Corporate Governance, Internal Controls
- EFFECTIVE INTERNAL CONTROLS ENVIRONMENT
- risk-control matrices
- implementation
- management
- transformation
- risk-control matrices
ORGANISATION
- Global Engineering PLC (PE-backed) €8b, 50kFTEs
- MENA region €400m revenue, 2500 FTEs,
project SCOPE
- after years of limited scope, the requirement of Full Scope RCM (Internal controls system) had to be fulfilled for all 8 legal entities in the Region + regional HQ (MENA)
project GEOGRAPHY
Middle East and North Africa – MENA:
UAE (Dubai, Abu Dhabi) SAUDI ARABIA, QATAR, KUWAIT EGYPT, BAHRAIN, JORDAN, TUNESIA
FINDINGS
- Poor corporate governance culture
- non standardized and weak internal control systems
- lack of control risk management:
- documentation
- testing
- analysis
CHALLENGES
- roject Complexity (8 entities)
- Project parallel to significant transformation of the Regiona and SG&A optimization (Segregation of duty issues)
- Lack of knowledge and understanding by both staff and management
- Resistance to Change
- Limited staff resources
- Limited Time,
ACTIONS
- planning (incl. roadmap)
- involvement of top management
- dedicated team established
- close communication with Global ICM (internal controls) department
- weekly progress meetings
- redefinition of the processes
- building controls repository
- controls consolidation and standardization
- more reliance on automatic controls (IT controls)
DELIVERABLES
- RCM implemented & assessed – efficient
- RCM properly implemented without material discrepancies and delays (certified by IA)
- RCM transformed into process
- Project transformed onto standardised RCM process, ensuring sustainability of the regulatory compliance
- RCM extended awareness
- All staff including directors have been trained for RCM and dramatically strenghten their risk awareness,
- Efficient ICM dep’t (Internal Controls)
- Well functioning and efficient ICM department, smoothly managing RCM process, but also used to permanent improvement of controls environment
EXPERTISE APPLIED
Risk Managment
- risk identification and evaluation
- promoting risk approach culture
Audit & Assurance
- audit procedures (sampling, sampling, testing, walk-through, documentation, investigation)
- IT audit procedures (general IT controls)
Internal controls & processes
- internal controls (design, implementation, monitoring)
- frameworks standards (PCAOB, COSO, COBIT)
- SOX/RCM (Risk Controls Matrix): implementation, management, transition
- business process: (assessment, streamlining, simplification, permanent monitoring)
- process documentation (narratives, workflows, walkthroughs, testing): O2C, P2P, R2R, others
Project management
- proper process planning
- roadmaps preparation and execution
- efficient resources allocation
Call to have a short discussion (without any obligations)