The Controller's Toolkit
Description
The Controller's Toolkit delivers a one-of-a-kind collection of templates, checklists, review sheets, internal controls, policies, and procedures that will form a solid foundation for any new or established financial controller. You'll get the tools and information you need to master areas like business ethics, corporate governance, regulatory compliance, risk management, security, IT processes, and financial operations.
All of the tools contained in this indispensable book were recommended by corporate and business unit controllers from small to medium-sized companies and large, multinational firms. You will benefit from master-level guidance in areas like:
* Ethics, Codes of Conduct, and the "Tone at the Top" to support ethical behavior
* The operational and financial aspects of corporate governance
* The importance of the Committee of Sponsoring Organizations of the Treadway Commission Framework
* The requirement for entity-level controls
* The importance of linking the business plan with the budget process
The Controller's Toolkit also belongs on the bookshelves of finance and accounting students, executives, and managers who wish to know more about the often-complex world of financial controls.
More details
Other editions
Additional editions
Person
CHRISTINE H. DOXEY, CAPP, CCSA, CICA, CPC, is president of Doxey, Inc., a consultancy that has brought vast improvements to the finance departments of leading organizations worldwide. Doxey is on the Advisory Boards of The Exchange Summit and The Institute for Internal Controls. Previously, Christine was a financial executive at Hewlett Packard and Verizon Business. She has authored several books and speaks on a range of financial processes and internal controls best practices at global conferences.
Content
PART 1
Chapter 1 About This Toolkit
Chapter 2 Defining the Role of a Controller
Introduction
Governance, Risk Management and Compliance (GRC).
Controller Job Responsibilities
The Controller as Business Partner
SECTION 1 - CORPORATE AND REPUTATIONAL RISK
Section Introduction
Chapter 3 The Controller and Risk Management
Introduction
Risk Management Process Flow
Risk Management Defined
Risk Management Models
Risk Management Table of Controls
Risk Management Risk and Controls Matrix
Chapter 4 The Controller and Ethics
Introduction
Ethics Program Process Flow
What is "Tone at the Top?"
Example Code of Conduct: MCI
Code of Conduct and Ethical Violations
Controllers and the Code of Conduct
The Reaction to Unethical Behavior
A Comparison of Sarbanes Oxley Section 302 and Section 404
Sox and Whistleblower Protection
Ethics Training Programs
Key Considerations for an Ethics Hotline
How to Manage an Ethics Hotline
How Do We Know That "Tone at the Top" Is Effective?
"Tone at the Top" and the "Tone in the Middle"
"Tone at the Top" and the U.S. Sentencing Guidelines
"Tone at the Top" and the Foreign Corrupt Practices Act (FCPA)
Anti-Bribery Provisions of the FCPA
Record Keeping Requirements of the FCPA
Guidelines for FCPA Compliance
The Dodd-Frank Act
The Whistleblower Protection Act of 1989
The False Claims Act
Table of Controls
Table of Risks and Controls
Chapter 5 The Controller and Corporate Governance
Introduction
Corporate Governance Process Flow
Corporate Governance for Small Business
Corporate Governance for Private Companies
The Financial Aspects of Corporate Governance (Cadbury Committee 1992)
The International Finance Corporation (IFC) and The Global Corporate Governance Forum
The Organization for Economic Cooperation and Development (OECD) and Corporate Governance
When Corporate Governance is Flawed
The Sarbanes Oxley Act of 2002 (SOX) and Corporate Governance
Table of Controls
Table of Risks and Controls
Chapter 6 Entity Level Controls
Introduction
Entity Level Controls Process Flow
Benefits of Entity Level Controls
Why Focus on Entity-Level Controls?
Why is Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework Important to Entity-Level Controls?
Implementing an Entity-Level Controls Framework
Examples of Entity-Level Controls
Executing an Entity-Level Controls Questionnaire
Table of Controls
Table of Risks and Controls
SECTION 2 - STRATEGIC AND M&A RISK
Section Introduction
Chapter 7 Strategic Planning and M&A
Introduction
Strategic Plan Process Flow
The Strategic Planning Process
Preparing for Strategy (Step 1)
Articulating the Mission, Vision, and Values (Step 2)
Sample Mission Statements
Vision Statements for New and Small Firms
Assessing the Situation (Step 3)
Developing Strategies, Goals, Objectives and Budget (Step 4)
Writing the Strategic Plan (Step 5)
Example Strategic Plan Table of Contents
Implementing the Strategic Plan (Step 6)
Evaluating the Effectiveness of the Strategic Plan (Step 7)
Mergers and Acquisitions (M&A)
The M&A Process Flow
The M&A Due Diligence Checklist
Table of Controls
Table of Risks and Controls
SECTION 3 - INTERNAL CONTROLS RISK
Introduction to this Section
Chapter 8 Internal Controls Program
Introduction
Internal Controls Process Flow
Application of Internal Controls
The Three Critical Corporate Controls
About the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Monitoring Internal Controls
Roles and Responsibilities
The Impact of the Sarbanes Oxley Act of 2002 (SOX) Section 404 on Internal Controls Programs
Internal Controls Best Practices for Privately Held Companies
Leveraging Internal Control Basics to Implement a Controls Self-Assessment (CSA) Program
Internal Controls and Fraud Prevention
The Fraud Triangle and Example of Fraud
The Fraud Diamond
Table of Controls
Table of Risks and Controls
SECTION 4 - COMPLIANCE RISK
Introduction to this Section
Chapter 9 Corporate Compliance
Introduction
Corporate Compliance Process Flow
The Chief Compliance Officer
Duties of the Chief Compliance Officer
The Controller's Compliance Toolkit
Table of Controls
Table of Risks and Controls
PART 2
SECTION 5 - PAYMENT RISK
Introduction to this Section
Corporate Payments Market Drivers
Additional Statistics
Scope of Corporate Payments Risk
Table of Business Process, Sub-Process, Risk Impacts and Indicators
Chapter 10 Procure to Pay (P2P)
Introduction
Procurement
Contract Management
Purchasing and Ordering
Procurement Reporting, Metrics and Analytics
Accounts Payable
Supplier Master File
Invoice Processing
Payment Process
Accounting Process
Customer Service
P-Cards
T&E
Chapter 11 Hire to Retire (H2R)
Introduction
Human Resources
Payroll
Chapter 12 Order to Cash (O2C)
Introduction
Order to Cash (O2C) Process Flow Diagram
Sales
Customer Master File
Credit Analysis
Order Fulfilment and Invoicing
Accounts Receivable and Collections
Cash Application and Management
O2C Reporting, Analytics and Metrics
PART 3
SECTION 6: FINANCIAL OPERATIONS RISK
SECTION INTRODUCTION
Chapter 13 THE RECORD TO REPORT (R2R) PROCESS
Chapter 14 BUDGETS AND FORECASTS
CAPITAL BUDGETS AND FIXED ASSETS
Chapter 15 THE SUPPLY CHAIN PROCESS AND INVENTORY CONTROL
Chapter 16 THE TREASURY AND CASH MANAGEMENT PROCESS
Chapter 17 SHARED SERVICES AND BUSINESS PROCESS OUTSOURCING (BPO)
Chapter 18 DATA VALIDATION,ANALYTICS, METRICS AND BENCHMARKING
SECTION 7: IT RISK
SECTION INTRODUCTION
Chapter 19 INFORMATION TECHNOLOGY (IT) CONTROLS AND CYBERSECURITY
SECTION 8: SECURITY AND BUSINESS CONTINIUTY RISK
SECTION INTRODUCTION
Chapter 20 BUSINESS CONTINUTY AND PHYSICAL SECURITY
Business Continuity
Physical Security
SECTION 9: LEADERSHIP AND CHANGE MANAGEMENT RISK
SECTION INTRODUCTION
Chapter 21 LEADERSHIP AND MANAGING CHANGE
Chapter 22 TRENDS, PROCESS TRANSFORMATION AND DIGTIZATION
Roadmap for Process Transformation
PART 4
SECTION 11 - ADDENDUM
Table of Controller's Tools
Key Performance Indicator (KPI) Library
SECTION 10 - GLOSSARY
Index
CHAPTER 2
Defining the Role of a Controller
OVERVIEW
The controllership function is carried out by a controller, which usually is the individual in charge of and with authority over the processes related to finance and accounting. A controller has the main goal of keeping the company's bottom line secure by accurate internal controls and well-defined financial operations. But a good controller needs to be aware of all areas of risk that may impact a company and its ongoing success.
The role of the controller is often defined as being a business partner to other functions and divisions within an organization. In many organizations the role of the finance professional is defined as being a business partner to the organizations supported.
Controllers are faced with much broader challenges and opportunities in today's business world and are being asked to take on additional responsibilities outside of the traditional "chief accounting officer" role. Controllers are connected to most of the key business processes within an organization. Controllers provide the stewardship and accountability systems that ensure that the organization is conducting its business in an appropriate, ethical manner.
Controllers and their staffs should also provide the information, analysis, and advice that will enable the organization's operational management to perform effectively. This means understanding the impacts that the supply chain can have upon the accounting processes for the organization.
Controllers are process driven and are always looking for practical tools to manage their areas of responsibility and to advance their careers. These tools can extend the competencies and efficiencies of corporate and controllership processes, which fall under the umbrella of governance, risk management, and compliance (GRC).
CONTROLLER'S TOOL 1 - SUGGESTED JOB RESPONSIBILITIES FOR A CONTROLLER
Introduction. Monster is a global online employment solution for people seeking jobs and employers. Monster has expanded from its roots as a job board to a global provider of a full array of job-seeking, career-management, recruitment, and talent-management products and services. Monster recommends the following list of job responsibilities for a controller:
Suggested Job Responsibilities for a Controller- Achieves budget objectives by scheduling expenditures, analyzing variances, and initiating corrective actions.
- Provides status of financial condition by collecting, interpreting, and reporting financial data.
- Prepares special reports by collecting, analyzing, and summarizing information and trends.
- Complies with federal, state, and local legal requirements by studying existing and new legislation, anticipating future legislation, enforcing adherence to requirements, filing financial reports, and advising management on needed actions.
- Ensures operation of equipment by establishing preventive maintenance requirements and service contracts, maintaining equipment inventories, and evaluating new equipment and techniques.
- Completes operational requirements by scheduling and assigning employees and by following up on work results.
- Maintains financial staff by recruiting, selecting, orienting, and training employees.
- Maintains financial staff job results by coaching, counseling, and disciplining employees and by planning, monitoring, and appraising job results.
- Protects operations by keeping financial information and plans confidential.1
CONTROLLER'S TOOL 2 - CORE COMPETENCIES OF A CONTROLLER
Introduction. Within their companies, controllers are always looked upon as accounting and financial leaders. Many controllers are thought of as the chief accounting officer. I recently authored a blog entry for Nvoicepay that highlights the 15 leadership skills that a controller should have. Controllers should have a blend of skills from two key areas: (1) accounting and business knowledge, and (2) leadership and influence, as listed below.2
Accounting and Business Knowledge- Cost Control. As an example, a cost-control process would be implemented for a major project to monitor cost performance, ensure changes are recorded accurately, prohibit unauthorized changes, inform stakeholders of cost changes, maintain expected costs with acceptable limits, and monitor and document reasons for favorable or unfavorable cost variances. As a controller, you're responsible for controlling cost. This involves developing policies and procedures, systems, processes, and metrics to make sure that costs are under control.
- Internal Controls and Compliance. A controller usually has overall responsibility for the internal controls program and processes for their organization. This means that the design, development, and testing of the operational effectiveness of each control is the responsibility of you and your team. If you work for a publicly traded company, you'll also need to prepare all of the quarterly and annual reporting requirements for Sarbanes-Oxley (SOX).
- Financial Reporting and Adding Value. Controllers and their staffs typically drive the fiscal closing process and are always looking for ways to streamline the process and provide the results sooner through automation and a quicker closing process.
- Corporate Transaction Processes. Controllers have ownership of corporate transaction processes, which include accounts payable, accounts receivable, payroll, travel and expense (T&E), general accounting, and others. There are always large opportunities for streamlining these processes, as evidenced by automation and transformation initiatives in the procure-to-pay (P2P) and order-to-cash (O2C) processes.
- Corporate Knowledge. Controllers should have an excellent knowledge of what their companies do and how they are organized. What is the culture of the company? How is the company organized? How quickly do decisions get made?
- Efficiency Improvements. Along with having a solid knowledge of the corporate transaction processes that are the backbone of your company, you should always look for ways to improve them through process efficiencies and automation. Are there ways to combine similar processes into a shared services organization? Can you reduce manual invoices through implementing an e-invoicing solution? Can you streamline your payment process by implementing e-payment solutions or even outsourcing your payment process?
- Analytics. A savvy controller is driven by analytics and metrics. The results of a well-developed metrics program will indicate how well your company's business processes are working and where improvements were successfully implemented. Metrics will also reveal problem areas and should have the analytics to drill down to find the solution.
- Business Partnerships. Since a controller oversees the accounting processes for a company, maintaining good business partnerships is a key success factor. You should identify your areas of influence and ensure you have a good relationship or partnership with the leadership in other departments. Key departments usually include information technology (IT), legal, human resources (HR), business ethics, supply chain, and procurement.
- Communication. Communication is a personal process that should be appropriate for both the audience and situation. Choosing the wrong communications channel could send the wrong message. For example, a decision that dramatically impacts a person's career should never be delivered via an impersonal form letter. It's always good to consider how it would feel to be on the receiving end. Think about it: If you were being recognized for outstanding work or many years of service, would a personal thank-you note or an e-mail be more meaningful to you?
- Active Listening. The concept behind active listening is encouraging the speaker to state what they really mean and stems from the work of counselors and therapists. The goal of active listening is to help associates express themselves, offer suggestions, and get to the root of a matter.
- Listen for the content of the message and organize it into key components.
- Listen for feelings about the key points being conveyed.
- Ensure that you respond to feelings appropriately and with compassion.
- Be cognizant of any overreaction to the situation.
- Watch verbal and nonverbal signals and be prepared to reconvene the discussion if necessary.
- Repeat...
