Not long ago, a frustrated Sarbanes-Oxley (SOX) compliance team decided “enough was enough.” Their publicly traded employer, Agilent Technologies, an international leader in life sciences, diagnostics and applied chemical markets, was definitely compliant with U.S. accounting regulations. But the process for proving their status was cumbersome at best, excruciating at worst.
For one thing, the almost 320 control approvals performed by the internal audit team were entirely manual. Data was laboriously gathered from multiple locations. Dozens of assessment spreadsheets with hundreds of tabs were emailed back and forth among 30 executives and 100 other stakeholders. For testing, each user would have to print, sign, scan and return their responses to the SOX team for manual processing.
To make matters worse, the compliance team had no reporting capability or reliable way to validate the data, determine if testing was complete or perform remediation. Involving external auditors was similarly inefficient.
It felt like a nightmare for the US$4 billion, 11,000-employee company, and it was a time-consuming thorn for all involved.
The frustration led to a decision to review leading software solutions to streamline and automate the process.
“We chose Protiviti’s Governance Portal because it was a very user-friendly solution that could be customized to our needs,” says Sarah Stoecker, compliance manager for Agilent’s SOX compliance team.
Agilent also chose the platform because it scaled quickly. “We were particularly pleased that the platform allowed us to add capabilities without the need for more IT or other costs beyond new user licenses,” Stoecker explains. “Because of this, our internal audit team decided to adopt the Governance Portal at the same time as my team. Our two teams already had a significant overlap in SOX activities, so the decision to unify our platforms made sense.”
With no time wasted, two Protiviti experts were invited to Agilent’s Santa Clara, Calif., headquarters to configure the Governance Portal, deploy it and train members of the SOX compliance and internal audit teams. Structure was established. Controls were prioritized. Settings were tweaked to satisfaction.
Setup was so smooth, in fact, that management decided to go live sooner than planned to avoid starting a new fiscal year on the same broken foot. Since its successful launch, the Governance Portal has remained the compliance panacea that Agilent had hoped for. “Automated notifications and a structured workflow keep everyone on track now,” Stoecker says. “Assessments and repeatable processes have consistently saved us time and reduced errors, and the reporting features let us validate our efforts.”
What’s more, external auditors can access the Governance Portal wherever they are, and not just behind Agilent’s firewall. “This is a huge benefit for them,” says Stoecker.
Day in and day out, Agilent’s compliance and audit teams use the Governance Portal to accomplish the following:
Previously, the two teams used different systems, resulting in a lack of visibility into each others’ work and redundancy of effort. With a single instance of the portal, both teams have increased efficiency and reduced time in preparing and reporting test results.
For the audit team at Agilent, their compliance nightmare had a happy ending. “The Governance Portal has done everything we hoped it would do,” says Stoecker. “I only wish we had implemented it sooner.”