Micron: Using Approvals and Workflow for a high SOX “IQ”

MicronLog“…our primary goal is to keep the SOX environment as efficient as possible,” explains Wayne Radue, SOX Manager for Micron Technology, Inc
Wayne and the team at Micron have used policyIQ to manage their Sarbanes-Oxley compliance since 2004.  At Micron, access to policyIQ is distributed to Internal Audit testers, control owners and process owners, but they use Approvals to maintain strong oversight over all changes.  We asked Wayne to share a little bit about how their organization uses workflow features to keep the process running smoothly and efficiently.
Groups, Groups, Groups

The key to Micron’s efficiency might just lie in their extensive use of Groups to organize their users.  While they have 50 users in policyIQ, Micron has close to 100 Groups defining all of the different parts that a user might play in the SOX process.  There are Groups for each Business Process, broken down into two subgroups: one for the Process Owner and another for other users involved in that business process.
The Internal Audit department is broken down in several ways, including a structure into which all IA Testers can be appropriately assigned to the business cycle that they will be testing within any given period.  By utilizing such a detailed Group structure, Wayne and the SOX team at Micron do not need to concern themselves with updating pages to include the right individual tester, control owner, process owner, reviewer, etc.  It is simply a matter of making sure that the user profiles are properly assigned and updated as individuals move within the organization.
Assigning and Performing Testing
When it comes to Sarbanes-Oxley testing, this is the domain of the Internal Audit team at Micron.  The Business and IT Audit Managers assign the Testers to the appropriate business cycles at the start of any given testing period – and remember, they do so by simply moving the user profiles in the appropriate groups!  Those same Audit Managers are the designated Approvers on the Test Template, which allows them to review the Tests as they are submitted.
Keeping the Controls Updated
When it comes to keeping Control documentation updated, Micron Technology asks the Process Owners to update the documentation in policyIQ when the control changes.  By making the appropriate Process Owners Group the “Administrator” of the Control pages, the Process Owners are empowered to make changes as necessary. In some cases, they will also give individual Control Owners administrative access to the pages to further distribute the responsibility.
All changes to the Control documentation must be routed through an approval group including Wayne as the SOX Manager and the designated IT control coordinator.  This ensures that the changes are reviewed for completeness and that the SOX Management team has a clear picture of how much the control environment is changing at any time.
Wayne admits, however, that the Business Process Owners are often too busy to make the changes directly.  Wayne and his counterpart in IT will often make the Control changes on behalf of the Process Owners in policyIQ.  The process is designed to be flexible, giving the right individuals the access to make changes – but allowing for a distribution of work that makes sense for their organization.
Every organization strives to work smarter – not harder.  By utilizing a detailed and well thought out Group structure, as well as distributing the ability to make changes to all of the right users within the company, the SOX team at Micron Technology has maximized their SOX “IQ” and created an efficient and effective process for their organization.
This entry was posted in Customer Success by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s