Webinar Recap: Simplifying your key controls

In a recent webinar with PwC Denmark, we explored a topic that keeps coming up in conversations with finance, tax, and compliance teams: how do you simplify your key controls so they actually scale with your business?

The session brought together Mikkel Westfahl Jørgensen, Senior Manager at PwC Denmark, William Christensen, Implementation Specialist at Impero, and Jasmine Hansen de Guzman, Marketing Director at Impero, who moderated the conversation. Together, they unpacked the most common challenges organizations face when building or optimizing their internal control environment – and walked through what a more structured, scalable setup can look like in practice.

If you missed it (or want a quick refresher), here are the key takeaways. You can watch the full webinar here.

What the audience told us

Two live polls gave us a quick pulse check from the audience, and the results lined up almost perfectly with what the team at PwC sees in the market every day.

On the biggest challenge with their current internal control environment, the top answers were:

• 29% have controls documented, but limited risk visibility
• 26% still rely heavily on Excel and SharePoint
• 18% have controls in place, but accountability and traceability are unclear

Sound familiar? You’re not alone – and that’s exactly the point.

The challenges we keep hearing

Mikkel kicked off with a clear-eyed look at the patterns PwC sees across organizations. These aren’t isolated issues tied to one industry or company size – they’re broad tendencies that show up again and again in risk & control projects: difficulty creating ownership of risks and controls, lack of resources and competing priorities, heavy reliance on Excel and manual processes, and a general lack of system support. Even when intentions are good, the operating model is often too manual, too dependent on individuals, and too difficult to scale.

To make this concrete, Mikkel broke it down into three buckets: risks, controls, and reporting.

On the risk side

Many organizations lack a clear overview of their risk landscape. They struggle to know whether they’re focusing on the right risks, and the link between identified risks and mitigating controls is often missing. Risks may be assessed once and then left untouched – but the world is dynamic, and so your documented risk landscape should be too. As a baseline, risks should be reviewed at least once a year, or whenever something significant changes. The bottom line? If your controls aren’t tied back to a real risk, you’re doing work that doesn’t create value.

On the control side

Here’s where things get operational. Mikkel highlighted issues like unclear ownership and responsibilities, time-consuming manual maintenance, scattered documentation across shared drives and desktops, and a lack of standardization. Many companies perform the same kind of control across different entities – but each entity does it slightly differently, which makes it nearly impossible to verify quality at the group level. And thereby more difficult when it comes to collating evidence for audit season.

On the reporting side

Without a system, getting a reliable, timely overview of the overall control environment is hard. You can pull it together in Excel, but it’s slow, manual, and reactive. And it raises the bigger question, as Mikkel put it: “One thing is that employees say they have performed the activity. But how do we actually verify it has been completed in the right way, at the right time, and with the right quality?”

Three real-world cases

To bring the theory to life, Mikkel and William walked us through three client cases where PwC and Impero worked together to address these exact challenges.

Case 1: Building a scalable group-wide control framework

A growing organization needed greater transparency, stronger standardization, and a more scalable setup. They had limited visibility into control execution across the group, onboarding new entities took too long, and different parts of the business were performing the same controls in different ways.

In the Impero platform, controls are organized into control programs – essentially folders with access rights managed at the program level. Once a control is designed, it acts as a template: onboarding a new entity is as simple as adding a new assignment, tagging it, and saving. From the next scheduled instance, that entity automatically receives its own copy of the control, with the exact same description, tasks, and scheduling as everyone else. No local tweaks, no version drift, full standardization.

Case 2: Driving control execution and accountability

In this scenario, the client needed clearer ownership, less manual work, and system support to assign, manage, and follow up on controls.

In Impero, the end-user experience is built around email notifications: when it’s time to perform a control, the user gets an email with all the context they need and a direct link to start. Every action is captured in an activity log, giving you full traceability of who did what and when. On the reporting side, administrators can see completion and on-time rates, filter by control program, period, user, or entity, and drill down into overdue controls to send reminders, reassign, or reopen them – the kind of central oversight that’s hard to replicate in spreadsheets.

Case 3: Fast-track to compliance with the PwC Shared Content solution

The third case was about speed. The client wanted a strong internal control environment in place quickly, but didn’t have the internal resources to build everything from scratch.

This is where the joint PwC and Impero Shared Content solution comes in: PwC brings the content – process validation, key risks, key controls, and the reporting structure – and Impero brings the platform to execute, document, and report on it all. PwC led workshops with the client’s process owners to identify their most critical financial processes, narrow down to 5-8 key risks, and select 5-10 key controls. The clever part? All of this work happened directly in the Impero platform during the workshops, so there was no long design phase followed by a separate implementation phase. After user training, the client was ready to go live – with a foundation they could keep building on themselves. The real benefit here was the speed of implementation – because some progress is better than no progress when it comes to risk and controls.

Key takeaways

If we had to boil the session down, it comes back to four ideas:

• Start with the risks. Controls only create value when they’re tied to a real risk.
• Standardize wherever possible. Different entities doing the same control in different ways makes it almost impossible to verify quality or report meaningfully at the group level.
• Invest in the foundation. Setting up the right structure once means you can onboard new entities, controls, and people without rebuilding from scratch.
• Combine expertise with the right system. Advisory support and a dedicated platform aren’t either-or – they work best together.

If you want to watch the full webinar, you can find the recording here.

Let’s keep the conversation going

Mark your calendar for our flagship event, Compliance. Curated. on Sept 16-17 in Copenhagen. It’s our biggest gathering of the year, bringing together compliance, finance, and tax professionals for two days of conversation, learning, and inspiration.

And if you’re curious to see how the Impero platform could work for your organization – or want to learn more about the PwC Shared Content solution – reach out to our team and we will be happy to set up a conversation.