Skip to content
By Role
By Vertical
pp wd
Product blog

COSO Principles and Contract Management: What Your Compliance People Wish They Could Tell You

, , | September 24, 2019 | By | 3 min read

Your CFO (and their compliance team) are always looking out for one thing: risk. White it may not sound like the most fun responsibility, as the people in charge of compliance will tell you, its importance can’t be overstated.

Many CFOs adhere to COSO integrated framework principles. These COSO principles can be categorized into 5 core components of internal control that are the gold standard for keeping your organization’s risk levels as low as possible:

  • Control Environment – Set a tone of integrity and ethical values for the organization and hold individuals accountable for their internal control responsibilities.
  • Risk Assessment – Analyze and identify the risks of the organization then determine if the risks should be mitigated, remediated, transferred or accepted.
  • Control Activities – Establish a set of controls to keep risk at an acceptable level and keep the business aligned through the use of policies and procedures.
  • Information and Communication – Create a method of communication for internal and external parties regarding the objectives and responsibilities for the functioning of internal control.
  • Monitoring Activities – Implement a set of processes to continuously monitor the effectiveness of internal controls and communicate deficiencies to take corrective action.

Your Contracts Help Reduce Risk

One of the primary ways a business can manage risk in accordance with these components is through the use of contracts (NDAs, Employment Agreements, Policy Acknowledgements, Services Agreements, etc.).That’s why every aspect of your CFO’s job comes down to your contracts and how they’re written—keeping business running smoothly, making sure all requirements are met, and keeping your organization’s risk as limited as possible.

And that’s why CFOs are raving about IntelAgree. IntelAgree introduces automation to your contract management process—including risk management. But this contract management software isn’t like any others you’ve seen before. It’s lightweight and flexible, but totally customizable for your business needs. The platform’s easy set-up and implementation mean you can manage it in-house to keep costs low. And most importantly, it’s making contracts easier—and therefore, less risky.

Everyone in your company will naturally use IntelAgree a little differently, depending on their role, but your CFO’s perspective is especially valuable. After all, everything they do ties back to your contracts and how they’re written. Here’s what CFOs are saying about the IntelAgree features that help them reduce your organization’s risk.

Visibility | COSO components covered: Risk Assessment, Information & Communication, and Monitoring Activities

IntelAgree offers total visibility into every aspect of your contracts. It ensures they’re signed securely and required language doesn’t get redlined out. It tracks exceptions and offers reminders when actions need to be taken. Want to see the current status of all your pending agreements? No problem. Which vendors’ SOC 2 reports are expiring this month? Yes, you can easily see all that too. And with the ability to save your most frequent searches, you can see what’s important to you with one click. Things like:

  • Finance: View trending revenue and ASP
  • Tax: Quickly review client localities, exceptions to sales tax clauses, and the dreaded estimated revenue by state.
  • Revenue recognition: See term length, services provided, price point, free trial length, and discounts.
  • Audit compliance: Pull your list of in-scope contracts in less than a minute.
  • Exception tracking: Know who has publicity restrictions, termination for convenience clauses, expirations on NDAs, etc.
  • Attributes and Attribute groups: Keep track of required clauses for SOC, and organize other key attributes
  • Analytics dashboard: IntelAgree summarizes your contracts and reports key information back to you.

Machine Learning | COSO components covered: Risk Assessment, Control Activities

All the attributes that matter most to your team can be trained using machine learning. And while the system comes with many standard models built-in, it’s also easy to train your own custom models if they don’t already exist—for example, to vet a vendor agreement for SOC 2 required clauses. Plus, machine learning can assess risk in your contracts by quickly reviewing for terms and clauses that don’t meet your legal requirements, and reduces the risk of human error in the contract creation process.

Attachments and Reminders | COSO components covered: Control Environment, Risk Assessment, Information & Communication

When it comes to compliance, supplemental documentation is vital. For example, think of the information you require from your vendors: their SOC report, vendor questionnaire, RFP, insurance certificate, etc. IntelAgree allows you to attach all supplemental documentation directly to your vendors’ contracts in the system. From there, you can also set helpful reminders, such as when a vendor’s SOC report or certificates of insurance expire, so you don’t miss a thing—and you stay in compliance.

Centralized Contract Repository | COSO components covered: Risk Assessment, Control Activities

With IntelAgree’s centralized repository, CFOs can organize contracts according to compliance type for easy accessibility. For example:

  • Finance: Customer SOWs
  • SOC: Customer SOWs, Staffing Agencies, in-scope vendors, employment agreements, and policy acknowledgments.

A centralized contract repository also gives your compliance team (and the rest of your company!) a single source of truth. The most up-to-date version is always front and center, with the right terms and clauses. That way, everyone’s working from the same (and latest) version—greatly reducing the risk that using an old version of a contract causes you to fall out of compliance. Plus, everything you could need for any type of audit is all in one place. And with a consistently clear audit trail for every single agreement, your compliance people can breathe a little easier.

Risk management doesn’t have to be complicated—or time-consuming. When IntelAgree automates so many of your processes, it’s got one more inherent benefit: giving your people some time back in their day. As one CFO points out: “Without IntelAgree, I’d probably have to hire a larger staff to manage it for me.”

If you want to make risk reduction a priority at your organization and get a handle on your compliance and SOC activities, IntelAgree can help. Reach out today to learn more.