Transforming compliance evaluation process with Microsoft Power Platform

Introduction

Each quarter, the Microsoft Commerce Compliance Engineering (CCE) team performs hundreds of Sarbanes-Oxley (SOX) evaluations to ensure compliance on all Microsoft services that facilitate transactions with Microsoft partners and customers. These evaluations – which drive the design, deployment, and execution of controls for reliable and accurate financial reporting – can take significant time, effort, and cost to complete. Leveraging Microsoft Power Platform, the CCE team was able to move from a time-consuming, manual SOX scope evaluation process to a streamlined and automated workflow that reduced both time-to-value and costs.

Key Results:

• 50% cost savings with process automation, totaling ~$500K annual savings versus FY19
• 53% reduction in effort despite a 36% increase in scope
• 92% reduction in manually generated reminder emails
• Improved agility and increased productivity

Challenge

SOX scope evaluations traditionally relied on time-consuming processes that required significant cost and manual effort – including data input, data collection, de-duplication, maintenance of Excel files, as well manual generation and tracking of status reports through Outlook. This not only created delays in sending timely and targeted reminders, but required project managers (PMs) to constantly switch between Outlook and Excel to monitor alerts and make changes. Slowdowns in the SOX evaluation process also negatively impacted other downstream activities, and a lack of role-based access for Excel files presented data security and integrity risks as the files moved between users.

Solution

Leveraging many of Power Platform’s robust features – including Power Apps, Power Automate, Microsoft Dataverse, Power BI, as well as Azure SQL – the CCE team built a secure, compliant, and scalable solution that digitally transformed the SOX scope evaluation process to automate manual efforts and simplify time-intensive, repetitive tasks.

Power Apps – Compliance PMs can quickly review the list of scoped services, initiate the evaluation process, and follow up on engineering responses; engineering PMs can easily submit responses to SOX questionnaires and compliance PM inquiries.

Screenshot of Compliance PM selecting services & running the flow to initiate compliance evaluation

Screenshot of a response submitted by Engineering PM. Compliance PM reviews this response & proceeds to update the fields in the stages named “Decide SOX Scope” & “Approve SOX Scope”.

 

Power Automate – Manually triggered flows eliminate or minimize the coordination overhead and context switching between applications. Automated flows send alerts and notifications upon completion of particular events or holdups in the evaluation process.

Screenshot of a Compliance PM using the flow “Contact PM owner” to reach out to the owner of service & get more information for scope assessment.

Screenshot of “Contact PM Owner” flow dialog box, where Compliance PM can enter additional information that should be included in the email that will be sent out when the flow runs.

 

Microsoft Dataverse – Creation of custom tables enables information to be stored regarding services and quarterly scope evaluations, with a complete audit history for each table to track changes.

Screenshot of Audit History maintained by Microsoft Dataverse with a record in the custom table.

 

Power BI – Power BI reports connected to Microsoft Dataverse provide visibility on the status of quarterly scope evaluations and help PMs to drive timely completion of activities.

Screenshot of Power BI visual connected to Microsoft Dataverse showing % of work completed for each stage in the SOX scope assessment.  

Impact

The Power Platform based solution has streamlined the entire SOX scope evaluation process, delivering significant impact in both time and cost savings for the CCE team. While the number of services scoped for evaluation increased by 36%, SOX scope evaluation activities in FY20-Q1 were completed with 53% less effort using Power Platform. With PMs sending 92% fewer manual follow-up emails and spending less time on context-switching and maintaining Excel files, productivity is greatly increased while freeing valuable time for other core activities. Additionally, an estimated $500K in labor cost savings have been assessed per year with Power Platform enabling integration and tracking across all aspects of process execution, as compared to previous Excel-based scope evaluations.

• Pre-defined views in Power Apps enable PMs to quickly make data-driven decisions and take prompt action using readily available Power Automate integration
• Near real-time Power BI reporting unlocks new insights for a better understanding of changes within the compliance landscape
• Ad-hoc emails are now replaced by data-driven, targeted reminders with context-specific steps, resulting in faster completion times and less ill-effect on downstream activities
• Custom tables and change tracking provide improved audit readiness
• Data security and integrity is preserved using role-based access to custom tables in Power Apps