Optimising Financial Controls

Internal Controls over Financial Reporting

Considering the Corporate Governance Code
1
 Optimising Financial Controls

Increasing demand is being placed on Financial

Controllers to reduce costs, deliver faster, more
accurate financials and leverage big data and
analytics through efficient and effective Internal
Controls over Financial Reporting (ICFR).

The ‘UK SOX debate’ has shone a light on extensive current

requirements of the UK Corporate Governance Code (UK Code):
a recognised framework and ongoing evidence is needed for
stakeholders, directors and their management teams to know
controls are operating effectively. Many UK boards lack evidence
that their controls are effective and instead rely on trust, taking
false assurance based on a lack of contrary information. Financial
Controllers should be thinking now about whether their own
organisations are able to demonstrate that their controls are
operating effectively.

Through effectively leveraging select technologies, such as

BlackLine, finance can respond to these pressures, enhancing
their control environment to benefit the business, meet the
expectations of auditors and reduce the cost of compliance,
releasing time and resources to focus on providing value added
services to the business. A leading control environment embeds
controls within end-to-end processes automated through
technology built with controls at its core.

Together, Deloitte and BlackLine have worked to

successfully deliver in excess of 150 BlackLine deployments
globally, with an alliance relationship between Deloitte and
BlackLine spanning over 10 years.

This has led to Deloitte developing a network of hundreds

of BlackLine practitioners and our position as the leading
BlackLine System Implementer globally.

The role of Deloitte extends beyond technology adoption,

and includes core finance, control and change expertise to
maximise the return on your investment and user adoption.

2
Optimising Financial Controls

Financial Controls
Common Challenges

Governance

Reliance on non-standardised manual controls, disparate systems

and data sources, and limited management information regarding
the status of risk mitigation and operating effectiveness of controls.

Transaction matching

Manual processes and large volumes of data managed outside

of a centralised system and ways of working resulting in potential
misstatements and error due to incomplete or inaccurate matching.

Balance sheet integrity

Poorly performed and cumbersome manual balance sheet integrity

account reconciliation processes. Often with a lack of evidence
retained and requiring manual reviews and sign offs required.

Intercompany

Lack of consistent and controlled end-to-end processes resulting

in accuracy, valuation and completeness issues and misaligned
transaction posting. Overly complex and high level of effort required in
elimination and consolidation.

Audit

Increased risk of failure of manual, non-standardised and

decentralised controls. Resulting in increasing demands on
businesses to support audits, increased risk of significant deficiencies
or material weaknesses and ever-increasing cost of remediate audit
findings.

3
 Optimising Financial Controls

The BlackLine Solution

For over 10 years Deloitte has brought in

depth experience of ICFR implementation,
transformation, digitisation and automation,
coupling this with BlackLine’s enhanced financial
automation software. Enabling organisations to
manage risk in the record to report and financial
close processes and minimise the risk of control
failure and non-compliance.

BlackLine’s digital platform supports businesses in addressing

these risks via automation, standardisation, embedded controls and
defined workflows. Whilst delivering the visibility, traceability and
segregation of duties necessary to drive more efficient and effective
controls and meet the expectation of auditors and regulators.

This alliance and approach to ICFR is proven in multiple markets

globally, including the UK, to enable businesses to better prepare
for the challenges of implementing efficient and effective controls
and readiness for any potential enhancements to the Corporate
Governance Code.

What is BlackLine?
BlackLine is a cloud-based financial operations management
platform that helps organisations move to modern accounting
by unifying their data and processes, automating repetitive work,
and driving accountability through visibility.

BlackLine provides solutions to manage and automate financial

close, accounts receivable and intercompany accounting
processes, helping large and midsize organisations across all
industries complete accounting processes faster and with more
efficient and effective controls.

BlackLine has consistently been recognised by Gartner as the

industry leader in cloud financial close solutions and is the only
financial close solution recognised by SAP as an official solution
extension.

4
Optimising Financial Controls

BlackLine Solutions for Financial Close Management

Task Management
Core Improve visibility and execution by centralising the allocation
of control responsibilities and establishing dependencies
Focused on delivering the
most value in the shortest and accountability. Enable real-time dashboard reporting of
amount of time. Essentials global close and compliance status.
required to improve visibility
across close tasks and
automated reconciliations.

Account Reconcillations
Deliver more reliable and robust financial results by
automating the end-to-end account reconciliation process.
Embedded controls and automated, rules-based workflows
enable touchless certification and ensure audit readiness.

Variance Analysis
Discover discrepancies and fluctuations in balances quickly
through automated alerts and timely notifications for when
further action is required.

Transaction Matching
Integrated Match and reconcile high-volume data across multiple systems
and datasets with business rules to rapidly identify and resolve
Two-way data integration or explain exceptions. Flexible partial and suggested matching
enables BlackLine processes capabilities help reduce the volume of exceptions and manual
to be automatically processing.
updated and visible in your
technology ecosystem.

Journal Entry
Automate manual journal initiation, approval and posting
with a transparent audit trail and native integration with
reconciliations, tasks and transaction matching.

Compliance
Close the gap between control performance and attestation
and unify all compliance documentation, projects and
stakeholders in one globally accessible, cloud-based system
to maximise visibility.

5
 Optimising Financial Controls

Smart Close
Optimised This is a native solution for SAP. Automate SAP tasks, job
scheduling, execution, monitoring of close tasks, and outcome
Within your connected
verification and escalation; a robotics-led approach to the close.
ecosystem, BlackLine
helps fine-tune finance
and accounting processes
including intercompany
financial management.
Intercompary Hub
Manage and control the complexity inherent to
intercompany accounting. Issues over currency exchange
rates, transaction amounts, transfer pricing mark ups,
journal entry creation, invoicing and approval workflows are
neatly and automatically managed within the solution.

Platform features

Industry leading security

State-of-the-art security ensures customer data is protected
– BlackLine is the only ISO27001 Certified Financial Close
Platform. Security controls are validated by achieving
internationally recognised auditing standards SSAE 18 / ISAE
3402 SOC 1 – Type II, SSAE 18 / ISAE 3000 [Revised] SOC 2 –
Type II, ISO/IEC 27018:2019 and ISO/IEC 27701:2019.

Global ERP Integration

BlackLine is ERP and systems agnostic, with the ability to work
with any single system or multiple systems at once. It is a
comprehensive financial controls and automation platform built
on a single codebase and delivered anywhere via the Cloud.

Enhanced insights, analytics & reporting

Centralise and standardise critical close and decision support
data for accurate and timely decision-making. Unified
dashboards and reporting provide a clear view into the status of
the close to enable continuous optimisation.

6
Optimising
Optimising Financial
Financial Controls
Controls

Deloitte, BlackLine and UK Code

The journey together

Deloitte has developed a tried and tested

approach to ICFR.

We are pairing this expertise with BlackLine’s technology to support

businesses in readiness journeys ahead of expected changed to UK
code and leverage this regulatory change as an impetus to enhance
the control environment and reduce the overall cost of control.

Financial Controllers and

UK Code readiness

The experience of many organisations upon the

implementation of ICFR following regulatory
change showed that the process to implement an
efficient and effective control framework to meet
new requirements took more time and effort than
many expected.

Considering this, Financial Controllers, as critical members of the first

line of defence for ICFR, have an important role to play in readying
their businesses by considering the lessons learnt recently in multiple
markets globally where regulatory change impacting ICFR has been
implemented and getting ahead now.

Financial controllers should leverage the opportunities a strong

control framework, supported by technology such as BlackLine,
presents to enhance efficiency and effectiveness of finance processes
and controls.

7
 OptimisingFinancial
Optimising FinancialControls
Controls

Key consideration for Financial

Controllers and their businesses

What opportunities does a control implementation efforts required to ensure the right
framework offer? internal controls are in place; and they are designed
Globally, increased regulatory scrutiny and focus and operating effectively.
given to the effectiveness of controls and enabled
business to better empower management to What documentation will be needed to
manage their own risks. This has enabled Financial evidence the control environment?
Controllers to strengthen the ‘tone from the top’ Documentation and a clear understanding of the
and in turn provides a chance to act as a catalyst for end-to-end risks, processes, and controls is essential
change and rethink the controls landscape. Digital for establishing an effective control framework. This is
tools, such as BlackLine, embedded into the control critical to ensure an internal control framework can be
framework bottom-up provide greater assurance monitored effectively and meet regulatory reporting
over the accuracy of their financial reporting data requirements. This means much more than just good
and enable businesses to detect fraud more documentation and evidence of the performance of
effectively. controls and requires businesses to truly understand
and illustrate the design of their control framework.
When does my business need to be ready In addition to BlackLine providing a single depository
and how long will it take? for evidence related to the processes and controls
Although there are not yet confirmed dates, performed within the tool, adopting standardised
it is widely expected that some form of tighter approaches within a centralised tool minimises the
controls regulation will become effective in the scale of effort and cost required to implement and
next couple of years within the UK. The FRC has maintain process and control documentation
also recently pointed out that companies applying and mapping.
the Corporate Governance Code should already
be publicly reporting on their process to annually How can Financial Controllers support
review the effectiveness of their material controls implementation efforts to achieve
and any significant weaknesses. Organisations compliance with a control framework?
must understand, now, what level of effort and Financial Controllers are key individuals within the
implementation is required to put in place evidence first line of defence for ICFR. They play a key role in
that controls are operating effectively. BlackLine achieving their business’ compliance objects through
coupled with the Deloitte approach to ICFR is a strong strong the design, implementation, performance and
enabler to efficient and effective mitigate various monitoring of efficient and effective controls.
risks across the record to report and financial close
processes. A robust approach to ICFR is essential in fully
embedding changes achieve compliance within
What activities should be prioritised when an internal control environment, whether that be
aiming to achieve effective internal controls? in introducing new internal controls or enhancing
At a minimum, an effective internal control those currently in place. Implementing tools, such
environment would require the identification of as BlackLine within the record to report and financial
material risks and a mechanism in place to monitor close processes, supports Financial Controllers in
and report against the controls that mitigate achieving their compliance goals whilst providing
them. A critical first step is to undertake a controls their businesses with modern and cost-effective
gap analysis as the basis for understanding the ways of performing audit ready controls.

8
Optimising Financial Controls

Deloitte Internal Controls Over

Financial Reporting Approach
Oversight & Governance
Board, Executives, Business Leadership, Regulators

Assurance Activities Risk Assessment

MI, Dashboarding Risk Appetite &

& Reporting Control Strategy

Embedding Risk &

Change Control
Framework

Training Policies &

Procedures

Technology Enablement Controls Implementation

& Operation

Target Operating Model

Strategy Org Design People Technology Data

9
 Optimising Financial Controls

Over multiple years, Deloitte has developed a resilient approach to ICFR that has stood true regardless of regulatory
change globally. When exploring the impact of changes to UK Code and the responds needed for their organisation,
Financial Controllers should consider the following key elements of their control framework.

Risk Assessment
• Risk assessment process to identify a single, clear view of the risks and opportunities of the organisation.
• Ongoing process of risk scanning to ensure emerging risks and ‘near misses’ are captured to ensure the risk register
remains relevant.

Risk Appetite & Controls Strategy

• Defined organisational risk appetite.
• Controls strategy that articulates the organisational approach to controls including executive sponsorship, governance,
authority levels and technology enablement.

Risk & Controls Framework

• Controls framework mapped against risks with clear definition of minimum/key controls, responsibilities and roles.

Policies & Procedures

• Succinct policies that act as enablers for effective controls performance.
• Guidelines for control operation, templates and repository management.

Controls Implementation & Operation

• A clearly defined controls operating model outlining who, what and how the controls are implemented.
• A control framework implemented effectively and efficiently across the organisation.
• A cost effective controls centre of excellence to support local markets delivering control testing and monitoring.

Technology Enablement
• A comprehensive technology framework to support business in the operations, automation and monitoring of controls.
• Implementation of business process controls, continuous control monitoring, self-certification, evidence gathering and
retention.
•
Embedding & Change
• Winning the hearts and minds, helping employees understand the value to own controls.
• Setting up the business for success with necessary tools and techniques to deliver a sustainable controls framework.
• Deliver the change planning and management, communication and stakeholder engagement as part of control
implementation and transformation programmes

Training
• Controls training programme for the first and second line of defence to develop a clear understanding of controls and
the requirements to operate controls effectively.

Assurance activity
• Providing 2nd and 3rd line of defence assurance activities over the design, implementation and operating effectiveness of
controls.
• Implementation of shared services assurance as a service capability.

MI, Dashboard & Reporting

• Automated and dynamic risk and control effectiveness reporting.

10
Contact

Craig Vink Lauren LaQuaglia Sonya Butters

Partner Partner Partner
Deloitte LLP Deloitte LLP Deloitte LLP
+44 118 322 2238 +44 207 007 4263 +44 117 984 1074
[email protected] [email protected] [email protected]

Zosia Di Lieto Andrew Flaherty

Senior Manager Associate Director
Deloitte LLP Deloitte LLP
+44 207 007 9369 +44 207 303 0311
[email protected] [email protected]

This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining
from action on any of the contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or
refraining from action as a result of any material in this publication.

Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered
office at 1 New Street Square, London EC4A 3HQ, United Kingdom.

Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private
company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and
Deloitte NSE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of
member firms.

© 2022 Deloitte LLP. All rights reserved.

Designed and produced by 368 at Deloitte. J21985

11