3 Statutory Reporting Risks CFOs and Controllers Need to Know

3 Statutory Reporting Risks CFOs and Controllers Need to Know
30 July 2019

Statutory reporting and compliance remains a core competency of corporate reporting teams the world over. CFOs and controllers of major multinational corporations must place a great deal of trust in their local entities to understand and uphold their statutory reporting responsibilities.

But in an era of rapid technology development, the management of statutory reporting remains somewhat unchanged. Many teams still pass data back and forth in unsecured spreadsheets using an equally unsecured channel like email, unbeknownst to finance leaders.

Manual processes can also lead to mistakes, missed Companies Office filing dates or Corporate Tax submissions deadlines and misinterpretation of Companies Acts disclosures—which can have serious consequences for the controller. For that reason, statutory reporting remains at the heart of controllership responsibility.

Statutory controllers are increasingly challenged to keep up with the pace of technology along with more progressive, data-driven regulation from accounting watchdogs and agencies. Failing to do so can raise very substantial (if long overlooked) risks to the company and its brand.

Statutory reporting demands grow

Statutory reporting is the mandatory submission of both financial and nonfinancial corporate information to various federal, regional, state or local agencies. Some of those reports are companywide, while others are for a single entity.

The most common statutory reports are annual financial statements, securities regulatory filings and a plethora of different documents required by government offices enforcing anything from fair labour to environmental laws.

Statutory reporting has become very time-intensive thanks to overlapping regulations amongst different jurisdictions that seem to constantly change. Not many companies manage their statutory reporting with an ERP system, which means data is commonly siloed in different departments. This has resulted in increased data-driven controls and disclosure management within the statutory reporting cycle.

The inherent risks in decentralised statutory reporting

With so much accountability to so many regulators, the sheer quantity of global statutory reporting responsibilities reveals several sources of risk that are material to CFOs and controllers.

Risk 1: Growing transparency directives are driving increased public interest and oversight

Types of potential risk: Reputational, taxation, compliance

It is a critical part of the finance leader’s job to help the company optimise tax management within the laws and regulations of each market. Conversely, politicians, regulators, activists and citizens around the world are often convinced that global corporations are avoiding their legitimate fair share of taxes. The company may be inadvertently trading tax savings for a badly tarnished global reputation.

Being labelled a tax dodger hits the company name and brand at the group level, not the individual entity level. CFOs need to make sure it appears the company is at least trying to pay taxes as expected.

Otherwise, even a hint of suspicion about violations of tax laws can be enough to launch painstaking government scrutiny. And, never forget—agency reporting fines can be significant.

Risk 2: Globalisation of corporate reporting teams takes focus off local compliance

Types of potential risk: Compliance, reputational, political

No one would question that it is extremely challenging to maintain oversight over 1,000 different operations. But, if the CFO or controller lets staff operate unchecked and on their own in too many arenas, then problems in statutory reports could be the start of far greater problems hiding down the line.

A group controller who is not following the activities of local accounting teams likely has clouded vision of statutory reporting and the operation on the whole. Is it a sign that trouble is being masked elsewhere? Fines could be the least of their issues, and there could be even bigger risks faced at the corporate level.

Chief accounting officers are on the hook for ensuring local GAAP and local statutory reporting compliance is maintained in their markets. With global accounting teams sometimes serving 100+ countries, controllers are tasked with finding ways to unify widely distributed staff with highly specific local entity compliance.

Risk 3: A statutory report unintentionally puts the company in an unflattering light on a sensitive nonfinancial issue, conflicting with the brand and messaging

Types of potential risk: Reputational, compliance, legal, political

Suppose a vital part of your corporation’s brand is equal opportunities and advancement for women and ethical environmental compliance. Then, suppose that one of your statutory reports (one that the group finance office did not review) shows a substantial gender pay gap or lists major fines for pollution. This is the kind of disconnect and conflicting information that can suddenly turn into a larger corporate issue.

The C-suite could be taken completely off guard by the resulting bad press. The finance office missed opportunities to help the company shape its message and prepare for public reaction.

Centralising statutory reporting in the cloud reduces risk

Clearly, global statutory reporting is a duty that group finance leaders must take seriously, actively manage and increasingly centralise. Trying to manage it locally, independently and via spreadsheets, emails and other disconnected tools is inherently risky. Fortunately, the shift to centralised, secure, cloud-based reporting platforms has emerged to help controllers mitigate those risks.

Cloud solutions like the Workiva reporting platform are ideally situated to help CFOs and controllers centrally manage entity-level statutory reports and actively oversee them going forward. Company staff can create and collaborate on both financial documents, and financial and nonfinancial statutory reports, in real time—with a security level that working with data from local servers shared across desktop spreadsheets simply cannot match.

Engagement with external auditors is managed in real time, and they can securely access all the documentation they need—instead of piecemeal collection efforts emailed back and forth.

Supervisors can track report creation and enforce version control with a full audit trail. They can immediately identify high-risk and/or noncompliant disclosures and which local employee added it.

Central oversight is increased by assigning varying amounts of access, input and review controls to both local and regional offices responsible for entity reporting. For example, if local staff have been erroneously altering information, then they can be limited to specific sections or datasets.

Group finance executives can monitor multiple dashboards to simultaneously track creation of reports, submission status and their deadlines in local country markets.

Tasked with mitigating the risks explained in this blog, CFOs and controllers should be able to recognise the rising importance of centralising their global statutory reporting. Even if you continue to let regional and local offices manage their own compliance, you would sleep better knowing everyone is working from the same connected data and with the same connected tools in this era of oversight.

Andie Wood

About the author

Andie’s main area of interest is the role of technology and data in the future of corporate reporting. She is an experienced data and semantic modeller and has been working with XBRL for over 15 years. Andie is co-chair of the Entity-Specific Disclosure Task Force, a member of a number of other XBRL International task forces and a member of the FASB Dimension Modelling Working Group. Prior to her role with Workiva, Andie spent five years at the IASB working on the IFRS Taxonomy and technology in corporate reporting. Andie has a degree in biological sciences from St Catherine’s College, Oxford.