Account Reconciliations, Control Self-Assessments and More – Now Even Easier!

Posted on October 24, 2016 by Chris Burd

With our upcoming release of policyIQ version 7.7, we are rolling out an unexcitingly named feature we refer to as “Form Bundle Imports”. It might not have the flashiest name, but the feature can open new doors for your organization!

Form Bundles and Their Purpose

If you are familiar with forms in policyIQ, you know that you can pull forms together into bundles. Form bundles are really just collections of forms to be issued at the same time, and bundling them together can make it easier to push them out. Form bundles do serve another purpose, though. By creating a form bundle, you are able to add unique default data to each instance of the form that is being issued.

For example, if you issue Account Reconciliation Forms, you may add the account number and account name to the form, so that you ensure that each account is covered in the reconciliations. If you use a form bundle to collect Control Self-Assessments or Control Reviews, you will link each instance to a different Control page, so that each control is covered in the assessment.

Typically, the first set-up of the form bundle can be a bit cumbersome, as you likely either had to set up each individual instance by hand, or perhaps you engaged our support team to import the details for you. After the initial set-up, you probably just copied the form bundle for subsequent periods. Because of the cumbersome nature of the set-up, it is unlikely that you added new, customized data each time.

Now – Let’s Imagine Being Able to Import Detailed Default Data On Demand!

Account Reconciliations is the area where we expect that this import option offers the most dramatic change. Now, a simple import can pull in unique data on the first day of the month – including account name, account number, and current balance!

We also know that the controls that your organization manages do not always stay static. Being able to import based on your current list of in-scope key controls will allow you to more quickly create an accurate and complete Control Review or Control Self-Assessment process. And if you bring on a new entity or acquire a new company? No problem! A quick import will add their controls to the mix.

We’ve also recently talked to clients about automating Evidence Requests, and this import function will make it easy to create forms and push out requests when needed. Simply create your list of evidence required, who is required to provide it, and import. Boom.

Tell Us How You Will Use Form Bundle Imports!

We know that when we release a feature like Form Bundle Imports, we will have clients who will be thinking of new ways to use the feature that never occurred to use before. What do you think? How are you planning to use this new feature?

Contact us with your ideas (or post them below) – or reach out if you have any questions about how to use this feature. Version 7.7 will be coming soon!

Efficiency Throughout the SOX Process

Posted on August 1, 2016 by Chris Burd

In a number of blog posts, we’ve highlighted the ways that policyIQ can be used throughout the entire SOX process – from risk assessments through issue remediation. This past Thursday, July 28^th, we took an hour to walk through the entire process in a CPE webinar to highlight ways to create efficiency at each step.

Did you miss it?

Before we hit the highlights below, we want to point you to the session recording and the slides, both of which are available for download.

The Big Picture

We highlighted a number of big picture advantages of using policyIQ not just for SOX, but for all of your compliance initiatives. We talked about…

Simplicity of rolling out and managing a cloud-based
Advantages of being able to assign security and access
And the efficiency of a single source of information through the entire compliance and audit environment.

A single source means that when you make a change in one place, that change feeds all of the different perspectives on the data.

Efficiency at Every Step

We also dug into the efficiency that can be gained at every step of the process. Just some of those ideas are presented below. We also mentioned additional training available for some steps, and have linked those training sessions.

Risk Assessments
- Tie risk assessments at the 10K line item level to your risks and controls for ease of scoping.
Control Updates & Review
- Allow your control owners to make updates directly in policyIQ as things change, or require regular reviews of control documentation.
Walkthroughs & Testing
- Collaborate early (and often) with external auditors to ensure that your testing is capturing all of the detail expected.
Issue Tracking & Remediation
- Assign remediation plans to owners and use automated reminders to ensure responses are provided.
Conclusions & Reporting
- Utilize flexible reporting capabilities to trace issues back to the vulnerable risks and compensating controls to make a final determination about significant deficiencies or material weaknesses.

We also included the supporting functions that feed the process.

Map to COSO 2013
- Link Entity Level Controls to COSO Principles
Evidence Collection
- Assign evidence requests, utilize automated reminders, and track receipt of documentation
Time & Expense Tracking
- Report on budgeted versus actual hours and cost, and use the data for next year’s planning
SOX 302 (Sub)Certification
- Assign role-specific questionnaires, utilize automated reminders, and report on exceptions

We’re ready to help you build more efficiency into your SOX program. Contact us today and ask to speak with our client service team to walk you through implementing some new ideas! Not yet a policyIQ client? Contact us and ask us for a personalized demonstration!

New Company, New Controls: policyIQ Handled it All

Posted on March 29, 2016 by Travis Whalen

Any quick look around the marketplace reveals that companies big and small are constantly acquired, bought, sold and merged on a constant basis. Many of these public companies then have to figure how how their SOX compliance will be affected, and this can put a ton of stress on the audit teams that bear the responsibility of “making compliance happen”.

Fortunately for companies using policyIQ that have purchased or merged with others, the SOX issue goes from, “Can we make this transition in policyIQ, as well?” to “WOW. That was pretty easy!”

A recent long time policyIQ client acquired a company, and each had their own set of risks and controls. Ultimately, their goal was to combine these two separate entities into one SOX environment, and easily distinguish between SOX work from Company A and Company B.

Our team and product made this easy. To begin, we simply added a single-select field on their controls and risks called “Entity”, with options for Company A or B. By doing so, we created an easily reportable way of sorting content from one company to another. This was conducted by an Import to Update (via an Excel document), meaning that much of the work was easily done in a simple spreadsheet offline. Simple!

All new documentation from Company B was then mass imported into policyIQ a few days later.

Some companies might like this arranged differently, and that makes total sense. We had discussed using additional folders to distinguish the risks and controls from company to company. Advantages? One less field per page, and a more organized folder structure-less content per folder. Disadvantages? There are more folders, and some folks like a really simple structure. A difference in results or reporting? None!

Do you feel like you should partner with a policyIQ expert to work on your SOX work this year? Do you have a couple of ideas you’d like to run by us? Send us an email! Support@policyIQ.com

Sarbanes-Oxley Compliance – Are you taking advantage of all that policyIQ has to offer?

Posted on May 7, 2015 by Chris Burd

Public companies managing their Sarbanes-Oxley compliance program make up the largest section of our policyIQ client base. Over the past few years, we have added a number of new features and pricing options that make it easier than ever to utilize policyIQ for everything from scoping and planning to issue reporting and communications.

If you aren’t utilizing policyIQ from the risk assessment to remediation, contact us today and let us show you how easy (and inexpensive!) it can be to extend your implementation to capture all aspects of the process.

soxprocess

Risk Assessment

Starting at the top, evaluate your financial statement line items and determine what is in scope for the coming year.

Calculate a risk score based on predetermined factors
Quickly move processes and controls in or out of scope based on risk assessments

Control Reviews and Documentation Updates

Documenting your controls is not a one-time task. policyIQ’s electronic forms or the distribution of pages makes it easy for you to distribute control documentation to your control owners, and capture any changes or adjustments.

Low cost and simple tracking of electronic forms makes it easy to capture updates
Full audit trail of changes, with user, date and time stamps, and approval workflow allows an organization to distribute the work efficiently and safely

Links to COSO Framework

In 2013, a new COSO Framework was released and compliance with the framework is a key part of SOX compliance.

Easily import the framework to policyIQ and link controls to COSO Principles
One-click reporting to prove compliance with the framework, from COSO Principle to audit testing results

Evidence Collection

Much time can be spent by auditors collecting evidence and reports that are required for their testing. policyIQ can make that process much simpler.

Low cost and simple tracking of electronic forms to track all requests for audit evidence, with automated follow-up emails for any non-responses
Audit trails of requests and a central place for all files means fewer lost requests

Audit Testing

Create your test plans in policyIQ, link to existing SOX controls, and easily bring testing in or out of scope for the year based on risk assessment results.

Simple ad-hoc and standard reporting on testing progress and results
All evidence uploaded into policyIQ and accessible from test pages
Annual roll forward process that is ready to go within minutes

Issue Tracking and Remediation

In a perfect world, your audit testing reveals a perfectly designed and perfectly operating control environment. But perfection is hard to come by.

Document any issue and link it to the audit test or control from which it was identified
Assign remediation plans, utilize policyIQ communication alerts, and take advantage of simple real-time reporting for updated issue status

Audit / Project Time & Expense Tracking

Internal audit teams have limited resources and need to track time and expenses so that they can most effectively use those resources in high risk areas.

Build audit projects and assign resources
Allow auditors to enter time and expenses directly from audit test documentation, with simple reporting to track budgeted versus actual hours and costs

302 Certification Processes

While the Sarbanes Oxley Act section 302 only specifies that the CEO and CFO must sign and take responsibility for the control environment, most executives require a sub-certification process to go out to management level employees across the company.

Create consistent certification forms and distribute to employees at multiple levels
Automated emails follow-up on non-responses, while administrators can quickly report on any exceptions

policyIQ can help you to manage it all in a single place, with audit trails and reporting at every step of the process. If you use policyIQ for your Sarbanes-Oxley compliance program and you aren’t doing all of the above in the tool yet, contact us right away and let us help you to plan for expansion. In many cases, you will be able to expand at no cost – or very low costs.

And if you aren’t using policyIQ at all yet – please reach out today! We would love to help you to better manage your SOX compliance.

Save Time with Automated, Customized Form Reminder Emails

Posted on January 27, 2014 by Chris Burd

Over the years, we’ve received many requests from clients to be able to customize more of the automated email messages that policyIQ has available. We’ve been working to make this possible in many areas of the product, and in version 7.2, we’ve added the ability to customize an automated, recurring reminder email on form bundles – with HMTL formatting and a recurring schedule!

That’s a lot to take in, so let’s break it down.

Automated Form Bundle Reminders

Let’s say you issue annual policy sign-offs in policyIQ. (This examples works just as well with quarterly 302 certifications, monthly account reconciliations, or quarterly control self-assessments.) Once the forms are issued, your job as the administrator of the process has just started. Now you need to check on those forms regularly to see who hasn’t responded, and send out a reminder email.

Or do you?

With policyIQ version 7.2, you can set up a reminder email to go out automatically. You create the email message when you issue the form bundle, and it does the rest.

Set your Recurring Schedule

Not only can you set up the reminder email to be sent automatically, but YOU set the schedule on which it recurs. Do you want it to go out weekly? Every two weeks? Is Monday the best day to send it? Thursday? Should it go out every single day until the response is received? You decide with a simple selection of recurring schedule and day(s) of the week.

But wait – there’s more!

HTML Formatting for a More Powerful Message

One reason many organizations choose to send emails from their local email client instead of policyIQ has been because of the bland nature of the plain text email. Now you can format your message using HTML Formatting (just like you see in the Rich Text (HTML) Fields) – and help set the tone for the urgency of the message.

Change the Message or the Timing as Needed

Even better? You can change the message or the timing of the message at any time.

So Let’s Recap:

Automated emails so that you don’t have to babysit your form bundle responses
Set up on the recurring schedule that works best for your organization and your process
HTML formatted messages to make sure that the message hits home with the audience.
Flexibility to change the message or the timing as needed!

If you have form bundles being issued in policyIQ, you are going to want to check this out right away. Go to Form Management –> Form Templates –> [CATEGORY] –> Form Bundles. You’ll see these options on the “Edit Form Bundle” window when you choose to edit the properties.

If you have any questions, don’t hesitate to contact us. We look forward to learning more about how you are using the automated form bundle reminders.

Have you adopted the new COSO Framework?

Posted on September 17, 2013 by Stephenie Buehrle

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released their updated framework for assessing and reporting on the design and operating effectiveness of internal controls in May of this year. Have you adopted COSO’s new framework and adapted your policyIQ structure to accommodate it? The original integrated framework published by COSO and followed by the majority of public companies subject to the Sarbanes-Oxley Act was released in 1992. The foundation and guidance of the 1992 framework is considered valid and will continue to be made available until the committee (COSO) officially replaces it on December 15, 2014.

So, the clock is ticking.

RGP has helped a number of clients to adopt the new COSO framework and to use our in-house GRC application, policyIQ, to manage the documentation and processes associated with compliance. The process starts with seventeen principles that were introduced with the original framework, but were only highlighted and explicitly called out this year with the release of the new framework. Refer to COSO’s 2013 Internal Control—Integrated Framework for a detailed list and explanation of the seventeen principles.

Plan to transition – we can guide you

Our professional consultants can certainly help you with methodology including the assessment and development (or verification) of controls, as well as testing to ensure that the principles are met. Here are some simple steps you can take to plainly demonstrate consideration and alignment with the seventeen principles within policyIQ:

1. We recommend establishing an independent template for capturing them in your policyIQ site.

2. You may also wish to establish a separate Folder structure to easily trace each principle and related controls back to their associated COSO component.

Combining these steps with your ability to link related controls, tests and deficiencies will allow you to build reports illustrating those relationships and to present a complete picture of where you are meeting and, perhaps more importantly, where you are deficient in meeting the COSO principles.

Take 15 minutes today to set up your site—we can help!

If you have any questions or would like some help with implementation of the new COSO integrated framework or with documentation, reach out to us and we’ll put you in touch with the appropriate contact.

policyIQ Blog

Tag Archives: Sarbanes-Oxley