Continuous Auditing and Continuous Monitoring in O2C: From Idea to Implementation Using Technology

[0:02] Mariana R Costa:

Hello, everyone, thank you for coming to my session today. So I know that everyone is a little bit tired because Thursday so I will try to give a more dynamic presentation. So if you have any questions you can do it during the presentation, so I think it’s more fun. Okay, so we’re gonna start talking about continuous audit and continuous monitoring in O2C and they’re gonna split by a process like credit management collections and cash application and dispute management. So, also is a process that I believe that all companies go through and mailing the bigger companies and multinationals and etc. And it’s like a painful process for most everyone. I think so. So but there are ways that we can make it easier and better. So imagine nowadays you have to control all your processes, all your customer documentation with paper not in the system, how long it is gonna take to find the information, how many mistakes you can find during this process and how we can deal with that with the auditor. So, and now saying that what is continuous auditing? Continuous audit, it’s collecting some evidence of your process and checking regularly if you have any issue or if you have any mistake therein AR, that you need to fix and how you can fix that. And continuous monitoring is a process that you can review your process, control your system and control what your team is doing, not control people but control what is going on in the system like credit limits, customer payments, disputes and etc. Make sure that everything’s fine according to policies and then according to any compliance.

[2:02] Mariana R Costa:

The benefit is to make, you can find or you can be productive, finding mistakes or finding errors in your process, finding gaps or issues and etc. You can be clearer to the old information and greater visibility in the process and mailing for example, in multinational companies that you have to do to report information to the headquarter, so it’s making our life easier. Let’s say that. So, why we have to do that? We have to do that to avoid legal implications and if you want to globalize your process, either you can do that if you have a good system and a good process, you can control, you can improve your accountability, you can avoid fees or taxes, higher taxes, if it happens to depend on the country. You can improve your system and maybe you can have a better cash flow, better right to your investments.

[3:16] Mariana R Costa:

So what is the challenge hear in O2C, let’s talk about big companies that you have, a big team of credit and collection and account receivables and you have to talk about a whole process? So, you have to analyze the credit limit of the customer, you have to release sales orders, you have to receive payments, apply the cash and you have to collect when the customer is not paying. You have to control all the disputes that you can have with the customer, credit notes related to market and finance or rebates and etc. and how we can do it. If you have other processes split by area and a lot of people, each one doing their process and how you can control that. So, when we look at credit and collections you can see how important is the area for the company and how complex is the process and how it affects the cash flow of the company.

[4:25] Mariana R Costa:

So I think we will have a lot of challenges here. So, starting for credits management, imagine if you have the auditor in your company and they ask you about how you can define a credit limit to a customer and how you can explain to the auditor what is your process and policies and etc to do that. So this is an illustrative dashboard, but let’s see if you have all the history of the customer in the system, you have the latest financial statements, you have the payment history, you have the credit utilization entering the system, you have risk alerts, for example, if you have credit agents in your country, normally everyone has and there is a global credit agency and you have local also and you can control what the customer has problem with! if it has a problem with the market so pay their suppliers or if it has some issues and if you have history about their promise to pay and for example if the customer has some debts and then, he said I will pay debts that date or I will stop paying my bills but I have a problem I have an issue so I pay with delay and etc. and you have all the information registered in the system. If the customer did the payment It will be okay if not, we have to understand what’s going on. But when you have described too late and all this information in the system, you can explain the history of your customer to the auditor.

So for example, once we have a problem, I can give an example by myself, once you have a problem with billing an invoice to the customer, and the due date was wrong in the invoice so the customer said I should be in a long term and you give me the invoice with a short term. So I won’t be in the short term. It’s our internal mistakes so we need to organize it to the customer and say okay, you don’t need to pay in the short term you’re gonna paying long term and we won’t charge interest of you. But the system doesn’t register this conversation, the system register the due date that we have there and the date that the customer pays so for this system seems like the customer pay late but you will have an option in the system that you can put the information, it’s a qualitative information used to say about the payment behavior of the customer. So I can say that we build this invoice wrong so the due date is not correct, the right date is this one so the customer gonna pain this date if the customer right paying the right date so it will be okay. And now we can register that made this the system register this delayed payment, but you can explain what happened that it was an issue system and etc.

[7:36] Mariana R Costa:

So I can show to the auditor, that I am not doing anything wrong. I am not giving a credit limit to a customer that has debts with me, with the company and just make a mistake, internal mistakes, systems mistakes doesn’t matter and that’s why we’re giving this special condition to the customer and that’s why the system is receiving wrong so and I think that everyone has some exceptions in their process and etc. But it’s important to control our exceptions too because if you have too many exceptions, you probably have something wrong with your policy. So we have to review your policies. So, I like this dashboard and this system because I can control everything that we are doing to the customer, credit limits, the zeros are releasing the payment history and etc. So and also the risk in the presentations, there are no presentations and disputes and etc. So it’s easy to control the process and show the auditor that we are in compliance with the whole process. So and what’s going on if you have a customer that you approve credit limit but the person who approved it was an analyst is not the manager and the credit limits. It’s above, it is beyond the DOA, the delegation of authority of this analyst, how we can explain that.

[9:18] Mariana R Costa:

So in our case in Syngenta and other companies that I’ve worked for, we have this workflow inside the system. So in your workflow, I can put the delegation of authority of each person, the credit analyst, the supervisor, the manager, the director, so an analyst cannot approve our credits limit that is not in their delegation. So the workflow we’re gonna move to another approver. Before it concludes in this system, but when you don’t have this workflow, it could happen that someone that doesn’t have the authority to do that approve a credit limit beyond their authority. So and this is a risk for an outsider because they want to say that you are not in compliance and how you can control it. If you have a dashboard of all information of a customer and you have a report saying that all the credits to limits you had approved in the system and who approved that and who are dispersed as analyst or credit or manager or supervisor and etc. You can control the whole process. So this workflow approval for me, it’s one of the most important things that we have in the system to control this risk. And then you can have a report to check if the information is okay if you have any issue in the system and etc. But normally when you have a workflow approval, very defined and in the very parameterizing set up in the system, you don’t have issues with that. And talking about collections and sorry, and cash application. For example, I will give an example that I have in my company. Also in Syngenta we have some group of customers, but I have the customer A customer B and customer C. If I look them separately I don’t know that there is a group name of them is not related and they are not headquarters and brains but they are group of companies and I know that because they have contract they have the same partnership in the company and we have a history with this customer. But when I receive money from customer A saying that he’s paying an invoice for customer B, should I can apply this cash or transfer this cash from Customer A to customer B and apply this invoice.

[9:24] Mariana R Costa:

What do you think about it? No? Anyone else willing to try to answer?

[12:15] Mariana R Costa:

So in Brazil, we cannot do that. It’s not allowed even if they are a group of companies. If they want to do that I need first a letter confirming the date they are group and they are going to pay the invoice for one to each other so and when we receive a payment from customer A, we are located this payment in customer A accounts receivables. If the customer says no I pay in one invoice for customer B and one invoice for customer C, he needs to send me a letter describing this information signed it and register to prove that he’s paying these invoices and then I can transfer the money and apply the cash because if the auditor arriving resiliency that why you apply a cash from customer A and customer B and customers C invoice, I need to explain, and I need this documentation to prove that. But imagine how much we have it. For example, Syngenta has more than 3000 customers and I don’t know how much of them their groups but we have a lot. Imagine if I have to save this paper in a place and try to show to the auditor that I receive a paper last year and the customer told me that he paid his invoice for another one and etc. So normally we digitalize everything and put in the system and register all the information there to make sure because we probably won’t remember when the auditor arrived and we put it in the system and show it to the auditor when he arrived at the company. So I made this process because I received this letter from the customer explaining what he paid and etc and normally we have all this information, we receive all this information from the customer, what kind of cash we can apply to the invoice but some of them are by mail order by call and etc but in a situation like that, that we have a group different people paying from different voice for other groups and other companies and etc. I need this letter and resistor in booting the system to make sure that I am in compliance.

[14:40] Mariana R Costa:

And another situation that we have in our company is I have two business distinction. One is corporate action and another one is seeds and I have customers that buy from both and the customer buys just for one and the customer that by crop protection and also seeds. They have different bank accounts to pay the invoices because the system is split by company code so and also if the customer says to me, I bought from Syngenta , it doesn’t matter the product and etc, I just pay once I don’t want to make two payments so I pay once and you have to apply the cash-in, invoice of seeds and crop protection in this way. And I said okay, but it’s almost the same situation of the group, I cannot just split the money the way I want and apply the cash in the system. I need the customer to send me a letter or an email confirming all the information he paid, then all the invoices that he paid. So, I have this internal process to transfer the money from one company to another company and then I can apply the cash and the collector person analyst should register all the information in the system, because after while we are gonna forgot what happened and etc, but when you see in the system and can see everything there.

So normally we used to have this process like, we use this continual monitoring to improve our process to be more productive with our issues, our gap our possible issues that we can have with other auditors, so you try to control them. So normally we do like this monitoring every month and like a mini auditor every three months to make sure that we are in compliance and we are fine. And sometimes we find an issue and the auditor arrives and he said okay, you have a decision and I can say yes, I have a decision but I know that you’re treating the decision to do that or doing that or correcting the system or changing the process and etc. But in our way, we know that we have the issue and retry to fix that to not have it anymore. So, I think this is the main function of this monitoring process. And in case of dispute, so, we have a lot of types of disputes and we have disputes related to rebates, we have disputes related to finance topics, we have disputes related to returns or damaged products and etc.

[17:35] Mariana R Costa:

It depends on the dispute. We have a lot of people involved in different areas and etc. So here’s the one most important thing that we have is the workflow in the system. So if I have a dispute related to rebates, the dispute should start with a marketing analyst and then be approved by the manager, marketing manager, sales manager, then financial manager. And we can monitor all the disputes in our report. So we can check independent of the type of dispute and people who approve it and amount if it’s according to the delegation of authority and etc and we also can control if the process is or everyone should be involved in the process is already moving the process and everyone has their delegation of authority in the system. So disputes are very complex because we are involved in a lot of people. And for example, if the customer says that I receive a product but the product is damaged, I don’t want it, I want to return to Syngenta. We have a process to check if it’s valid or not. If you’re going to generate the credit notes, the customer or not and everything, and everyone has to approve the process and etc. And it’s a slow process, actually. But it’s a very controlling process that we want to make sure that we are doing it right with the customer. Because it’s another point, if the auditors arrive at CNN say why this customer has so much credit notes, I need to explain why if it’s marketing, if relate to returns, if its financial, and discounts and why I’m giving financial discounts to them if it’s in compliance with our policy or not, and etc. So, it’s wide, this process also important and it’s important to put everyone involved in the process. And when you have this workflow in the system, you cannot do anything wrong because it’s very strict in the system and you have to do the process the way that it is.

[20:01] Mariana R Costa:

And for example when you have credit memo for the customer and we have something like I said, sometimes you have a dispute with the customer, that it takes so much time to validate this field and to generate the credit note and let suppose the auditor arrives and say that why you have this debt? This customer has debts with Syngenta and you don’t have the credit note but you’re still selling to the customer, the credit limit is valid, and what’s going on so this is something that we can explain to the auditor, why it’s going on why is the processes have stopped or is stuck at here and we do not stop selling to the customer. Because could be an internal issue or could be something that we couldn’t resolve with the customer and you still have process to do so, sometimes when you, for example, when you are delivering the product to the customer and the product doesn’t arrive until the customer have to check what’s going on with the truck, with the product will have to check what’s going on. And sometimes it takes much more time, then we want to do that, to need to check the process, and it takes more time to solve the problem and etc. And sometimes we need to activate the insurance company, and the insurance process is lower than and the process and customer process and etc. And sometimes it takes much more time than we need to solve everything. And the auditor could arrive and say what’s going on. It doesn’t make sense that it takes so much time, I don’t know how long six months for example to solve a problem like that.

[22:06] Mariana R Costa:

So I think I talked too much about the process and what’s going on, what we used to do to avoid issues or to be more productive. And just to say that how we can build everything, this should be aligned with our stakeholders. The stakeholder needs to see the benefits to have it and how it could affect positively our financial situation. And our reputation with auditors which we have, we need the IT involved within support the process because we need a good system with workflow reports and dashboards that we can control and see all the information and we need to check the information end to end process. Someone has to check to see the information and end-to-end process, for sure we have to trust our employees. And we have to make sure that they are properly trained and related, not just process but our policies to guarantee that they’re doing right. So I always say to my team that when you are doing something, and you have doubts, ask it to someone, to me or to someone that if everything fine or not, or if you have doubts, what you should do and etc. But just do it if you are sure that you are right, don’t do anything wrong. So even if you have pressure in daily activities, and etc. Let’s guarantee that we are doing the right thing and let’s read the policy now that it’s boring, it’s not easy to memorize everything but with Brexit, we can be better with that. And I really think that this whole process, it’s continuous, improvement.

So we have to think all the time that if you were doing right, if you’re doing better, or if it’s possible to do better, how we can automatize something or simplify the process to make sure that we are doing right, we are in compliance. And then guarantee that we are doing the best for the company. And, how system also could help us because it’s really true that the system could help us and we can do it, it can make our life easier, because we all have a lot of jobs and you have to control when you have to report the auditor and still have to monitor and controlling and etc. It seems too much. But if you have a good system it could help you and you have some controls in the system. Like the workflow, I said that you don’t need to check all the time. If you have a report, you can register all the operations, all the approvals, and etc. So it’s very easy to do that, it’s not something that I’m suggesting to make you work more or work harder or hire Mark people to do that. The system really could help us to do this process and guarantee that we are in compliance and doing the right thing and leave any fears leads to area credits, collections, and Disputes.

[25:28] Mariana R Costa:

So, I think that’s it. Does anyone have questions? Anyone want to compliment something or share some examples?

[25:41] Audience:

I have a microphone. Sorry. I think I missed the beginning. What system was this that you were doing this through?

[25:56] Mariana R Costa:

I use in Syngenta an FSCM SAP, we are trying to implement a BI report to have this dashboard. And I had implemented FSCM with HighRadius in the previous company that I worked at before Syngenta. But I think that if you have a good process, you can implement a system that we can do all the process there in the system and you can generate this control. As I said, the workflow, the reports, the dashboard, and you have to put the information that it’s important for you or for your company and how you can do that. Okay.

[26:44] Mariana R Costa:

Anyone else?

[26:51] Audience:

Alright, awesome. So thank you so much for sharing and speaking to us a round of applause for you.

[26:59] Mariana R Costa:

Thank you, everyone.