Controllers Council recently held a roundtable panel discussion entitled, A Controller’s Guide to Securing Financial Operations, presented by BILL.
Panelists included Kimberly Hollinger, Controller at Wag! Group and Barbara Salazar, CFO at The Unity Group.
Following are key takeaways to this discussion. If you are interested in learning more, view the full roundtable panel video archive video here.
What are your roles and responsibilities regarding security, compliance, and preparation for internal and external audits?
Kimberly: for Wag Group, this is a little bit of an interesting one. Right now, we were public and traded on the NASDAQ, but we just went through a restructuring transaction. We became private and owned under the P.E. umbrella on September 1. We are going through and revamping a lot of things because going from a public company to a private company. There are a lot of things that are similar, but there are a lot of things that change as well. We have a little bit more flexibility. So previously, I oversaw the SOX program, which has a higher bar that you have to hit as far as documentation, know, auditor opinion, things like that. Now, I’m one of the key things I’ve been working on is revamping our SOX program to be our internal control program. Because as you all know, business risks don’t go away just because you become private. It just means that you don’t have to turn in the work papers in the same fashion that you want to audit to test those internal controls. But you still want them from the business perspective.
Barbara: I’m ultimately responsible for security compliance and preparation of internal and external reporting and audit. We operate in a lot of services for youths, seniors, for property development and property management. So, you would assume there are a lot of programs, federal programs, state programs, local programs, therefore, we do have a lot of compliance. We pass our annual audit, which is also very complex. Right now, we are preparing for it. We are non-profit, so there are also different tax implications. So we do internal audit, and we also have a lot of compliance with federal and state grants. I do prepare consultants for internal audit who would interview us and ensure that we have compliance before we go to external audit. We do have multiple audits for our property development facilities and properties, and we also have our corporate consolidated audit that will be due by March 15th. So, it is very complex function.
What types of compliance do you manage?
Kimberly: our team manage several different types of compliance. We manage tax compliance. For income tax, it’s outsourced to a tax firm, but we manage the review process and ensuring everything ties with our internal records. But from a state and local tax perspective, so we are based out of San Francisco, so there’s some San Francisco gross receipts, different types of local tax. We manage that in-house. We manage tax compliance. We don’t manage payroll tax actually; that’s housed in our People Ops and HR department at our specific business. We do manage financial reporting compliance, audit compliance, and then finally debt covenant compliance. That’s everything that falls within the finance and accounting purview. Our industry, we’re not FinTech technically and we’re not a hospital or anything like that. We don’t have any type of industry specific compliance that we’re managing. But I know that cybersecurity is a big one that we partner with on IT. We don’t manage it in the accounting and finance team, but we assist the IT and cybersecurity department for any online marketplace. Cybersecurity threats are something that’s really at the forefront right now.
Barbara: I previously managed a public IPO, but I felt it’s not easier here because of complexity. So of course we manage our financial internal control compliance. We do have to go through that audit, financial statements, the footnotes, very long audit opinion, similar to Form 10K. We do have consolidated financial statements with multiple subsidiaries, have to consolidate all those activities. So here in finance, we manage finance, accounting compliance, internal control compliance. Of course, mean, payroll and taxes, we co-manage it to gather with our HR function, working very closely on that. Because of complexity of the payroll, we do outsource it, and we also need to report by grant, by region. There is a lot of reporting on all this payroll. We outsource it to external payroll company which reports to me on payroll. I guess ultimately that payroll and tax compliance is on me as well. In addition to all that normal audit opinion, we have to comply with multiple federal state grants, local grants, they all end, get audited and reviewed by California federal government.
Please share how F&A collaborates with other departments on security and compliance?
Kimberly: Finance and Accounting collaborates with every department at WAG, because financial statement compliance, you have to really understand how the business works. So, that involves walkthroughs with the department to understand their flow of data, to make sure you can create processes that follow GAAP by really understanding what the business does. I’ll just preface it by, we talk to everyone about compliance, but some of the key things that we do with legal, we collaborate on contract terms. And then also from a legal perspective, when we have open litigations, we collaborate with legal to determine whether those are probable and estimable and whether or not they need to go into the Gap Financial Statements. I would say contract compliance and financial statement compliance are both something that we collaborate a lot with the legal department on. For IT, we kind of split it into IT. We have IT “slash” cybersecurity. That’s one side. And then we have engineering on the other side for our actual platform. I would say our cybersecurity compliance that we collaborate on is more from a high level, the threats from the outside, people hacking into the platform itself, getting user data, making sure that we have a robust cybersecurity policy in place that complies with the SEC rules, all of that, work with cybersecurity on that. From the engineering side, there’s also threats of individuals that want to commit fraud on the platform. So, it’s not necessarily like a hacker, but it’s individuals that are trying to gain the system.
Barbara: In finance, we need to collaborate with every single department. We have a lot of programs and they almost function like different companies. We collaborate with all of them, and it is exceptionally important because finance and accounting is reflection of all those operations. In order to reflect them right and implement right systems for grant management, appropriately finance them, we have to be in collaboration with every single department. Specifically, very closely with the work with IT because we have to automate. With HR, we work like hands by hands. Right now, I’m hiring for a lot of new roles in my finance function. I develop and people evaluation. It is very complex function. And I work very closely with the president, the chief operating officer who is responsible, who knows all that brilliant knowledge of all those complex programs and constantly advising us in finance, how is finance we could best serve all those programs on grant compliance and on operational management.
What are your top tips for effective F&A security and/or compliance?
- You really need to truly understand where the risks are at in the business.
- Business changes: this kind of plays into the first one but depending on what business you’re in and how quickly the business is changing, you may need to evaluate your compliance more often than annually.
- Automate where you can so that you can spend your time on the judgment controls, like the management review controls, that need judgment and assessment.
- Your internal talent is very important. So, people for me, I mean, my team is number one. I do everything to make them happy because when you have strong great finance function, so people first.
How does automation, including AI, support F&A security and/or compliance?
To view this question and learn more about securing financial operations, view the complete webcast here.
ABOUT OUR SPONSOR:
BILL is a leading financial operations platform for small and midsize businesses. BILL automates the future of finance so businesses can thrive. BILL’s integrated platform helps businesses to more efficiently control payables, receivables, spend and expense management. Hundreds of thousands of businesses rely on BILL’s proprietary member network of millions to pay or get paid faster. Headquartered in San Jose, California, BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. For more information, visit bill.com.
