Ideally, deficiencies in treasury IT systems should be removed at the stage when systems are installed. This is done as part of the installation project during a project-based audit, so that the early detection and removal of deficiencies leads to direct benefits in the course of the ongoing project.
Modern technologies change the way the traditional core functions of corporate treasury are exercised. Nowadays, almost all major companies use treasury IT systems to ensure sufficient liquidity within the company and to control financial risk by means of financial instruments. At the same time, there is a persistent trend towards more centralisation of local processes, and with it, connecting local entities to the central treasury management platform. More and more upstream and downstream systems in the financial supply chain are electronically connected, in order to create one integrated database for financial reporting. Therefore, treasury management systems increasingly play a central role, which accordingly makes it necessary to more intensively monitor the proper functioning of these systems.
Due to the high notional value and volume of financial transactions, flawed or insufficiently configured IT systems can quickly lead to significant errors in the balance sheet and income statement as well as notes to the financial statements. Moreover, insufficient protection against fraudulent acts can result in substantial claims for damages. In practice, it can be observed that such deficiencies and risks in IT systems continue to be the rule rather than the exception. Examples include:
• insufficient implementation of organisational requirements and internal controls (e.g. insufficient segregation of duties, inappropriate authorizations for trading and payment transactions),
• use of unsuitable or flawed market data and valuation models for calculating market values and carrying amounts (e.g. unsuitable interest rates, outdated valuation models, presentation of contract details for commodity/energy derivatives),
• incorrect entry and disclosure of risk in the financial statements (e.g. due to the wrong posting methods, mapping gaps at the interface to the general ledger and use of error-prone Excel workarounds for manual system adjustment),
• compliance and liquidity risks due to insufficient protection of systems against cyber-attacks and manipulation of payments or accounting entries (e.g. 'fake president fraud').
If such errors are not detected until the start-up of operation or even at the stage of actual operation, it becomes very cumbersome to remove errors: project structures have already been dissolved, test systems are no longer available or access to manufacturers' system consultants becomes difficult.
Moreover, the correction of errors at a later stage usually is associated with additional unbudgeted costs. These are usually the result of:
• the measures required for subsequent error correction, and
• redefinition of system functionalities and their configuration, if the wrong profile was defined and implemented during the original project ('doubling of cost').
Project-based system audits allow for the early detection and elimination of the causes of errors. These audits are usually implemented by treasury and IT experts of the responsible auditor (also to cover statutory audit issues). A particular focus are the appropriateness and robustness of security procedures implemented by Treasury IT and proper functioning of issues relevant for financial reporting. By explicitly addressing these issues at the project planning stage, a subject not previously included within the scope of implementation projects is now covered, thus providing quality assurance. This is because regular focus on security and financial reporting-related issues is, as mentioned above, a critical factor in assuring quality.
In addition, other focus issues concerning quality assurance, such as support during the process of adjusting and including legacy data as well as archiving legacy systems, can be efficiently integrated within the scope of the audit. A project-based audit thus directly reduces the risk of discrepancies and flawed/incomplete disclosure of financial instruments in the course of year-end closing of the accounts and also avoids excessive subsequent effort ('no surprises').
A cost-benefit analysis of such a separate work package during the installation project clearly shows: project-based audit costs are generally lower than the above-mentioned unplanned subsequent costs.
Source: KPMG Corporate Treasury News, Edition 51, January 2016
Author: Stephan Plein, Senior Manager, firstname.lastname@example.org
© 2016 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.