What comes to mind when you hear “digital evidence”?

Who cares?

I mean, who actually has to care about digital evidence? Consider the audiences or different roles of people who need to produce or rely on digital evidence: management and business unit leaders; auditors; information management, technology, compliance, and security professionals; and the officers of your organization. We are producing unstructured data, much of it valuable, at a breakneck pace. Do you know who your producers of quality digital evidence are?

When I hear digital evidence, I think of the artifacts that may be considered digital evidence such as raw data, reports, signed documents, test results, specifications, and performance receipts. Documentation of activities that provide assurance, including procedures, work instructions, training sessions and materials, and attestations are also critical. Have you identified which practices and assurances are closest to your significant accounts, risks, and controls?

How do we wrap our arms around digital evidence?

There are systems and practices that provide the bookends for ensuring relevant and reliable results contributing to digital evidence such as systematic management and monitoring of workflow, milestones, deadlines, analyses, and remediations. Digital evidence also relies on the trail of bread crumbs that show who touched what and when including the audit trail of changes, versions, handoffs, and approvals. Without a central portal or system in place, it is plain to see, we cannot reliably manage digital evidence.

Are you taking advantage of all that policyIQ has to offer in these areas?

Alerts, dashboard notifications, and email generated systematically by RGP’s policyIQ helps employees know when work is required of them. The taxonomy of the digital content is configurable and can be subject to the information governance preferences of your organization with appropriate read, write, and approve rights established during initial configuration. policyIQ can provide an enforceable framework to manage contributions, the complete capture, monitoring, and reporting on critical documentation and evidence.

If your opportunity has more to do with the quality of your existing evidence or the need for corroborating evidence, RGP’s subject matter experts can help to assess your need and to fill any gaps identified. Right now—whether related to technology, process, quality, or completeness—make a note of some of those gaps or pain points that just crossed your mind. And then reach out to us: Information@policyIQ.com; 412-263-3330.

The message is clear: “Focus on Fraud”

Public companies subject to Sarbanes Oxley (SOX) requirements with a calendar year-end are wrapping up their projects to transition to the 2013 COSO Framework. Among the seventeen Principles formalized in the 2013 framework is Principle 8, which states, “The organization considers the potential for fraud in assessing risks to the achievement of objectives.”

Track Fraud Mitigating Controls

One step that many policyIQ clients are taking to demonstrate evidence that they have adequately addressed this principle is to “flag” their controls that are fraud mitigating. If you do not already have one, we recommend adding a field to your Control template in policyIQ to track whether a Control is fraud mitigating. This allows you to easily report on all Controls where the answer is yes and to relate those Controls to Principle 8 (unless you are linking to Points of Focus, in which case you will link each of the Controls to the most appropriate of the four Points of Focus related to Principle 8).

Address Revenue Recognition Fraud

In addition to feeling greater pressure in the last couple of years from the Public Company Accounting Oversight Board (PCAOB) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO), most companies will also be affected by the new Revenue Recognition Standard.  The new standard is the result of a joint effort by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) that aims to improve upon and to address inconsistencies between the previously held International Financial Reporting Standards (IFRS) and US Generally Accepted Accounting Principles (GAAP). No doubt, some of the most notorious cases of corporate fraud have been directly related to revenue recognition fraud.

Complying with the new standard is a big undertaking for companies. We have written on our blog about the application of policyIQ to better monitor your contracts and agreements and the work that RGP has done to prepare a deep pool of Revenue Recognition subject matter experts around the country to walk alongside accounting professionals and help them to close gaps in their practices. Here, also, is a link to access the recording of RGP’s recent webcast: The New Revenue Recognition Standard Webcast Series (Part 2): How to Begin Implementing the New Standard.

Formally Assess the Risk of Fraud

Additionally, many companies are finally formalizing their fraud programs by instituting a dedicated Fraud Risk Assessment, documenting mitigating controls, identifying gaps, and filling gaps, and so on. Whether using your methodology and questionnaires or RGP’s, we can help you to manage the process more efficiently in policyIQ.

Fraud Risk Assessment Sample

Using policyIQ, it is simple to capture and deploy your fraud questionnaire(s) to the relevant employees, inventory responses and analyze results. Similar to other compliance work in policyIQ, you can link your capabilities or controls to any Fraud Risks that were identified and use policyIQ reporting to easily highlight any gaps in coverage.

Interested in bringing automation to your program or need a subject matter expert to help you develop your Fraud Prevention Program? Reach out to us and we’ll put you in touch with the right person in your area.