Public companies managing their Sarbanes-Oxley compliance program make up the largest section of our policyIQ client base. Over the past few years, we have added a number of new features and pricing options that make it easier than ever to utilize policyIQ for everything from scoping and planning to issue reporting and communications.
If you aren’t utilizing policyIQ from the risk assessment to remediation, contact us today and let us show you how easy (and inexpensive!) it can be to extend your implementation to capture all aspects of the process.
Starting at the top, evaluate your financial statement line items and determine what is in scope for the coming year.
- Calculate a risk score based on predetermined factors
- Quickly move processes and controls in or out of scope based on risk assessments
Control Reviews and Documentation Updates
Documenting your controls is not a one-time task. policyIQ’s electronic forms or the distribution of pages makes it easy for you to distribute control documentation to your control owners, and capture any changes or adjustments.
- Low cost and simple tracking of electronic forms makes it easy to capture updates
- Full audit trail of changes, with user, date and time stamps, and approval workflow allows an organization to distribute the work efficiently and safely
Links to COSO Framework
In 2013, a new COSO Framework was released and compliance with the framework is a key part of SOX compliance.
- Easily import the framework to policyIQ and link controls to COSO Principles
- One-click reporting to prove compliance with the framework, from COSO Principle to audit testing results
Much time can be spent by auditors collecting evidence and reports that are required for their testing. policyIQ can make that process much simpler.
- Low cost and simple tracking of electronic forms to track all requests for audit evidence, with automated follow-up emails for any non-responses
- Audit trails of requests and a central place for all files means fewer lost requests
Create your test plans in policyIQ, link to existing SOX controls, and easily bring testing in or out of scope for the year based on risk assessment results.
- Simple ad-hoc and standard reporting on testing progress and results
- All evidence uploaded into policyIQ and accessible from test pages
- Annual roll forward process that is ready to go within minutes
Issue Tracking and Remediation
In a perfect world, your audit testing reveals a perfectly designed and perfectly operating control environment. But perfection is hard to come by.
- Document any issue and link it to the audit test or control from which it was identified
- Assign remediation plans, utilize policyIQ communication alerts, and take advantage of simple real-time reporting for updated issue status
Audit / Project Time & Expense Tracking
Internal audit teams have limited resources and need to track time and expenses so that they can most effectively use those resources in high risk areas.
- Build audit projects and assign resources
- Allow auditors to enter time and expenses directly from audit test documentation, with simple reporting to track budgeted versus actual hours and costs
302 Certification Processes
While the Sarbanes Oxley Act section 302 only specifies that the CEO and CFO must sign and take responsibility for the control environment, most executives require a sub-certification process to go out to management level employees across the company.
- Create consistent certification forms and distribute to employees at multiple levels
- Automated emails follow-up on non-responses, while administrators can quickly report on any exceptions
policyIQ can help you to manage it all in a single place, with audit trails and reporting at every step of the process. If you use policyIQ for your Sarbanes-Oxley compliance program and you aren’t doing all of the above in the tool yet, contact us right away and let us help you to plan for expansion. In many cases, you will be able to expand at no cost – or very low costs.
And if you aren’t using policyIQ at all yet – please reach out today! We would love to help you to better manage your SOX compliance.