optimizing sox compliance through wdeskimplementation › wp-content › uploads › 2018 ›...
TRANSCRIPT
Optimizing SOX Compliance Through Wdesk ImplementationDallas IIA Super Conference
October 22, 2018
• Introductions• Overview• Background• Implementation Challenges • After Year 1 Implementation• Benefits • Key Take-Aways• Q & A
2
AGENDA
Introductions and Overview1
Robin StephensonVP Internal Audit,
Tribune Publishing Company
Erika MartinezManager, Advisory Services,
KPMG LLP
Optimizing SOX Compliance through Wdesk Implementation
Objective of today’s session is
to share lessons learned and
benefits obtained from
implementing the cloud-based
SOX compliance tool, Wdesk
®2018 Tribune Publishing Company 4
Overview
Background2
6
Prior to implementing Wdesk:• SOX tool - Excel based templates• Sharepoint site for storing some
documentation but not all• Home built repository for storing
some SOX evidence
~ 300 SOX business process controlsMultiple systems/ applications
Challenges included:• Acquisitions, organizational changes/ restructuring
• Changes in control owners, new controls, new systems• Multiple stakeholders
• Corporate Compliance group, Internal Audit, External Audit• Tracking evidence requests
Optimizing SOX Compliance Through Wdesk Implementation – Background
Implementation Challenges3
8
Optimizing SOX Compliance Through Wdesk Implementation – Implementation Challenges
Implementation Challenges Resolution
Not having a dedicated project manager (vendor or tronc)
Took over responsibility, dedicated project manager, regular mtgs with vendor
SOX evidence repository – separate build
Specifically noted in contract, monitored closely
Readiness / go-live – data loaded, basic system set-up vs ready to use
Adjusted timeline, Regular touch pts/ mtgs including in-person mtgs
Customizing walkthrough templates and test plans
Specifically requested a separate hands-on demo, regular follow up mtgs to answer questions
9
Optimizing SOX Compliance Through Wdesk Implementation – Implementation Challenges
Implementation Challenges Resolution
Building tables for reporting, charts and Dashboard – understanding how to build, how data flows
Specifically requested a separate hands-on demo, regular follow up mtgs to answer questions
Technical issues (pages freezing, slow load time, other issues)
Regular touch pts/ mtgs, including in-person mtgs, with detailed list of questions. Developed issues log for tracking issues & resolution
Original training was limited (generic, high level, technical how to’s), not a detailed program user manual
Developed our own user manual, providing more education on how the data flows, impact on dashboards, etc
Permissioning/ User Access –understanding roles (admin, manager, tester, control owner). Customizing for restricted external auditor access
Regular discussions and testing of access
After Year 1 Implementation4
11
Optimizing SOX Compliance Through Wdesk Implementation – After Year 1 Implementation
Refining processes
Integrating reporting by other users
• Compliance and issues management reporting
• Control owner certifications
Policies and procedures
• On boarding• Control guidance
documents
Refining existing reporting
• Audit committee slides
• Controls status by tester
12
Optimizing SOX Compliance Through Wdesk Implementation – After Year 1 Implementation
After Year 1 Challenges Resolution
Change log not user friendly Review change log on weekly basis and perform back-end reconciliation periodically of latest Risk & Control Matrix (RCM) to Walkthrough templates
Inability to lock down control description of completed tests – (live feed from RCM)
Review Change logs, recon noted above – add note to test plan (original control wording vs new). If minor change, no further steps. If major change, will need to re-open test plan and re-test.
Post go-live, Upgrades, lack of notification
Requested to be added to notification list (not done automatically)
Benefits5
14
Optimizing SOX Compliance Through Wdesk Implementation – Benefits
• On demand reporting - Live data- Dashboard, Leadership/Audit Committee slides
- Screenshot 1- Outstanding PBC/ evidence requests
- Screenshot 2- Status of control testing
- By stage of completion; By due date, by tester, by reviewer- Screenshot 3, Screenshot 4
• Program management- Tasks by user
- Screenshot 5• Year end control owner inquiry/ certification process
- Screenshot 6
• Access to documentation- Control owner, management- Internal Auditors - External auditors
• Live data updates- Changes to RCM (e.g., control description), updates Narratives, test plans
- Also has challenges (changes control wording even if test complete) as noted earlier
15
On Demand Reporting –Dashboards,
Audit Committee slides
Optimizing SOX Compliance Through Wdesk Implementation – Benefits Screenshot 1
16
Optimizing SOX Compliance Through Wdesk Implementation – Benefits Screenshot 2
Tracking requests - evidence,
populations, samples, other
17
Optimizing SOX Compliance Through Wdesk Implementation – Benefits Screenshot 3
On Demand Reporting -
Status of control testing, by stage
of completion
18
Optimizing SOX Compliance Through Wdesk Implementation – Benefits Screenshot 4
On Demand Reporting - Status of control testing,
by due date, by tester, with control ID
®2016 tronc 19
Optimizing SOX Compliance Through Wdesk Implementation – Benefits Screenshot 5
Managing Tasks/ Workflow – By User
®2016 tronc 20
Optimizing SOX Compliance Through Wdesk Implementation – Benefits Screenshot 6
Certification Process – year end control owner
confirmation
21
Optimizing SOX Compliance Through Wdesk Implementation – Benefits
• On demand reporting - Live data- Dashboard, Leadership/Audit Committee slides- Outstanding PBC/ evidence requests- Status of control testing
• Program management- Tasks by user
• Year end control owner inquiry/ certification process
• Access to documentation- Control owner, management- Internal Auditors - External auditors
• Live data updates- Changes to RCM (e.g., control description), updates Narratives, test plans
- Also has challenges (changes control wording even if test complete) as noted earlier
Key Take-Aways6
Optimizing SOX Compliance through Wdesk Implementation
• Project Management
• Lead efforts, dedicated project manager• Plan for extra time for customizing reports,
templates, user access
• Track Issues & Resolution
• Develop issues log, discuss at regular meetings with vendor (Workiva)
• Training
• Develop user manual
• Utilize on-going support to enjoy further
efficiencies
• On demand reporting• External auditor reliance• Integration with other users, stakeholders
®2018 Tribune Publishing Company 23
Key Take-Aways
Q & A7
THANK YOU.
Robin StephensonVP Internal Audit,
Tribune Publishing Company
Erika MartinezManager, Advisory Services,
KPMG LLP