Control Reliance: the proven ability to rely on enterprise automated data as credible, reliable basis of public reporting to regulators, shareholders, lenders, markets and customers. Publicly traded firms file reports to the Securities Exchange Commission and other bodies on a regular basis as required by law. A public accounting firm is engaged by the Board of Directors to review corporate operations and controls, providing a formal assessment of control reliability and attestation of accuracy of public filings. If the accounting firm determines that policy, procedure, separation of duties, security, data protections, and other elements of control are weak or missing, the annual audit will require deep inspection of physical documentation, assets, liabilities, inventories, capital assets and other elements of operation to visually verify status and value.
The annual audit always includes sampling of data, validation of accuracy and a review of controls, control integrity and data integrity to assure that data from production practices can be relied on for public reporting. A “material weakness” is a finding of such significance that the accounting firm must include it in reports to the board and the annual Audit Findings report to stakeholders. Control problems undermine data credibility, confidence in management, credit worthiness and may impact shareholder value.
Control reliance is enhanced when business processes and resulting data are well supported by automation software. Data that is derived as a by-product of operations is more credible than information that is self-reported or created manually.
However, merely being harvested from a software tool is not nearly enough to establish “control reliance”. Software configurations must be carefully administered to assure consistency of use, without exposure to manipulation. Administrator access must be carefully controlled to assure accountability and responsibility are clear. Audit trails must track access to provide transparent oversight of Administrator activities. Data store access must be protected to make manipulation difficult. Quality control processes must be established and executed cyclically to verify that data balances to related data stores to positively assure that integrity has not been compromised or lost.
Confidence in data integrity, protected, secured and routinely validated through quality controls, allows management to rely on information to make decisions, to intervene or investigate examples of high or low performance, to hold staff and management accountable for execution and outcomes of assigned responsibilities. It is the foundation of quality and sound performance for any enterprise. Lack of data integrity and control reliance is operating on quicksand. Everything is subject to challenge and question. Nothing can be taken at face value or should be trusted.
Control reliance is a broad responsibility. It can only be achieved with careful design, verification of standards adherence, discipline, audit trails, access controls and relentless commitment from executive management. It should never be assumed or taken for granted. Lack of focus or vigilant control is a recipe for disaster.
Concerned about data integrity? Contact BrightWork Advisory, LLC to design an engagement to help address data integrity, control and operational needs today.