Consult Granite

Sarbanes Oxley Controls for Salesforce – A Primer

We are often asked about internal controls that need to be in place around a certain type of technology whether its Salesforce, SAP, Oracle, etc.  The short answer?  It “depends on the process the technology is automating.”  Because we want our blog posts to be actionable and informative, we will get right down to how […]

Ten Ways Co-Sourced Internal Audit Can Compliment Your Team

Internal vs. co-source, centralization vs. decentralization, hierarchical vs. flat management…these arguments and comparisons are constantly being made by executives, professors and ivory tower strategy types.  Each one of these business approaches seems to go in and out of “fashion” every few years.  There is no blanket right answer.  There is only the answer that is […]

Uncovering the Problems Hiding in your Account Reconciliations

Account reconciliations are part of the basic building blocks of financial processes and controls. It’s something everyone expects to just be there and work without much thought. Many financial managers assume that if they don’t hear anything about account reconciliations from their staff; then all must be well. Very often this is simply not the […]

Timeliness – The Most Misunderstood Word in Internal Controls

Accounting and auditing literature are full of mentions about timeliness. Often this word is associated with the more project management-oriented definition of getting tasks done quickly, efficiently and prior to due dates. Paradoxically, the internal controls definition of this word does not necessarily mean fast but rather at the appropriate point in time. When evaluating […]

Journal Postings – The Achilles heel of internal control over financial reporting

Managing, documenting or auditing internal controls is a detailed endeavor. Normally we have to be attentive to many aspects of the controls: Preventive vs. detective, manual vs automated, etc. Often times professionals are focused on the many details and miss the forest for the trees. When it comes to internal controls, journal postings, are an […]

How to Reduce and/or Eliminate Internal Control Exceptions

No one likes to deal with control exceptions. Certainly, process owners are not fond of having an auditor identify some controls in their process that are not working as they should. In addition, internal auditors are also not fond of reporting on the same control exceptions time after time. While the ultimate stretch goal may […]

The Three Types of Control Exceptions That Actually Matter

Undergoing an internal audit for Sarbanes Oxley, or any other audit for that matter, can be stressful. Everyone wants to do a good job and wants to feel like their area is well run and under control. It can be easy to get caught up in the sloganeering of “no exceptions” or “no more than […]

Why Your GRC Software Should Map to Your COSO Framework

Growing regulatory oversight, more business complexity, and the increased focus on accountability have led enterprises to seriously consider GRC software solutions. In fact, a recent Deloitte survey explained how roughly 40% of organizations said they were likely to make a major investment over the next 12 months. COSO’s 2013 update comes as a reminder of […]

Why It’s Important to Customize Your GRC to Your Compliance Process

While 83-percent of organizations participating in the 2017 Protiviti Sarbanes-Oxley Compliance Survey have plans to automate at least some of their compliance process within the next year, many struggle to find solutions that accommodate their GRC compliance processes. Many GRC systems today fall short of allowing companies to customize it according to their internal controls […]

The Advantages of Compliance Central over a Manual Process

Creating consistent GRC data standards and communicating them effectively is challenging for many organizations. Often, source data from multiple locations is incompatible, creating unclear controls visibility and stifled communication. Add to that, the difficulty of gaining visibility of the status of internal controls and gaps which further increases the chances of errors and costs. While […]