Which part of your SOX program do you want to improve this year? This list of resources will help.

Soup to nuts—or Risk Assessment to Review of Evidence, we are ready to help you make your 2016 Sarbanes Oxley compliance work more efficient than ever! You will notice that we have another post this month that talks about rolling forward last year’s SOX work to create the baseline for your 2016 work. Some of you might not want to repeat last year’s work. Maybe you didn’t use policyIQ last year or you’d like to make improvements on what was done in previous years and take advantage of all that policyIQ has to offer. We have some tips and tools to help you:

chart1

  • Risk Assessment – We previously shared a sample template with you that you might want to implement for 2016. If you already have your Financial Statement Risk Assessment complete, we can help you with your plan to import and tie the results of that assessment to relevant assertions and controls. Capturing the full cycle in one place will not only help your organization to be much more efficient, it will also save time and money when your external auditors are looking to connect.
  • PCAOB’s Auditing Standard No. 5 – Are you looking to make improvements to your process and work more efficiently this year? Check out this visual summary or watch the full recording of the webinar that walks through the application of AS5.
  • chart2Link related compliance elements and utilize various reports to monitor progress, analyze performance, and stay on top of your program. We have lots of ideas about SOX reporting. Check out you online Help manual and this post for some ideas.
  • Automate supporting processes – are you still using Word, Excel, and email to manage your 302 Certifications, Control Self Assessments and Narrative Reviews? One of the most frustrating parts of this work is having to inventory the responses and pester people to get their work done. You can literally perform the setup of these tasks one time and then consider it complete forever after using policyIQ’s Forms functionality to automate the inventory and reminders.
  • consultantsGrant External Auditors access to only that content which you want them to see! Have you done this yet? I recall being scolded by a client who told me that we don’t brag about this benefit enough. He felt that he could have saved a significant amount of time and money over the years and wished he had granted their external auditors access much sooner. It’s really easy to bring them into the fold and show them only what you want them to be able to review. Here’s how.
  • Evidence gathering – If you find that a lot of time is spent by auditors, managers—everyone—rounding up information, perhaps it is time to commit to one main holding place for your evidence. You can even use policyIQ to help automate and monitor the collection of evidence. We have some posts discussing what has been done in the past and we’ll be taking a fresh look at options surrounding the Evidence Collection effort in an upcoming training session—please join us!

E012649We hope that this list of resources is helpful to you or at least has you thinking about things that you’d like to manage more efficiently. We often work with people who feel like they just don’t have time to figure out how to save time! We get it. That’s what we’re here for! If you don’t have time to read posts and play around in policyIQ, but want to realize the benefits sooner than later, reach out to us and we’ll walk you through some simple adjustments that you can make to gain relief and command over your information right away!

2014 Conference GAM-Packed with Great Speakers, Topics, and Connections!

I attended IIA’s 2014 GAM Conference with my colleagues, Les Sussman (Senior Practice Leader of RGP’s Governance, Risk and Compliance Practice) and Susan Miller (Managing Director, Client Service of RGP’s Parsippany office). We took in a lot of great information over the packed three-day conference and want to share some highlights with you in the form of my “Twitter Notes”! (You can check out the IIA’s Recap here.)

Virginia Gambale, Director of JetBlue Airways and Managing Partner of Azimuth Partners, was the keynote speaker addressing the topic of “The Board’s View of Governance and the Important Role of Internal Audit”.

pIQTweet1

Gambale talked of how the priorities of audit have shifted with the changing tides in technology as well as with climate issues and the threat of terrorism. She highlighted that Boards need to shift, too (if they haven’t already), to include members with social media and marketing capability, technology, human capital, finance/accounting background, and industry experience.

pIQTweet2

 

pIQTweet3

For many organizations, an annual audit plan is not appropriate any longer. A key takeaway from the great panel discussion that included principals from Cisco Systems, LinkedIn and Google was to be dynamic and agile in audit planning. Participating on the panel were Thomas Austin, VP, Governance Risk & Control at Cisco Systems; Inder Gulati, Head of Internal Audit at LinkedIn; and Lisa Lee, Director of Internal Audit at Google. Lee followed up with a great quote and apparent mantra at Google:

pIQTweet4

More takeaways from the panel:

pIQTweet5
We heard from the National Association of Corporate Directors’ Peter Gleason on “Engaging with the Audit Committee”:

pIQImage6

pIQImage7
Joel Kramer, Managing Director of the MIS Training Institute, was an engaging speaker with a number of great points and memorable quotes! He reminded the audience of audit professionals to “go after the whales, not the minnows” and urged us to not simply roll forward last year’s controls—“business is changing too dramatically and continuously”. Plan to perform a new risk assessment [at least] annually. Here are a couple more Kramer notes:

pIQImage8

pIQImage9Of course, we appreciate his emphasis as we (RGP) have 70 wholly-owned offices around the world with experienced subject matter experts from a range of disciplines (Human Capital, Finance/Accounting, Risk & Compliance, Supply Chain, Legal, Information Management and other operational expertise in addition to Audit Expertise) that can support and supplement your audit teams. Check out our site for more information: http://www.rgp.com.

Olivia Kirtley, Deputy President of the Board of the International Federation of Accountants, further emphasized the need for audit to focus on people as one of their top priorities:

pIQImage10

And there was certainly a great deal of talk about the role of technology—in generating new challenges for audit professionals, as well as in aiding auditors to be more effective and efficient as they take on evermore responsibility:

pIQImage11

pIQImage12
I engaged in an interesting conversation at one of our breaks and it was clear that there is still some confusion regarding the COSO 2013 Internal Control – Integrated Framework and whether it is necessary (for companies subject to SOX requirements who are using the COSO framework) to demonstrate the presence of all 17 of the Principles called out in the updated framework. Yes. And it was great to hear directly from COSO Chairman, Robert Hirth. Here are some of the takeaways:

pIQImage13

pIQImage14

pIQImage15pIQImage16pIQImage17pIQImage18
I really enjoyed listening to Jeanette Franzel, one of five members who make up the Public Company Accounting Oversight Board (PCAOB).

pIQImage19

Acknowledging the timing of the PCAOB’s Inspection Report which has led firms to require more evidence and documentation alongside the updated COSO Framework, Franzel commented that we are in the…

pIQImage20She discussed the Board’s willingness to visit with companies who have concerns or questions and cited some interesting examples.

pIQImage21

pIQImage22
I wish that I could have cloned myself to attend more sessions at this year’s GAM Conference and to take more notes (share more tweets)! Overall, the conference provided some assurance that RGP and policyIQ are on the right track; providing appropriate guidance regarding audit planning, risk assessments, auditing, Auditing Standard No. 5, subject matter expertise, application of the updated COSO framework to finance and accounting professionals and beyond SOX, and that we have a great solution in policyIQ to pull all of the documentation and processes together to promote more effective and efficient teams and processes.

I sincerely appreciate the great connections made and information gathered! If we didn’t get a chance to connect at GAM or you would like to chat more, please feel free to reach out to me (or to have me put you in touch with someone in your local office)!

sbuehrle@rgp.com, and follow us on Twitter: @policyIQ, @ResourcesGlobal