Removing the CFO's Burden on Sarbanes-Oxley Certifications
In order to have consistency across controls and processes, the SOX team created a control ID numbering system. This system allowed the team to quickly identify the process and control in question. The banking institution has 14 process narratives and processes.
Process owners made manual updates to process narratives, and then the SOX team made those same updates to risk control matrices, attribute testing, work papers, and audit documentation. This caused version control issues and discrepancies as the team sorted out who needed to review what and when those reviews were complete.
An extremely manual certification process forced SOX team members to walk around the office to get signatures for sign-off on documentation from 25 to 30 people. When the CFO needed to sign off on a certification while traveling, the team had to email a PDF copy, and the CFO had to print, sign, and fax it back. This manual process caused many missed deadlines and headaches while the team tracked process completion.
During review, the CFO and the SOX team had to manually access 14 different workbooks on a shared drive because there was no central location for control and testing information.
Due to discrepancies and version control issues, the SOX team was required to manually prepare status updates when asked by the vice president.
Why Wdesk works for the SOX team
The SOX team worked with its Customer Success Manager (CSM) to build out documents, link data, and receive best practices on data and document structure. Wdesk was implemented in 5 weeks.
After a 30-minute training session with its CSM, the team was comfortable with Wdesk. It scheduled an additional 2-hour training session for its less technology savvy executives.
The bank uses process narratives as a single source of truth, so process owners can monitor their documents. When an update is made in the process narratives, it automatically flows through to the risk control matrix, attribute testing, work papers, and audit documentation—eliminating the need for the SOX team to make those changes.
Advanced permissions allows the SOX team to easily and efficiently assign accessibility to individual process owners. Process owners then review, update, and certify the information in their process narratives.
Color-coded labels are used as status indicators in each section of a document, so the SOX team knows what sections need reviewed, are currently in review, or if the review has been completed.
The team leverages dashboards to collect and show data to the audit committee on a quarterly basis. These items focus on generalizations of status expectations and deadlines.
The audit trail and blackline capabilities of Wdesk are useful when the team needs to get to the bottom of any issues—seeing exactly who made changes, when, and where.
With Wdesk, SOX documentation, testing, and certification processes are much more efficient and accurate.
The SOX team can see the status of certifications in real time with automatic reminders for process owners to certify by the designated due date. Once a certification is complete, a milestone is created. It's attached to a second certification, so process owners can approve and certify that the documentation is correct.
With the time saved updating documentation with linking, the SOX team is able to spend more time on value-added tasks, looking at issues, and figuring out how to fix them.
The vice president now has full transparency into the SOX process by having a central location to see progress—from the status of control documentation, testing status and deficiencies, to who has outstanding certifications.