On March 21, as lockdown orders went into effect as a result of COVID-19 and employees at Domo were being sent home and told not to come into the office for the foreseeable future, the finance team realized it had an issue on its hands — how to handle the annual audit that was then underway.
Fortunately for the cloud-based analytics and business intelligence software company, it has been running NetSuite since before it went public, and its audit team at Ernst & Young had been accessing the system remotely for years. So, the audit continued with virtually no delay.
“There was no big meeting,” said Tod Crane, director of revenue and financial reporting. “It was just, ‘fine, that will work.’”
Indeed, having auditors come into the office to get their work was done more out of tradition than anything. “If they had approached us at any time and said would we be okay doing it virtually, I don’t think we would have had an issue,” Crane added.
It wasn’t unheard of to conduct virtual audits before the pandemic, of course. In April, a Deloitte survey of 113 large North American companies found that roughly three quarters said they were still operating at 80% of business capacity. And while many, like Domo, had automated processes around an audit, paper documents remain common in many organizations, Deloitte reported.
For Domo and its auditors, the change essentially meant there were no in-person conversations and both Domo and its auditors had to be a little more deliberate about setting up meetings, but otherwise it all went smoothly. The audit of Domo’s annual financial statement had begun in mid-February and still finished on schedule in early April.
NetSuite’s cloud-based system allows people outside the business, like auditors and outsourced accountants, to access company financial records remotely, with just a browser and an internet connection. The team at Ernst and Young had already been doing that for years.
“They’ve always appreciated having access to NetSuite and being able to self-serve,” Crane said. “That continued to be a theme.”
In fact, many NetSuite customers had already begun conducting virtual audits and are more than happy with the results, according to Lisa Robinson, senior customer solution advisor.
“They never want to go back to an onsite audit,” she said. “But a lot of them do realize they need to digitize their manual processes a little better.”
That’s an issue for all businesses moving toward virtual audits. Journal entries, for example, might be stuck in a filing cabinet with little to no documentation about them. The company just relies on one person who remembers where they are and hand them over to auditors. That obviously can’t work in a virtual audit.
Customers can facilitate audits by building in auditable workflows like delegation of authority that auditors can then access by creating customizable NetSuite workflows and scripts. Take, for example, a situation where any transaction over $10,000 requires the sign-off from a CFO or finance manager. In the past, the only way to verify that might have meant pulling a piece of paper out of the AP drawer and seeing if there’s two signatures on it.
“That can all become part of NetSuite,” Robinson said. “There’s a workflow. Auditors go to the system notes trail. That time and date stamp become part of the permanent record and is always in NetSuite.”
Not only is the record permanently in NetSuite, but the processes are repeatable. For auditors that might ask for 40 different reports on the general ledger, accounts receivable, accounts payable and more, NetSuite users can create a dashboard that delivers those reports via Saved Searches. With a NetSuite auditor’s license, auditors can access the system and simply retrieve those reports.
For Domo, NetSuite has also helped with its first SOX 404 audit, which covers internal controls testing. Domo has created workflows to ensure that the proper transaction approvals are obtained and recorded. When the auditors need to check, they just pull the transaction and review the workflow history.
And how would this all have gone if Domo was still on its previous accounting system?
“We were using well-known software that wasn’t natively built for the cloud or for the enterprise so it would have been a disaster,” Crane said. “NetSuite is designed for companies in our situation. Not only on the business process side but the IT side. The ability to implement logical access and change management controls would have been impossible with what we had before.”
See why governance, risk and compliance (GRC) should be embedded in your ERP system.