FERF Report Reveals Biggest ICFR Pain Points for Large Public Companies

  • Executives want more specific guidance around ICFR tasks.
  • Control documentation requirements are excessive.  
  • Companies are behind in applying technologies within the ICFR ecosystem.

Morristown, N.J. - Financial Executives at large publicly traded companies shared their biggest challenges to achieving a healthy Internal Controls over Financial Reporting (ICFR) ecosystem in a report released today by The Financial Education & Research Foundation (FERF)—the independent non-profit research affiliate of Financial Executives International. Entitled Where Are We Now: The Story of ICFR at Large Public Companies as Told by Financial Executives, the report also examines the practices financial executives currently rely on to maintain strong ICFRs. Greenlight Technologies, a leading provider of integrated risk management solutions, sponsored the report. 

The FERF report draws on data from the recent study titled ICFR Practices at Large US Public Companies: Evidence from Accounting Executives. This research project was conducted by a team of academics from Arizona State University, Brigham Young University, the University of Illinois at Urbana-Champaign, and the University of Mississippi. It analyzes survey results from 145 FEI members representing 123 large public companies and incorporates research interviews with 16 financial executives. The initial survey took place from March to August 2019 with a series of anonymous follow-up interviews with FEI members occurring from February to September 2020.

“Although much has changed and financial executives overseeing corporate ICFR ecosystems are operating in uncertain times fueled by equal measures of disruption and opportunity, one constant rings clear—they remain committed to fostering a healthy ICFR ecosystem,” said Andrej Suskavcevic, CAE, President and CEO of Financial Executives International and Financial Education & Research Foundation. “At this crucial point, financial executives will have to be more mindful about incorporating great amounts of flexibility and resiliency to support a future that seems less forgiving to manual processes and in-person collaboration.”  

Key Findings

As noted, the report delves into financial executives’ wants, challenges and pain points to achieving a healthy ICFR ecosystem. When looking at ICFR as a whole, not all control areas are seen as equally difficult when it comes to designing, implementing, and operating controls. Respondents rated the following among the most difficult—with nearly one-third of all executives indicating that they find each of these areas to be particularly challenging:

  • Non-routine transactions
  • The income tax provision
  • Access to data

Diving deeper, the report captures the more critical issues behind the difficulties. Disappointment with the lack of real-world examples in ICFR guidance; nearly impractical control documentation requirements; and hesitation toward the application and adoption of emerging technologies within the ICFR ecosystem were among the top concerns conveyed.

GUIDANCE
Executives want more concrete guidance and real-world examples.

For guidance, most financial executives rely on the COSCO framework followed by internal and external auditors. The top areas where financial executives want additional guidance and real-world examples are:

  • Justifying a position on the classification on an ICFR deficiency
  • Monitoring controls, including testing for effectiveness
  • Designing control activities
  • Identifying and analyzing risk

DOCUMENTATION REQUIREMENTS
Control documentation requirements are becoming excessive.

While being satisfied with external auditors overall, respondents reported that their auditors are requiring excessive documentation around certain control areas—which are seen as time-intensive, disruptive to business flow, etc. These areas are:

  • Routine estimates
  • Data processing
  • Disclosures

TECHNOLOGY
Companies are behind on applying technologies to ICFR.

Overall, those surveyed expect emerging technologies to decrease corporate ICFR risks. Notably, respondents pointed to the following as the ICFR risk areas most likely to be positively impacted by the adoption of emerging technologies:

  • Failure to prevent material misstatements
  • Unauthorized alteration of accounting information
  • Failure to detect material misstatements by the external auditors
  • Failure to detect material misstatements internally

However, respondents point to a shallow talent pool of finance professionals with emerging technology skills as being one of the most formidable barriers to technology implementation. “One of the surprising results of this study,” said one of the co-authors Professor Jeff Wilks of Brigham Young University’s School of Accountancy, “is that some of the largest companies in the market are hesitant to adopt emerging technologies to improve ICFR because of the lack of qualified personnel to use the technology and the additional control risks that technology would introduce.” Financial executives with accounting knowledge and IT talent are in great demand and therefore hard to find in today’s labor market.

“With all the new emerging technologies that promise to revolutionize corporate ICFR ecosystems, it makes sense for every financial executive to reflect on the state of their organization’s ICFR technology,” said Mark Kissman, CFO, Greenlight Technologies. “It is still crucial to find ways to mitigate the staffing challenges that seem to be a major deterrent here. The right technology partners will provide companies with training channels to help bring existing staff up to speed to a proficiency level that can be highly beneficial to the companies’ overall ICFR strategies.”

About Greenlight Technologies
Greenlight provides our customers with a market leading platform that is built to protect the world’s most valuable application data. Greenlight integrates into over 100 applications out of the box, including SAP, Oracle, Workday, Salesforce, and many more. Our platform monitors all user access permissions for SoD conflicts and data security controls across all your applications from one panel, while also monitoring all user activities to make sure people are using those permissions appropriately. Greenlight automates your user access reviews and can identity all sensitive data access to produce compliant reporting for SOX, CCPA, GDPR, and many more regulations. Customers love our automation, and auditors trust our reports. Learn more at https://greenlightcorp.com.

About Financial Education & Research Foundation, Inc.
Financial Education & Research Foundation (FERF) is the non-profit 501(c)(3) research affiliate of Financial Executives International (FEI). FERF researchers identify key financial issues and develop impartial, timely research reports for FEI members and nonmembers alike, in a variety of publication formats. FERF relies primarily on voluntary tax-deductible contributions from corporations and individuals, and publications can be ordered by logging onto www.financialexecutives.org/Research.aspx.     

About FEI
Financial Executives International (FEI) is the leading advocate for the views of corporate financial management. Its more than 10,000 members hold policy-making positions as chief financial officers, treasurers and controllers at companies from every major industry. FEI enhances member professional development through peer networking, career management services, conferences, research and publications. Members participate in the activities of more than 65 Chapters in the U.S. FEI is located in Morristown, NJ. Visit www.financialexecutives.org for more information.  

Media Contacts:
Claudine Cornelis
Crimson Communicates
845.424.6342
[email protected]

Lili DeVita
FEI
973.765.1021
[email protected]