Who wants to avoid redundant effort and rework?

RGP consultant, Jason Chiang, recently wrote:

Jason Chiang
Expert in risk management and audit

“A narrative provides mid-level detail of the transactions and internal controls within a business process and includes who, how frequent, and in what location the transactions and controls are being performed…

…Narratives should be updated as changes are implemented in the organization. The updates should follow a workflow where there is a review process for significant changes.”

For many clients, automating the process of updating compliance documentation is a critical but often overlooked part of their practices. Each year, various aspects of controls may change, such as steps of the control procedure, the control description, or control ownership.  As these critical bits of information are updated, it is important, as Mr. Chiang stated, that the associated narrative pages are also updated to reflect the latest information.

Who wants to avoid redundant effort and rework?!

If you haven’t already implemented policyIQ or you have policyIQ and you haven’t taken advantage of this feature, this is a good time to tune in and make a note: policyIQ has a “linked field” option that allows you to update control language (or other documentation) in one place and present the updated language in related documents—here’s the key: without redundant effort or rework!

Displaying all related Controls in the Narrative is probably the most common request, but you can also display Risk language in Controls, Control language in Tests, and the contract review conclusions in a management summary page, among a seemingly infinite number of options! No more hunting down related documents to make small tweaks–it’s already done!

To learn more about how reduce redundant effort and rework, contact our team at Support@policyIQ.com.

Recap Session: Efficiently Transition to the 2013 COSO Internal Control – Integrated Framework Using policyIQ

The policyIQ Team was recently joined by Senior Practice Director of RGP’s Governance Risk & Compliance (GRC) practice, Les Sussman, to discuss how the updated COSO framework will impact companies and, specifically, policyIQ clients or prospects. Mr. Sussman recaptured the highlights from a recent webinar that he co-presented with RGP’s Global Managing Director of the Finance & Accounting practice, Shauna Watson. Their session, “Effective Transition to the 2013 COSO Framework and SOX Compliance”, drew more than a thousand registrants and received great reviews for addressing considerations that have not been discussed in other COSO-related sessions.

With a diverse audience of current policyIQ users and many participants who are not currently using policyIQ, we took time to introduce some highlights of policyIQ, including these:

  • Web-based, accessible from any major browser
  • Flexible and customizable with an easy to use interface
  • A tool for management of workflow, analysis and roll-up reporting
  • Top security from the host, through the pipeline, to end users and specific content
  • Version control, pages can be mapped to multiple relevant access points (folders)
  • Mature audit trail with both version and change history
  • Features for uploading appropriate evidence and linking to relevant content
  • Reporting capability to expedite gap/redundancy analysis, oversight and roll-up reporting

In our session, we demonstrated how easily and quickly we amended our policyIQ configuration to accommodate the updated 2013 COSO Internal Control – Integrated Framework: We added a Folder structure for capturing the COSO Principles by COSO Component and a Page Template with a Short Text Field for capturing each COSO Principle in its own Page.

After populating policyIQ with the COSO Principles (using an import process), RGP recommends following both a top-down (Principle–Control or Principle–Points of Focus–Control) and a bottom-up (Control–Points of Focus–Principle or Control–Principle) approach. The combination of approaches will help to ensure that all Principles are adequately addressed (which is a requirement, if you choose to use the COSO Framework) as well as help with your control rationalization process.

Blog_image_Report_Gaps

We discussed how policyIQ reports can make quick work of mapping, gap analysis, control rationalization and reporting to the Audit Committee and External Auditors.

If you haven’t already, check out the presentation for yourself! The presentation slides are available via the Attachments/Links tab in our related policyIQ Help page here. To review the session or share it with a colleague, click this link to access a recording of the 60 minute webinar.

Do you have questions about implementing the 2013 COSO Internal Control – Integrated Framework? Have you begun the mapping process and taken advantage of policyIQ to make your analysis more effective and efficient? Reach out to us with any questions that you have and we’ll help to connect you with the most appropriate contact that can get you headed in the right direction!