Recap: Creating Efficiency in SOX Compliance with Technology

RGP was recently invited to participate in the ACS Live SOX and Internal Controls seminar in San Francisco.  GRC Senior Practice Leader, Les Sussman was joined by policyIQ’s Managing Director, Chris Burd, in presenting a 90 minute session on Creating Efficiency in SOX Compliance with Technology.

The session generated a great conversation among those SOX professionals in the room.  While the material covered all aspects of the SOX (and SOX audit) process, a few topics were clearly top of mind for the attendees.

Risk Assessment: Quantitative versus Qualitative

Pulling the risk assessment into your SOX tool and linking that assessment to your SOX controls and testing can streamline and simplify your scoping process.  However, the basic question of what that risk assessment should look engaged the attendees to share their experiences and their best practices.

While most audience members seemed to agree that some degree of quantitative analysis was necessary–numerically driven risk ratings–it was also clear that those coming from an internal audit perspective were far more likely to look for a quantitative assessment, while those coming from a management perspective saw the need for assessments that included qualitative aspects.

What does this mean for those policyIQ clients looking to manage their risk assessments?  While we often focus on quantitative examples, we do encourage our clients to provide for a qualitative override and comments that may be necessary when the numbers don’t tell the whole story.

Centralized Access for Control Owners, SOX Team and Internal Audit is Key

About half of the organizations in attendance were still struggling to manage their SOX compliance programs without a centralized SOX application.  The complexities of managing access to Excel spreadsheets, narratives and audit testing is a daily effort.  Those who are using a SOX application were quick to concur–and add their own experiences–with the efficiencies gained from a centralized tool.

A single source of information allows updates to feed all of the various viewpoints, reports and data needs.


When used to manage multiple compliance programs, that single source of information becomes even more powerful, as the updates (and testing, issue management, etc) can feed multiple compliance programs.


COSO, Issue Management and SOX 302 Certifications

Other areas of interest to the audience included the ease of managing the COSO mapping, the ability to assign and communicate issues and remediation plans, and the ability to create a SOX 302 sub-certification process.

Are you looking to make your SOX process even more efficient?  Reach out and let us know if there are still areas of your SOX compliance program that feel klunky and time consuming, and let us help you make a shift!


This entry was posted in Solutions by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Vice President of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, reads too many books, and spends more time than she should taking photos of her cats. She's on a mission to visit the hometown of every US President - so far managing to get to 14. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s