Each of the primary groups impacted by SOX—Management, Public Accountants and Internal Auditors—has more clearly defined what role they play in the overall process, and this definition has been carefully and thoughtfully refined over time. And while we have reached a much more structured and stable point in the SOX lifecycle, it’s never a bad idea to revisit and refresh our understanding of why this structure works. A big reason why we find ourselves in this more predictable state is that all involved parties have a much better understanding of their specific role in the process.
Is there ever a slow week in compliance-related news? Not that we can remember. It’s tough to keep up with the latest developments in legal and regulatory requirements, evolving industry standards and internal best practices for compliance professionals. Onspring is here to help. We’ve gathered articles, opinions and insights that will bring you up to speed.
I believe you’d be surprised at the number of organizations that do not have a fully structured approach to evaluating the effectiveness of their system of controls. Whether their approach is not formally defined and communicated, inconsistently applied and/or inefficiently managed and monitored, they are at risk of not fully understanding whether their controls are meeting their stated objectives or worse, being completely caught off guard by a critical control failure that could lead to much more serious issues. To that end, we offer the following considerations as you evaluate the effectiveness of your control testing program.
While the concept of reporting seems to be pretty straightforward, the term “report” can have a variety of meanings, so I’m always careful to validate my understanding so I don’t veer off in some unwanted direction. After all, reporting capabilities often represents the organization’s A-1 deal breaker requirement.
Organizations stand to benefit from building a standardized control library. Even the simplest data points you capture can become part of a very compelling story about how well (or poorly) your organization is meeting its objectives. And organizing this library in a systematic and structured way allows you to keep that critical knowledge at your fingertips and answer compelling questions at a moment’s notice.
Common supports remain in place, even as regulations and best practices evolve. Remember this as you stand at the metaphorical “ice cream counter of compliance.” The sheer variety and complexity of requirements can be overwhelming, but the core people, processes and technologies you engage to understand and address those requirements remains largely the same.
If you were old enough to ride a 10-speed or file taxes in the 80s, you probably have fond memories of mixtapes—a collection of favorite songs on a well-worn cassette that you listened to over…and over…and over again. We’re a long way from mixtapes in 2017, but the concept holds true: sometimes the good stuff just keeps getting better. As the year draws to a close, the Onspring team would like to offer our own mixtape of sorts: a collection of our most popular blog posts from 2017. We invite you to sit back, “press play” and enjoy these stories again (…and again…and again).
With each release, I make time to analyze the key features and perform updates across our full suite of Internal Audit, Risk Management and Compliance solutions. As I do this, I’ll be sharing my thoughts, ideas and insights here on the blog, if only to help spark ideas for our clients on how they, too, can use Onspring to the fullest.
In most of our conversations, we’re hearing that there is some kind of system in place, but it’s not adequate. Ranging from Excel, Sharepoint, point solutions or older deployments of other technologies, we’ve been hearing over and over “it’s difficult to keep up,” “everyone manages their information in their own ways,” and “we really struggle to pull everything together for the reports we want.”
When it comes to regulations, industry standards and supporting controls, the only constant is change. Most organization have smart people and defined processes for managing change, but tracking the changes themselves—knowing what they are and how they impact the business—can be a massive headache.
We’re pleased to announce that Onspring has teamed up with Unified Compliance to help companies stay up to date with rapid regulatory changes. Using our dynamic Data Connector, we’ve made it push-button easy to update controls and authority documents from the UCF Common Controls Hub™ within our flexible Controls & Compliance solution. Join us for a webinar on Tuesday, September 19 for all the details!
During the first two weeks of March, I was fortunate enough to represent Onspring as an exhibitor at two excellent industry conferences: RSA Conference in San Francisco and the Institute of Internal Auditors General Audit Management Conference in Dallas. Both conferences afforded us a great opportunity to raise awareness about the Onspring platform and solutions, as well as our company’s philosophy of solving problems by providing high quality solutions and services.