JELD-WEN turns to Protiviti and Governance Portal for timely SOX compliance
JELD-WEN voluntarily chose to seek Sarbanes-Oxley (SOX) compliance, believing that engaging in the best practices required would benefit the org
When JELD-WEN was purchased by Onex, the company suddenly had only one year to comply with key elements of the Canadian version of SOX.
The deployment and powerful capabilities of Protiviti’s Governance Portal have enabled four key areas of a sustainable SOX program at JELD-WEN
Headquartered in Klamath Falls, Oregon, JELD-WEN is one of the world’s leading manufacturers of windows and doors. The company’s extensive product line is sold globally through multiple distribution channels, including retail home centres, wholesale distributors and building products dealers. JELD-WEN has approximately 20,000 employees in 20 countries across the Asia-Pacific region, Europe and the Americas.
Since JELD-WEN’s founding more than 50 years ago, the company has expanded globally through a series of acquisitions. A consequence of this was that management of the organisation was decentralised, and most of the acquired companies continued to rely on their existing accounting and manufacturing software and procedures. In addition, JELD-WEN had neither an internal audit department nor a formal program of controls and procedures to ensure the validity of the company’s financial records. In 2010, prior to the company’s acquisition by the Canadian firm Onex, JELD-WEN voluntarily chose to seek Sarbanes-Oxley (SOX) compliance, believing that engaging in the best practises required for the SOX process would benefit the dispersed organisation. The project was the first true corporate initiative launched across all three regions.
Michael Higgins, global Sarbanes-Oxley manager at JELD-WEN, was brought in to lead the SOX program, including the implementation project, and to form an implementation consulting team with deep SOX expertise. Higgins, who had previously used the Protiviti Governance Portal to run a very successful SOX program at his former employer, a global leader in advanced embedded solutions for communications networking and commercial systems, brought Protiviti on board to assist JELD-WEN with the compliance effort.
“I knew there were other products and vendors out there,” said Higgins, “but I knew the Governance Portal worked well and had the capability to support and manage an ongoing program of the size that JELD-WEN would require.”
Starting the project voluntarily in 2010 and Higgins’ decision to implement the Protiviti Governance Portal proved fortuitous. When JELD-WEN was purchased by Onex only nine months after the start of the project, the company suddenly had only one year to comply with key elements of the Canadian version of SOX.
“Fortunately, we were able to get started very quickly,” said Higgins. “The Protiviti implementation team was able to build out our SOX portal and begin training my core consulting team within a month. Thanks to the Governance Portal, despite the challenges associated with a global rollout with remote locations and language differences, we successfully met the one-year deadline.”
As a result of the implementation work performed by the Protiviti Governance Portal team, all JELD-WEN entities, more than 110, have been incorporated into the Governance Portal. With the program fully implemented across the organisation, process control owners have a single site for reviewing control processes, obtaining flowcharts and providing documentation to support testing. The Governance Portal makes it easy for the JELD-WEN SOX team to analyse the relationships among objectives, risks, controls and tests.
The deployment and powerful capabilities of Protiviti’s Governance Portal have enabled four key areas of a sustainable SOX program at JELD-WEN: universal access, flexible change management, highly efficient workflows and reporting.
Protiviti’s Governance Portal enables more than 1,000 JELD-WEN control owners, as well as the SOX consultants and more than 20 testers from the company’s outside testing provider, KPMG, to log in securely from anywhere – office, home, hotel room or airport lounge – at any time. This capability was essential during development of the program, as JELD-WEN had as many as 26 consultants globally, all of whom were able to access the portal daily to upload flowcharts, create risk control matrices and perform tests—all without requiring a desk in a JELD-WEN office or even a guest account on the JELD-WEN network.
Today, the flexibility to access the Governance Portal from anywhere enables everyone involved in the SOX program to be more productive and the entire process to be more cost-efficient.
Flexible Change Management
JELD-WEN performs change management much more efficiently using the Governance Portal’s Assessment Management Engine. Control owners fill in self-assessment surveys on a quarterly basis, making it easy for the company to document the significant number of changes in processes, personnel and process ownership that occur in that period. At the end of each quarter, the regional SOX coordinators use this documentation to update flowcharts, process controls and the test plans for each control. “With 46 locations spread out across North America, the ability to have the process owners enter their information locally and the regional coordinators access it from their locations has drastically reduced the time and cost of change management,” said Higgins.
Highly Efficient Workflows
The Governance Portal’s robust capabilities and functions allowed JELD-WEN to streamline the development and ongoing operation of its SOX program as follows:
- The task functionality enables the JELD-WEN SOX implementation team to assign controls and process flows to process control owners for their initial review and confirmation. With the SOX
- program in place, the SOX team is also able to assign tasks to outside testers, as well as specify when a test should start, when it should finish and who should perform quality assurance review.
- The status of tasks can be monitored centrally in the Governance Portal.
- The action plan functionality enables the JELD-WEN SOX team to guide process control owners in remediating controls that have failed a test. Action plans include a start date, due date,
- the person on the SOX team responsible for reviewing the remediation and, if appropriate, a requirement that the control owner upload supporting documentation when remediation has been completed. Action plans can also be centrally monitored in the Governance Portal.
- The template library, which includes templates for risks, controls, objectives and test plans, made it far easier for the JELD-WEN SOX implementation team to add each of its more than
- 150 locations by simply entering the location into the system and importing the appropriate templates from the library. This eliminated the need to create from scratch an entirely new organisational structure for each new entity or acquisition. “The template library continues to help us add subsequent locations and acquisitions,” said Higgins.
- The mass upload function enables the JELD-WEN SOX team to update all relevant records with a single click. Using templates, JELD-WEN is able to easily update testers, dates, control information and more. “JELD-WEN has nearly 3,000 controls in the Governance Portal,” said Higgins. “When a field needs to be updated, it’s far faster to use the mass upload function rather than going one-by-one through the controls.”
The Governance Portal enables JELD-WEN’s SOX team and senior management to gain insight into the SOX program through a variety of ad hoc searches, dashboards and reports. The SOX implementation
team developed reports to monitor the status of process documentation and testing daily. The team also developed a global test results report. JELD-WEN makes extensive use of the ability of the Governance Portal to export its data to Microsoft Excel, which the SOX team uses to create easy-to-read graphical charts and pivot tables.
“The reporting capabilities in the Governance Portal have made it easier to satisfy our reporting requirement while providing the SOX team and senior management with a much clearer picture of the risks facing the organisation,” added Higgins.
Protiviti’s expert consultants have worked with thousands of global clients to deliver targeted Governance, Risk and Compliance (GRC) software solutions that address immediate needs while facilitating convergence toward fully integrated, value-added GRC practises. We have helped our clients implement the Protiviti Governance Portal, a comprehensive software platform that integrates content and commonly accepted and proprietary frameworks with world-class consulting expertise in order to provide organisations with the visibility and insight needed to manage and mitigate current and future risk and compliance issues.
The integration of process, knowledge and technology in our Governance Portal helps clients to:
- Start the GRC program quickly, using out-of-the-box content and templates
- Execute GRC tasks efficiently, using proprietary GRC content that provides industry normative guidance
- Create a self-sustainable GRC program by easily configuring the Governance Portal to meet each organization’s GRC program requirements, methodology and terminology
- Add value by converging multiple GRC activities
- Rely on real-time reporting and dashboards to provide executives with a holistic view of all GRC efforts