Flexible Risk Assessment Frameworks with World-class Subject Matter Expertise

When deploying a technology platform for any GRC process, many questions are considered during the procurement process.

“How long will this take to get up and running?”

“Is it customizable?”

“Is this software affordable – and what if we choose to expand the scope of our deployment?”

Within the scope of GRC, policyIQ can be used to implement nearly any type of risk assessment – and can be done quickly (with custom tailored content), all at an affordable price.  It’s a system that grows as you grow.  But as you likely know, risk assessments are an area that has a seemingly infinite number of options on how to get from A to Z.  Fraud Risk?  Financial Risk?  Third Party Risk?  And the various methodologies to achieve each can be staggering.  

Can I implement my own methodology, or am I forced to use the software’s built-in items?

You’d be surprised to find that for many software platforms, the response to this doesn’t always yield positive answers.  One of the benefits of utilizing policyIQ is that the keys are in your hand for making this decision.  We have clients from all corners of the globe that choose to use their own methodologies when leveraging our software – and are able to do so with excellent results.  Likewise, many organizations have sought subject matter expertise, looking for a proven methodology and guidance to help them get the ball rolling. 

Regardless of the approach, policyIQ’s flexible platform is fine-tuned by the client to become the go-to place for establishing a consistent and reliable risk assessment environment, year after year.

Learn more about RGP’s professional services, or have a look at policyIQ’s solutions for GRC initiatives.

The message is clear: “Focus on Fraud”

Public companies subject to Sarbanes Oxley (SOX) requirements with a calendar year-end are wrapping up their projects to transition to the 2013 COSO Framework. Among the seventeen Principles formalized in the 2013 framework is Principle 8, which states, “The organization considers the potential for fraud in assessing risks to the achievement of objectives.”

Track Fraud Mitigating Controls

One step that many policyIQ clients are taking to demonstrate evidence that they have adequately addressed this principle is to “flag” their controls that are fraud mitigating. If you do not already have one, we recommend adding a field to your Control template in policyIQ to track whether a Control is fraud mitigating. This allows you to easily report on all Controls where the answer is yes and to relate those Controls to Principle 8 (unless you are linking to Points of Focus, in which case you will link each of the Controls to the most appropriate of the four Points of Focus related to Principle 8).

Address Revenue Recognition Fraud

In addition to feeling greater pressure in the last couple of years from the Public Company Accounting Oversight Board (PCAOB) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO), most companies will also be affected by the new Revenue Recognition Standard.  The new standard is the result of a joint effort by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) that aims to improve upon and to address inconsistencies between the previously held International Financial Reporting Standards (IFRS) and US Generally Accepted Accounting Principles (GAAP). No doubt, some of the most notorious cases of corporate fraud have been directly related to revenue recognition fraud.

Complying with the new standard is a big undertaking for companies. We have written on our blog about the application of policyIQ to better monitor your contracts and agreements and the work that RGP has done to prepare a deep pool of Revenue Recognition subject matter experts around the country to walk alongside accounting professionals and help them to close gaps in their practices. Here, also, is a link to access the recording of RGP’s recent webcast: The New Revenue Recognition Standard Webcast Series (Part 2): How to Begin Implementing the New Standard.

Formally Assess the Risk of Fraud

Additionally, many companies are finally formalizing their fraud programs by instituting a dedicated Fraud Risk Assessment, documenting mitigating controls, identifying gaps, and filling gaps, and so on. Whether using your methodology and questionnaires or RGP’s, we can help you to manage the process more efficiently in policyIQ.

Fraud Risk Assessment Sample

Using policyIQ, it is simple to capture and deploy your fraud questionnaire(s) to the relevant employees, inventory responses and analyze results. Similar to other compliance work in policyIQ, you can link your capabilities or controls to any Fraud Risks that were identified and use policyIQ reporting to easily highlight any gaps in coverage.

Interested in bringing automation to your program or need a subject matter expert to help you develop your Fraud Prevention Program? Reach out to us and we’ll put you in touch with the right person in your area.

 

Message to Audit Execs: People, Talent, Subject Matter Expertise are Critical to Your Success

Via the Institute of Internal Auditors (IIA), we’ve heard this spring from Victoria Gambale, Olivia Kirtley, Joel Kramer and many others that people, talent, and subject matter expertise are critical to your success. At any point in time we will likely find ourselves shy on expertise in a particular area. Kramer stated that “no organization has all of the competencies that they need” and that organizations “cannot be world class without a co-sourcing relationship”. Others have emphasized the value of having both institutional knowledge and rotation of staff with “fresh eyes”.

Speakers and the General Audit Management Conference emphasized that it should be a standard step in the planning process of any audit team to consider the co-sourcing relationship and your assessment of the subject matter expertise that your team is lacking from the beginning of your planning process. More than just filling the competency gaps on your audit team, SMEs can also be contracted to shore up the education and training of your staff.

This is among the differentiating characteristics of RGP consultant professionals—with an average of 18 years of experience, we are prepared to provide a new perspective while walking alongside your team and sharing proven expertise (rather than sending recent college grads with a checklist). Our culture and model of creating strong partnerships that transcend into trusted relationships is what has attracted 75% of the Fortune 500 to call on us and 100% of our top 50 clients to remain committed to those partnerships over many years. Global Footprint

With more than 70 wholly-owned offices world-wide, we are able to better ensure consistency of our model and culture, unlike many firms who employ affiliates. This allows our global firm to have a “local feel”—the quality of our work, ability to meet client goals, and building long lasting, valuable relationships becomes the personal mission of our staff in any of our locations.

PracticeAreasM

In addition to supporting our clients with direct audit support, we can also provide subject matter expertise from any of our six practice areas to work with your auditors. An SME from our Human Capital practice can partner with your auditor on an audit of your ERP system, for example.

We’d love to chat with you over a cup of coffee and begin the conversation and relationship. Reach out to us and we’ll get something scheduled!

 

Track Subject Matter Experts (Auditors, and the like) in policyIQ

Are you managing a number of auditors and working to track all of your resources so that you can more efficiently assign tests to the appropriate tester? What tool are you using to keep track of your auditors? Generally speaking, I look for opportunities to move the work that I’m tracking in the two dimensional world of Excel, Word or Email into a database like policyIQ. By moving this content into the database, I can not only easily report on all auditors that fit a certain criteria or profile, but I can also see whether I have them fully utilized and when they will become available.

Remember that you can customize Templates, Fields, Folders, Groups and so on in policyIQ and you can link pages to one another. One way that a client has used this flexibility to their advantage is by creating a “Subject Matter Expert” Template with fields that allow them to track the areas of expertise that their auditors have, as well as other fields that help them to know when the appropriate resources will be available. Here is a sample of a Page Template for tracking your Subject Matter Experts in policyIQ:

SME

Remember that all of the fields are customizable—you can amend any of the fields that you see, add additional choices, change the type of field, rearrange, and so on.

Your SME pages can be linked to test pages as each SME is assigned. This will allow you to run a report on tests with associated SMEs (Detail Link Report) so that you can visually see who is deployed.

Another method that our clients have employed is the addition of Hours Budgeted and Actual Hours fields directly on the Test pages. The combination of these Templates and Fields can help the administrators of the audit process to better oversee and manage resources while in the thick of testing and can help with budgeting and managing costs.

Have you taken advantage of the flexibility of policyIQ in a related way? What suggestions would you share with other users on how to better track resources or other key attributes? Let us know in “Comments” or email the policyIQ team directly—we’ll spread the word!