Improving the SOX Risk Assessment Process

Situation


  • The internal control and audit teams were overwhelmed with the organization and aggregation of risk information and manual updates of presentations that left no time for analysis. They spent significant time mapping elements to scope down to individual controls.
  • The teams wanted to analyze risks more frequently, but they were spending too much time rebuilding the process each year. They lacked a mature and repeatable process.
  • Using outdated tools to collect information for the risk assessment added several weeks to an already time-consuming process.
  • Information was hard to access and difficult to find. If the board asked internal audit a question about assumptions, it could take up to a week to respond with an answer.
  • The teams' risk approach was evolving, and they struggled to make their GRC tool work for them because it was not adapting quickly enough to fit their needs.

Results using Wdesk


Leveraging a flexible framework for a repeatable, efficient risk assessment process

  • Wdesk is flexible and adaptable to any risk assessment or scoping framework and methodology—with no IT involvement.
  • The solution is easy to adjust as business needs or risk environments change throughout the year.

A single source of truth

  • Wdesk provides a single location for all SOX documentation, including risk assessment information, that's linked together to allow for seamless updates of additional documents, like management reports and presentations.
  • The internal control and internal audit teams can access and work in planning documents and other SOX documents simultaneously.

Increased collaboration and efficiency

  • Wdesk facilitates collaboration between internal controls, internal audit, and risk owners by allowing teams to ask for more feedback on risks in a quick and easy manner—informing judgement and improving decisions during the planning period.
  • The collection and aggregation of risk assessments is now automated. The process is streamlined, allowing more input, more frequently.

Increased visibility and control

  • By working with a flexible framework, the internal control and audit teams built a mature and repeatable process. Wdesk will adapt and grow with the company as the teams' process evolves and their risk approach changes.
  • Wdesk provides more visibility into the risk process. By analyzing risks more frequently, the teams are able to ensure they cover their materiality and mitigate risks more efficiently and effectively throughout the year.

Results using Wdesk


Leveraging a flexible framework for a repeatable, efficient risk assessment process

  • Wdesk is flexible and adaptable to any risk assessment or scoping framework and methodology—with no IT involvement.
  • The solution is easy to adjust as business needs or risk environments change throughout the year.

A single source of truth

  • Wdesk provides a single location for all SOX documentation, including risk assessment information, that's linked together to allow for seamless updates of additional documents, like management reports and presentations.
  • The internal control and internal audit teams can access and work in planning documents and other SOX documents simultaneously.

Increased collaboration and efficiency

  • Wdesk facilitates collaboration between internal controls, internal audit, and risk owners by allowing teams to ask for more feedback on risks in a quick and easy manner—informing judgement and improving decisions during the planning period.
  • The collection and aggregation of risk assessments is now automated. The process is streamlined, allowing more input, more frequently.

Increased visibility and control

  • By working with a flexible framework, the internal control and audit teams built a mature and repeatable process. Wdesk will adapt and grow with the company as the teams' process evolves and their risk approach changes.
  • Wdesk provides more visibility into the risk process. By analyzing risks more frequently, the teams are able to ensure they cover their materiality and mitigate risks more efficiently and effectively throughout the year.

Read More