconds. Instantly track your successes using Intacct’s SaaS Intelligence module across SaaS metrics such as CMRR, churn, CAC, expansion/contraction, CLV, etc. and foundational financial reporting (Balance Sheet, P&L, cash flow, EBITDA, DSO, etc.). 

As you continue to scale, you can source data from different functional areas and systems of the business to ladder up to a larger enterprise reporting and corporate analytics framework. 

Real-Time Forecasting for the Future  

When everything you need to forecast is in one place and derived from the contract record, you can automate forecasting to see cash, revenue, and billing from the original sales as well as upsells, downsells, and renewals. This frees you from the burden of manually updating and reconciling spreadsheets to generate financials. 

Managing customer subscriptions requires capabilities beyond what legacy order-based financial systems can support. By shifting to Sage Intacct and an automated, single source of financial truth, your business can increase cash flow, reduce churn, produce better forecasts, and enable your teams to work together more efficiently. This will increase productivity, reduce costs,  and result in a better customer experience throughout the process. 

Ready to take your business to the next level with Sage Intacct? Contact CrossCountry Consulting today. 

On February 26, the European Commission unveiled its proposed EU Omnibus Package aimed at providing companies additional time to report, reducing the number of companies in scope, and simplifying a range of EU Green Deal regulations, including the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), the Carbon Border Adjustment (CBAM), and the EU Taxonomy.  

These proposals are not final amendments but represent an initial step in a process that will require approval within each individual EU member state. While the final changes are still being decided, businesses must continue to comply with the existing versions of these regulations. It’s important to note that for companies reporting under CSRD this year (referred to as Wave 1 companies), the requirements remain in effect and must be reported this year.  

For companies set to begin reporting under the existing CSRD timeline starting from 2026 to 2029 (referred to as Wave 2 and beyond), now’s the time to capitalize on the potentially extended compliance timeline. 

Key Proposed Amendments Relating to CSRD

• Scope reduction and reporting timeline delay: The proposed amendments adjust the CSRD thresholds to prioritize larger businesses, make reporting voluntary for smaller ones, and propose a two-year delay for companies in Wave 2 and beyond. A company is deemed to meet the larger businesses threshold when it has over 1,000 employees and either over €50M net turnover or over €25M balance sheet.
• Simplification of reporting standards and assurance requirements: The proposed amendments streamline the CSRD’s technical reporting standards, emphasize quantitative disclosures, and reduce the assurance requirement to limited assurance only. 
• Higher compliance thresholds and simplified reporting for EU Taxonomy to align with key amendments to CSRD: The proposal adjusts the threshold to only large EU companies or corporate groups that must fully comply (those with over €450 million in net turnover). Smaller CSRD-covered firms only need to disclose select financial indicators if they claim alignment and reporting templates are proposed to be reduced significantly. 

While the proposed amendments grant companies additional time to prepare for the EU regulations, they are not an impetus to slow down. Instead, the amendments provide an opportunity to strengthen CSRD readiness by enhancing data quality and improving reporting efficiencies.  

5 Next Steps

See how companies in Wave 2 and beyond are making the most of the EU Omnibus Package through the following five areas: 

1. Perform a dry run: The proposed two-year delay allows companies to pilot their reporting process internally before formal compliance begins. Businesses should maintain their momentum in CSRD preparation by leveraging this additional time to engage with key internal stakeholders, understand gaps in data collection, and establish robust ESG data management systems to conduct effective dry runs. 
2. Focus on high-impact climate disclosures: Identify high-impact quantitative climate disclosures that affect your business and stakeholders to ensure informed internal decision-making when addressing gaps in CSRD compliance. The proposed changes to technical requirements emphasize streamlining qualitative disclosures, while most quantitative climate disclosures will likely remain in scope. Also, the common core of quantitative disclosures around the globe (including California’s Climate Act) are climate disclosures and emissions reporting, so focusing on these disclosures will satisfy numerous reporting requirements. 
3. Strengthen the Double Materiality Assessment (DMA): Because technical reporting requirements are planned to be streamlined while maintaining emphasis on quantitative climate disclosures, companies can use this extra time to re-evaluate impacts, risks, and opportunities across their value chain by strengthening their DMA. This may include refreshing previous conclusions or enhancing documentation.  
4. Improve internal controls and processes: The proposed two-year delay offers companies the opportunity to achieve their ideal ESG data collection future state by providing additional time to design and implement processes and internal controls. Companies should conduct thorough walkthroughs to trace data sources, identify in-scope systems, determine where additional review layers and segregation of duties are needed, and ensure all processes are documented. 
5. Understand the impact of other reporting requirements: Other sustainability reporting standards continue to be released within the EU and globally, such as California’s SB 253 and SB 261 and New York’s SB 3456 and SB 3697. Invest the time upfront to synchronize your overall ESG reporting timelines and roadmaps to ensure you’re consolidating effort and spending time on what matters most. 

Need Help? 

Now’s the time to strengthen your ESG reporting efforts to ensure CSRD readiness. To remain ahead of the ESG curve, contact CrossCountry Consulting for assistance with your sustainability reporting needs. 

Will 2025 and 2026 be banner years for IPOs? The answer to this question seems to vary one week to the next due to factors driving the IPO market, including interest rate stabilization, inflationary pressures, new tariffs, and recurring DOGE actions. In the private equity space, hold periods are now closer to seven years versus the historic average of five years, which could indicate PE firms may be prepared to unwind some of their longer held investments.  

One thing is true in many IPO markets – you often can’t predict with certainty many of these factors, but you can get your company ready for when that moment comes. 

Building IPO Momentum? 

In the last 25 years of IPO activity, most hot IPO markets occur when positive reactions to economic factors have existed for a period of time. 

We may never see an IPO market as we did in 2020 and 2021 when there were over 1,500 IPOs. But given the IPO market has been below the historical average for the last 3 years, 2025 and 2026 could turn out to be a period of increased  IPO activity.  

Another indicator of increased IPO activity can be seen by comparing companies on file with the SEC. As of December 31, 2024, there were 394 companies on file to complete an IPO. In comparison, there were 225 companies on file as of December 31, 2023. This indicates a significant increase in the number of companies preparing to go public. 

So, what should your company be doing now to get ready for a successful IPO? 

Capitalizing on a Potential IPO Rebound 

Companies that give themselves 12-18 months to prepare for an IPO have the highest likelihood of not only completing the IPO process but also creating a successful publicly traded company that can last for generations to come. Even if you decide to forego the IPO path, your company will be in an even better position for alternative options such as a sale, merger, or consideration of a private equity Investment.   

There are 10 core areas of focus for companies planning to take the IPO path once market conditions are favorable: 

Build Your Team 

• Evaluate your current team for skills and resource gaps (e.g., SEC reporting or SOX compliance), as the next year+ will be a monumental labor- and time-intensive period for the company. 
• Plan for a hiring process that could take 6-12 months and for pulling in partial internal resources as needed. 
• Many private companies often need to fill key positions such as Chief Financial Officer, Chief Legal Officer/GC, CISO, and CTO, among others. These roles can take time to fill, in addition to the time it takes the person to become acclimated to the business and its people. 
• Consider the need for an internal audit leader, a requirement if you plan to be listed on the NYSE. 
• Consider the right compensation package and how it compares to your peer group. 

Enhance Efficiency and Effectiveness of the Close Process 

• How quickly do your peers release earnings, and how can you emulate speed-to-release?  
• Consider what financial close best practices and accelerators can be implemented, including checklists, calendars, and automation. 
• How many days will you need to cut from the close process to be able to effectively close the books monthly, quarterly, and semi-annually? 
• Prepare for quarterly reporting to align with new public-company requirements. 

Employ Automation and AI to Streamline Processes 

• Consider the need to make investments in ERP and other back-office applications to ensure timely and accurate reporting. 
• Focus on integration between core financial systems; key customer-facing business systems (e.g., systems that generate accounting events such as revenue and billings); and reporting systems that support forecasting, consolidations, eliminations, and financial reporting. 
• Move from manual processes recorded on paper and spreadsheets to automated and AI-powered solutions. 
• Evaluate your accounting system. 
• Take advantage of this opportunity to transform your business and operational oversight to set the stage for a faster, more agile enterprise in the future. A move toward more automation should also focus on controls (especially ICFR) to maintain an appropriate control environment. 

Strengthen Corporate Governance 

• A public company’s board composition and structure are often very different from those of a private company. 
• U.S. public companies must comply with governance requirements imposed by stock exchanges and SEC rules, as well as related disclosure requirements. 
• Both the NYSE and Nasdaq require that the Board be comprised of a majority of independent directors. 
• Identify Board and Audit committee members who align to the company’s vision and have deep experience in the space. 
• Create an Audit Committee charter to codify audit responsibilities, scope, reporting relationships, and more. 

Develop KPIs  

• Key performance indicators are the top metrics management uses to evaluate the performance of the business. It’s imperative that companies can align on the definitions of each KPI, pull this information quickly, and sustain data governance practices in the process. 
• Start by determining the right KPIs for your business. Common non-GAAP measures include ARR, EBITDA, Adjusted EBITDA, and Free Cash Flow. 
• Once chosen, benchmark these KPIs against your peers.  
• Companies often disclose KPIs and certain financial measures that do not directly comply with GAAP (i.e., non-GAAP measures). Be prepared to reconcile any non-GAAP measures to the closest GAAP metric to ensure compliance with SEC non-GAAP disclosure rules.  

This structured approach turns traditional reporting and finance activities into new opportunities for value creation pre- and post-IPO. 

Establish and Optimize Financial Forecasting and Guidance 

• Build out your FP&A team to support cross-functional predictive insights and corporate decision-making.  
• Long-term predictability of forecasting results impacts valuation and is key to the success of a public company. Predict…Achieve…Predict…Achieve. Poor forecasting can lead to missed guidance, and the beginning of a tailspin for a new public company. 
• Decide upon what type of financial guidance will be released by the company annually or quarterly. By communicating guidance in a strategic way, companies can educate analysts and investors and mitigate the risk of swings in stock price. 

Enhance Financial and SEC Reporting Capabilities 

• Complete accounting policies/technical analysis and finalize new disclosures in accordance with SEC Regulation S-X. 
• Draft a Management Discussion & Analysis (MD&A). 
• Implement a more robust financial reporting tool for unified data and reporting capabilities. 
• Review your operating segments and assess how they should be structured? 
• Update financial statements and disclosures to include SEC required items such as EPS and segment reporting.  

Prepare for PCAOB-Level Audits and Quarterly Reviews 

• Depending on the JOBS Act elections, financial statements (F-pages) filed in a registration statement on Form S-1 commonly include 2-3 years of audited financial information and must be compliant with Regulation S-X. 
• The F-pages may also include comparative quarterly financial statements (similar to a Form 10-Q) if the filing includes an interim period, which must also be compliant with Regulation S-X. 
• Annual financial statements included in the Form S-1 must be audited in accordance with PCAOB standards. PCAOB audits are performed at a lower level of materiality and within more rigid guidelines and may result in unexpected challenges and delays. 
• Certain complex accounting and reporting topics are typically challenged and often require explanation and support as to the basis for a company’s conclusions and related disclosures. 
• Partner with a strategic audit advisor to efficiently manage audit resources and best practices. 

Optimize Risk and Controls Framework 

• In the transition from private to public, internal control standards become much more robust. As public registrants, companies are subject to compliance with Sarbanes-Oxley Act of 2002 (SOX), which among other things requires management to report on the adequacy of internal controls over financial reporting (ICFR) and disclosure control procedures (DCP).  Three critical aspects of compliance with SOX include: 
  • “Section 302 / 906 requires management to certify they have designed and evaluated their DCP in all 1934 Act Filings commencing with its first 1934 Act filing (i.e., its first Form 10-Q or Form 10-K) and periodic report containing the financial statements fully complies with SEC requirements and are materially accurate; 
  • Section 404(a) requires that company management certify to the effectiveness of the company’s ICFR and provide evidential matter of its evaluation in the second annual Form 10-K; and  
  • Section 404(b) requires auditor attestation on the operating effectiveness of ICFR. EGCs, in accordance with the JOBS Act, receive up to a five-year reprieve from section 404(b) – auditor attestation of the operating effectiveness of internal controls over financial reporting.  
• Evaluate the effectiveness of your IT general controls (ITGCs), the basic controls that can be applied to IT systems such as applications, operating systems, databases, and supporting IT infrastructure. Determine whether an internal audit function is needed. 
• Maximize the post-audit debrief and create a project plan to remediate any material weaknesses or control deficiencies. Companies will routinely run into a complicated series of audit issues they must be able to quickly address. But they also need a proactive audit approach and strategic partnership with an audit advisor to ensure their risk and controls framework is optimized with automated controls. 
• Create a cyber risk framework and reporting process to support recent SEC requirements and cybersecurity framework for reporting to the Board. 
• An effective internal control environment in a public company is much more involved than in a private company. Areas to improve upon or rely upon external advisors for support often include: 
  • Creating effective Entity Level controls.  
  • Adopting IT General Controls and standards for reviewing the quality and integrity of your IT setup and supporting effective reporting and financial statement audits.  
  • System and Organization Controls (SOC) reporting to your customers to support their financial audits. 

Build out a Transaction Working Group 

• Companies require expert direction and assistance from external advisors to guide and complete a successful IPO. The following is a summary of different parties a company will need to hire: 
  • SEC counsel. 
  • Independent auditors. 
  • Accounting, financial, and reporting advisors. 
  • Investor relations firm. 
  • Underwriters. 
  • Underwriters counsel. 
  • Financial printer. 
  • Tax advisor. 
  • Internal controls and process optimization specialists. 
  • Cybersecurity specialists. 
• The company will need to identify a leader of the project management office (PMO) to coordinate and drive this group to completion. 

Maximizing Deal Value with an IPO Readiness Assessment 

To better understand your position and timeline on the IPO journey, start with an IPO readiness assessment. The assessment identifies a list of items (along with prioritization and timeline) that will require your company to hire additional people and external advisors and invest in system and process improvements. 

Not all improvements are created equally, however. Some can be sequenced later or can even be fine-tuned after going public, while others are mission-critical to begin during the pre-IPO filing process.  

If an IPO is in your future, now’s the time to get ready.   

For expert IPO readiness support, contact CrossCountry Consulting today. 

The SEC’s U.S Treasury Central Clearing Final Rule mandating central clearing for the majority of US Treasury (UST) cash and repurchase agreement (repo) transactions will dramatically reshape how these securities are traded and settled. This shift, while designed to enhance market stability, presents both challenges and opportunities for banks and broker-dealers.

Implementation challenges are evident with the SEC’s recent approval of extending the cash and repo central clearing compliance deadlines by one year following feedback received from market participants and industry groups. SEC Acting Chairman Mark Uyeda noted that, “The U.S. Treasury market is a critical piece of the global financial system. New rules must be implemented properly, and any operational issues must be addressed.”  

Key Compliance Dates 

US Treasury cash and repo central clearing was originally required to go into effect by the end of 2025 and mid-year 2026, respectively, but has since been revised:

• September 30, 2025: Direct participant compliance with enhanced practices implemented by covered clearing agencies (CCAs) including risk management, margin, and customer asset protection.
• December 31, 2026: Direct participants must clear eligible cash secondary market transactions through central clearing.
• June 30, 2027: Direct participants must clear eligible Treasury repurchase agreement (repo) transactions through central clearing.

Delaying the central clearing of cash and repo transactions will provide additional time for direct participants to implement and validate operational changes. The SEC, however, has retained the March 31, 2025, deadline for central clearing agencies (FICC) to implement enhanced risk management practices and facilitate participant access, but extended the enforcement of those requirements for clearing members to September 30, 2025.

The Need for Change: Mitigating Systemic Risk 

Historically, a substantial portion of Treasury transactions were cleared bilaterally, exposing market participants to counterparty credit risk. The Central Clearing Rule shifts the majority of this activity to a covered clearing agency like the Fixed Income Clearing Corporation (FICC), which acts as the central counterparty, effectively mitigating this risk. This change is expected to dramatically increase the volume of centrally cleared transactions, potentially adding trillions of dollars to daily cleared volumes. 

Margin Management: A Critical Consideration 

Central clearing will require participants and their clients to adhere to standardized margin practices to cover potential losses, which may not be required in a bilateral agreement. The Final Rule also introduces margin segregation, requiring separate margin for proprietary and customer trades. This could significantly increase overall margin requirements, impacting direct participant firms’ liquidity and capital. To address this, the SEC has amended the Broker-Dealer Customer Protection Rule, allowing certain margin deposits to be included as debit items in customer reserve formulas. Understanding and managing these margin implications is paramount.

A Multifaceted Impact: Beyond Margin 

The impact of the Final Rule extends far beyond margin requirements. Business functions will all need to adapt. 

• Operations: Teams will need to handle increased transaction volumes and new settlement processes. 
• Technology: Infrastructure may require significant upgrades to support these changes. 
• Legal: Expect a flurry of activity as legal teams update client agreements and clearing arrangements. 
• Compliance: Departments will need to revise policies and procedures to ensure adherence to the new regulations. 

Accessing Central Clearing: Different Models Emerge 

Access to central clearing is another critical consideration. While large banks and broker-dealers will likely already be direct participants, other entities will rely on sponsored access or agency clearing arrangements. The rise of “done-away” clearing, where firms clear through a counterparty other than their primary intermediary, adds another layer of complexity. Firms must carefully evaluate their options and choose the model that best aligns with their business model and client base.

The FICC’s Role: A Central Player 

The FICC, as the sole central counterparty for US Treasury cash and repo transactions, plays a vital role in this transformation. The FICC has made several modifications to its Government Securities Division (GSD) Rulebook to comply with the Central Clearing Rule, including enhanced risk management practices and facilitating market access to central clearing. We have seen updates to existing FICC Membership requirements and Access Models as well as new tools introduced like the VaR calculator to help direct participants assess potential margin and liquidity obligations.

A Phased Approach: The Key to Success 

So what should firms do? A phased approach is highly recommended:

• Phase 1: Assessment and planning: Conduct a thorough impact assessment, establish a dedicated project team, and engage with regulatory experts.
• Phase 2: Implementation: Focus on implementing necessary changes, including contract remediation, technology upgrades, and process optimization.
• Phase 3: Ongoing monitoring and refinement: Continuous monitoring, process refinement, and leveraging data analytics are essential to identify and address potential issues.

Navigating the Future: Challenges and Opportunities 

While the transition requires significant effort, firms that proactively adapt can benefit from increased efficiency, reduced risk, and enhanced market access. CrossCountry Consulting’s Banking & Capital Markets experts can help your firm navigate upcoming changes and prepare for the US Treasury market transformation. 

Access the full whitepaper for functional transformation priorities and the keys to implementation success. 

You’ve reached the finish line of a long system implementation. The appetite for change has been exhausted, and project stakeholders are ready for a well-deserved break. 

Not quite. 

A system implementation is an ongoing journey, not a single event. In a lot of ways, the new system is just the start of a larger transformation journey. There are a series of post-go-live activities that are critical to ensuring the longevity and success of the implementation. Getting this phase of the implementation lifecycle right is make-or-break for ROI and impact. 

Why Post-Go-Live Matters: Extending the Utility of Your System 

The post-go-live phase of an implementation is where companies really begin to see the fruits of their labor and investment. The full potential of the system comes into view as more employees are transitioned onto the platform and legacy processes are modernized. 

It will still likely take years to recoup the full investment, but the ROI snowball is gaining momentum. To maximize this time period, focus on these activities: 

• Talent upskilling for human capital efficiencies. Some tasks or staff responsibilities may be redundant in a new system environment, so it’s important to use their newly available time wisely on other key tasks. This can take many shapes but might include enabling finance and accounting staff to work more collaboratively with FP&A or IT teams. It might also mean more training to allow impacted staff to become champions or owners of the new software rather than just users. 
• Tech support for stronger adoption, fine-tuning, and troubleshooting. System implementers and advisory partners should still be on hand for a period of time to support beyond the official cutover. Users will naturally run into issues with navigation or bugs, and they will require time to become fully acquainted with the new system. System enhancements, administration, and cleanups may also be required as part of post-production activities. 

• Communication, change management, and training materials. Post go-live, change champions and leaders throughout the business must continue to reinforce best practices and model the behavior they expect when using the system. This might entail weekly or monthly email updates, rolling office hours, 1:1 sessions, and helpful guides on how to efficiently use the system. Making these materials self-service is even better, as it can help get more users into the system faster and with less support needed. 
• Continuous process improvement and automation for scalability, user experience, and process design. As the system comes online, there’s a lot of opportunity for feedback loops and new releases. It will take time for the process architecture and technology architecture to work in cohesion and best serve all users’ needs. After go-live is when many of these new requests, process changes, and lessons learned will bubble to the surface, which should be cycled into the next iteration of system updates. Likewise, process documentation should continually be refreshed as needed. 
• Evolving AI capabilities. Today’s finance and accounting systems are constantly working to embed AI into common workflows to promote further efficiencies and labor savings. Some of these features may automatically be added to the system, while others may need to be opted into. Meanwhile, staff must be retrained on how to appropriately leverage AI. As AI adoption is only expected to proliferate, it must be top of mind for any system implementation. 
• Additional integration opportunities as technology landscape evolves. In many cases, the implementation timeline doesn’t allow for a full scope of features originally requested. After go-live, however, there’s an ongoing need to integrate with other business systems, add more modules, or explore plug-ins or other enhancements as needs evolve. Without a strong integration strategy, the new system will become siloed, leading to inefficient, risky data movements. As the business and its tech stack evolve, the new system can benefit from a continuous reassessment of integration opportunities. 
• Future-state controls design, optimization, and testing. As the technology stack evolves and workflows are reconfigured, there’s potential for new risks and data integrity issues to be introduced. Manual and automated internal controls must be updated to reflect new responsibilities, processes, and threats to best support audit, compliance, and reporting requirements. Learn how a financial services firm saved time and money on report creation with CrossCountry Consulting’s proprietary implementation methodology. 

Winning Post-Go-Live 

By appreciating the magnitude of the post-go-live period and bringing a holistic approach to the full implementation lifecycle, today’s organizations can maximize the benefits of their ERP and finance/accounting systems while reducing risk. 

To realize long-term implementation value, contact CrossCountry Consulting. 

With the EU Digital Operational Resilience Act (DORA) now in effect, operational resilience is both a regulatory requirement and a strategic necessity. All technology, cyber, and risk leaders across financial services must prioritize operational resilience programs to: 

• Ensure continuity of services by maintaining delivery of critical services to customers during disruptions. 
• Maintain financial and reputational stability by reducing the risk of significant financial losses and reputational damage. 
• Develop proactive response plans to minimize the impact of disruptions and recover effectively. 
• Meet evolving regulatory demands for operational resilience by adhering to DORA and the Finance Conduct Authority’s (FCA) operational resilience guidelines. Additionally, continue to consider existing U.S. regulations, such as the FFIEC BCM Handbook, FINRA Rule 4370, and the NCUA’s BCP Guidance. 

Here’s where to begin. 

Understanding DORA 

DORA is a comprehensive legislative framework designed to enhance the digital operational resilience of financial entities within the EU and U.S. entities with operations in the EU. It addresses the increasing dependence on technology and the associated risks, ensuring financial institutions can withstand severe operational disruptions. 

DORA’s key focus areas are: 

1. Information and Communication Technology (ICT) risk management framework: Establishing a governance and control framework to manage information and communication technology (ICT) risks effectively. 
2. ICT-related incident management process: Implementing processes for managing ICT-related incidents, including timely regulatory notifications. 
3. Digital operational resilience testing: Conducting regular testing, including threat-led penetration testing, to evaluate digital operational resilience. 
4. Managing ICT third-party risk: Managing risks associated with critical ICT service providers. 
5. Information-sharing arrangements: Fostering collaboration within trusted communities to share cyber-threat information and intelligence. 

Below is a breakdown of key information organizations must know:

	Financial Institutions	Critical ICT Providers
Timeline	Entered into force January 16, 2023; applies as of January 17, 2025	Entered into force January 16, 2023; applies as of January 17, 2025
Applicability	– Credit institutions (banks) – Payment and electronic money institutions – Insurance and reinsurance companies – Investment firms – Investment fund managers – Central securities depositories – Crypto-asset service providers For U.S. Entities: While DORA is an EU regulation, U.S. organizations that offer financial services within the EU or provide third-party services to EU financial services companies are impacted.	Any entities providing critical ICT services within the EU: – Cloud service providers – Data center providers – Software vendors – Application providers – Payment service providers
Penalties	– Organizations may face fines of up to 2% of their annual global revenue. – Individuals can also be held accountable under DORA, with penalties of up to €1 million for non-compliance.	Up to 1% of their worldwide annual revenue, and the amount of the fine depends on the number of days the service provider was not compliant.

A Strategic Approach to Implementing DORA 

To comply with DORA, our team has developed the following checklist to help risk management leaders:  

1. Set up governance and oversight: Assign a steering committee and program manager for DORA compliance, defining clear roles and responsibilities. 
2. Conduct a gap analysis: Evaluate current ICT risk management and operational resilience practices against DORA requirements. 
3. Identify critical functions and assets: Prioritize assets and services based on their impact on customers and operations. 
4. Implement ICT risk management practices: Establish monitoring and reporting mechanisms for risk and incident management. 
5. Enhance incident response and recovery: Develop and test incident response plans that comply with DORA’s reporting requirements. 
6. Strengthen third-party risk management: Conduct due diligence on ICT third-party providers to ensure compliance with DORA. 
7. Establish monitoring and reporting processes: Set up tools and metrics to continuously monitor ICT systems’ performance and risks. 
8. Perform regular testing and assessments: Conduct penetration testing, disaster recovery tests, and resilience exercises for critical systems. 
9. Train and educate staff: Foster a culture of resilience and awareness across all levels of the organization. 
10. Engage regulators and maintain documentation: Maintain comprehensive documentation of compliance efforts and establish open communication with supervisory authorities. 

Overcome Common Challenges and Remain Ahead of the Operational Resilience Curve 

Financial institutions often face several challenges in achieving operational resilience, especially as regulatory and market demands evolve. Fortunately, these barriers are expected and can be proactively addressed. 

• Interconnected risk domains: The interconnected nature of operational risk programs (cyber, third-party, privacy) can complicate risk assessments. It’s imperative, however, that operational risk programs cohesively integrate with other risk programs in support of enterprise objectives. Without a unified approach, siloed risk management efforts may lead to gaps in oversight and an incomplete understanding of systematic vulnerabilities. 
• Regulatory gaps: Rapidly evolving regulations require systematic gap analysis and remediation planning. Failure to stay ahead of these changes can result in compliance violations, penalties, and operational inefficiencies as organizations scramble to retrofit their resilience frameworks. 
• Environmental visibility: To combat increasing complexity, organizations need a clear view of their critical processes, impact tolerances, and third-party dependencies. Limited visibility into these elements can hinder an organization’s ability to proactively manage disruptions and can increase exposure to operational failures. 

By aligning with DORA and other regulatory frameworks, financial institutions can enhance their ability to manage digital operational risks, ensuring they remain resilient in the face of disruptions.  

For expert support understanding and adapting to new compliance rules, contact CrossCountry Consulting. 

How can today’s organizations continuously adapt and innovate to stay competitive in a world that’s being rewritten by technologies like AI? One powerful approach is through a zero-based transformation.  

This methodology involves re-evaluating every aspect of your organization from scratch, rather than building on existing structures and processes. Let’s explore how zero-based transformations can revolutionize your organization, reporting, technology architecture, manual processes, and other investments. 

What Is Zero-Based Transformation? 

Zero-based transformation (ZBT) is a strategic approach in which every function, process, and report is justified from the ground up, starting from a “zero base.” ZBT takes the traditional use of the term zero-based budgeting (ZBB) to new lengths by applying the same concept to every facet of how your organization operates. This approach can lead to significant cost savings, improved efficiency, and enhanced organizational agility. 

Benefits of Zero-Based Transformations 

Looking for tangible wins from zero-based transformation? Primary benefits you can expect include: 

• Cost savings: Zero-basing typically leads to up to 25% leaner SG&A models, allowing more dollars for strategic investments. 
• Faster outputs: Increased cycle times through fewer approval layers and distractions and streamlined or automated processes. 
• Enhanced agility: A leaner, more focused organization can adapt more quickly to market changes and new opportunities. 
• Better, more risk-aware decision-making: More attention and scrutiny of each investment enables a clearer understanding of potential value versus risks before making decisions.  
• Competitive advantage: Simplified reporting and analytics leads to faster insights that give organizations an advantage over competition. 

Zero-Based Transformation Concepts 

Organizational structure: Build a blank-sheet organizational model. Draw what you need to execute the required operations and enable the company’s strategy. Streamline your structure to ensure every position adds clear value to the organization. The structure is the anchor to driving efficiency from the rest of the zero-based pillars. Zero-basing also provides a forum for provocative conversations to explore the art of the possible – e.g., “What if we leveraged AI to do accounting journal entries?” 

For example: With the CFO role expanding to cover strategy and digital transformation, functions like Procurement and/or IT may be best suited reporting to the CFO. But the organization should be flat and agile to maximize velocity of outputs. Maximize direct report spans per manager (e.g., 6-8) and have few layers (e.g., 3-4). 

Reporting and data: Re-evaluate what information you really need. What does the company do, and which roles or “personas” need what information at what time to make critical decisions to drive operational excellence? Many companies experience death-by-a-thousand cuts in reporting and have hundreds of reports, dashboards, and ad hoc analyses – and each department has its own reports. Many of these are no longer needed or were a one-time request. Eliminate unnecessary “routine exercise” reports and focus on those that provide actionable insights and drive decisions that add value.   

For example: A professional services organization should track active projects, sales bookings, pipeline, performance reviews, and utilization by employee. These metrics are commonly tracked by separate departments and reported separately to employees. All these metrics can alternatively be seen in one dashboard, with data feeding automatically in real-time from source systems (e.g., CRM, ERP, HRIS). 

Technology architecture: Simplify the technology stack to only what you need. Are you using outdated systems that hinder productivity? Invest in modern, scalable, and integrated solutions that enhance operational efficiency without overlapping capabilities. The cost savings from simplified architecture opens the door to more investment in AI, which will further drive efficiency in processes and costs.  

For example: A product company’s Quote-to-Cash process and related consumer ordering information should flow seamlessly from CRM (e.g., Salesforce) to ERP/billing systems (e.g., NetSuite). Also, companies that have grown through acquisitions should weigh the cost, benefit, and level of effort of integrating core systems (e.g., ERP) versus leveraging platforms (e.g., OneStream) that can overlay x-ERP.  

Processes: Rewrite the process. Can it be faster and more automated? Implementing automation tools can reduce errors, save time, and allow your team to focus on more strategic tasks. 

For example: Automate revenue recognition. Get Accounting out of Excel. Journal entries can be automatically generated by AI and fed into financial systems, assuming your data architecture is fully integrated. Accountants can instead focus on auditing and approving entries and enhancing policies and procedures. 

Budgets and investments: Scrutinize all costs and investments, whether in technology, infrastructure, or human resources (e.g., each functional and business owner must justify their headcount). Are they delivering the expected return on investment? Redirect funds to areas that offer the highest value and support long-term objectives. 

For example: Build your investments in technology and cyber with a blank sheet each year. Only invest in areas that will add measurable value in an optimal timeframe. Strictly enforce the budget.  

The CFO should be the organization’s designated “ZBT Lead,” but achieving the full value potential of ZBT requires a coalition among Finance, IT, and HR.  

Zero-based transformation is a powerful methodology for revolutionizing your organization. By starting from a clean slate and justifying every function, process, and expense, you can create a more efficient, agile, and cost-effective organization. Embrace zero-based concepts to unlock new opportunities and drive sustainable growth. 

To learn more about ZBT and to deploy it effectively at your organization, contact CrossCountry Consulting. 

As the head of U.S. Cyber Command and the National Security Agency (NSA) recently stated, the Defense Industrial Base (DIB) sector is “is being actively targeted by our adversaries and competitors.” These attacks routinely target intellectual property and sensitive information. They also disrupt military operations and threaten the U.S. Department of Defense (DoD) supply chain, which includes hundreds of thousands of domestic and foreign companies. In response, the DoD has emphasized the need for stringent cybersecurity requirements for contractors within its supply chain to maintain national security.  

The Cybersecurity Maturity Model Certification (CMMC) is a mechanism developed to protect unclassified information, such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), that resides on DIB systems and networks. The CMMC measures an organization’s cybersecurity hygiene, in alignment with industry standards outlined in the NIST SP 800-171 rev2 and NIST SP 800-172 frameworks.

The latest evolution of CMMC requires DIB organizations to reconsider risk and compliance practices.

Importance of CMMC 2.0 in 2025

The Pentagon budget for FY25 is $849.8 billion. Achieving the required CMMC level is essential to qualify for DoD contracts and provide trust and credibility within in the DoD supply chain.

The DoD published the CMMC 2.0 rule in October 2024, which is streamlined to three maturity levels:

1. Foundational – Focuses on basic cyber hygiene practices. It includes 17 practices that are required to protect FCI.
2. Advanced – Aligns with the security requirements in NIST SP 800-171. It includes 110 practices aimed at protecting CUI.
3. Expert – Aligns with a subset of the requirements in NIST SP 800-172. This level focuses on advanced and progressive cybersecurity practices to protect CUI from Advanced Persistent Threats (APTs) and is required for high-priority DoD programs.

Initial implementation is already underway. The table below outlines each phase of the implementation timeline:

Phase	Timeline	Details
Phase 1	December 2024	Where applicable, solicitations require Level 1 or 2 Self-Assessments.
Phase 2	December 2025	Where applicable, solicitations will require Level 2 Certification.
Phase 3	December 2026	Where applicable, solicitations will require Level 3 Certification.
Phase 4	December 2027 onwards	All solicitations and contracts will include CMMC Level requirements as a condition of contract reward.

Considerations for Organizations in the DIB Sector

To prepare for upcoming deadlines, organizations should ask themselves:

What type of data do we hold?

CMMC 2.0 places greater scrutiny on DIB organizations handling CUI, which involves information about DoD contracts, sensitive but unclassified information, information under protections from federal laws, and information related to national security or law enforcement. Specific examples include:

• Personally Identifiable Information (PII).
• Protected Health Information (PHI).
• Export-controlled or International Trade Data.
• Contractor sensitive information.
• Unclassified Controlled Technical Information (UCTI) – sensitive but unclassified military information including operational plans, development of military technology, and surveillance methods.

DIB organizations with any form of CUI MUST be Level 2 Advanced CMMC-compliant, and those handling CUI for high-priority DoD programs MUST be Level 3 Expert CMMC-compliant.

How long will CMMC compliance take, and how much will it cost?

Achieving and maintaining CMMC compliance has time and cost implications, which vary significantly due to:

• The size of the organization.
• The level of certification required.
• Complexity of existing systems.
• Existing gaps in cybersecurity posture.
• Implementation of necessary controls.
• Employee training and awareness.
• Third-party certification.

For many organizations, the upfront costs and effort can be substantial, but they are outweighed by the long-term benefits of improved security posture, access to government contracts, and mitigating cyber risk. On average, organizations should expect to spend several months to a year achieving initial compliance, with ongoing maintenance and periodic audits required after that. Planning, allocating sufficient resources, and being aware of any contractual deadlines will help in meeting CMMC requirements on time.

Are the organization-defined NIST SP 800-171 and NIST SP 800-172 controls aligned with our risk management policies and procedures?

When preparing for CMMC compliance, security controls from NIST SP 800-171 and NIST SP 800-172 should align with the organization’s risk management policies and procedures. This ensures that cybersecurity posture is both compliant and suitable for the organization’s operational environment. Organizations should:

• Conduct a gap analysis of cybersecurity and risk management measures to determine areas lacking compliance or requiring enhancement.
• Map NIST SP 800-171 and NIST SP 800-172 controls to the organization’s risk management policies and procedures.
• Implement tailored controls, such as creating and updating policies and procedures, deploying necessary technologies (e.g. encryption, access controls), and continuously reviewing controls to ensure ongoing compliance.
• Document and communicate the risk management strategy across the entire organization.

CMMC 2.0 expands on NIST 800-171’s 14 security domains with three new domains (for a total of 17). These new domains emphasize cybersecurity asset protection, breach recovery, and how CUI data held within their environment is impacted. These new domains include:

1. Asset Management.
2. Recovery.
3. Situational Awareness.

Are our subcontractors and third parties aware of CMMC requirements?

Subcontractor compliance is also a key consideration, and by October 2025, it will be the prime contractor’s responsibility to ensure all subcontractors meet the appropriate CMMC requirements.

A subcontractor’s required certification level is based on the information that will flow to the sub-contractor or supplier during fulfillment of the contract. This means there could be differing requirements for CMMC compliance between prime contractors and subcontractors. For example, a prime contractor handling high-priority CUI data requires CMMC Level 3 compliance, and only passes FCI data to its subcontractors, requiring them to only be CMMC Level 1-compliant.

Achieving CMMC Compliance

To achieve CMMC compliance, organizations are advised to conduct the following initiatives:

CUI Boundary Analysis

Understanding the type of data handled by an organization is key in determining the level of certification required. For example, Advanced Level 2 compliance is not necessary for all organizations and is solely required for organizations handling CUI.

To help navigate the compliance requirements within the CMMC, a CUI boundary analysis can determine whether organizational information is classified as CUI, identify and map CUI data flows, and define clear distinctions between CUI and non-CUI data.

Cyber Gap Analysis and CMMC Self-Assessment

A cybersecurity maturity assessment is the first step in identifying gaps in existing practices, controls, and documentation. Based on the results of the gap analysis, focus on key CMMC domains that need improvement, which can include data protection, access control, or incident response, etc.

The CMMC self-assessment is required annually to achieve Foundational Level 1 compliance. This level focuses on the protection of FCI aligned with Federal Acquisition Regulation (FAR) Clause 52.204-21.

Mock Audit

Ensuring all required documentation, such as system security plans (SSPs), policies, and training records, is ready can greatly speed up the formal assessment process. This can be achieved by conducting mock audits to verify that all requirements are met.

For Advanced level compliance, an official assessment conducted by a CMMC Third-Party Assessor Organization (C3PAO) is required, and for Expert level compliance a DoD governing body will conduct the assessment.

Third-Party and Subcontractor Engagement

As mentioned earlier, prime contractors have the responsibility to ensure all subcontractors are CMMC compliant based on their required level. Engaging with subcontractors and third parties early to identify information flows can ensure a seamless certification process.

Due to the nuanced set of requirements in the CMMC, acting early will give organizations a competitive advantage by prioritizing their cybersecurity maturity. To plan and navigate the complexities of your organization’s CMMC compliance in 2025, contact CrossCountry Consulting.

Sage Intacct 2025 R1 is packed with powerful features and enhancements designed to streamline your financial processes and boost efficiency. Centered around automation, control, and improved reporting capabilities, R1 delivers new ways to optimize financial management. 

Below, CrossCountry Consulting’s Sage Intacct implementation experts break down key updates that users and admins can capitalize on. 

Top Features to Watch 

Prominent R1 highlights include: 

• Vendor-based approval for bills: R1 2025 introduces vendor-based approvals, allowing you to assign specific approvers to each vendor. This granular control ensures invoices are routed to the right people, speeding up processing and reducing errors.  
• Prevent direct posting to specified journals: Reconciling subledgers with the trial balance just got easier. You can now prevent direct postings to specific journals, eliminating a common source of discrepancies and improving the accuracy of your financial reports. This provides tighter control over your GL and enhances auditability.  
• AP automation with purchasing: The new “AP Automation with Purchasing” add-on streamlines the entire purchasing process. It automatically drafts incoming vendor invoices and matches them to existing purchase orders and receivers, significantly reducing manual data entry and accelerating invoice processing.  
• Enhanced AR statements: Better communicate with customers and provide more personalized, informative statements by including header-level custom fields on customer, invoice, and AR adjustment objects.  
• Generate NACHA-compliant payment files: Sage Intacct now supports NACHA-compliant file formats, making it easier to upload payment files to your bank and improve the efficiency and security of your payment processes.  

Critical Updates and Things to Know 

While new features are exciting, it’s crucial to be aware of some upcoming changes that will impact your workflows: 

• Authenticate and validate your custom domain before May 2025: This is critical. If you send emails using a custom domain, you must authenticate and validate it before May 2025. This is due to Sage Intacct’s transition to an enhanced email delivery service. Failure to do so will likely result in email deliverability issues.  
• “Receive A Payment” retiring soon: The older “Receive A Payment” method is being retired in May 2025. If you’re still using it, now’s the time to switch to the new payment receipts method.  
• More flexibility for purchasing approval delegation: Delegation can be assigned to restricted users and be set up for a specific timeframe. 
• Transfer assets within an entity: With Fixed Assets Management, you must now transfer an asset to change an asset’s allocation or dimensions. 
• Security settings change for sales transaction definitions: Modified security settings offer restricted users added control of their draft sales transactions. 

Preparing for Upcoming Transitions 

To maximize the value of your Sage Intacct investment and ensure a smooth transition, contact CrossCountry Consulting.  

In early 2024, CrossCountry Consulting partnered with the Institutional Limited Partners Association (ILPA) to develop the next evolution of reporting templates. Initially based on the SEC’s Private Fund Advisers (PFA) rule, which sought to enhance transparency into quarterly reporting on 1) fees and expenses and 2) performance, the initiative involved months of intensive collaboration with industry stakeholders, including 100+ global representatives from LPs, GPs, fund of funds, fund administrators, and consultants.

After the U.S. Fifth Circuit ruled to vacate the PFA rule, the QRSI evolved by shifting from PFA adherence to delivering the templates based on adoption and best practices. To accommodate this shift, the QRSI team facilitated a 10-week public comment period, leveraging feedback to finalize the revamped ILPA Reporting Template and the new ILPA Performance Template.

Benefis of New Reporting Templates

Above all, the primary benefits for adopting the new templates consist of standardization, transparency, and comparability.

For the updated ILPA Reporting Template, this includes:

• Breaking out internal recharges to isolate expenses allocated or paid to GPs/Related Persons.
• Adding more granular external Partnership Expenses better aligned to general ledgers.
• Consolidating the previous levelled structure for offsets into a uniform listing for GPs to report.

For the brand new ILPA Performance Template, this includes:

• Introducing tables to capture cash flows and fund portfolio-level transaction type mapping for transparency into the calculation methodology of performance metrics.
• Incorporating standardized reporting of performance metrics, including IRR and TVPI/MOIC, with designated breakouts for reporting the relevant gross and net figures with and without the impact of sublines.
• Providing an alternative methodology for GPs reporting performance on the basis of less-granular cash flows (i.e., a “gross-up” methodology).

The QRSI team released the updated ILPA Reporting Template and the new ILPA Performance Template to the public on January 21, with additional materials flagged for release later in 2025.

Since Day 1: CrossCountry’s Involvement With QRSI

Following CrossCountry’s selection as ILPA’s primary consulting partner on the QRSI, our firm has consistently implemented value-add strategies to enhance the overall initiative. On project management, CrossCountry instituted a comprehensive governance structure, including the formation of two dedicated working groups meeting weekly to workshop template elements, with monthly SteerCo sessions to ensure buy-in. These engagement efforts prioritized continuous outreach to incorporate diverse viewpoints across both organization types and geographies into the final templates.

Furthermore, CrossCountry executed a broad change management program, prioritizing the release of key QRSI communications and feedback polling throughout the process. During the comment period, CrossCountry deployed an innovative approach to gather feedback via Qualtrics polling as an enhancement over less-automated methods historically used for similar comment periods in the industry.

By deploying this solution, we received 100+ submissions, empowering the QRSI team to more efficiently translate raw feedback into digestible trends for analysis. This analysis quantified industry stances on key template elements and also proved fruitful in reporting insights to stakeholders. In totality, the implementation of Qualtrics surveys to facilitate the comment period significantly reduced workload while simultaneously improving the outputs.

“Since QRSI kickoff, CrossCountry’s partnership with ILPA was integral to the initiative’s success. From best-in-class project management to subject-matter expertise in asset management, fund reporting, and accounting frameworks, CrossCountry enabled ILPA to deliver the next evolution of reporting templates to the PE industry. I’ve been incredibly pleased with their support.” – Neal Prunier, Managing Director – Industry Affairs at ILPA

How CrossCountry Helps Organizations Adopt the New ILPA Reporting Standards

With our team’s background in supporting ILPA’s QRSI initiative since day 1, we’re well-positioned to help firms understand the new requirements and implement them efficiently. Our team has developed accelerators for implementation, including:

• A detailed Chart of Account mapping across multiple general ledger systems.
• Pre-built templates enabling seamless integration with your GL and data warehouse, thereby eliminating the need for extensive in-house development.

With deep experience in data lineage, expense category mapping, close timing adherence, prepping GLs, and testing considerations prior to implementation, CrossCountry makes adoption more effective and seamless. To learn more and discuss QRSI adoption, contact CrossCountry Consulting.

The rapid adoption of artificial intelligence (AI) is unlocking unprecedented value for organizations that can effectively harness its potential. However, as AI continues to evolve, so does the need for robust risk management to ensure its ethical and transparent use. With forthcoming oversight from industry, government, and international bodies, maintaining trustworthy AI is critical to unlocking its full value while ensuring safety and accountability. Here’s where to start on the journey toward building AI that can be trusted, valued, and guided responsibly. 

8 Principles for Trustworthy AI 

Organizations should establish an AI governance framework that’s grounded in the concept of “Trustworthy AI” principles that guide people, processes, and technology throughout the development and deployment of AI. The core principles of trustworthy AI principles include: 

1. Accountability: The obligation and responsibility to ensure systems operate ethically, fairly, transparently, and compliantly (e.g., traceable actions, decisions, outcomes). 
2. Contestability: Ensuring system outputs and actions can be questioned and challenged.  
3. Explainability (XAI): The ability to describe AI’s output and decision-making. 
4. Fairness: Relatively equal treatment of individuals and groups.  
5. Reliability: Ensuring systems behave as expected (e.g., perform intended functions consistently and accurately, especially with unseen data). 
6. Robustness: Systems maintain functionality and perform accurately in a variety of circumstances (e.g., new environments, unseen data, against adversarial attacks). 
7. Safety: Minimizing potential harm to individuals, society, and the environment. 
8. Transparency: Ensuring information about the system is available to stakeholders. 

While it may not be possible to maximize all characteristics of trustworthy AI, organizations still need to determine and accept tradeoffs in a risk-based manner. Effectively balancing risk and implementing trustworthy AI is key to: 

• Improved decision-making. 
• Stronger competitive advantage. 
• Preparation for regulatory compliance. 
• Enhanced security and privacy.  
• Mitigation of bias and harm. 
• Sustainability and long-term viability. 

Implementing Trustworthy AI 

So where do you start? Organizations struggling to operationalize trustworthy AI or seeking a health check on their existing framework may benefit from a baseline risk assessment or audit. A few relevant assessment/audit types are program assessments, development workflow assessments, and model assessments.  

Program assessments provide organizations an enterprise-wide analysis of the culture of AI governance. A formal assessment (e.g., performed using the NIST AI Risk Management Framework) will reveal overall program maturity, gaps, and recommendations to achieve trustworthy AI.  

Development workflow assessments provide organizations a targeted report on their AI development lifecycle. A formal assessment of the AI development lifecycle will reveal strengths, weaknesses, and potential risks associated with the AI dev workflow (e.g., plan, design, development, and deployment).  

Model assessments, or “conformity assessments,” may be required for organizations subject to the EU AI Act developing or deploying high-risk systems. A model assessment may include verifying and/or demonstrating that a “high-risk AI system” complies with the requirements of the EU AI Act, including by evidencing: 

• The organization’s risk management system. 
• Implementation of effective data governance (bias mitigation). 
• Maintenance of up-to-date technical documentation and logging. 
• Testing of systems for cybersecurity resiliency.  
• Other requirements around human oversight and transparency.  

Transforming AI Risk Into Opportunity 

Few organizations will get every aspect of AI right on their own. As with many emerging technologies, the instinct to move quickly often outweighs caution. However, by adopting a thoughtful, strategic approach to AI, companies can mitigate risks, maximize value, and outpace competitors.  

To start a conversation on building a foundation of trustworthy AI, contact CrossCountry Consulting. 

Coupa’s latest release (R41) brings significant enhancements across various features, including procurement, invoicing, Coupa Pay, and the overall platform. Coupa users and admins can expect a simplified user experience, streamlined workflows, enhanced supplier collaboration, and improvements to payments and mobile capabilities, among other optimizations in 2025. 

User Interface 

• The Customer Supplier Portal (CSP) has been modernized with a new look and feel, including renamed sections such as “Business Profile” and “Payment Methods,” which should add clarity to navigation. 
• Invoice tolerance messaging is now much clearer and easier to understand within the system. 

Process Improvements 

• Bulk editing now allows you to edit more fields for multi-line items. 
• InvoiceSmash is now integrated into Coupa Core, which streamlines invoice processing and reduces the number of times users must switch between modules. 
• Automate the sending of positive pay files to your bank, reducing manual effort and potential errors. 

Supplier Management 

• The Supplier Search Assistant in SIM can pre-populate certain data points for new supplier requests, streamlining the onboarding process. 
• Suppliers can now manage multiple form responses within their CSP instance, improving communication and collaboration. 
• A new Coupa Community Score in Risk Aware provides insights into supplier behavior with other Coupa customers. 

Payments & Mobile 

• Manually complete virtual card payments on invoices, even if the card is not fully charged. 
• Coupa can now identify opportunities to batch payments together for TransferMate payments, saving on bank transfer fees. 
• Users can now request pre-approved virtual cards in Coupa Mobile, further streamlining the expense approval process. 
• Open Buy functionality in Coupa Mobile has been expanded to include search results from all suppliers who use the Open Buy API. 

Maximizing Coupa ROI 

Coupa R41 brings a range of valuable enhancements that can help organizations improve efficiency, reduce costs, and enhance the overall user experience. By leveraging these new features, businesses can maximize the value of their Coupa investment and gain a competitive advantage. 

Contact CrossCountry Consulting to get started. 

Risk management has evolved from a compliance function to a strategic imperative. As organizations grapple with emerging risks, from cyber threats and artificial intelligence (AI) to Environmental, Social, Governance (ESG), and third-party risk, a well-defined risk appetite statement (RAS) can be a powerful tool to navigate uncertainty and drive balanced decision-making. 

What Is a Risk Appetite Statement? 

A risk appetite statement is a formal declaration that outlines an organization’s willingness to accept various risks in pursuit of its objectives. It defines the level of risk an organization is comfortable taking, considering both potential benefits and drawbacks.    

Why Is a Risk Appetite Statement Important? 

A well-crafted RAS offers several critical benefits: 

• Aligns risk-taking with strategy: It ensures that risk-taking decisions are aligned with the organization’s strategic goals, preventing unnecessary risk-taking or excessive risk aversion.   
• Enhances decision-making: It provides a clear framework for evaluating risks and making informed decisions, reducing the likelihood of costly mistakes.    
• Improves communication: It fosters a shared understanding of risk across the organization, improving communication and collaboration between departments and lines of defense. 
• Strengthens integrated risk management: It helps organizations identify and prioritize risks, allocate resources effectively, and develop appropriate risk-mitigation strategies that are flexible and scalable to evolving needs.    
• Supports compliance: It can help organizations demonstrate compliance with regulatory requirements and industry standards, including promoting audit readiness and enhancing public-company readiness.    

Examples of a Risk Appetite Statement 

A hypothetical technology company might have a comprehensive risk appetite statement that reads: 

“Our organization is willing to accept moderate levels of operational risk in pursuit of innovation and growth. We will prioritize investments in cybersecurity and data privacy to protect our intellectual property and customer data. We will also tolerate moderate levels of financial risk, but we will maintain a strong liquidity position and a conservative investment strategy.” 

Here’s a more robust hypothetical risk appetite statement that’s specific to cyber risk: 

“Our organization’s cyber risk exposure stems from reliance on data and the inherent risk of attack that could result in a material data breach. We have a low appetite for cyber risk due to the risk of damage to systems and data, customer harm, and the dependence on cyber to stay aligned with technology, compliance, regulatory, and reputational risk appetite. Drivers of cyber risk include the expanding size of attack surfaces through external data sharing and the increased sophistication of threat actors. Our primary cyber risks are incidents that compromise the confidentiality, integrity, and availability of company data and technology. We will maintain a comprehensive cyber program to remain within our cyber risk appetite. We will maintain policies, standards, and procedures that govern cyber-related activity and implement technical controls to identify and protect against cyber threats.” 

Every organization’s RAS is unique. It can be expanded, narrowed, or amended as needed to ensure the appropriate coverage of risks. For example, smaller enterprises in less-regulated industries might have a more concise RAS than a publicly traded global financial services firm. 

How to Develop a Risk Appetite Statement 

Developing an RAS requires a collaborative effort involving key stakeholders, including senior management, the board, risk management professionals, and business unit leaders. Here are some key steps to consider:    

1. Define strategic objectives: Clearly articulate the organization’s strategic goals and priorities. 
2. Identify key risks: Conduct a comprehensive risk assessment to identify the major risks that could impact the organization’s ability to achieve its strategic and compliance objectives. Understanding the sources of risk can help stakeholders group threats into risk categories (e.g., financial risk, operational risk), making it easier to focus attention where it’s needed and strategize how much “weight” each category holds at the organization.    
3. Determine risk tolerance: Assess the organization’s capacity to absorb losses and willingness to take risks. It’s also important to document the rationale behind tolerance levels. Why are some risks categorized as low while others are high? Need help determining where to draw the line? More on this below. 
4. Establish risk limits: Set quantitative and qualitative limits for different risk categories, such as financial, operational, and reputational risk. Assigning labels and numbers can also help align key risk indicators (KRIs) with key performance indicators (KPIs). 
5. Communicate and implement: Clearly communicate the RAS to all employees and ensure it’s integrated into the organization’s decision-making processes.    

Determining Risk Tolerance Levels 

To calibrate risk tolerance for each risk category in a way that’s appropriate for an organization’s unique circumstances, consider the following: 

• Examine both material exposure and a risk driver’s rate of change. For a cyber risk category, identify and consider these factors for risks like data protection and identity access management (IAM). 
• Understand residual risk when determining tolerance by evaluating the control environment and inherent risk level of a particular domain. A simple calculation: residual risk = inherent risk level – impact of risk controls.  
• Evaluate whether additional exposures exist to achieve the company’s strategic goals (e.g., areas of planned growth, automated controls, or technology implementations). 
• Understand any capital and regulatory constraints or requirements.  

Calculating risk tolerance is not always a quantitative, formulaic process. Instead, the above factors should be discussed among relevant leaders to make an informed, qualitative determination. High, moderate, low, or none are often used to communicate risk tolerance. 

Using a Risk Appetite Statement in Practice 

An RAS can guide various investment, operational, strategic, and risk-mitigation decisions. This includes the potential risks and rewards of new organizational initiatives, products, services, and corporate transactions. 

By establishing a clear and well-defined risk appetite, organizations can create a culture of risk awareness and accountability, navigate uncertainty, seize opportunities, and build long-term resilience. To make this connection, leaders must intentionally build a risk management framework that aligns with KRIs and KPIs. 

Connecting Risk Appetite to Key Metrics 

A RAS provides a framework for identifying the specific risks that matter most to an organization. This, in turn, guides the selection of KRIs and KPIs that should be monitored. 

For instance, an organization with a higher risk appetite for innovation might prioritize metrics such as: 

• Time to market for new products. 
• Percentage of revenue from new products. 
• Number of failed innovation projects. 

Conversely, a risk-averse organization might focus on more traditional metrics like: 

• Return on investment. 
• Cost of risk. 
• Operational efficiency (e.g., cash flow, capacity utilization). 

So, how can organizations use an RAS as an ongoing strategic tool and not just a document stored on a company intranet? The key is continuously monitoring risk performance and revising the RAS as needs evolve. 

Leveraging Technology for Risk Measurement and Performance Tracking 

Technology plays a pivotal role in enabling organizations to effectively measure and manage risk in a way that provides deeper insights into the risk landscape and optimizes the allocation of risk resources. Key technologies that can be used to track risk performance include: 

• Risk management information system (RMIS) for centralizing the storage and analysis of risk data and streamlining risk profiling and reporting against a stated risk appetite. 
• Data analytics and business intelligence (BI) tools can analyze large volumes of risk data, generate predictive insights, and surface patterns in real time, enabling faster risk decision-making.  
• Cybersecurity tools designed to protect sensitive data and systems, conduct vulnerability assessments of the organization’s IT infrastructure and “crown jewels,” and respond quickly to cyber incidents. 

Risk Management as a Value Advantage 

As risks become increasingly complex, a proactive and strategic approach to risk management, anchored by a robust RAS, is not just a best practice but a necessity. 

When coupled with the right tools, stakeholder alignment, and functional integrations, an RAS can provide another building block for enhanced risk maturity. 

To learn more about crafting an RAS or to elevate the value integrated risk management can deliver to your organization, contact CrossCountry Consulting. 

Overview

On August 28, 2024, The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule adding certain “investment advisers” to the “financial institution” definition under the existing Bank Secrecy Act of 1970 (BSA).

The final rule prescribes minimum standards for anti-money laundering (AML) programs, requires filing of suspicious activity and currency reports, and includes other obligations applicable to financial institutions subject to the BSA.

The objective of the rule is to close regulatory gaps in the investment adviser industry and safeguard investment advisers from illicit activities identified by the U.S. Department of the Treasury in the Investment Adviser Risk Assessment conducted in February 2024. The Investment Risk Assessment highlighted numerous cases in which sanctioned persons, corrupt officials, fraudsters, and foreign countries had used investment advisers as an entry point to access the U.S. financial system and launder funds.

Banks have been dealing with AML regulations for decades and continue to invest in maintaining and modernizing their programs. Investment advisers and asset management firms, which had traditionally been excluded from the BSA regulations, will now be held to the same bar.

Key Compliance Date

FinCEN will require investment advisers to implement and comply with the final rule by January 1, 2026. FinCEN has delegated examination authority over investment advisers to the SEC once the requirements are effective.

Investment Advisers Included/Excluded by the Final Rule

The final rule defines the term “investment adviser” to include SEC Registered Investment Advisers (RIAs) and Exempt Reporting Advisers (ERAs), but excludes RIAs that are registered with the SEC solely because they are mid-sized advisers (AUM between USD25 mil to USD100 mil), multi-state advisers, or pension consultants. Also excluded are RIAs not required to report any AUM to the SEC on Form ADV (few RIAs fall within these excluded categories).

FinCEN has decided to exempt these categories of advisers because their advisory activities and customers are generally lower risk.

For investment advisers with a principal office and business outside of the U.S., the final rule is only applicable if the advisory activity takes place within the U.S. or they provide advisory services to a U.S. person or foreign-located private fund with an investor who is a U.S. person.

Other investment advisers excluded from the final rule include:

• State registered investment advisers.
• Foreign private advisers.
• Family offices.

AML Requirements for Investment Advisers Included by the Final Rule

Investment advisers covered by the final rule are required to develop and implement a risk-based AML program with:

• Written internal policies, procedures, and controls to comply with the requirements of the BSA, along with periodic reviews and updates of policies and procedures.
• A designated BSA/AML Compliance Officer.
• Established BSA/AML employee training programs.
• An independent testing function of the BSA/AML program.
• Risk-based procedures for conducting ongoing customer due diligence.

Other AML/CFT obligations required by investment advisers under the final rule include:

• Filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs): Investment advisers are required to file SARs with FinCEN for suspicious transactions and maintain records of all SARs filed. Additionally, investment advisers are required to file CTRs for transactions that exceed USD10,000 in currency and certain negotiable instruments (these transactions are currently being filed on IRS Form 8300).
• Complying with recordkeeping requirements and travel rules: Record and retain originator and beneficiary information for certain transactions and pass this information to financial institutions in certain funds transmittals.
• Responding to Section 314(a) requests: These relate to law enforcement requests, pursuant to Section 314(a) of the USA PATRIOT Act, to locate accounts and transactions of persons that are suspected of money laundering or terrorist financing (ML/TF) activities.
• Conducting special due diligence measures: Investment advisers will be required to maintain due diligence measures that allow them to detect and report on an ongoing basis any suspected ML/TF activities involving a correspondent or private banking account that is established, maintained, administered, or managed in the U.S for a foreign financial institution.

How Should Investment Advisers Mobilize?

While it may be helpful to reference other financial institutions that are currently covered under the BSA definition (e.g., banks, wealth managers) as a blueprint for implementation, it’s important to be aware that a BSA /AML program should be risk-based. The depth and resources dedicated to an investment adviser’s BSA /AML program may vary between firms and largely depend on their size and business model.

The first critical step in designing an effective BSA/AML program is to perform an ML/TF risk assessment to understand risks associated with a firm’s clientele, products, service delivery methods, and geography. Over the next few months, investment advisers covered by the final rule should also:

• Perform a gap analysis on existing policies, procedures, and controls and remediate areas that are at risk of non-compliance on the effective date.
• Assess whether key third-party service providers such as placement agents, administrators, and custodians support compliance with new BSA requirements, as investment advisers are ultimately responsible.
• Identify other adjacent processes and technologies that may be impacted.
• Determine whether the firm has the appropriate resources, technology, and data to support the new BSA/ AML requirements.

How CrossCountry Consulting Can Help

CrossCountry’s business transformation and integrated risk management experts have the industry and regulatory knowledge to support with:

• Performing an AML/CTF gap analysis and risk assessment.
• Designing a risk and controls framework that’s integrated with the overall risk strategy and other risk areas across firm.
• Assessing technological solutions to automate manual controls in higher risk areas (e.g., name screening), with consideration of cost vs benefits.
• Advising compliance and legal functions on writing AML/CFT policies and procedures.
• Developing and implementing a transition playbook to meet the January 1, 2026 deadline.
• Providing remediation support (e.g., KYC/CDD).
• Designing and delivering employee training for AML/CFT.

To better understand the new rule requirements and position your firm for compliance, contact CrossCountry Consulting.

From December 9-11, representatives from the Securities and Exchange Commission (SEC or the Commission), the Public Company Accounting Oversight Board (PCAOB or the Board), the Financial Accounting Standards Board (FASB), and other speakers participated in the 2024 AICPA & CIMA Conference. They discussed various accounting, financial reporting, auditing, and regulatory topics that are critical to organizations heading into 2025. Summarized below are the key highlights.

Regulatory Landscape

• Leadership changes: SEC Commissioner Mark Uyeda and U.S. Rep. French Hill discussed anticipated changes under the new administration, including President-elect Donald Trump’s nomination of Paul Atkins as SEC Chair.

Remarks by PCAOB Chair and Board Members

• Improvements in deficiency rates: PCAOB Chair Erica Williams noted significant improvements in Part 1.A deficiency rates at large firms but stressed the need for continued focus on reducing deficiencies.
• Focus areas for 2025: Christine Gunia, Director of the PCAOB’s Division of Registration and Inspections, highlighted 2025 inspections will focus on industries affected by economic volatility, the use of generative artificial intelligence (AI), and audit execution challenges.

Remarks by SEC Chief Accountant

• Statement of Cash Flows: Mr. Munter highlighted the importance of the statement of cash flows for investors and reminded stakeholders that the statement of cash flows and its related disclosures should be given the same level of quality attention as other financial statement components.

Remarks by Senior SEC Staff Members on Accounting and Disclosure Matters

• Financial instruments: Gaurav Hiranandani, Senior Associate Chief Accountant in the SEC’s Office of the Chief Accountant, discussed the classification of financial instruments as liabilities versus equity, particularly the complexities of warrants.
• Recent ASUs: Mr. Hiranandani discussed the scope of recently issued Accounting Standard Updates (ASUs) by the FASB including those on segment reporting, income tax disclosures, and disaggregation of income statement expenses.
• Deconsolidation guidance: Jonathan Perdue, an SEC Professional Accounting Fellow, explained the application of ASC 810 for deconsolidation of subsidiaries, emphasizing the importance of considering the substance of transactions.
• Deconsolidation of a subsidiary accounted for on a lag: Mr. Hiranandani discussed a situation in which a company sold a subsidiary that had been reported on a three-month lag. The company wanted to recognize three months of income statement activity directly in shareholders’ equity, with adjustments to the subsidiary’s assets and liabilities at the sale date, which the SEC staff disagreed with.  

Division of Corporation Finance Practice Matters

• Segment reporting: Staff from the SEC’s Division of Corporate Finance discussed the interaction between ASC 280 and the SEC’s non-GAAP guidance, with reminders on the disclosure of additional non-GAAP segment profitability measures.
• Auditor responsibilities: Heather Rosenberger, Chief Accountant in SEC’s Division of Corporate Finance, explained that auditors are responsible for evaluating compliance with ASC 280 regarding additional non-GAAP segment profitability measures in financial statement notes. However, they do not assess compliance with the SEC’s non-GAAP guidance or determine if these measures are misleading. Non-GAAP disclosures in the segment note that are not audited should be labeled “unaudited.”  Auditors may choose to highlight unaudited items in their opinion.

Enforcement Matters

• SEC enforcement: Ryan Wolfe, Chief Accountant in the SEC’s Division of Enforcement, discussed the SEC’s approach to reducing or waiving penalties for registrants in non-fraud cases if they improve their internal controls and financial reporting. He also covered enforcement matters related to audit quality and independence, and an audit committee case.

Remarks by FASB Chair and Staff

• Stakeholder feedback: FASB Chair Richard Jones emphasized the importance of stakeholder feedback in the standard-setting process, with several due process documents outstanding for public comment. Mr. Jones and Jackson Day, FASB Technical Director, discussed the importance of cost and benefit considerations in the standard-setting process.

Artificial Intelligence

• Opportunities and risks: Speakers discussed the use of AI in accounting and financial reporting, with the PCAOB encouraging stakeholder engagement on the application of auditing standards in the context of AI.

For more information on the accounting and reporting matters that are relevant to your organization, download our detailed recap of key disclosure and reporting reminders for upcoming filings, SEC rulemaking, and other activities impacting financial reporting. To better understand and prepare for accounting changes on the horizon, contact CrossCountry Consulting.

Despite several years of unexpected disruption, the global supply chain is returning to a normative state, allaying many companies’ concerns regarding logistics and procurement. However, as M&A activity picks up, mitigating risk remains a primary challenge for companies considering acquisitions that may have a material impact on their supply chain. Broadly, these can be categorized into three areas of focus.

1. Procurement Contracts and Processes

First on the list of supply chain diligence priorities is a thorough assessment of the target’s contracts, master services agreements, and overall vendor processes. Gaining a clear understanding of the target’s contractual obligations, vendor onboarding/management process, and potential stranded costs is critical to evaluating the organizational risk – and cost – of the transaction.

Task	Actions
Review of Item/Vendor Masters	Depending on the size and maturity of the target, their contracting processes may not have a level of rigor commensurate with the buyer’s procedures. Careful review of the vendor master (procurement records, inventory data, etc.) and any standard contract term sheets is necessary to gain a full understanding of the target’s operational posture.
Evergreen Contract Review	Frequently, companies with less mature procurement functions may allow vendors more favorable contract terms in the form of “evergreen” contracts that extend indefinitely unless terminated by either party. It’s critical to identify, analyze and, if necessary, terminate these contracts to ensure there are no unforeseen pitfalls that may impair deal value.
Master Services Agreement Review	As with the contract review process, a thorough breakdown of Master Services Agreements is a necessity to gain a clear picture of the target company’s standard vendor terms. While these may vary somewhat (length of relationship, criticality of that supplier, volume), the objective is to uncover vulnerabilities in pricing or contract length.
Contract Novation	Understanding contract novation is a critical concern for any transaction, but vendor contracts are a particularly important area to consider. Notably, awareness of any change in ownership provisions is paramount, as it can negatively affect vendor/customer terms and dilute deal value.
Stranded Costs	On the buy-side, care must be taken to evaluate potential stranded costs. These might include extraneous facility leases, software licenses, or shared services support that will not be required after the target company/business unit is fully integrated into the buyer’s company. Additionally, in the case of buying a carve-out entity, care must be taken to evaluate costs previously provided by the parent company. Depending on the willingness of the seller, some of these costs may be carved out of the sale or charged back. More typically, stranded costs are mitigated by establishing robust and thorough Transition Services Agreement (TSA) schedules to lay out the scope and duration of ongoing support and appropriately allocate costs.

2. Supply Chain Systems and Financials

Once the relative risk and cost of the supplier processes are understood, the natural next step is an evaluation of the target’s business systems and data. Depending on the degree of entanglement, there may be substantial work required to convert or stand up the target’s business systems, which may include integrating with or migrating to the buyer’s systems, devising an adequate structure for management reporting, and agreeing upon shared services support.

Task	Actions
MRP/ERP Adjustments	Business systems once fit for purpose may no longer be adequate for future growth, particularly if the eventual combined entity will materially increase the size and scale of the company. Buyers must account for the cost of upgrading those systems or integrating the acquired company into their own, which may also include significant reconfiguration of the target’s procurement ERP/MRP modules.
Data Integration	If, in the above example, the buyer opts to retain legacy systems, building data integration and warehousing is a critical step to enable reporting for the combined entity and day-to-day operations. Additionally, there are considerations regarding controls and separation of duties assignments between the legacy systems and those of the buyer. Finally, changes to the target’s procurement philosophy – for example, rationalizing the supplier base to leverage economies of scale – must be taken into account prior to making wholesale changes to its data and systems architecture.

3. Supplier Strategy

Finally, a comprehensive supply chain diligence process includes an in-depth appraisal of the target company’s supplier strategy and structure. This includes evaluating their physical footprint and geographic spread, reviewing their overall sourcing philosophy, comparing the buyer and target value chains for overlap, and seeking out opportunities to leverage economies of scale.

Task	Actions
Value Chain Risk Assessment	Although this goes beyond the typical scope of financial diligence, conducting a risk assessment of the target’s supply chain posture can solidify deal value and uncover risks for mitigation. This includes heatmapping the target’s physical/vendor footprint, evaluating transportation mode risk, reviewing inventory velocity, and assessing both the target and vendor’s quality programs.
Sourcing Strategy	While not all companies have global supply chains, it’s important to understand the target’s sourcing philosophy. This includes evaluation of their low-cost (or strategic) sourcing programs, vendor volume management, and the potential cost and operational headache of re-shoring or otherwise adjusting the vendor base to reduce perceived risk.
Supplier Rationalization	In the event of material similarity between the target and buyer’s supply chains, the diligence process should seek to evaluate opportunities for rationalization, reducing duplicates, and taking advantage of favorable contract terms.

Maximizing M&A Value

Companies that expand their diligence efforts beyond finance and legal invest in the future success of the transaction. Highlighting material risks and operational obstacles in the early stages of the deal cycle provides sharper context for the valuation and allows more runway for mitigation of factors that may have otherwise impaired deal value.

CrossCountry Consulting’s integrated business transformation and transactions advisory solutions help companies identify, process, and resolve operational and supply chain risks for optimized long-term positioning and valuation. For industry-leading transactions support, contact CrossCountry Consulting.

Amid continuous technological, regulatory, and financial transformation, the internal audit function is evolving into more of a strategic advisor to management and boards, as opposed to a pure assurance function. 

This shift has come more naturally to organizations on the forefront of risk management, technology adoption, and talent upskilling but has been a steeper curve for more conventional leaders who’ve kept internal audit siloed. In conversations with regulators, auditors, and risk leaders in financial services at 2024’s RMA Annual Internal Audit Conference, CrossCountry Consulting’s Integrated Risk Management experts discussed and delivered some of these central themes driving the internal audit function of the future. 

Explore takeaways for 2025: 

Harnessing AI’s Impact and Influence 

For companies able to capture the value potential of AI, it can be deployed strategically within internal audit as an accelerator while still preventing the introduction of undue risk. For example, internal auditors can leverage AI for analyzing large inventories of documents and preparing summaries.  

But the path to adoption hasn’t been smooth to date. Although an estimated 55% of businesses are implementing AI, just 2-4% of internal audit teams have made any AI progress at all. 

Additionally, AI requires large amounts of computing power, data, and access, which companies may not have established to date. This cloud infrastructure, however, is the foundation for experimenting with AI-powered data analytics at a scale needed to deliver tangible cost and labor savings within internal audit. On the personnel side, without the right talent and training, AI adoption won’t occur organically or add any strategic value. Auditors must grapple with immediate audit demands while remaining ahead of the AI curve. 

Cybersecurity’s Critical Points of Exposure 

Particularly with the additional risk exposure of GenAI, a tenuous geopolitical landscape, and recent election cycles potentially changing policy, cyber threats continue to be a key theme. During opening remarks, the IIA Global BoD Chairwoman noted that the 2025 Risk in Focus study performed by the IIA indicates cybersecurity continues to be the No. 1 risk worldwide, with digital disruption (including AI) and climate change/environmental risk both climbing year over year. These study results indicate that for audit teams to build proficiency and perform more strategic audits, they may require a different way of approaching audits. Moving forward, this might also require different talent and skill sets. 

Similarly, during the Operational Resilience discussion jointly presented by Deloitte and CrossCountry’s Cameron Over, Risk Advisory Partner and National Cyber Leader, conversations focused on: 

• The increasing regulatory landscape. 
• The proliferation of cyber threats to organizations, largely through vendors or third parties. 
• The need for organizations to consider key resilience and reliance gaps for their trusted vendors in the wake of the CrowdStrike software update failure. 
• The consideration of deeper testing rigor, including scenario-based testing using insights from threat intelligence. 

Emerging Regulatory Trends and Risks 

Regulators in attendance at RMA provided critical insights into the trends they’re seeing and how businesses can adjust their perspectives accordingly. For instance, internal audit faces a more complex role with global footprints expanding, and they must decide which type of auditing program is most efficient: continuous monitoring or scheduled audits. 

Because regulators are talking to first, second, and third lines of defense, it’s imperative that non-auditor experts are also involved in high-level risk management discussions. This reality emphasizes the need for greater collaboration across lines of defense and between corporate functions to ensure a systematic approach to risk and audit. 

Other key themes included: 

• Evolve risk assessments from qualitative to quantitative. 
• Understand third- and fourth-party risks to ensure adequate monitoring and audit coverage. 
• Auditors must be curious about new and emerging risks and leverage technology to identify these risks. A few ways to uncover emerging risks are to coordinate with all lines of business, establish a common nomenclature, and read risk publications, speeches, and public orders. 
• Internal audit must be involved in M&A due diligence and the implementation of automation and GenAI systems. 
• Practice the story and the delivery of audit findings with executives and key stakeholders to ensure the right message, recommendations, and angles are being communicated. When sharing results, have an open dialogue with core groups to make audit findings more impactful. 

Aligning 3 Lines of Defense 

Sometimes referred to as “connected risk” or “threelignment,” the more integrated and collaborative the three lines of defense are, the more positive the outcomes. Some of the best ways organizations can establish and enhance these points of connectivity are by: 

• Having all teams provide feedback early and often in support of the enterprise at large. Risks, threats, and opportunities should be openly communicated and workshopped so that risk, compliance, and audit functions aren’t just designed to protect value but to create value as well. 
• Prioritizing units under regulatory scrutiny so that attention is focused where it can have the most impact. 
• Using IT as an enabler and accelerator to aligning three lines of defense across teams, systems, and processes. This includes the adoption of comprehensive GRC platforms and data aggregation tools. 

As these groups collaborate more effectively, they provide a more consistent, repeatable audit experience that will become the norm in 2025 and beyond. 

To ensure your organization’s internal audit function is driving value creation in 2025, contact CrossCountry Consulting. 

As current market conditions present volatility and uncertainty, companies are increasingly viewing now as the time to prepare for entry into the public markets in 2025 and beyond. While an IPO may be more than a year away, various workstreams and activities can be started in the short term to help successfully execute a public offering and establish good corporate hygiene.

What are these activities? When should companies begin? How can they get started?

Below we discuss a selection of the more time-intensive activities, which can enable companies to evaluate where they currently are on the IPO readiness timeline and begin their journey to operating as a public company.

IPO Timeline and Activities

1. IPO Planning

• IPO readiness assessment: A comprehensive readiness assessment provides a tailored roadmap that bridges a company’s current state of operations to an operating model that will enable the company to perform effectively as a public company. The assessment also can facilitate internal discussion with the Board of Directors, Audit Committee, and executive team with the goal of aligning the company’s priorities ahead of a public company listing.

• Engage third-party advisors: A company pursuing an IPO will need to engage a variety of new advisors and third parties to successfully execute the transaction. These can include accounting advisors, SEC counsel, investor relations firms, underwriters, HR and compensation consultants, and valuation and tax specialists. Determining suitable advisors for your company prior to kicking off the IPO process can enable a more efficient transaction and provide time for the company to do an appropriate level of due diligence.

2. Preparing to Operate as a Public Registrant

• Mature finance and accounting functionality: Front and center in the IPO journey is the capability and functionality of the accounting and finance departments. The right teams and technologies provide a strong foundation for launching as a public company. The ability to adhere to GAAP/IFRS standards and ensure accurate and transparent financial reporting is only the tip of the iceberg. Companies should have an understanding of capital markets and experience structuring capital through equity and debt financing. Additionally, ensure finance and accounting teams can effectively communicate financial performance and deliver during quarterly earnings calls and investor presentations. Critical considerations include teams’ ability to:
  • Close the books on time.
  • Leverage controlled processes, systems, and automation.
  • Optimize tax strategies.
  • Establish robust treasury and cash management procedures. 

• Modernize and future-proof IT: IT is the IPO backbone. Focusing on strategic upgrades to your infrastructure ensures that it’s scalable, secure, and ready for the spotlight of public company life. Prioritizing projects crucial for IPO compliance and future growth is key, such as the implementation of a scalable ERP system that grows with your company and supports your global ambitions. Other critical systems to prioritize are platforms that accelerate FP&A capabilities, revenue recognition, CRM, and efficient financial management. Lastly, fortify defenses against heightened threats and public scrutiny with a cybersecurity platform that can help prevent negative impacts on shareholder value. By shedding legacy tech and embracing data, analytics, and automation, companies can more realistically meet regulatory rigor and enhance value.

• Evaluate SOX preparedness: While smaller reporting companies and emerging-growth organizations have some accommodations with regard to SOX compliance, it’s still essential that internal control standards be made more robust, particularly as they relate to compliance requirements for Internal Controls Over Financial Reporting (ICFR). As a first step, conducting a SOX risk assessment and scoping exercise can ensure key processes and systems are identified and documented. This strategic planning exercise focuses the company on the most significant and critical processes supporting financial reporting. Once key processes are identified, assess the state of internal controls and remediate control gaps where necessary. Starting with common high-risk processes, such as Revenue, Financial Reporting, and IT General Controls, is a good place to start. Delaying improvements to a company’s internal control environment can increase the risk of a material control weakness.

• Elevate human capital capabilities: Often overlooked is the pivotal role HR plays in an IPO and the criticality of aligning human capital strategies with the company’s overall goals for sustained success post-IPO. Increased compliance requirements, such as compensation disclosures and pay transparency, and the demand for diversity metrics necessitate a proactive approach during the IPO planning phase. Companies may need to design and develop the administrative muscle around executive, equity, and broad-based employee compensation plans, ensuring a harmonized approach that meets diverse compliance requirements while maintaining global consistency. Having a holistic view of the human capital lifecycle will ensure the company is set up for the increased scrutiny of shareholders and analysts in the public market. 

3. Successfully Launch as a Public Company

• Prepare Regulation S-X financial statements: Upgraded financial statements that meet the Regulation S-X disclosure requirements will be needed for any prospective S-1 filing. CFOs and Controllers may want to consider whether upgraded statements should be prepared in conjunction with their current-year audit to facilitate inclusion in a future S-1 filing. This approach limits the “uplift” and additional audit work that may be required on the financial statements when the S-1 registration statement is being prepared.

• Hire critical talent: A private company will typically need to build out teams and functions to meet its strategic growth plan along with the demands and governance requirements of a public company. Additionally, identifying and recruiting the right BOD will be a critical component to how the company is viewed by the public. By assessing current staff and competency levels versus a public company environment, leaders can provide sufficient runway to complete their hiring plan and onboard employees ahead of the IPO.

• Complete audit and SAS 100 reviews: Private companies under an AICPA audit opinion should liaise with their external auditors to determine when a PCAOB audit is appropriate for their current circumstances and future IPO plans. Additionally, companies should discuss with their external auditor the timing of interim SAS 100 procedures over their quarterly financial information. The periods to be included in a prospective S-1 filing will inform the company on which quarters may be subject to SAS 100 procedures.

• Establish strong internal communications channels: IPOs can be a period of immense change in which a proactive communications strategy is key to engaging internal and external talent. Reassuring cultural tenets and explaining how the IPO will impact jobs, benefits, and the opportunities implicit in stock ownership will be top of mind.  Having a communications staff, plan, and training program will enable the company to best engage with its people.

On the IPO journey, at no point should you be standing on the sidelines waiting for markets to play out. Due to the variety of organizational and regulatory activities required over the course of more than a year, starting the journey now can ensure optimal IPO readiness when the day does finally come.

For expert IPO readiness support, contact CrossCountry Consulting today.

With visible signs of momentum in the IPO markets, companies are increasingly viewing 2025 as the time to prepare for entry into the public markets. 

Factoring in the healthy backlog of filers (see representative firms below), the IPO window appears on the horizon, prompting companies to seriously consider their next steps on their prospective IPO journeys. 

• Stripe, a payments processing company valued at over $50 billion.
• Databricks, a cloud-based data infrastructure company valued at roughly $40 billion. 
• Hinge Health, a virtual physical therapy company valued at more than $6 billion.
• Andruil, a defense technology company valued at roughly $14 billion.
• MNTN, a connected TV advertising platform that has raised $208 million in funding since inception.
• Discord, a chat platform for gamers valued at over $15 billion. 

To capitalize on market opportunities ahead, preparation must begin now. 

Public-Company Readiness Assessment: The Essential IPO Roadmap 

To plot out the timeline, cost, stakeholders, and milestones on the IPO journey, it’s imperative to understand the organization’s pre-IPO posture. This is accomplished through a comprehensive public-company readiness assessment: a tailored roadmap that bridges a company’s current state of operations to an operating model that will enable the company to perform effectively as a public company. 

The assessment can also facilitate critical internal discussions with the board of directors, audit committee, and executive team, with the goal of aligning the company’s priorities ahead of the public-company listing. 

Because an IPO is a complete transformation of the people, processes, and culture of the organization, the functions of the business must individually and collectively become fit for IPO. Here’s what IPO readiness looks like for various functions: 

Function	Capabilities
Accounting close	– Able to close and report the monthly results in a timely basis. – Heavily automated month-end close process. – Close-time reduction system being leveraged to provide visibility into the financial statement close process.
Finance	– Finance serves as a strategic partner to the organization. – Robust, centralized budgeting and planning process. – FP&A software tool to automate the planning and budgeting process.
Accounting policies	– Documented accounting policies for all “SEC hot topics.” – Adoption of all new accounting pronouncements in accordance with public company reporting deadlines. – Technical accounting matters recorded on a monthly basis.
Technology stack	– Fully integrated ERP system capable of scaling with the growth of the business. – Robust ITGCs to ensure the validity and accuracy of the outputs of the systems.
Cybersecurity	– Established cybersecurity and privacy program that addresses the risk profile of the business. – Regular monitoring and reporting of cybersecurity threats.
Internal controls	– Strong internal control environment over the financial reporting process. – Documented internal controls demonstrating the operating effectiveness of the internal controls.
Investor relations	– Established investor relations function prior to commencing the roadshow capable of interacting with a diverse set of investors. – Mock “earnings calls” held each quarter.
External audits	– Utilize a Big 4 or national accounting firm capable of producing a PCAOB-compliant financial statement audit. – Audit performed within SEC reporting deadlines.

Create or Enhance Major Functions and Activities Before IPO 

A public-company readiness assessment affords pre-IPO organizations numerous benefits, including: 

• Identifying potential exposures and mitigating risks before going public. 
• Developing a plan to address any identified exposures. 
• Ensuring compliance with all applicable laws and regulations. 
• Evaluating quality and required effort of financial statements. 
• Improving internal controls over financial reporting. 
• Communicating effectively with investors. 
• Increasing chances of a successful IPO. 
• Attracting a wider range of investors. 
• Obtaining a higher valuation for shares. 
• Improving corporate governance practices. 

To achieve these outcomes, companies must either establish new functions entirely or enhance key activities they already perform. Without an objective view of what needs to change internally to operate effectively as a public company, the IPO journey may start and stop, fail altogether, or lead to subpar results. 

Those critical areas of the business include: 

• Accounting and financial reporting. 
• Finance effectiveness. 
• Internal controls. 
• Technology. 
• Financial Planning & Analysis (FP&A). 
• Governance and leadership. 
• Investor relations. 
• Environmental, social, and governance (ESG). 
• Legal and compliance. 
• Executive compensation and HR. 
• Treasury. 
• Internal audit. 
• Project management. 

Maximum IPO Value, Minimal Risk  

Optimizing for public-company readiness can accelerate growth potential while simultaneously limiting risk exposure before, during, and after the IPO process. Working with an established partner is the most effective way to navigate IPOs, as they can ensure the right activities are sequenced correctly and that a systematic, comprehensive framework is applied strategically to each organization’s specific goals and requirements. 

Additionally, an official IPO team of third parties will need to be involved, from underwriters and financial printers to accounting advisors and tax consultants – bringing these groups together in a timely and collaborative way can make or break prospective IPO planning and success. 

For expert IPO readiness support and to make tangible progress on your IPO journey, contact CrossCountry Consulting. 

Managing both traditional and emerging risks has become increasingly complex for business leaders. The challenge is further exacerbated by the fragmented nature of risk management, with responsibilities, data, and processes spread across different departments and systems. This makes it difficult for any single team to fully grasp and address the organization’s overall risk exposure and report a cohesive risk narrative to senior management, audit committees, and/or boards. 

To address these gaps, CrossCountry Consulting’s Integrated Risk Management experts hosted audit and risk leaders for an engaging session and discussion on how to identify and respond to companies’ changing risk profiles. Explore some of the critical insights from leading voices in the industry: 

Elevated AI Threats Demand Integrated Cyber and Risk Programs 

Misalignment Between 2nd and 3rd Lines of Defense Remains a Cause for Concern 

Risk and compliance functions (2LOD) and internal audit functions (3LOD) still aren’t operating from the same consistent playbook. In some cases, they never speak at all. 

Internal audit plans may not be taking into account inputs from 2LOD on emerging risks or results from risk assessments. Similarly, if internal audit doesn’t provide continuous feedback, 2LOD has a much harder time refining and improving controls. This dynamic can cause duplicate work and poor utilization of resources. 

Organizations should promote stronger alignment between these functions to prevent silos and establish a holistic approach to risk management. Closer collaboration can enable 3LOD to identify weaknesses and inefficiencies in risk controls 2LOD may have missed, in addition to clearly defining who and how risk assessments, evaluations, and controls testing should be run.  

When these two groups work together, they provide a more consistent reporting experience to senior management and the board, which improves corporate decision-making due to a clearer picture of the risk landscape and the effectiveness of risk management processes.  

Aligning KRIs and KPIs Is Critical to Risk Prioritization 

Key risk indicators (KRIs) provide early warning signals to potential threats, which can empower teams to proactively communicate risks and take mitigation measures. Ensuring these KRIs map back to the organization’s key performance indicators (KPIs) rationalizes the risk management framework and provides a tactical way for all teams to prioritize mitigation efforts that will have the greatest potential impact on the business at large, not just on a single department. 

This point of integration also allows leaders to balance risk and reward, reduce redundancies, optimize resources, and build a risk-aware culture. 

For expert support implementing pragmatic integrated risk management programs, contact CrossCountry Consulting. 

You’ve selected a finance and accounting system that will generate transformative enterprise value. Implementation is underway but it’s quickly evident that progress is too slow, the project is more complex than anticipated, and reaching the finish line seems like a mirage. 

So how do you course-correct? 

State of Play: Assessing What Is and Isn’t Working 

Many companies approach systems implementations with an outdated mindset. They lift and shift, automate bad processes instead of fixing them, and otherwise attempt to save time and budget. But what’s convenient in the moment ultimately causes long-term frustration, delays in go-live, cost overruns, and reduced transformation ROI.  

To accelerate time-to-value and avoid common pitfalls during implementation, consider: 

• Re-prioritizing transformations: If there are concurrent initiatives across the business, it’s time to re-evaluate if too much is happening at once and re-prioritize what’s most critical. For example, standing up a financial reporting capability is a compliance must-have, which should take precedence over nice-to-have functionality. 

• Taking a holistic view of the entire project lifecycle: Even standard implementations of ERPs can take 12-18 months. Throughout this timeline, there are opportunities to accelerate progress, including pre- and post-implementation. So even if you’re behind right now, it’s important to step back and look at the project holistically and re-dedicate resources accordingly. Don’t get hung up on tunnel vision and believe that pushing forward is the only path. 

• Investing in change management: Technology implementations are also people projects. Stakeholders and users must be equipped with the training, communications, and resources they need to drive successful adoption. An implementation advisor can build the change management infrastructure needed to deliver ultimate success and positive user experiences, ensuring faster go-lives and time-to-ROI. This dedicated change management resource frees up an internal stakeholder from having to take on this role in addition to their daily responsibilities. 

• Embedding the voice of the customer: System implementers may be hyper-focused on checking boxes and reaching implementation milestones at the expense of understanding what you’re truly hoping to achieve as it pertains to your business’s unique needs. If there’s uncertainty about whether the technology will deliver on the desired transformation or whether it’s actually serving the needs of your users and customers, it’s imperative your voice is heard early and often in the process. This will ensure the human experience is always accounted for. Sometimes asking the question, “What do we want from this journey?” can help ground the conversation and better align the implementation moving forward. 

• Leveraging Finance/Accounting BAU support: When employees get pulled in as implementation support, they must either divert attention from their day-to-day responsibilities or double up their capacity, neither of which are ideal options. Business-as-usual (BAU) support from an experienced implementation advisor enables experienced staff with critical knowledge to dedicate time to the project to get it done faster and fully understand the new technology, while their routine finance and accounting tasks are handed over to industry experts in the interim. It’s a win-win situation. 

Getting the implementation on track is easier with the hands-on expertise of an implementation advisor who works directly and collaboratively with your team and the system implementer. As part of this relationship, additional components to a finance or accounting system transformation are factored in that may otherwise not be appropriately addressed. This includes: 

• Chart of Accounts redesign for streamlined, more accurate reporting and visibility.
• Core finance process improvement, from Record-to-Report, Order-to-Cash, Procure-to-Pay, and more. 
• Controls design or testing to ensure people, processes, technology, and data are governed strategically to minimize risk. 
• Flexible, scalable data architecture established and governed by a data CoE. 
• Cyber and compliance at the forefront of the conversation. 
• Business continuity considerations as systems and processes shift over. 

Delivering on Expected ROI 

During the implementation, stakeholders need the ability to re-forecast timelines, budgets, and resource utilization on the fly to keep management apprised. The need may also arise to adjust to an implementation approach that’s better calibrated to events on the ground, such as an incremental module-by-module implementation, even if it wasn’t originally planned. Ultimately, it’s an evolving lifecycle that requires adaptability, and it won’t always be a linear process. 

CrossCountry Consulting’s expert transformation management and implementation support methodology enables Finance, IT, and third-party vendors to see through the fog of transformation and generate the best result – on time and on budget.   

Contact CrossCountry Consulting for end-to-end implementation expertise in your next transformation journey. 

Transformational CFOs and CIOs are finding that shared enterprise platforms can eliminate data and operational silos while significantly streamlining cross-functional workflows. The result is greater transformation velocity, enhanced change management, and positive returns.  

OneStream is designed to accomplish exactly that: combining functionalities traditionally offered by separate solutions like Corporate Performance Management (CPM), Enterprise Resource Planning (ERP), and Business Intelligence (BI) tools.  

See how today’s leaders are leveraging OneStream as an accelerant to transformation. 

Modernizing and Transforming the Office of the CFO 

OneStream serves as the digital cloud platform for the Office of the CFO (OCFO), centralizing key financial and operational activities and paying down technical debt in the process. 

It delivers a number of critical benefits for the time-strapped, resource-constrained OCFO, such as: 

• Improved operational efficiency: Streamlined workflows within a single application mean more time spent on higher-value strategic activities and less time on importing, migrating, or integrating data flows across siloed systems. All data and metadata live together. 
• Enhanced reporting accuracy: Consistent data and reduced reconciliation efforts lead to more reliable reports, so senior finance and functional leaders can make decisions and predictions more confidently instead of wading through complex files in search of insights. 
• Increased agility and change readiness: OneStream empowers finance teams to adapt to changing business needs quickly since cross-functional information is more accessible and insightful. As internal and external events evolve, the entire enterprise can respond and move in unison. 
• Simplified user experience and adoption: The platform is user-friendly and caters to different roles within the finance department. That means the interface, visualizations, and navigation are appropriately calibrated to financial analysts, controllers, and executives with role-based access control, drag-and-drop functionality, and helpful in-app tutorials and resources. 
• Infinitely extensible: As functionalities and data needs grow, OneStream can adapt and accommodate them. This includes the ability to reuse core components, develop custom solutions, and integrate add-ons from a robust marketplace, effectively future-proofing the investment. It also allows for companies to address evolving risk and compliance needs, such as ESG and SEC rulings. 
• AI-powered: OneStream’s Sensible AI portfolio leverages AI for machine-learning forecasting, generative AI for report generation, and automation for data validation, among other use cases. These features promote driver-based planning, enhanced scenario analysis, and prescriptive analytics, the very abilities modern CFOs need. 

Accelerating Transformation Time-to-Value  

There are four key areas in which OneStream enables finance and technology leaders to measurably move the needle on transformation, each of which is critical to day-to-day processes and long-term strategy: 

1. Financial reporting: Users can build dashboards and reports with drill-down capabilities to access underlying data, automate complex calculations, generate customizable templates, and support global accounting standards and currencies. 
2. Operational reporting: OneStream connects to operational data sources and brings in granular details alongside financial information for a robust analytic blend. This allows for deeper analysis of factors impacting financial performance and management decision-making. 
3. Planning and budgeting: User-friendly tools allow teams to build and manage budgets and forecasts that include integrated data and calculations, collaborative workflow management, what-if analysis, and more. 
4. Financial close and consolidation: OneStream streamlines account reconciliation and consolidation processes by reducing human effort and errors, automating journal entries and data validation, and managing close milestones. 

Leaders aiming to launch their enterprise transformation journey should consider that OneStream can often take months to implement. However, certain functionalities can be expedited and phased-in first while other modules are expanded and deployed later. 

CrossCountry Consulting offers rapid deployment accelerators that deliver OneStream value exponentially faster than traditional timelines. For example, our OneStream implementation experts deploy a ready-to-use OneStream environment that shortens application design and implementation time by up to three months, which can reduce costs by as much as 50%. 

To explore OneStream solutions for maximum impact and ROI, contact CrossCountry Consulting. 

In the current economic environment, risk leaders are being asked to find additional savings, create efficiencies, or stay “budget neutral,” limiting their ability to make significant investments in the very technologies that could enable long-term incremental savings. The wish lists of “must haves” and “nice to haves” are likely being pruned to include only “must haves” at this point.

For risk leaders, this challenging budgeting and planning dynamic is compounded by:

• Increased auditor and regulatory scrutiny.
• New regulatory requirements and SEC rules.
• Evolving risk and market conditions.
• Increased non-financial risk, including third-party risk.
• High employee turnover.
• Poor organizational data management practices.

Amid these obstacles emerges, the time for integrated risk management has come.

What Is Integrated Risk Management?

Integrated risk management (IRM) is a comprehensive approach to managing all risks within an organization. This approach ties together the high-level risk pillars of the organization – enterprise-wide risk, technology risk, financial and compliance risk, and operational and strategic risk – enabling the creation of a common set of practices and processes that drive standard business operations and procedures cross-functionally.

How to Implement Integrated Risk Management

IRM allows leaders to prioritize where time and resources should be invested. This prioritization will be unique to the demands, strategies, and goals of each organization.

While there are numerous ways organizations can commit to and execute IRM, the below mechanisms are generally productive, agnostic starting points:

• Creating a risk-aware culture: The crucial first step to effective IRM is to ensure the tone at the top of the company is set and a risk-aware culture is being implemented across the organization. This involves training employees to understand and manage risks within their roles and promoting a mindset that prioritizes risk identification and mitigation. Employees should understand not only why they are performing controls but how to identify whether controls are operating as intended.

• Enhancing cross-functional collaboration: IRM requires collaboration across different departments within an organization like finance, IT, compliance, legal, and operations to help identify, assess, and mitigate risks. Many organizations are adopting IRM technologies or tools that consolidate various risk-related processes into a single platform. This allows for a holistic view and better management of risks. It also avoids duplication of efforts and creates better accountability.

• Leveraging data analytics, automation, and AI: Risk management is an ongoing process. With data and predictive analytics tools, organizations can analyze large volumes of data to identify potential risks and trends and surface risks before they escalate. Automation and artificial intelligence (AI) platforms can simultaneously streamline and expedite highly manual processes and controls, improving the reliability and accuracy of data and decision-making.

• Performing dynamic risk assessments and scenario planning: Unlike traditional risk assessments, which are typically conducted annually, dynamic risk assessments acknowledge that risks change and new hazards arise. They emphasize the importance of adaptability and flexibility in addressing risks effectively. Conducting dynamic risk assessments and scenario planning exercises on an ongoing basis empowers organizations to formulate appropriate responses to variable risk scenarios. This proactive approach to risk management helps to mitigate the impact of potential risks that would otherwise likely be more severe or entirely unexpected.

• Keeping pace with evolving regulatory compliance: Staying abreast of changing regulations and ensuring compliance is a key aspect of IRM. With changes such as SEC Cybersecurity Disclosure Requirements or SEC Climate Risk Disclosure Organizations, organizations must stay ahead of what’s coming so they’re prepared to comply when regulations are released. Companies should invest in tools and processes to monitor regulatory changes and ensure adherence across the organization.

• Increasing Board and leadership involvement and education: Boards and senior leadership play a critical role in IRM. They set the tone for risk management strategies, oversee the implementation of IRM frameworks, and ensure that risk management is integrated into the organization’s overall strategy. It’s critical to ensure that all members of the Board and senior leadership are educated in critical areas of risk, such as cybersecurity. It’s also critical that the Board and senior leadership are provided with accurate data to ensure they’re making informed decisions.

• Focusing on resilience planning: One huge lesson that many organizations learned during COVID and with the recent CrowdStrike incident was the importance of focusing on business continuity and resilience. Building organizational resilience to bounce back from unforeseen events involves not only identifying risks but also preparing strategies to recover swiftly from potential disruptions.

By incorporating these strategies, organizations can create a more robust and proactive approach to managing risks across all facets of operations. To implement IRM strategically, contact CrossCountry Consulting.

Heading into the final stretch of 2024, accounting teams at public companies are preparing for a significant expansion of segment disclosures, as published by the FASB in 2023 through ASU 2023-07, Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures.

Teams within accounting functions at public companies will need to keep this updated guidance top of mind as they approach financial year end beyond December 15, 2024. Though not as significant of a lift or impact as previously challenging rollouts of Revenue Recognition (ASC 606) or Lease Accounting (ASC 842), the new segment reporting requirements add another critical item to the year-end agenda for teams that may be already understaffed.

A Closer Look at ASU 2023-07

At its core, ASU 2023-07 seeks to provide more detailed information than public companies currently disclose about their reportable segments. The guidance addresses stakeholders’ requests for a further level of detail about significant segment expenses. The additional disclosures under the ASU are required to be reported in both interim and annual periods, and while the updated guidance doesn’t change how an entity determines or identifies its segments or how it aggregates its operating segments into reportable segments, it does bring an additional level of disclosure to public-company filings.

Below are key changes coming to segment reporting for SEC registrants:

• The ASU introduces the concept of a “significant expense principle” whereby public entities will be required to disclose the significant expense categories included in the reported measure of segment profit or loss that are regularly provided to, or easily computed from information provided to, the Chief Operating Decision Maker (CODM) for each reportable segment. Interpreting and applying what is both significant and regularly provided can be a highly judgmental exercise for financial reporting teams, and it would be helpful for the accounting teams to get a head start on the determination. Further adding complexity is that an expense category can be determined to be significant for one reportable segment and not others. Financial system capabilities, including the availability of data used to support the enhanced disclosure, will also need to be considered.
• The amendments permit entities to disclose more than one measure of segment profit and loss, provided each measure is regularly reviewed and used by the CODM to allocate resources and assess performance of the segment.  Where a CODM uses multiple measures, the ASU requires that one of the reported measures includes the segment profit or loss measure that is most consistent with GAAP measurement principles. Further, if more than one measure is disclosed, all disclosure requirements (including significant segment expenses) must be disclosed, along with reconciliations of each measure of segment profit and loss to income before income taxes and discontinued operations.
• Public entities with a single reportable segment will be required to provide all currently required segment disclosures in ASC 280 as well the incremental required disclosures under the new guidance. This aligns the segment information that public entities with a single reporting segment disclose with that of public entities comprising more than one reportable segment.  Prior to the release of the ASU, while entity-level disclosures were required, there wasn’t clarity as to whether segment-level disclosures were required.  This update eliminates the lack of clarity that many have existed under ASC 280 for entities with a single reportable segment and required segment disclosures.
• The current interim disclosure requirements have been updated to require that almost all of the annual numerical segment disclosures also be made on an interim basis. This includes all previously required disclosures along with the new disclosure requirements that ASU 2023-07 introduces. An example of a disclosure item required in annual but not required in interim reporting is the reconciliation of the total of reportable segments’ revenues and assets, reducing the interim reporting burden to a degree.

One note of importance is that ASU 2023-07 will require retrospective application unless it’s impractical to do so, meaning companies will need to recast prior period information to reflect the updated segment reporting guidance. As companies address this, they will likely notice some nuances that need further investigation.

In addition, public entities need to evaluate the design and operation of their controls to determine whether they support their segment-level disclosures in compliance with the new requirements. Teams must also determine whether sufficient evidence is available to support the expanded segment information now required to be disclosed.

Given segment reporting is a frequent area of comment by the SEC, we expect the SEC to continue to focus on compliance with the new disclosures.

As always, it will be important for public companies to work with their external auditors throughout this process and to engage with external consultants as they encounter nuances such as the above. 

Common questions and answers to consider pertaining to the new guidance include:

ASU 2023-07 Frequently Asked Questions

Q) My company has three reportable segments. Revenue and gross margin are provided quarterly to our CODM for each segment. Under this ASU, are any changes required in segment disclosures?

A) A company must assess whether expenses included in the reported measure of segment profit or loss are significant and regularly provided to the CODM when preparing disclosures. Additionally, expenses that are easily computable from the information provided to the CODM are treated as provided to the CODM. In this example, the company will need to consider that if cost of sales is significant – because cost of sales can be easily computed from revenue and gross margin amounts provided to the CODM – it would need to be disclosed as a significant segment expense. 

Q) My company has a single-reportable segment and we currently disclose entity-level results in line with ASC 280. Do I need to review and update my disclosures?

A) ASU 2023-07 requires that entities including those with a single reportable segment provide all disclosures under the existing Segment Reporting guidance in ASC 280 and the incremental disclosures required by the ASU. While Segment Reporting guidance under ASC 280 required entity-wide disclosures for single reportable segment entities, ASU 2023-07 clarifies the requirement to include segment disclosures and related reconciliations for such entities. The company should consider what’s being provided to the CODM and whether expanded disclosures of performance are required. This may involve a review of what are determined to be significant expenses and how they’re reported/analyzed internally, along with a review of profit and loss measures for the single segment. The outcome of this analysis may need additional disclosures in interim and annual external reporting.

Q) Do I need to report information previously disclosed annually in interim periods upon adoption of ASU 2023-07? 

A) Yes, ASU 2023-07 significantly expands disclosure requirements for interim financial statements. Prior to the ASU, while certain segment information was required to be disclosed in interim periods, the ASU expands the requirements such that most of the segment disclosures in annual periods are also required to be included in interim periods. Accordingly, most of the segment information currently required annually by Topic 280 as well as incremental disclosure requirements introduced by this update will need to be disclosed on both an interim and annual basis. Certain disclosures continue to be required in annual periods only, such as reconciliation of segment revenue and assets to their corresponding totals.

Q) What happens if there is a change in the composition of reportable segments or if expenses become “significant” from one period to the next?

A) Both of these instances will require recasting of segment information in comparative periods, including interim periods, unless it’s impracticable to do so. As reportable segments increase or decrease (i.e., a change in composition of the entity’s reportable segments), comparative financial disclosures are required. The requirement to conform comparative prior periods is “recast” rather than “restate” to avoid implication of a prior period error correction. Similarly, as expenses become “significant,” the comparative period segment information, including interim periods, must be recast to reflect the expense as significant in the comparative periods.

For expert support understanding and complying with ASU 2023-07, contact CrossCountry Consulting.

Navigating the uncertainty of the SEC’s latest changes to cybersecurity and ESG rules has been a challenge to risk management leaders. At all stages of risk maturity, companies must contend with ongoing litigation around the rules and continuously shuffle priorities among everything else on their plate, including year-end audit requirements, the introduction and application of AI, and various internal transformation initiatives.  

During a panel at AuditBoard’s 2024 Audit & Beyond Conference entitled “Checklist for Success: Best Practices for Compliance with New SEC Rules for ESG and Cybersecurity,” CrossCountry Consulting’s Steve Coppolino led a discussion with two seasoned experts, Kristina Wyatt and Manju Mudé, who provided valuable insights into the new SEC rules governing ESG and cybersecurity disclosures. These regulations, aimed at promoting transparency and protecting investors, highlight the evolving compliance landscape and underscore the importance of strategic governance for organizations across all sectors.

Below are some of the key takeaways, challenges, and best practices discussed during the session. 

ESG Disclosure Rules 

• Challenges: Kristina Wyatt, Deputy General Counsel & Chief Sustainability Officer at Persefoni AI and a former Senior Counsel at the SEC, highlighted the importance of transparency in the ESG domain. Although some aspects of the rule, such as Scope 3 emissions reporting, are still under debate and likely to be scaled back, companies are encouraged to prepare for an increase in required disclosures. There is a need for consistency in reporting regardless of the SEC rule finalization as found across other released guidance (inclusive of Corporate Sustainability Reporting Directive (CSRD) and California SB 253 and 261). Climate-related risks are truly shaping how companies think about sustainability, 

• Best practices: To prepare for ESG disclosure requirements, companies should integrate climate risk into their overall governance and reporting frameworks, conduct thorough assessments, and develop strategies to address potential risks. 

Cybersecurity Disclosure Rules 

• Challenges: Manju Mudé, Chief Information Security Officer, formerly Splunk and Oportun, emphasized that the new cybersecurity rules require timely incident reporting, creating a need for companies to balance transparency with confidentiality. Organizations are grappling with several challenges in meeting the new cybersecurity disclosure requirements, including identifying material incidents, striking a balance between transparency and business risk, and operationalizing incident reporting. Mudé explained that organizations face challenges in disclosing security incidents without compromising sensitive information that could further expose them to risks. 

• Best practices: To comply with cybersecurity disclosure requirements, organizations should implement robust governance and risk management frameworks, conduct regular assessments, and have clear incident response plans in place. 

Integrating ESG and Cybersecurity Compliance 

• Alignment: A key theme that emerged was the intersection of ESG and cybersecurity within corporate governance. Both disclosures emphasize the need for robust risk management, reinforcing the importance of elevating these areas to the board level. By integrating ESG and cybersecurity reporting into their broader integrated risk management approach, organizations can streamline compliance efforts, enhance overall governance, and demonstrate a commitment to sustainability and resilience. Depending on the size and industry of the business, teams responsible for compliance may already be stretched thin, so approaching ESG and cyber domains as an integrated effort can avoid silos and redundancies. 

• Navigating uncertainty: Given the ongoing litigation and potential changes to the rules, organizations should adopt a flexible approach, monitor developments closely, and be prepared to adjust their compliance strategies as needed. Reporting teams should develop templates and repeatable playbooks that are responsive to further SEC changes, empowering them to think about compliance proactively and efficiently without introducing additional complexity once their companies must effectively comply. 

For expert support complying with evolving SEC rules, contact CrossCountry Consulting.