Don’t Go Halfway with Digital Transformation

Corporate digital transformation is a high-stakes gamble: The winners make faster, better decisions and stop wasting time on routine tasks; the losers spend years and millions of dollars on what could amount to no more than expensive boondoggles. The difference between the two often comes down to how the transformation is implemented.

“When embarking upon a transformation, most organizations are seeking opportunities to automate and to become more data-driven,” says Eric Bloesch, Audit Technology Assurance Partner and ERP Controls Solution Leader at KPMG LLP. “One sign of a poor implementation is that the organization isn’t taking nearly enough advantage of the automation opportunities of these advanced systems. But the other is that business leaders can’t trust the data that comes out of the new system. They can’t reliably make business decisions based on that data.”

Nowhere is this more apparent than in a company’s finance function. Do it right, and multi-step processes, like moving from receiving an order to collecting payment or from issuing a purchase requisition to paying an invoice, can occur largely without human intervention. Do it wrong, and the company’s problems could go well beyond persistent and unnecessary manual procedures and workarounds to include regulatory fines and public disclosures of insufficient financial controls requiring massive correction efforts.

The root of the problem is almost never in the technology itself, but in the execution of the transformation project. Fortunately, many of these problems can be avoided by getting feedback from compliance stakeholders—including auditors—early in the process.

How automation can make data more trustworthy

For most companies, digital transformation goes hand in hand with an installation or update of an enterprise resource planning (ERP) solution. What some companies overlook is that these powerful tools offer the opportunity to automate not only business processes, but also the controls that help ensure that those processes are legally compliant and that the data can be relied upon.

In an accounts payable department, for example, digitalization can do much more than reduce or eliminate manual input of invoice data. It can automatically check for duplicate entries, validate that goods or services have been received, apply early-pay discounts or even check whether a vendor hails from a sanctioned country. Meanwhile, separate logins help prevent fraud by ensuring that no one person controls a key financial process (a principle known as separation of duties), and key actions are logged to create an audit trail if needed.

“The goal is to prevent problems rather than have to detect them afterwards,” says Bloesch. “You’re using the system’s intelligence to reduce errors, increase efficiency and improve the user experience.”

Ultimately, easier access to better data leads to better decisions. Getting to this point, however, can be a challenge, as ERP updates can flounder in the oceans of outmoded or unreliable data found in legacy systems. Digital transformation brings issues of data quality to the forefront, as unreliable data can lead a data-driven organization to the wrong conclusions.

Proper data governance is important throughout the organization and beyond as key documents like invoices and purchase orders travel through the business and the value chain, and errors can have a cascading effect. “There’s more connectivity than ever in these systems, so controls and compliance are more critical than ever,” says Nick Wozny, Audit Technology Assurance Partner at KPMG LLP. “But if you do it right, then the testing and validation is built-in and continuous, rather than this once-a-year, grueling, expensive manual effort.”

Fostering a controls mindset

To get the most out of an organization’s digital capabilities the people in finance, legal, auditing and other departments who are responsible for controls and compliance must be brought into the process early on. “A successful digital transformation depends on bringing a controls mindset into the process upfront,” Bloesch says. “They can provide the insights about the requirements you need at the initiation of transactions to help ensure that you have complete, accurate, robust information at the end.”

These key stakeholders should be involved in discussions of data governance and process design well before a single line is coded or configured, Bloesch says. In his experience, companies that fail to involve key stakeholders, and only really start thinking of controls during the next annual audit, find it very difficult to start the process of configuration, testing and user engagement needed to accommodate new data requirements.

What’s more, companies that wait until the next audit to ensure that the new controls work as intended are meanwhile processing untold numbers of transactions in the real world and may already be in trouble. “Fixing control issues can require millions of dollars and thousands of hours that could have been avoided if only leaders had solicited input from compliance and control owners,” Bloesch says.

Bringing in the auditors—before the audit

For a truly objective view, companies can also get their auditors involved. As it became clear how important embedding the right controls was to a successful digital transformation, KPMG established an ERP Controls group within its Audit practice. Group leader Bloesch, along with colleagues including Wozny, offer audit clients real-time system implementation assessments that aim to provide observations and feedback during the transformation process.

During a transformation, the client is busy defining new processes and the technology design. Instead of waiting many months until the implementation and go-live to provide audit perspectives, Bloesch and his team have developed an approach for the auditor to provide real-time feedback once the client has designed their new controls.

For example, as the client defines the new process, the auditor will facilitate walkthroughs and provide objective views on how key risks are being addressed. The auditor also determines whether there are unaddressed risks that could lead to noncompliant results and makes recommendations for management’s consideration. 

With more organizations using cloud-based solutions and agile deployments, ERP implementations are happening more quickly. That’s a good thing, but it means the window for getting controls right is getting shorter, says Wozny. “Proper data governance and consideration of controls and compliance must be embedded into the transformation journey,” he says. “You can’t just have a checkpoint at the end where you hope that they’ll be layered in.”

A real-time assessment provides an opportunity to work with auditors who are highly experienced with both the company’s business and the most common ERP systems. They understand how improving data quality can reduce risk, lower cost and increase efficiency. “We’re aiming for a productive relationship with a client,” Wozny says. “We all know that having the right controls and compliance is essential. Achieving the right working relationship between transformation program leaders, controls and governance stakeholders, is the objective of minimizing compliance issues.”  

With digital transformation high on the agenda for many companies, Bloesch and his KPMG team recommend reaching out and starting this dialogue early in the transformation journey to help better align transformation goals with essential controls and governance criteria – and avoid costly rework.