The strength of internal control design evaluation

A global player in the research and development of technological components reached out to us for an in-depth review of their key operational processes. Specifically for their Procurement to Pay (P2P) and Order to Cash (O2C) across several of their entities. Our focus was to thoroughly assess these processes in order to identify roles and responsibilities and internal controls in place.

Through this assessment, the client aimed to gain a clear understanding of their existing controls and to spot any weaknesses that may expose the organisation to operational, financial and reputational risks. This effort was particularly focused on identifying and addressing any gaps in the internal control system that could lead to misconduct and segregation of duty conflicts within the P2P and O2C processes.

Our goal was not only to identify these vulnerabilities but also to provide practical recommendations to enhance the organisation’s internal control framework.

Challenge

The organisation faced a significant challenge due to decentralised knowledge within its structure, which led to limited visibility over the current landscape of internal controls. This fragmentation resulted in an insufficient understanding of existing gaps in the control framework and the risks these gaps posed to the organisation. 

Without a holistic and end-to-end view of the risk and control landscape, pinpointing areas vulnerable to operational and financial discrepancies became increasingly difficult. This impacted the organisation's ability to effectively safeguard against potential misconduct and financial irregularities. 

BDO's tailored approach & solutions

Our tailored approach began with conducting detailed interviews with various stakeholders involved in the processes. This initial step allowed us to comprehensively map out the procedures and develop a documented narrative that outlined the existing processes clearly. 

Following the establishment of this narrative, we proceeded with a thorough risk assessment to identify and evaluate the risk landscape associated with the Procure to Pay (P2P) and Order to Cash (O2C) processes. This provided a detailed view of potential vulnerabilities and risks within these processes which are not mitigated by robust internal controls. Based on the insights gained from the risk assessment, we were then able to map the current controls in place, highlighting how they align with the identified risks. 

With a clear understanding of the existing controls and the gaps within them, we identified the missing controls that were necessary to mitigate the risks identified. Our analysis led to the formulation of targeted recommendations to address these gaps, enhancing the overall control framework and reducing exposure to potential risks. 

To ensure that the findings and recommendations were accessible and understandable, we consolidated all the documentation into a comprehensive flowchart. This flowchart serves as a visual overview, making it easier for stakeholders across the organisation to: 

  • grasp the complete control landscape; 
  • understand the risks; 
  • implement the recommended controls effectively. 

The strength of internal control design evaluation

Impact & Result

The output and results of the assessment were significant in enhancing the organisation's understanding and management of its processes.  

Firstly, all stakeholders involved in the process gained a comprehensive view of the entire process flow. This holistic understanding facilitated better communication and collaboration across different departments and levels of the organisation. 

Furthermore, the organisation obtained a clear insight into the risks it faced within these processes. The assessment detailed how the existing internal control landscape was designed to mitigate these risks, providing a strategic overview that allowed for more informed decision-making regarding risk management. 

Additionally, the assessment served as a valuable input for potential process efficiency improvements and future automation opportunities. By mapping out the various streams of information and the controls associated with them, the assessment identified areas where efficiency could be increased through streamlined processes or technological integration.  

This not only aimed to reduce manual labor and the potential for errors but also enhanced the timeliness and accuracy of the processes, leading to better overall performance and competitiveness in the market. Finally, the client appointed an internal resource as process owner in order to optimise and monitor both processes in the future, based on our deliverable. 

Overall, the assessment delivered a multi-faceted view of the organisation's procedures, risks, and opportunities for improvement, laying a solid foundation for ongoing enhancements and strategic planning.

Risk Colleagues

Check out our full Risk Blueprint video series

This video series delivers tons of expertise and knowledge on the essentials of risk management.
Go watch our video series

Check out our other case studies