Modern Finance ushers in a new era of control in the cloud

1st December 2015

Compliance and control is a rising challenge for the CFO. But recent changes in cloud technology are enabling modern finance functions to innovate around compliance processes and simultaneously achieve higher levels of process visibility, automation and control. 


There is no getting away from it – keeping up with compliance and control is a constant challenge. It is something that is mandated on organizations and in the aftermath of many financial crises there is little sympathy for organizations that do not comply with the demands of their industry regulators. So even if an organization does not have a CRO (Chief Risk Officer) there is almost always somebody designated as having responsibility for risk and compliance.

In fact an Accenture Study1 points out that the proportion of organizations having a CRO, “with or without the formal title”, has risen from 78% in 2011 to a near-universal 96% in 2013. Yet, when it comes to the practicalities of compliance, there is a huge mismatch between the importance organizations attach to compliance and their ability to achieve compliance.  In 2013 the gap between “importance” and “achievement” was estimated at 70 percent1.  This is all the more startling when one considers that compliance is regularly rated as the most pressing risk against a basket of other business risks (reputational, product development, economic etc).

Part of the reason for the gap is a tendency for organizations to treat the controls environment passively rather than manage it actively as a part the day-to-day operations of the business. SOX helped to change attitudes and helpfully raised the profile of controls.  Nevertheless, once the control environment had been designed and revised principles had been implemented how many organizations actively challenge the initial blueprint or review the need for change?

Many assume that controls, once established, are relatively static, but financial controls are always in a state of flux, courtesy of new accounting standards and regulatory reporting regimes.  In fact the last few years have seen change on an unprecedented scale (Basel 111, Dodd-Frank in the USA, The Bribery Act in the UK, Solvency 11 in Europe) and so on. This means that compliance and application controls, have to be re-assessed and re-engineered on a regular basis. 

Yet responding to these varied demands is complex and multi-faceted.  It’s about setting the right organizational tone at the top as much as deploying the right processes and technology. But recent changes in cloud technology could at last tip the balance in the right direction by enabling modern finance functions to innovate around compliance processes and simultaneously achieve higher levels of process visibility, automation and control.


The controls environment

Striking an appropriate balance between controls and risk is central to an effective controls environment. Many organizations tend to over-engineer their controls placing too many hurdles in the way.  Such an approach is both time consuming and costly, especially if managed in disparate databases and spreadsheets held together with manual processes.

It is easy to see how an organization’s resources can be quickly overwhelmed by risk and compliance initiatives, especially when a business has to contend with sector or geographic-specific regulations on top of ‘routine’ accounting standards, disclosure and filing requirements. It’s a problem compounded by organizational diversity (who owns what risk), cost pressures, cultural impediments (few managers are rewarded for devoting time to compliance) and the lack of an encompassing risk framework. But help is on the way.


The cloud is transforming compliance.

Cloud computing is now a major force in the enterprise computing landscape. IDC the analyst firm says that public IT cloud services spending will grow to more than $127 billion in 2018, representing a compound annual growth rate of 22.8%, which is about six times the rate of growth 

for the overall IT market. And it’s easy to see why. The scalability, immediacy, and accessibility of the cloud removes many of the barriers to enterprise deployment, enabling businesses to distribute controls and compliance capability wherever it is needed and engage with larger populations of users across business functions.  In an era in which organizations are striving to reduce business complexity and improve user productivity through process standardization, the ease with which cloud solutions for controls assurance can be deployed holds obvious appeal.

Nevertheless, CFOs need to be wary of making the wrong choice in the cloud, paying particular attention to the rising popularity of so called, hybrid clouds – an amalgam of on-premise and cloud solutions or public to private cloud. 

In an effort to accelerate their move to the cloud and side-step the limitations of the on-premise world many organizations are looking to so called ‘Hybrid Solutions’ that enable them to build a bridgehead in the cloud while phasing out their dependency on legacy applications.  But loosely coupled hybrid architectures could become a victim of their own success as companies lurch from inflexible or incomplete on-premise systems to a patchwork quilt of multiple clouds, each hosted in a different technical environment and capable of providing an enterprise view of compliance and risk. 

Placing different compliance initiatives in different clouds simply perpetuates the fractured systems of the past but in the cloud.  Implicit in the compliance paradigm is that all of the core controls, documentation, records of testing and tasks or issues that arise should be housed in one environment.  

Modern SaaS-deployable compliance assurance solutions such as Blackline’s , overcome these limitations by enabling an organization to comprehensively define and document its risk ‘universe’, rationalize its controls and articulate its impact all in one place. No matter how diverse, all compliance initiatives are maintained in one shared environment so that the consequences of a control failure in any one of them is captured and visible to the CFO and other stakeholders in real-time. 


Compliance and the modern finance function

So the cloud is an important compliance enabler. Applications such as Blackline’s compliance in the cloud draw the different strands of compliance into one central environment.  As such, the cloud helps to overcome organizational ‘white spaces’ by enabling affordable and ready access for all participants that need it. This means that at any point in time, management and other stakeholders can benefit from shared views of the status of compliance, for example, the tasks, issues and matters outstanding. This total visibility allows management to assert control, manage stakeholders’ expectations and help deliver results in which they have total confidence.  

Compliance in the cloud fits ‘hand in glove’ with the Modern Finance agenda by (i) leveraging digital technologies (in this case the cloud) to bring about process innovation, automation and standardisation (ii) enabling a more productive and complete compliance regime releasing time for CFOs to focus on the more strategic aspects of their role and finally, (iii) providing more accurate analytics around control and compliance enabling better business partnering across other functions.



Collaboration is at the heart of an effective controls environment, allowing users from across the organization to share visibility and responsibility for compliance.  The scalability and affordability of Cloud deployment in support of a unified application in the cloud, such as Blackline enables businesses to overcome functional boundaries by placing compliance in the hands of everyone who needs to be connected. 

However it is important to recognize that technology alone does not guarantee success.  Connecting individuals to the process and to each other certainly provides conditions which are conducive to a strong controls environment, but smart CFOs know that setting the right management culture is also crucial to success.




About the Author

Gary Simon is Group Publisher of FSN Publishing Limited and Managing Editor of FSN Newswire. He is a graduate of London University, a Fellow of the Institute of Chartered Accountants in England and Wales and a Fellow of the British Computer Society with more than 27 years’ experience of implementing management and financial reporting systems. He is the author of four books, many product reviews and whitepapers and as a leading authority on the financial systems market is a popular and independent speaker on market developments.  Formerly a partner in Deloitte for more than 16 years, he has led some of the most complex information management assignments for global enterprises in the private and public sector. 



Note1 “Accenture 2013 Global Risk Management Survey”



Disclaimer of Warranty/Limit of Liability

Whilst every attempt has been made to ensure that the information in this document is accurate and complete some typographical errors or technical inaccuracies may exist. This report is of a general nature and not intended to be specific to a particular set of circumstances. The publisher and author make no representations or warranties with respect to the accuracy or completeness of the contents of this white paper and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose.  No warranty may be created or extended by sales representatives, or written sales materials.  The advice and strategies contained herein may not be suitable for your situation.  You should consult with a professional where appropriate. FSN Publishing Limited and the author shall not be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.