Financial Policy & Controls Setup
We design and implement the financial policies, controls framework, and governance structure your business needs — built into your actual processes, not layered on top of them as documents that nobody reads.
Controls that weren't designed for your current complexity won't hold as you scale. And they won't hold under investor scrutiny either.
Policies that don't reflect how the business operates
Financial policies were written at a different stage of the business. They reference structures, systems, and processes that have since changed. Compliance is nominal — because the policies don't map to current reality. When an auditor or investor asks to see them, everyone in the room knows it.
Audit findings that recur
The same control weaknesses surface in successive audits. Management responses are written. The cycle repeats. Recurring findings indicate a design problem — not an execution one — and signal to investors and acquirers that governance hasn't kept pace with the business.
Controls concentrated in people, not processes
Key financial controls depend on specific individuals — their knowledge, their diligence, their continued employment. When those individuals are unavailable or leave, the control doesn't operate. That's a governance risk that compounds with scale.
A controls framework that hasn't scaled with the group
Each acquisition or new entity adds financial flows, approval requirements, and reporting obligations. The controls framework has been patched, entity by entity, rather than extended systematically. The gaps are known — and they're growing.
What changes when we're done
From controls gaps to embedded framework in 16 weeks.
Controls Diagnostic
Current policies, controls, and authorization structures reviewed against your business structure, transaction flows, and audit history. Every gap, inconsistency, and design weakness identified before redesign begins.
Framework Design
Financial policy framework, controls design, and authorization matrix developed in collaboration with your CFO and finance leadership. Validated with internal audit or external auditors where relevant.
Documentation, Embedding & Training
Policies documented, controls embedded in processes, authorization matrix implemented. Finance team trained on new framework. Controls testing cycle initiated.
This service fits if
Recurring audit findings haven't been resolved
The same control weaknesses appear in successive audits. Management responses have been written but structural change hasn't followed. The findings are symptoms of a design problem — and they signal something to investors and acquirers that a management response doesn't fix.
The business has grown beyond its current controls framework
Acquisitions, new entities, or new business models have added financial complexity the existing controls framework wasn't designed to cover. The gaps are known — and they carry risk that compounds every quarter they're not addressed.
A new ownership structure or investor requires it
PE ownership, listed status, or new institutional investors bring governance expectations that require a documented, tested controls framework — not an informal one held together by the same people it's always depended on.
Key controls depend on specific individuals
Critical financial controls operate because specific people make them work each cycle. That's a concentration risk — and one that becomes visible at exactly the wrong moment.
A controls framework that holds under audit, scales with the group, and operates independently of individuals requires deliberate design. Patching an inadequate framework adds documentation without adding governance.
Controls that are designed into your processes hold. Controls that live in documents don't.
30 minutes. We'll assess where your controls framework stands and what a structured redesign would cover — and what it would remove from your audit exposure.
What CFOs ask before they engage
How does this relate to our external audit?
We design the controls framework in alignment with your external audit requirements — and coordinate with your audit firm during the design and documentation phases where relevant. A well-designed controls framework reduces audit time, eliminates recurring findings, and positions the finance function favorably with auditors. The opposite — recurring findings in successive years — positions it as a risk.
Does this cover IT general controls as well as financial controls?
Our focus is financial process controls — authorization, reconciliation, reporting, and close. IT general controls are typically in scope for your IT function or a specialist IT audit engagement. We coordinate at the boundary where financial and IT controls intersect.
How do you ensure controls are actually used, not just documented?
By designing them into processes rather than creating them as separate documentation. Controls that require an additional step outside normal workflow don't get consistently executed. We design controls into the process flow — so the control is the process, not an add-on to it.
What happens to the framework as the business changes?
We build a maintenance framework alongside the controls design — defining who owns each policy, how frequently it's reviewed, and what triggers a revision. The framework is designed to stay current as the business evolves, not become outdated documentation within eighteen months.