Assisting a Fintech Leader with its Internal Control Framework

October 2022

A fintech leader with multiple subsidiaries operating in the institutional, wholesale, and retail sectors. Each of the client’s operating business sectors is supported by a unique IT infrastructure with different clientele of different revenue streams and no existing process documentation. There was no global process that governs each sector in the conduct of its business.
 

BDO Services

Following its IPO, the company hired BDO to evaluate the design of its internal control framework and determine its readiness to comply with SOX. Management required assistance in determining the root causes of all audit findings to ensure sufficient controls existed that would prevent or detect similar occurrence in the future and in testing of controls that are part of their SOC 1 and SOC 2 audits.

BDO provided a risk-based approach and applied SOX knowledge and established internal control assessment methodologies. The BDO Team:
  • Worked with process owners to draft the process flow via narratives and flowcharts.
  • Identified and documented the controls, risks and assertions via control matrices.
  • Assessed the design through walkthroughs and its effectiveness through testing of transactions.
  • Identified design and operating gaps.
  • Provided remediation and process improvement recommendations, shared best practices, and worked with the process owners in its implementation.
 

Client Benefit & Result

The BDO team improved the company’s process for assessing internal controls over financial reporting. The team:
  • Trained the client’s various finance and business teams on SOX documentation and reporting procedures.
  • Assisted the company in educating management on the SOX process, their involvement, and accountability for their controls.
The new process provided the external auditors with comfort over management’s role in assessing internal controls over financial reporting. At the end of the year, the company had no material weaknesses and was deemed ready to comply with SOX requirements moving forward.