Is there ever a slow week in compliance-related news? Not that we can remember. It’s tough to keep up with the latest developments in legal and regulatory requirements, evolving industry standards and internal best practices for compliance professionals. Onspring is here to help. We’ve gathered articles, opinions and insights that will bring you up to speed.
Whether it’s an audit recommendation, a failed control test, an incident report or a third-party weakness, the risk of the “vanishing issue” is real. To get to the root of the problem, it’s important to understand why an issue may get lost.
Just because something involves less monetary expense does not mean it’s higher in value. Yet this is a common stumbling block for business teams that are moving to an automated tool from a manual process or outdated software. Excel is low-cost, that is true, but how long does it take to maintain your spreadsheets?
You may not be sweating over a pile of wood shavings, but perhaps you’re struggling with piles of paperwork, dated systems, unruly spreadsheets and other challenges that hold you back from doing your best work. Onspring is here to help with the right tool for the job.
I believe you’d be surprised at the number of organizations that do not have a fully structured approach to evaluating the effectiveness of their system of controls. Whether their approach is not formally defined and communicated, inconsistently applied and/or inefficiently managed and monitored, they are at risk of not fully understanding whether their controls are meeting their stated objectives or worse, being completely caught off guard by a critical control failure that could lead to much more serious issues. To that end, we offer the following considerations as you evaluate the effectiveness of your control testing program.
We’ve probably all had similar experiences. We’ve gone off in search of information, only to be confronted with too much data in a difficult format, not personalized to our needs. But here’s the good news: dashboard technologies like Onspring are designed to solve this very problem. In a nutshell, dashboards help to make the complex understandable, the details digestible. But before we get carried away with dashboards, remember that they can seriously miss the mark if we don’t consider their purpose, audience and content.
Turn the pages of any Internal Audit publication, and you’ll see a prevalent theme: the role of technology in the IA profession of the future. Auditors are handling more (and more complex) data than ever before, and technology plays a crucial role in transforming this data into actionable intelligence. Internal Audit Insights, a publication of the MIS Training Institute (MISTI) recently interviewed our own Jason Rohlf, VP of Solutions at Onspring, about the evolving role of technology in the Internal Audit profession.
One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.
It’s time for your 15-minute fix of ideas and insights from the world of internal audit. Explore our curated selection of articles from the Institute of Internal Auditors and other trusted sources.
While the concept of reporting seems to be pretty straightforward, the term “report” can have a variety of meanings, so I’m always careful to validate my understanding so I don’t veer off in some unwanted direction. After all, reporting capabilities often represents the organization’s A-1 deal breaker requirement.
The European Union General Data Protection Regulation (GDPR) was enacted on April 27, 2016, and goes into effect May 25, 2018. The GDPR impacts organizations that are based in the EU and control or process personal data for EU/EEA individuals (i.e., “data subjects”) OR are based outside the EU but control or process personal data for EU/EEA individuals. Onspring is based in the United States. However, our clients include organizations that are either based in the EU/EEA or have users who reside in the EU/EEA. For these organizations, we are providing these FAQs to help you better understand how the GDPR impacts Onspring and you.
If you’re tired of working with vendors who insert “gotchas” in the sales and contracting process, you’re not alone. Onspring’s finance guru, Deena Stevens, shares strategies for avoiding such surprises.