Skip to main content

Future of Controls

A bold and positive vision

In this global perspective on the Future of Controls, we examine the evolving risk landscape and key trends that are influencing internal controls. We offer a clear Future of Controls vision aligned to a wider business strategy, share relevant case studies, and dive into the three levers that help you assess your current state and shape your journey to achieve your vision.

The global risk landscape is in a constant state of flux, making it a moving target for controls efforts. Consequently, addressing risk is never a “one-and-done” job. In fact, it requires constant vigilance and a bold and positive Future of Controls vision to keep organisations safe as they strive to drive value.

Informed by industry trends, Deloitte has developed a strategic vision and road map for Future of Controls that provides an opportunity to rethink what controls can and should be, both for today and tomorrow. Understanding and applying this vision cannot only be instructive to the process but can also help organisations create a structured approach to their own controls journey. This point of view takes the next step, providing the leading practices and guidance to help organisations make the bold moves required to begin their Future of Controls journeys.

The future of controls

Challenges and trends influencing the Future of Controls

 

Now more than ever, organisations are operating in a world of unknowns. Understanding the challenges and leveraging the trends can help businesses navigate through these uncertainties and transform them into opportunities for growth and success. To do so, we have examined the evolving risk landscape and key trends that are influencing and reshaping the future of internal controls.

Creating a bold and positive vision

 

Controls can be challenging for organisations that struggle to get even the basics right. However, the role that the risk and controls community has played during the pandemic gives us hope. Today, we see clear trends and individual cases of creativity and innovation that help us to imagine a bold and positive future for internal controls.

In our paper, we demonstrate how a robust risk and controls environment can help organisations become more agile and resilient, and support accelerated digital transformation—all of which help companies better utilise automation in operating and monitoring their controls. We offer a clear vision that is aligned to a wider business strategy and links to the underlying business purpose and goals to assist organisations in embedding a robust controls environment, and help them thrive in this volatile and complex business environment.

Reimagining the Future of Controls

 

Our paper describes three key levers that help drive the internal controls journey:

Lever 1

Reconstructing the internal controls framework - building a truly data-driven, agile framework that mitigates known risks, anticipates and apprises the organization to emerging risks, delivers value, and drives focus.

Lever 2

Designing the next generation controls operating model - reimagining the key principles of the operating model and the enablers that will help change mindsets, develop capabilities, and enable businesses to embrace, operate, and embed controls as part of the organization’s DNA.

Lever 3

Establishing the controls technology ecosystem - leveraging digital transformation and maximizing controls automation to help alleviate some of the pressure on the internal controls functions in cost reduction, driving efficiency, and effective management of risks and opportunities. At the same time building confidence, intelligence, and performance—three key elements of a successful FoC journey.

 

We explore these levers in detail and provide examples from global organizations that demonstrate the trends and successful business engagements that help achieve the Future of Controls vision.

A typical journey

 

The Future of Controls journey will vary from organisation to organisation based on the maturity of the controls environment, the level of regulatory compliance pressure they endure, and the specific industry trends they need to manage. However, irrespective of the level of maturity and transformation, the vision, mission, goals, and key levers we discuss can help organisations customise a controls road map that fits their specific business goals. To that extent, we have outlined a typical six-step road map for a successful FoC journey.

  • Define your Future of Controls vision and aspirations
  • Define your FOC business case with clear qualitative and quantitative values and effort
  • Define your success factors, KPIs and governance mechanism
  • Design an integrated controls framework covering the key operational, compliance, and financial reporting risks across the end-to-end value chain
  • Develop a risk-based framework with due consideration to the risk appetite
  • Integrate risks and opportunities linked to business performance
  • Leverage the ERP system and maximise controls configuration-based automation
  • Establish controls technology ecosystem, utilising technologies outside the ERP and data harvesting through outlying systems to maximise the benefits of digital transformation
  • Focus on preventative and a “hindsight to foresight”-based controls automation
  • Integrate risks and opportunities linked to business performance
  • Establish a clear first-line ownership and accountability
  • Integrate the second line, bringing consistency and creating value across the risk domains
  • Maintain a shared ambition supported by data, capability, culture, and incentives
  • Promote integrated assurance through a risk aligned second and third line of defense
  • Create a positive culture by winning hearts and minds
  • Provide continuous support to the first line
  • Introduce appropriate incentives with strong consequence management
  • Create an automated continuous-controls monitoring framework
  • Document a clear set of controls health indicators supported by smart reports with dashboarding facilities
  • Make use of a comprehensive fit for purpose GRC platform for comprehensive controls monitoring

We are in a period of unprecedented uncertainty with the confluence of technology revolution, global pandemic, merger and acquisitions and private equity funded disrupters. Organisations can't passively search for answers—they must take action now or they will face a chasm so wide and deep, between their pace of customer-facing innovation and their controls programs, that legacy programs will stifle growth and prevent them from realising their prospects. The time to act is now.

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey