Sarbanes-Oxley Compliance – Are you taking advantage of all that policyIQ has to offer?

Public companies managing their Sarbanes-Oxley compliance program make up the largest section of our policyIQ client base.  Over the past few years, we have added a number of new features and pricing options that make it easier than ever to utilize policyIQ for everything from scoping and planning to issue reporting and communications.

If you aren’t utilizing policyIQ from the risk assessment to remediation, contact us today and let us show you how easy (and inexpensive!) it can be to extend your implementation to capture all aspects of the process.


Risk Assessment

Starting at the top, evaluate your financial statement line items and determine what is in scope for the coming year.

  • Calculate a risk score based on predetermined factors
  • Quickly move processes and controls in or out of scope based on risk assessments

Control Reviews and Documentation Updates

Documenting your controls is not a one-time task.  policyIQ’s electronic forms or the distribution of pages makes it easy for you to distribute control documentation to your control owners, and capture any changes or adjustments.

  • Low cost and simple tracking of electronic forms makes it easy to capture updates
  • Full audit trail of changes, with user, date and time stamps, and approval workflow allows an organization to distribute the work efficiently and safely

Links to COSO Framework

In 2013, a new COSO Framework was released and compliance with the framework is a key part of SOX compliance.

  • Easily import the framework to policyIQ and link controls to COSO Principles
  • One-click reporting to prove compliance with the framework, from COSO Principle to audit testing results

Evidence Collection

Much time can be spent by auditors collecting evidence and reports that are required for their testing.  policyIQ can make that process much simpler.

  • Low cost and simple tracking of electronic forms to track all requests for audit evidence, with automated follow-up emails for any non-responses
  • Audit trails of requests and a central place for all files means fewer lost requests

Audit Testing

Create your test plans in policyIQ, link to existing SOX controls, and easily bring testing in or out of scope for the year based on risk assessment results.

  • Simple ad-hoc and standard reporting on testing progress and results
  • All evidence uploaded into policyIQ and accessible from test pages
  • Annual roll forward process that is ready to go within minutes

Issue Tracking and Remediation

In a perfect world, your audit testing reveals a perfectly designed and perfectly operating control environment.  But perfection is hard to come by.

  • Document any issue and link it to the audit test or control from which it was identified
  • Assign remediation plans, utilize policyIQ communication alerts, and take advantage of  simple real-time reporting for updated issue status

Audit / Project Time & Expense Tracking

Internal audit teams have limited resources and need to track time and expenses so that they can most effectively use those resources in high risk areas.

  • Build audit projects and assign resources
  • Allow auditors to enter time and expenses directly from audit test documentation, with simple reporting to track budgeted versus actual hours and costs

302 Certification Processes

While the Sarbanes Oxley Act section 302 only specifies that the CEO and CFO must sign and take responsibility for the control environment, most executives require a sub-certification process to go out to management level employees across the company.

  • Create consistent certification forms and distribute to employees at multiple levels
  • Automated emails follow-up on non-responses, while administrators can quickly report on any exceptions

policyIQ can help you to manage it all in a single place, with audit trails and reporting at every step of the process.  If you use policyIQ for your Sarbanes-Oxley compliance program and you aren’t doing all of the above in the tool yet, contact us right away and let us help you to plan for expansion.  In many cases, you will be able to expand at no cost – or very low costs.

And if you aren’t using policyIQ at all yet – please reach out today!  We would love to help  you to better manage your SOX compliance.

This entry was posted in Solutions and tagged , , , , by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Vice President of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, reads too many books, and spends more time than she should taking photos of her cats. She's on a mission to visit the hometown of every US President - so far managing to get to 14. She would like to be a rock star when she grows up.

2 thoughts on “Sarbanes-Oxley Compliance – Are you taking advantage of all that policyIQ has to offer?

  1. Pingback: Which part of your SOX process to you want to improve? This list of resources will help. | policyIQ Blog

  2. Pingback: Save time with Audit Evidence Collection in policyIQ! | policyIQ Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s