Better SOX: $4 billion lab equipment maker drives compliance with Protiviti's Governance Portal
Agilent Technologies had difficulty proving their SOX compliance
The frustration led to a decision to review leading software solutions to streamline and automate the process
The Governance Portal increased efficiency and reduced time in preparing and reporting test results
Not long ago, a frustrated Sarbanes-Oxley (SOX) compliance team decided “enough was enough.” Their publicly traded employer, Agilent Technologies, an international leader in life sciences, diagnostics and applied chemical markets, was definitely compliant with U.S. accounting regulations. But the process for proving their status was cumbersome at best, excruciating at worst.
For one thing, the almost 320 control approvals performed by the internal audit team were entirely manual. Data was laboriously gathered from multiple locations. Dozens of assessment spreadsheets with hundreds of tabs were emailed back and forth among 30 executives and 100 other stakeholders. For testing, each user would have to print, sign, scan and return their responses to the SOX team for manual processing.
To make matters worse, the compliance team had no reporting capability or reliable way to validate the data, determine if testing was complete or perform remediation. Involving external auditors was similarly inefficient.
It felt like a nightmare for the US$4 billion, 11,000-employee company, and it was a time-consuming thorn for all involved.
The frustration led to a decision to review leading software solutions to streamline and automate the process.
“We chose Protiviti’s Governance Portal because it was a very user-friendly solution that could be customised to our needs,” says Sarah Stoecker, compliance manager for Agilent’s SOX compliance team.
Agilent also chose the platform because it scaled quickly. “We were particularly pleased that the platform allowed us to add capabilities without the need for more IT or other costs beyond new user licenses,” Stoecker explains. “Because of this, our internal audit team decided to adopt the Governance Portal at the same time as my team. Our two teams already had a significant overlap in SOX activities, so the decision to unify our platforms made sense.”
With no time wasted, two Protiviti experts were invited to Agilent’s Santa Clara, Calif., headquarters to configure the Governance Portal, deploy it and train members of the SOX compliance and internal audit teams. Structure was established. Controls were prioritised. Settings were tweaked to satisfaction.
Setup was so smooth, in fact, that management decided to go live sooner than planned to avoid starting a new fiscal year on the same broken foot. Since its successful launch, the Governance Portal has remained the compliance panacea that Agilent had hoped for. “Automated notifications and a structured workflow keep everyone on track now,” Stoecker says. “Assessments and repeatable processes have consistently saved us time and reduced errors, and the reporting features let us validate our efforts.”
What’s more, external auditors can access the Governance Portal wherever they are, and not just behind Agilent’s firewall. “This is a huge benefit for them,” says Stoecker.
Day in and day out, Agilent’s compliance and audit teams use the Governance Portal to accomplish the following:
- Verified testing. The company stores all documentation within the portal, and uses its powerful dashboard to set risk designations, assign deadlines to testers and track the completion of tests. In 2014 alone, the SOX compliance and internal and external audit teams tracked a total of 700 tests, dramatically simplifying the once-complex process.
- Automatic assessments. Using the Governance Portal’s proprietary Assessment Engine, the SOX team issues assessments and notifies respondents automatically. Once completed, responses are tracked with a single, centrally located report.
- Senior-level certification. Agilent’s vice presidents and division managers rely on the Assessment Engine to facilitate sign-off from the chief executive officer and chief financial officer by notifying them when action is required and enabling them to comment – resulting in a more streamlined final certification process.
- Distributed interviews. Workflow functionality within the portal has reduced the email back-and-forth between Agilent’s California headquarters and key global offices. Instead, compliance auditors, senior executives and testers around the globe use the Governance Portal to send data or request documentation for specific audit tests and track the status of each request.
- Better teamwork. The Governance Portal has brought the audit and compliance teams and senior management onto the same page with regard to what is being done by whom.
Previously, the two teams used different systems, resulting in a lack of visibility into each others’ work and redundancy of effort. With a single instance of the portal, both teams have increased efficiency and reduced time in preparing and reporting test results.
- Less travel during audits. Thanks to the Governance Portal, the international statutory audit team and U.S.-based external auditors are no longer required to be at an Agilent site to access test data from the company’s network. Instead, they can access information from anywhere through the portal’s web interface, dramatically increasing efficiency and reducing travel audit fees for the company.
For the audit team at Agilent, their compliance nightmare had a happy ending. “The Governance Portal has done everything we hoped it would do,” says Stoecker. “I only wish we had implemented it sooner.”