The policyIQ Team was recently joined by Senior Practice Director of RGP’s Governance Risk & Compliance (GRC) practice, Les Sussman, to discuss how the updated COSO framework will impact companies and, specifically, policyIQ clients or prospects. Mr. Sussman recaptured the highlights from a recent webinar that he co-presented with RGP’s Global Managing Director of the Finance & Accounting practice, Shauna Watson. Their session, “Effective Transition to the 2013 COSO Framework and SOX Compliance”, drew more than a thousand registrants and received great reviews for addressing considerations that have not been discussed in other COSO-related sessions.
With a diverse audience of current policyIQ users and many participants who are not currently using policyIQ, we took time to introduce some highlights of policyIQ, including these:
- Web-based, accessible from any major browser
- Flexible and customizable with an easy to use interface
- A tool for management of workflow, analysis and roll-up reporting
- Top security from the host, through the pipeline, to end users and specific content
- Version control, pages can be mapped to multiple relevant access points (folders)
- Mature audit trail with both version and change history
- Features for uploading appropriate evidence and linking to relevant content
- Reporting capability to expedite gap/redundancy analysis, oversight and roll-up reporting
In our session, we demonstrated how easily and quickly we amended our policyIQ configuration to accommodate the updated 2013 COSO Internal Control – Integrated Framework: We added a Folder structure for capturing the COSO Principles by COSO Component and a Page Template with a Short Text Field for capturing each COSO Principle in its own Page.
After populating policyIQ with the COSO Principles (using an import process), RGP recommends following both a top-down (Principle–Control or Principle–Points of Focus–Control) and a bottom-up (Control–Points of Focus–Principle or Control–Principle) approach. The combination of approaches will help to ensure that all Principles are adequately addressed (which is a requirement, if you choose to use the COSO Framework) as well as help with your control rationalization process.
We discussed how policyIQ reports can make quick work of mapping, gap analysis, control rationalization and reporting to the Audit Committee and External Auditors.
If you haven’t already, check out the presentation for yourself! The presentation slides are available via the Attachments/Links tab in our related policyIQ Help page here. To review the session or share it with a colleague, click this link to access a recording of the 60 minute webinar.
Do you have questions about implementing the 2013 COSO Internal Control – Integrated Framework? Have you begun the mapping process and taken advantage of policyIQ to make your analysis more effective and efficient? Reach out to us with any questions that you have and we’ll help to connect you with the most appropriate contact that can get you headed in the right direction!