Talking about Audit Efficiency in Atlanta (TAC 2016)

RGP and the policyIQ team were honored to be invited to speak at the Atlanta chapter of the Institute of Internal Auditors (IIA)’s conference, held on Friday, September 16.

policyIQ’s Managing Director, Chris Burd, tackled the topic of “Ways that Technology Can Expedite Internal Audit’s Daily Work”.  With attendance for the session well over 200, the topic was clearly one that generated a lot of interest.

An unscientific “show of hands” poll of the audience found that only about half of the attendees currently utilize a software application that is designed for Internal Audit or Governance, Risk and Compliance programs.  For those not utilizing an application, the session generated a number of ideas and stressed the value of having a tool to expedite and streamline the process.

For those that do use an internal audit application, however, the conversation also allowed the attendees to ask and offer suggestions to others of ways to improve their current audit work.  The discussion followed the following steps in the Audit Cycle:

auditcycle

Two specific areas that were called out as areas of interest by the attendees were the work of Evidence Collection and that of Issue Tracking.

Evidence Collection

In evidence collection, we talked about ways to automate the evidence collection process, as well as some of the challenges of doing so.   While a fully automated evidence collection process is the ideal end goal, the discussion touched on making sure that you also provide the right amount of training and oversight to those individuals participating in the process, to alleviate stress of a new process and minimize the risk of invalid evidence submission.

Issue Management

The topic of issue management focused primarily on the idea that issues are most effectively managed when they can be easily linked to the audit testing, controls, processes, or risks from which they originated.  Having a central system to manage risk assessments, internal controls and procedures, audit testing and issues allows for this flow of information.

 Looking for Technology that is Simple to Use and Implement!

As a sponsor, RGP was also able to meet with attendees as they stopped by to say hello.  Folks that stopped by to talk about technology almost invariably said the same thing – they wanted to find software that was easy to use and easy to implement.  Long and costly implementations caused many to simply continue doing things in the same Microsoft Office tools that they have always used.

Do you want to learn more about how to make your internal audit team more efficient and effective?  Contact us today and we’d be happy to meet to talk about some of the specific ideas and how policyIQ can meet those needs!

Save time with Audit Evidence Collection in policyIQ!

For many years, we have been encouraging our clients to utilize policyIQ for all aspects of their compliance programs – from the assessment of risk through the remediation of issues.  However, during a recent conversation with long-time client, Travis Heyer (Director of Internal Audit at Great Lakes Dredge and Dock), we realized that we had not yet clearly illustrated in a live training session how to effectively request and capture audit evidence within policyIQ.

Travis graciously agreed to work with us to create a training session – and brought his colleague, Amit Patel (Senior Auditor) along with him.  On Thursday, March 31, we presented this session to a large number of very active participants.  (You can check out the recording of the session, or download the slides for a quick overview.)

quoteHeyer

It’s really all about saving time

Automating the requests for audit evidence can allow your internal audit team to…

  • Avoid playing “Match the evidence to the request!”
  • Minimize risk of using an old version of a file
  • Waste time sending annoying follow-ups
  • Secure documentation more effectively

It comes down to a huge time savings, freeing up internal audit resources to do the real, value-add work that your organization needs.

Pages or Forms?

While the training presentation focused on an evidence collection process in policyIQ pages, a similar process can be built within policyIQ forms.

evidencerequest

Pages offer the advantage of a two-way link between the Evidence Request and the Test page, so that your internal auditors can simply leave the files attached to the Evidence Request.  Pages also allow more than one individual user to contribute directly to the same Request.  However, utilizing Pages requires that all users who participate in the process of providing evidence are Advanced Users, a more expensive license in policyIQ.

Forms offer their own advantages, allowing for a simple issuing and follow-up process.  However, the link between the Evidence Request form and the Test page is less visible.  Evidence files will need to be downloaded and re-uploaded to the Test page by the auditor.  The significant advantage of the Forms process is that any individual providing evidence needs only to have a Standard User license, a less expensive license that can keep costs low!

Getting started in 5 easy steps

Our training session focused on how to get started in just five easy steps:

  1. Create Evidence Request template
  2. Build list of evidence in Excel
  3. Import evidence request list
  4. Assign requests
  5. Track progress and follow-up

We encourage you to check out the recording or the slides for more details on these steps – and reach out to us to help you to get your bearings and get started!

It’s true! policyIQ is a misfit among typical software providers.

Have you been burned by a software provider?

Sheesh—who hasn’t?!

You worked for months (years for some), listening to promises from several different people who kept handing you off and never addressing your concerns. You found yourself with more time and money invested than you care to admit and you have grown to look at all software providers with skepticism (if not disgust).

Does this sound familiar?

I hear you. Your frustration was echoed by countless people that I spoke with at a national conference in March. Because a number of people felt compelled to share their horror stories about other providers with me, I got comfortable jumping quickly to the things that make us different than the typical software company:

  • All-in-one_BubblesRGP is NOT a software company! Integrity is at the core of our firm. We want to create great relationships and serve you so impressively that, when you need a consultant, you already know the quality that you can expect from us.
  • We don’t have a huge policyIQ booth at conferences and our software does not have the huge price-tag required to pay for that presence (policyIQ starts at <$5k/year).
  • We don’t sell multiple modules or products and aim to upsell you. policyIQ really does accommodate multiple business areas and needs in one affordable tool.
  • Our goal is to solve for your information, content, process, and workflow challenges across the Governance, Risk and Compliance (GRC) space, not to land a sale.
  • Your sales person does not make commission or hand you off to an implementation team that’s unaware of promises made during the sales process—we walk alongside you the whole way and help to tailor the implementation to your organization’s needs.
  • Our product does what we tell you it does (and we answer truthfully if you ask us about something we don’t do or plan to develop).
  • We have a support team that truly cares to give you excellent and timely service.

We think of our clients as part of our community with whom we will have a long partnership. We listen to your needs, plans, wishes and heartaches and work continuously to problem solve with you.

We’re proud to be a misfit among typical software providers.

pIQ_Misfit_smWe’re ready to prove it and to earn your trust.

We encourage you to take a peek at this introduction to policyIQ, and then reach out to us!  We’d be glad to schedule a personalized tour of policyIQ. Also, we invite you to kick the tires! Sign up for a 30-day trial, completely risk-free.

We look forward to working with you!

Twitter-review of the 2015 GAM Highlights

The IIA put on another impressive General Audit Management (GAM) Conference again this year. Below is a quick twitter-review of some 2015 #IIAGAM highlights. Remember that RGP is a Professional Services Firm with expertise in:

  • Human Capital
  • Finance & Accounting
  • Information Management
  • Governance, Risk & Compliance
  • Supply Chain
  • Legal & Regulatory
  • Corporate Advisory & Restructuring
  • Strategic Communications

We are particularly strong in cross-functional support, listening, helping to identify the common threads and root issues, and guiding an organization with a team of experienced professionals who will walk alongside your employees and leave them more knowledgeable and ready to make progress and gains than before we arrived.

Reach out to us and we’ll connect you with an RGP representative in your area.

Now, on to the GAM highlights!

Lots of speakers addressed the more prominent role of Internal Audit in the heavy activity of Mergers and Acquisitions.

GAM_MandA

If they were not already making it a top priority, I’d bet 1,400 audit professionals attending GAM took the message back to their colleagues that they need to give cyber-security more attention

GAM_CyberSecurity

Of course, Risk Management continues to be a hot topic.

GAM_RiskManagement

Don’t underestimate the work involved in preparing to comply with the Revenue Recognition Accounting Standard.

RevRec

These were just a few of the key topics discussed at the GAM Conference this year. You can gather more information from the IIA website, Twitter and other social resources and, you can join the conversation next year! We’ll look forward to visiting with you at the RGP booth!

Message to Audit Execs: People, Talent, Subject Matter Expertise are Critical to Your Success

Via the Institute of Internal Auditors (IIA), we’ve heard this spring from Victoria Gambale, Olivia Kirtley, Joel Kramer and many others that people, talent, and subject matter expertise are critical to your success. At any point in time we will likely find ourselves shy on expertise in a particular area. Kramer stated that “no organization has all of the competencies that they need” and that organizations “cannot be world class without a co-sourcing relationship”. Others have emphasized the value of having both institutional knowledge and rotation of staff with “fresh eyes”.

Speakers and the General Audit Management Conference emphasized that it should be a standard step in the planning process of any audit team to consider the co-sourcing relationship and your assessment of the subject matter expertise that your team is lacking from the beginning of your planning process. More than just filling the competency gaps on your audit team, SMEs can also be contracted to shore up the education and training of your staff.

This is among the differentiating characteristics of RGP consultant professionals—with an average of 18 years of experience, we are prepared to provide a new perspective while walking alongside your team and sharing proven expertise (rather than sending recent college grads with a checklist). Our culture and model of creating strong partnerships that transcend into trusted relationships is what has attracted 75% of the Fortune 500 to call on us and 100% of our top 50 clients to remain committed to those partnerships over many years. Global Footprint

With more than 70 wholly-owned offices world-wide, we are able to better ensure consistency of our model and culture, unlike many firms who employ affiliates. This allows our global firm to have a “local feel”—the quality of our work, ability to meet client goals, and building long lasting, valuable relationships becomes the personal mission of our staff in any of our locations.

PracticeAreasM

In addition to supporting our clients with direct audit support, we can also provide subject matter expertise from any of our six practice areas to work with your auditors. An SME from our Human Capital practice can partner with your auditor on an audit of your ERP system, for example.

We’d love to chat with you over a cup of coffee and begin the conversation and relationship. Reach out to us and we’ll get something scheduled!

 

Save Time and Money with HTML Extracts for your External Auditors!

CDHow many hours do your external auditors spend gathering, scanning or saving documentation while completing their audit work?  How much is that costing you?  Did you know that for a small service charge, you can provide your auditors with an electronic copy of all of your SOX or compliance documentation, including all of the attached evidence, workpapers and files?  Your external auditors can have all of the documentation packaged and ready to go – requiring no hours of searching or downloading.

Will the external auditors be able to find what they are looking for?

The extract of your data into HTML format is organized into folders, just like your policyIQ application.  Your folder structure is replicated in the HTML extract.  Here’s an example – pulled from our training site – of the HTML extract on a local hard drive:

HTMLExtract_Folders

Every individual page in policyIQ becomes its own .html file.  Any supporting documentation is linked to the page – but also stored in a separate folder called “_SupportingFiles”.

HTMLExtractPage

While there are no reporting capabilities within the extract, your external auditors can certainly use this file as their backup and retained copy, with access to your production site providing them with the full host of features to create reports to analyze results.

A few tips to make extracts function optimally

When extracting pages into a Windows friendly folder structure, there are a few tips that could make this run more smoothly.

1. We need to zip the folder and files to allow us to provide it to you on CD / DVD.  We currently suggest that you use WinZip version 16.5 or higher to extract the files.  (A 30 day free trial is available from http://www.winzip.com.)  Other extraction tools may not be able to extract the complete hierarchy of folders.

2. File names have a character limit – and policyIQ allows a much longer character limit on page names.  If you know that you want to utilize the HTML extract option regularly, consider a page naming convention that is simple and brief.  (The policyIQ team has, in the past, encouraged utilizing the full 300 characters for page names.  We now realize that in many circumstances, this can be inconvenient.)

3. Index all of your pages into folders!  Sometimes we find that organizations link pages together and can easily access content from reports, but not all of the pages are added to folders.  Any page that is not indexed into a folder will appear in one “UnindexedPages” area in the extract, making it more difficult to find it.

Are you interested in receiving an HTML extract?  Contact us for more information on timing and pricing!

Attention: NASDAQ Withdraws Proposed Rule to Require Internal Audit Function

Directly from NASDAQ (link to their original update):

As previously communicated, on February 20, 2013 NASDAQ proposed a new rule to require that listed companies have an internal audit function. In light of the breadth and nature of the comments from our issuer community, and others, NASDAQ has determined to withdraw the proposal so that we may adequately consider these comments.

NASDAQ remains committed to the highest standards of corporate governance, and believes it is important that listed companies have appropriate mechanisms and processes in place to review risks and the system of internal controls. It is our intent to revise the proposed rule, taking into account the comments, and resubmit it.

We will of course keep you updated as things progress. In the meantime, if you have any questions, please feel free to contact your NASDAQ Relationship Manager.

So, many companies can breathe a sigh of relief for now. If you’re interested in reviewing the comments sent to the SEC on the proposal, you can read them here.

Reach out to us if you have questions or if you would still like some help with your considerations for setting up an Internal Audit function in your organization.

Financial Reporting Alert: NASDAQ proposes internal audit function requirement

RGP-Logo-for-blog-postThe policyIQ team wants to pass along an important Financial Reporting Alert brought to you by our RGP Finance and Accounting Practice.

Here is a summary highlighting the NASDAQ’s recent proposed rule change to require all NASDAQ-listed companies to establish and maintain an internal audit function.  The proposal would require compliance for companies currently listed by December 31, 2013, while companies not yet listed would need to comply prior to listing.  Currently, the New York Stock Exchange (NYSE) requires companies to have an internal audit function, but until now, the NASDAQ has considered it just a best practice.

For companies potentially impacted by this proposed rule, RGP is ready to assist you in a variety of ways, including: helping you start up a new internal audit function or completely outsourcing the function, providing experienced internal audit consultants under a co-sourcing arrangement, or conducting a search for internal audit talent for newly created internal roles, including chief audit executives.

Keep in mind that policyIQ can make quick work of organizing and bringing automation to an internal audit function. Automate your audit processes, have powerful reporting at your fingertips and save time and money on external audits by implementing policyIQ. Nimble, highly customizable and very easy to set up—we can have you up and running in a matter of weeks rather than over several months, as many of the heavy, clunky and expensive systems require.

To learn more, please contact us and we’ll connect you with one of our RGP colleagues in your area.

 

Auditors, can management relate to your reports?

Audit-ReportNorman Marks either struck a chord or struck a nerve, depending on your perspective in reading his recent post recommending that auditors speak in the language of the business. While it might seem elementary or fundamental to some auditors that all reports will undoubtedly include what some refer to as the 4Cs—Condition, Criteria, Cause, and Consequence—others acknowledge that not all reports are easily understood by management.

Do the findings in your reports speak to management’s objectives in a way that helps them to effectively manage and respond to your findings?

Check out Marks’ post, “Audit reports should be written in the language of the business”, and weigh in on the discussion.