Maximizing corporate performance and efficiency of SSCs through Internal Audit. Takeaways Risk Round Table

As the world becomes more fast-paced, risks continue to evolve, and the demand for resilience grows. The functions of internal audit, internal control, and risk management must be more proactive than ever. They must keep up with emerging risks, navigate shifting regulatory landscapes, and leverage new technologies that offer greater insight into risk through advanced analytics.

To assist organizations in addressing these challenges and requirements, TriFinance is organizing a series of round tables on related topics to share meaningful insights and best practices.

The first round table, 'Maximizing corporate performance and efficiency through Internal Audit insights into process evaluations within Shared Service Centers' featured insights from TriFinance experts Annemie Pelgrims and Maddy Lauwers, who shared their knowledge with participants from various companies. They explored the impact of Internal Audit on the Shared Service Center journey, emphasizing the critical role of continuous monitoring of process quality and efficiency through advanced analytics for successful transformation.

The transition from a back-office organization via a Shared Service Center towards Global Business services and now even Integrated Business Services (IBS)

Our client partner, Maddy, initiated the discussion by highlighting that, in a back office organization, administrative and support functions are not directly involved in customer-facing activities, where a Shared Service Center is a centralized unit that consolidates and standardizes functions and services from multiple departments or business units. The primary advantages of a GBS/IBS include alignment with the business vision, a customer-centric approach, a focus on performance and service delivery, end-to-end process integration, a service and performance culture, and its operation as a profit center where continuous improvement is essential

According to the 2024 Global Market Report by the Shared Services and Outsourcing Network (SSON), the primary processes managed by GBS are:

1. Source-to-Pay

2. Record-to Report / Account to Report

3. Order-to-Cash

4. Hire to Retire

5. Master Data Management

To successfully transition towards a GBS/IBS model, we believe the top objectives are:

1. Upskilling shared services / staff

2. Leveraging automation platforms

3. Rethinking / shifting the operating model

4. Business partnering

5. Leveraging IA solutions

The SSON survey also indicates that fully outsourcing or fully insourcing is not always the preferred model. We see an evolution of the business model towards more hybrid solutions and out- or insourcing parts of the business.

Is your Shared Service Center operating effectively and efficiently?

During our round table discussion, we also zoomed in on the added value of SSC’s, by reflecting on their successes and challenges. Measuring ROI, operational efficiency, and stakeholder satisfaction are crucial in this context.

As SSCs mature, we observe a shift where qualitative KPIs become more important than time and cost-driven KPIs. Internal Audit plays a vital role in identifying these qualitative KPIs. Focusing on quality, supported by data, enhances process efficiency and speed.

The participants also emphasized the importance of avoiding a mere 'lift and shift' approach when implementing an SSC. Instead, they recommended redesigning and optimizing processes to fit the new operational model. As stated by Maddy, providing transparent insights at the activity level enhances stakeholder involvement, and their valuable feedback on these activities and process steps leads to continuous process improvements.

During our discussion, we sought insights from participants regarding factors that hinder the effective and efficient operation of Shared Service Centers (SSCs). Key challenges highlighted included governance limitations that are not aligned with the business strategy, organizational silos preventing cohesive teamwork, and a lack of integrated process management leading to fragmented understanding of end-to-end processes and their connections with technology and personnel.

Moreover, concerns were raised about inadequate technology utilization and automation strategies lacking proper analysis and optimization. Participants also noted challenges in talent management, readiness gaps in data utilization, and deficiencies in reporting, KPIs, and SLAs, which often lead to a focus on administrative tasks rather than service and performance enhancement. These insights underscore the critical need for SSCs to address these issues comprehensively to improve their operational effectiveness and efficiency.

SSCs are commonly viewed as profit centers, however, our round table participants frequently shared a contrasting reality: many operate as cost centers rather than profit centers. To shift this perception, emphasis should be placed on delivering added value and demonstrating the impact of process optimizations within SSCs and their internal controls. This approach can potentially yield additional revenue, such as through revenue leakage assessments, and have positive effects on working capital.

Internal Audit processes in Shared Service Centers

Our Expert Practice Leader responsible for Risk, initiated the discussion on how to integrate shared service center assessments into internal audit plans and the role of internal audit in evaluating operational efficiency, compliance, and effectiveness.

Let's begin with the internal audit objectives linked to SSCs:

• Reviewing the design, performance, and strategic alignment of the shared service center.
• Assessing the maturity level of SSC governance and operating models.
• Evaluating the maturity of SLAs between the SSC and its customers.
• Reviewing SSC operational performance against KPIs based on best practices/benchmark data and feedback from internal customers.

Participants also shared various risks impacting SSC performance, categorized as:

• Strategic risks
  • Limited alignment of SSC objective with company strategic goals
  • No SSC governance model, including reporting lines and R&R
  • Loss of control over critical processes and functions
  • Limited business continuity in case of disruptions or service failures

• Compliance risks
  • Limited regulatory compliance monitoring
  • No adherence to industry specific regulations or GDPR guidelines
  • No service level agreements between the SSC and its customers

• Operational risks
  • Limited control nor LPIs to manage and monitor quality of operations
  • Inflexibility in scaling operations to meet changing business needs
  • IT system failures and / or inadequate security measures
  • Difficulties in attracting and retaining local talent

• Financial risks
  • Cost overruns due to unforeseen expenses or inefficiencies
  • Limited budget management and / or monitoring
  • Significant capital investment requirements

The top risks identified by the Institute of Internal Auditors—cybersecurity, human capital, and business continuity—are equally critical for SSCs. Group discussions highlighted root causes including communication transparency, clarity in roles and responsibilities, strategic vision, executive awareness, siloed operations, management priorities, holistic process understanding, and branding efforts. These insights prompt reflection on improving SSC performance and resilience through proactive risk management and strategic alignment with organizational goals.

In conclusion, the role of the internal auditor is evolving significantly. Internal audit is increasingly taking on a business partner role in monitoring process efficiency within shared service centers.

When considering ways to maximize corporate performance and efficiency within Shared Service Centers in your organization, we recommend leveraging the expertise of Internal Audit. There is substantial potential to enhance the collaboration between internal audit and process efficiency initiatives.