5 Steps to a More Efficient Internal Control Environment

Is your team overwhelmed with activities that feel unnecessary?

How confident are you that the energy spent on testing is focused on the necessary controls?

Leverage policyIQ to systematically focus on the critical controls for management and testing. More efficiently analyze which Financial Statement Assertions, relative to each of your 10K line items, are adequately controlled, which are left vulnerable and which of your relevant assertions is over-controlled! See, plainly, the gaps in your coverage and leverage the evidence to justify the reduction of waste, and plan to concentrate effort on work that matters.

This process really starts with your risk assessment. If you have not leveraged policyIQ to bring automation and reliability to your risk assessment process and want to walk through the policyIQ solution (including the just-released feature that makes cumulative risk calculations possible), reach out to schedule a free working meeting with us! After completing your risk assessment, identifying significant accounts and relevant assertions, and determining which of your processes and objectives are in scope (all steps that can be managed in policyIQ), you can begin the process of rationalizing your controls.

Next, leverage policyIQ to move through these five Control Rationalization steps:

Each step is made more efficient with policyIQ. We can support you to customize templates for the attributes that are critical and unique to your organization. The import, linking, calculations, workflow, and reporting features will allow you to more quickly examine the effectiveness and priority of your procedures. Having confidence in your Control Rationalization process and your internal control environment then allows you to come full circle to look at the bank of risks that you previously identified. You might conclude that some process risks that have consumed time and attention for years are actually not in scope. This Control Rationalization process will help you to be more effective and more efficient through each testing cycle.

Would you like to see sample templates and schedule a working meeting to get the ball rolling? Contact us and reap the benefits by your next testing cycle!

Who wants to avoid redundant effort and rework?

RGP consultant, Jason Chiang, recently wrote:

Jason Chiang
Expert in risk management and audit

“A narrative provides mid-level detail of the transactions and internal controls within a business process and includes who, how frequent, and in what location the transactions and controls are being performed…

…Narratives should be updated as changes are implemented in the organization. The updates should follow a workflow where there is a review process for significant changes.”

For many clients, automating the process of updating compliance documentation is a critical but often overlooked part of their practices. Each year, various aspects of controls may change, such as steps of the control procedure, the control description, or control ownership.  As these critical bits of information are updated, it is important, as Mr. Chiang stated, that the associated narrative pages are also updated to reflect the latest information.

Who wants to avoid redundant effort and rework?!

If you haven’t already implemented policyIQ or you have policyIQ and you haven’t taken advantage of this feature, this is a good time to tune in and make a note: policyIQ has a “linked field” option that allows you to update control language (or other documentation) in one place and present the updated language in related documents—here’s the key: without redundant effort or rework!

Displaying all related Controls in the Narrative is probably the most common request, but you can also display Risk language in Controls, Control language in Tests, and the contract review conclusions in a management summary page, among a seemingly infinite number of options! No more hunting down related documents to make small tweaks–it’s already done!

To learn more about how reduce redundant effort and rework, contact our team at Support@policyIQ.com.

Recap Session: Efficiently Transition to the 2013 COSO Internal Control – Integrated Framework Using policyIQ

The policyIQ Team was recently joined by Senior Practice Director of RGP’s Governance Risk & Compliance (GRC) practice, Les Sussman, to discuss how the updated COSO framework will impact companies and, specifically, policyIQ clients or prospects. Mr. Sussman recaptured the highlights from a recent webinar that he co-presented with RGP’s Global Managing Director of the Finance & Accounting practice, Shauna Watson. Their session, “Effective Transition to the 2013 COSO Framework and SOX Compliance”, drew more than a thousand registrants and received great reviews for addressing considerations that have not been discussed in other COSO-related sessions.

With a diverse audience of current policyIQ users and many participants who are not currently using policyIQ, we took time to introduce some highlights of policyIQ, including these:

  • Web-based, accessible from any major browser
  • Flexible and customizable with an easy to use interface
  • A tool for management of workflow, analysis and roll-up reporting
  • Top security from the host, through the pipeline, to end users and specific content
  • Version control, pages can be mapped to multiple relevant access points (folders)
  • Mature audit trail with both version and change history
  • Features for uploading appropriate evidence and linking to relevant content
  • Reporting capability to expedite gap/redundancy analysis, oversight and roll-up reporting

In our session, we demonstrated how easily and quickly we amended our policyIQ configuration to accommodate the updated 2013 COSO Internal Control – Integrated Framework: We added a Folder structure for capturing the COSO Principles by COSO Component and a Page Template with a Short Text Field for capturing each COSO Principle in its own Page.

After populating policyIQ with the COSO Principles (using an import process), RGP recommends following both a top-down (Principle–Control or Principle–Points of Focus–Control) and a bottom-up (Control–Points of Focus–Principle or Control–Principle) approach. The combination of approaches will help to ensure that all Principles are adequately addressed (which is a requirement, if you choose to use the COSO Framework) as well as help with your control rationalization process.

Blog_image_Report_Gaps

We discussed how policyIQ reports can make quick work of mapping, gap analysis, control rationalization and reporting to the Audit Committee and External Auditors.

If you haven’t already, check out the presentation for yourself! The presentation slides are available via the Attachments/Links tab in our related policyIQ Help page here. To review the session or share it with a colleague, click this link to access a recording of the 60 minute webinar.

Do you have questions about implementing the 2013 COSO Internal Control – Integrated Framework? Have you begun the mapping process and taken advantage of policyIQ to make your analysis more effective and efficient? Reach out to us with any questions that you have and we’ll help to connect you with the most appropriate contact that can get you headed in the right direction!