{"id":6703,"date":"2022-06-02T14:00:37","date_gmt":"2022-06-02T14:00:37","guid":{"rendered":"https:\/\/www.trintech.com\/creating-best-in-class-risk-management-in-the-digital-age\/"},"modified":"2025-07-04T12:09:43","modified_gmt":"2025-07-04T12:09:43","slug":"creating-best-in-class-risk-management-in-the-digital-age","status":"publish","type":"post","link":"https:\/\/www.trintech.com\/blog\/creating-best-in-class-risk-management-in-the-digital-age\/","title":{"rendered":"Creating Best-in-Class Risk Management in the Digital Age"},"content":{"rendered":"<div  class=\"resource-hero-block alignfull\" >\n\t<div class=\"maybe-wrapper\">\n        <div class=\"hero-top\">\n            <div class=\"hero-title\">\n                <h1>Creating Best-in-Class Risk Management in the Digital Age<\/h1>\n                <p class=\"type\">Blog post<\/p>\n                            <\/div>\n            <div class=\"hero-share\">\n                <h2>Share<\/h2>\n                <div class=\"socials\">\n  <a class=\"email\" href=\"mailto:?subject=Creating+Best-in-Class+Risk+Management+in+the+Digital+Age&#038;body=https%3A%2F%2Fwww.trintech.com%2Fblog%2Fcreating-best-in-class-risk-management-in-the-digital-age%2F\">\n    <span class=\"screen-reader-text\">Email<\/span><span class=\"icon icon-mail\"><\/span>\n  <\/a>\n  <a href=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fwww.trintech.com%2Fblog%2Fcreating-best-in-class-risk-management-in-the-digital-age%2F\" target=\"_blank\"><span class=\"screen-reader-text\">Twitter<\/span><span class=\"icon icon-x\"><\/span><\/a>\n  <a href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.trintech.com%2Fblog%2Fcreating-best-in-class-risk-management-in-the-digital-age%2F\" target=\"_blank\"><span class=\"screen-reader-text\">Facebook<\/span><span class=\"icon icon-facebook\"><\/span><\/a>\n  <a href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fwww.trintech.com%2Fblog%2Fcreating-best-in-class-risk-management-in-the-digital-age%2F\" target=\"_blank\"><span class=\"screen-reader-text\">Linkedin<\/span><span class=\"icon icon-linkedin\"><\/span><\/a>\n<\/div>            <\/div>\n        <\/div>\n\n        \n\t<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>CadencyDirect\u00ae<\/strong><strong>&nbsp;on the Now<\/strong><strong> Platform<\/strong><strong>\u00ae Automatically Exposes Information and Updates GRC Teams for Critical Journal Entry Controls<\/strong><\/h2>\n\n\n\n<p>Cynthia Cooper is a name most corporate accountants today know quite well, though certainly not 20 years ago. Back then, Cynthia Cooper was simply the head of an internal audit department for one of the telecom giants of the day. However, that changed after Cynthia Cooper and her team discovered various signs of financial fraud \u2013 from shifting expense categories to flat-out false categorization of capital expenses. When the same personnel who enabled the fraud told her to drop it, Cynthia Cooper blew the whistle to the SEC instead.<\/p>\n\n\n\n<p>Read on to discover more about:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#lessons-learned\">How Cynthia Cooper and her team detected accounting fraud and the resulting reforms<\/a><\/li>\n\n\n\n<li><a href=\"#identifying-risk\">Why the detection and prevention of frauds in accounting didn\u2019t happen sooner<\/a><\/li>\n\n\n\n<li><a href=\"#real-time-id\">How powerful Journal Entry software can stop fraud before it happens<\/a><\/li>\n<\/ul>\n\n\n\n<p>The telecom giant was, of course, WorldCom. The resulting SEC investigation uncovered $11 Billion in overstated assets, <a href=\"https:\/\/www.sc.edu\/about\/offices_and_divisions\/audit_and_advisory_services\/about\/news\/2021\/worldcom_scandal.php\" target=\"_blank\" rel=\"noopener\">stemming from the $3.9 Billion<\/a> Cooper\u2019s team uncovered, becoming at that time the largest case of corporate accounting fraud in history. This led to the SEC charging WorldCom with civil fraud, eventually reaching a $2.25 billion settlement.<\/p>\n\n\n\n<p>Several executives and the CEO were indicted on charges of securities fraud, conspiracy, and filing false documents with regulators. WorldCom filed for Chapter 11 bankruptcy, and what remained of the once-mighty corporation was eventually purchased by Verizon in 2006. This would also propel Cynthia Cooper to the ranks of Sherron Watkins, of Enron, and others in accounting fame. Named one of Time Magazine\u2019s Persons of the Year in 2002, Cynthia Cooper became a beacon of responsible accountancy.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em><strong>I\u2019m not a hero. I\u2019m just doing my job. <\/strong>\u2013 Cynthia Cooper<\/em><\/p>\n<\/blockquote>\n\n\n\n<p>Cooper\u2019s brave actions, and those of many others, in the wake of increasing accountancy fraud in the early 2000s (Enron, WorldCom, Tyco International, and more) was the tipping point in the creation of the <a href=\"https:\/\/www.law.cornell.edu\/wex\/sarbanes-oxley_act\" target=\"_blank\" rel=\"noopener\">Sarbanes-Oxley Act<\/a> (SOX), which has guided financial controls for <a href=\"https:\/\/www.trintech.com\/blog\/sox-compliance-requirements-benefit-cfos\/\" target=\"_blank\" rel=\"noopener\">the last two decades<\/a>. Among its many provisions, SOX compliance requirements set the standard for auditor independence and financial disclosures.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"lessons-learned\"><strong>Lessons Learned \u2013 Managing Journal Entry Risk through Testing<\/strong><\/h3>\n\n\n\n<p>Twenty years and multiple massive financial reforms later, one might ask the question: how did Cooper\u2019s team discover and validate the issue in the first place? One of the biggest red flags was the discovery of a round $500 Million debit to a PP&amp;E account that set off an audit &amp; exploration chain that would eventually lay the fraud bare. But this initial discovery would not have been made without the use of consolidation digital tools, which were not as common 20 years ago as they are today.<\/p>\n\n\n\n<p>Gene Morse was a key member of Cynthia Cooper\u2019s team, and the person who initially discovered the red flag debit. But how?&nbsp; Morse was an auditor with a knack and fondness for technology, which he realized he\u2019d need to use to dive into problem identification and patterns. Years after the WorldCom scandal, Morse laid out <a href=\"https:\/\/www.journalofaccountancy.com\/issues\/2007\/jul\/ariskbasedapproachtojournalentrytesting.html\" target=\"_blank\" rel=\"noopener\">his story to the Journal of Accountancy<\/a> \u2013 but even more importantly, what today\u2019s accountants and auditors can learn from it. Ultimately, Morse says, it\u2019s about <a href=\"https:\/\/www.trintech.com\/blog\/material-weakness-internal-controls-over-financial-reporting\/\" target=\"_blank\" rel=\"noopener\">information access<\/a>.<\/p>\n\n\n\n<p>Morse had to fight to get access to the information across the enterprise, on both sides of the transaction, and was forced to use home-grown tools and late nights running massive queries: all intensive manual efforts, prone to manual error, and requiring intense time commitments to see through.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em><strong>Information is power. It\u2019s ridiculous for the auditor &#8230; to not have complete access to the raw data.<\/strong>&nbsp;\u2013 Gene Morse<\/em><\/p>\n<\/blockquote>\n\n\n\n<p>While praising the benefits of technology used in his discovery, Morse also lamented the desire for stronger computer-assisted audit tools (CAATs) to take the effort and error out of the audit process. From his perspective, discovering high-risk Journal Entries and patterns is a challenge, one that digital tools can alleviate. In the end \u2013 it comes down to testing.<\/p>\n\n\n\n<p>The governance for fraud examination in financial statements, <a href=\"https:\/\/us.aicpa.org\/content\/dam\/aicpa\/research\/standards\/auditattest\/downloadabledocuments\/au-00316.pdf\" target=\"_blank\" rel=\"noopener\">outlined in SAS no. 99<\/a>, stresses the importance of complete understanding and testing of journal entries and adjustments, as this is a principal shelter for financial fraud. SAS no. 99 was followed by <a href=\"https:\/\/us.aicpa.org\/content\/dam\/aicpa\/interestareas\/centerforauditquality\/resources\/caqauditlibrary\/downloadabledocuments\/caq-practice-aid-for-testing-journal-entries.pdf\" target=\"_blank\" rel=\"noopener\">AICPA Practice Alert 2003-02<\/a>, which delved deeply into how best to implement these guidelines. But more importantly, this practice alert provided actual tests to be completed and a specific encouragement of the use of computer-assisted audit tools (CAATs) to improve test effectiveness.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.journalofaccountancy.com\/issues\/2007\/jul\/ariskbasedapproachtojournalentrytesting.html\" target=\"_blank\" rel=\"noopener\">Richard B Lanza and Scott Gilbert note<\/a> the need for journal entry testing and data analysis based on SAS no. 99 and AICPA Practice Alert 2003-02. But also, such testing should consider three primary things:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The top-side journal entry is the most susceptible to fraud by management override.<\/li>\n\n\n\n<li>The most frequent types of management fraud involve fictitious or premature revenue recognition.<\/li>\n\n\n\n<li>Automated testing cannot replace a skilled auditor or fraud examiner knowledgeable of SOX compliance requirements. But what it can do well is direct the auditor to focus his or her energies on the highest-risk journal entries culled from the full data, rather than a random sample.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.trintech.com\/wp-content\/uploads\/2023\/01\/Detection-and-Prevention-of-Frauds-in-Auditing-1.jpg\" alt=\"Detection and Prevention of Frauds in Auditing is Far More Difficult with Manual Processes in Place\" class=\"wp-image-30335\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"identifying-risk\"><strong>Identifying Risk \u2013 Making Journal Entry Testing Efficient and Accurate<\/strong><\/h3>\n\n\n\n<p>While it\u2019s true that auditors and fraud examiners could use manual means to review the general ledger, this generally proves quite ineffective given the breadth of the ledger and the limitations of manual analysis \u2013 as Gene Morse might well attest. This is not to say that manual means are ineffective, because a person\u2019s judgment when reviewing entries is still very valuable; but relying heavily on manual means is simply not the most effective approach.<\/p>\n\n\n\n<p>As highlighted in Practice Alert 2003-02, \u201cJournal Entries and other adjustments oftentimes exist only in electronic form, which requires extraction of the desired data for any quality analysis. In an IT environment, it may be necessary for the auditor to employ CAATs \u2026 to identify the journal entries and other adjustments to be tested.\u201d In other words, automated and digital tools are at their best when identifying and calling out potentially risky transactions and journals \u2013 and then relying on the practiced eye of the auditor to review them.<\/p>\n\n\n\n<p>Focusing the auditor\u2019s time where it needs to be \u2013 instead of \u201ceverywhere all at once\u201d \u2013 is where digital tools in the Financial Close process shine. Such automation leads to faster and more accurate Financial Reports, which are <a href=\"https:\/\/www.trintech.com\/blog\/overcome-poor-financial-controls-audit-preparedness\/\" target=\"_blank\" rel=\"noopener\">critical to a business&#8217;s success and risk management<\/a>. Automate what you can, and use the same automation capability that is streamlining your overall Financial Close to also focus and highlight those areas of risk that require manual scrutiny.<\/p>\n\n\n\n<p>With SOX compliance requirements at the forefront of most major companies\u2019 auditing concerns, the reporting and accountability incumbent on the Office of Finance is greater than ever. Declan Tyrrell of Oracle <a href=\"https:\/\/blogs.oracle.com\/modernfinance\/post\/from-steward-to-strategist-the-new-role-of-the-cfo?source=:em:nw:mt::RC_PDMK180325P00013:SEV100759357\" target=\"_blank\" rel=\"noopener\">notes the criticality<\/a> of automation in the close, but also the intensive time the Office of Finance continues to spend simply managing data and getting it out for reporting. Ultimately, this means that the same impartially managed (and auditable) automated system of controls that helps ensure accurate reports also ensures the right testing is occurring when it needs to.<\/p>\n\n\n\n<p>So, we know we need to automate. And we know that various digital tools can serve as CAATs to help focus on top-side journals and entries with unusual risk patterns. Reports are a must. But does that testing need to continue to rely on the reports, first? Does the complex financial close data that is consolidated and made available to the Risk and Compliance teams need to happen at the end of the period? Or could Gene Morse and the rest of Cynthia Cooper\u2019s team have discovered risky journals the moment they posted?<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.trintech.com\/wp-content\/uploads\/2023\/01\/Detection-and-Prevention-of-Frauds-in-Auditing-2.jpg\" alt=\"CadencyDirect is An Automated Solution for the Detection and Prevention of Frauds in Auditing\" class=\"wp-image-30336\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"real-time-id\"><strong>Real-Time Risk Identification \u2013 Automatic Risk Analysis and Audit at the Source<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.trintech.com\/cadencydirect\/\" target=\"_blank\" rel=\"noopener\">CadencyDirect<\/a>\u00ae by Trintech, available on the ServiceNow\u00ae platform, leverages the power of ServiceNow\u00ae to link the Journal Entry process to the broader enterprise. Teams like Governance, Risk, and Compliance (GRC) can make use of automated workflows based on the creation or posting of high-risk journal entries the moment they happen, not when the period-end reporting is complete.<\/p>\n\n\n\n<p>Journal Entries processed by Office of Finance users in CadencyDirect\u2019s system of SMART Automation with <a href=\"https:\/\/www.trintech.com\/blog\/smart-rpa-is-risk-intelligent-rpa\/\" target=\"_blank\" rel=\"noopener\">Risk-Intelligent RPA<\/a> can directly trigger GRC workflows within ServiceNow. For example, a top-side Journal Entry has just posted, with a dollar amount well above the risk threshold for the expense category. As the Office of Finance works through that Journal Entry and any corresponding Close Tasks, ServiceNow immediately registers the specific Journal Entry in real-time, and automatically creates a workflow notification to GRC to begin manual review of the top-side entry from the practiced eye of the risk specialist.<\/p>\n\n\n\n<p>Within the <a href=\"https:\/\/www.servicenow.com\/now-platform.html\" target=\"_blank\" rel=\"noopener\">Now Platform<\/a>\u00ae, CadencyDirect allows risk managers and SOX compliance requirements SMEs in the enterprise to configure their own test parameters for Journal Entries, able to be modified or adjusted ad-hoc to accommodate new directives or evolving practices. Without risking the system of controls, or waiting on period-end reports, GRC teams can configure instant notification of risky transactions with the full details of the Journal Entry securely transmitted to them via the Now Platform\u00ae.<\/p>\n\n\n\n<p>Driving best-practice processes for managing your financial risk in a standardized platform that is shared across all other departments in the enterprise that also leverage ServiceNow\u00ae for workflows reduces training time and consolidates GRC efforts to both financial and non-financial concerns.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.trintech.com\/blog\/built-on-now-digital-workflows-finance\/\" target=\"_blank\" rel=\"noopener\">As the only native Built on Now\u00ae app for the financial close<\/a>, CadencyDirect enables ServiceNow\u00ae customers to leverage the same process management capabilities they\u2019ve come to trust in the industry leader for workflow. With <a href=\"https:\/\/www.trintech.com\/cadencydirect\/\" target=\"_blank\" rel=\"noopener\">CadencyDirect<\/a> on the Now Platform\u00ae, your company can achieve the increased efficiency, reduced cost, and reduced risk of a true enterprise-level automated financial close solution.<\/p>\n\n\n\n<p>To learn more about <a href=\"https:\/\/www.trintech.com\/cadencydirect\/\" target=\"_blank\" rel=\"noopener\">CadencyDirect<\/a> \u2014 whether you are a current ServiceNow\u00ae user focusing on finance function transformation or are just beginning your digital transformation journey \u2014 <a href=\"https:\/\/www.trintech.com\/brochure\/cadencydirect\/\" target=\"_blank\" rel=\"noopener\">download the solution brief<\/a>.<\/p>\n\n\n\n<p><strong>Written by: <\/strong><em>Christopher Witt, Director of Product Management for CadencyDirect<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CadencyDirect\u00ae&nbsp;on the Now Platform\u00ae Automatically Exposes Information and Updates GRC Teams for Critical Journal Entry Controls Cynthia Cooper is a name most corporate accountants today know quite well, though certainly not 20 years ago. Back then, Cynthia Cooper was simply the head of an internal audit department for one of the telecom giants of the day. However, that changed after Cynthia Cooper and her team discovered various signs of financial fraud \u2013 from shifting expense categories to flat-out false categorization of capital expenses. When the same personnel who enabled the fraud told her to drop it, Cynthia Cooper blew the whistle to the SEC instead. Read on to discover more &hellip;<\/p>\n","protected":false},"author":23,"featured_media":6708,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false},"categories":[621],"tags":[167,128,130,92],"topic":[],"product":[146],"class_list":["post-6703","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-cadency-direct","tag-compliance-and-controls","tag-journal-entry","tag-risk-management","content-type-article-thought-leadership","product-cadencydirect"],"acf":[],"lang":"en","translations":{"en":6703},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/posts\/6703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/comments?post=6703"}],"version-history":[{"count":0,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/posts\/6703\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/media\/6708"}],"wp:attachment":[{"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/media?parent=6703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/categories?post=6703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/tags?post=6703"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/topic?post=6703"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.trintech.com\/wp-json\/wp\/v2\/product?post=6703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}