Policies Provide Foundation through Changing Regulatory Environment

Regulatory environments are constantly changing, influenced by economic, political and environmental factors beyond your company’s control.  It might seem like a daily battle to deal with the push and pull of complying with changing regulations.  So how do you stay focused, prepared and sane in the world of regulatory compliance?

One critical step is to ensure that you have well documented, well communicated and well understood corporate policies.  

Policies provide the foundation, governing the way in which your employees will work and how they will meet new regulatory requirements.  When the foundation is strong, with clear policies that are followed and enforced consistently, additional external expectations and requirements are much easier to incorporate.  

Here are just a few best practices to consider:

  1. Ensure that policies are written clearly.  Avoid company jargon or acronyms that may be unclear to new employees or external regulators.

  2. Make policies easily accessible to all employees.  If you are already using policyIQ, ensure that a policyIQ link is posted or communicated regularly.

  3. Clarify whether any exceptions might be approved to the policy, and communicate the process for approval for exceptions.  If it is not clear, employees may be more likely to decide it will be easier to ask for forgiveness than permission.

  4. Document how policy violations will be addressed or how policies will be enforced.

  5. Revisit, review and revised policies regularly.  Do not allow policies to become outdated or appear to be outdated.  Even if no changes are made, regularly note that content has been reviewed, so that employees

  6. Map policies to your regulatory requirements or other compliance programs.  As regulations change, you can more easily identify any changes that must be made in your policies to address those changes.  

What other best practices would you highlight for a clear corporate policy platform?  Add yours in the comments and share ideas! Learn more about how to utilize policyIQ’s various read-only options by checking out a recent blog post by policyIQ Product Manager, Travis Whalen.

Our policies have been created…now what?

Many organizations have used policyIQ for their Policy Management needs, and each client of ours has their own unique needs and for providing transparent and accessible policies to their users, public website, auditors, or other audience type.  However, the process is largely the same, regardless of the unique needs.

In nearly all cases, the policy content is created in policyIQ, reviewed, approved, and then published.  Making that content available is where the differences come in to play.  There are a few options for doing so:

A shared, Read-only account:

Create a Read-only user account in your policyIQ site (which is free, by the way), and apply the Read-only account as a viewer only on all applicable policy pages in your site.  Be sure to make sure that this account also has view access to the necessary folders, as well.

Then, share the Read-only account credentials with your user base.  Once logged in, the policyIQ view this user will have is a scaled down look – just folders and policy content, in this case.  Because the very nature of the account is Read-only, there is minimal risk in sharing the credentials with a large group of people.

A shared, Read-only account accessed via policyIQ Reader:

A similar process to the one above, but with a different look to the program and no login needs.

After creating the Read-only user profile and applying the user to security where necessary, edit the user profile.  Under the “required” tab of the Edit User window, scroll to the bottom to find a unique link called “policyIQ Reader“.  This hyperlink can be placed anywhere you like: bookmarked in your browser, stored on your desktop, placed in a shared network drive, or even on your intranet.  Once a location is selected, users anyone that clicks the link will gain instant, Read-only access to your policyIQ site.  No login required, and the “reader” look – a straightforward, no nonsense look at content, which is displayed in the table area to the right instead of a separate window, as seen below.

pIQ_Reader

Individual Read-only accounts:

Create an individual Read-only account per-user, which allows for greater flexibility in terms of seeing policies that are applicable to certain divisions, but not others.  Perhaps your finance and accounting folks have policies and procedures that apply to them, but not to the vast majority of other employees.  Creating separate accounts for everyone ensures the user experience in the product is directly related to their role.

 Individual policies accessed from an outside source:

Some of our clients choose to have their policies accessed from their primary company website.  In this case, the policyIQ pass-through link is ideal: eliminate login needs, access individual policies, and don’t display the main policyIQ site from which the policies were created.  Instead, display only the pages themselves.

Create a primary Read-only user account, and again add it to the view security on all applicable pages.  Now, view a page of your choice that is published.  A the very bottom, the page ID sits, and contains a link.  Click the link to open a small window that contains the policyIQ Passthrough link .  Copy and paste this link to the destination of your choice.  Selecting this link from an outside source will open the policy page only, and not require a login to the system.

Next steps:

Did you know policyIQ also handles Policy Sign-offs, as well?  It’s a simple process at a minimal cost.  Add Standard Users to your site in bulk (50 to over 10,000+) to completely revamp the way your organization automates creating, approving and storing certifications and sign-offs.

Does something here sound like it might be right for you?  If so, let’s talk about it!  Scheduling a half hour with a policyIQ expert on our team is not only free of charge, but will pay dividends moving forward as the management of your processes becomes easier by the day.  Many adjustments to existing sites take minutes to change, and new sites are even simpler!  Contact us at Support@policyIQ.com or 412-263-3330 to begin.

 

Executive Oversight in policyIQ: Dashboards, Charts and Graphs

Does management want or need oversight of your policyIQ work?  Perhaps YOU want a quick way to check the progress your team has made on SOX work, audit prep, policy updates, or the like.

Simplify the sometimes chaotic world of GRC documentation with policyIQ’s arrangement of Custom Charts and Graphs – all available to be placed on any Advanced user’s Dashboard.

Charts and Graphs are a visual version of your reports in the system.  Simply create a new Page Report, and then choose a chart or graph as your Report Layout. Perhaps control owners are updating controls for the new SOX year – or maybe even performing testing on financial controls.   Set the report filter to any of these types of content.

As usual, pick the display filters/columns that you want to see in the results, with the first or top selection being the chart parameter (how you’d like the chart divided up).  In the case of many site administrators, they’re going to want to set the chart parameter to something like Stage – which will show which pages are in draft, are checked out, or are finished and published.

Save and run the report/chart, and see your results!  Because it is built in the same spirit as a report, the chart can be accessed (with proper security setup) by other users in the site, and even stored on their Dashboards.

Thinking about automating administrator oversight of your policyIQ site?  Look no further than Custom Charts and Graphs, available on every policyIQ site!

Do you consider your organization to be agile?

  • Has your organization recently engaged in merger or acquisition activity?
  • Was a valid and somewhat likely risk of financial statement misstatement discovered?
  • Has your organization recently become subject to Sarbanes Oxley requirements?
  • Did your auditor advise you to formalize your FCPA program?

If faced with one of these (or another) critical governance, risk, and compliance issue, are you prepared with appropriate subject matter expertise and systems to respond? Because you are here and these are examples of circumstances where RGP and our GRC Technology (policyIQ) excel, you are prepared, now!

With more than 70 wholly owned offices around the globe and professionals with 10-20 years’ experience and expertise in a range of subject matters, RGP is prepared to hit the ground running. What our clients quickly learn is different about us is that we build long-term, trusted partnerships by engaging top talent to impart knowledge and expertise—leaving our clients’ employees better equipped while meeting the business’ objectives. Rather than a binder, we leave you with a job well-done and a reliable contact for future reference.


 

 

 

Dictionary.com defines agility as “the power of moving quickly and easily; nimbleness”. GRC Analyst, Michael Rasmussen, says that agility in a GRC technology provider also means being “adaptable to a changing business environment.” Here are some of the characteristics of policyIQ that allow our clients the flexibility to quickly adapt to changing needs:

  • Easy to setup and implement (average 4-6 weeks—rather than months or years)
  • Familiar look and feel means little to no training required for users
  • Flexibility to customize configuration as needs change (in your hands)
  • Security control allows multiple entities, departments and priorities in one platform
  • Affordable to implement enterprise-wide for a variety of solutions

The greatest testimony we have to policyIQ’s flexibility is our clients! While policyIQ started in Policy Management and Risk and Compliance plus certifications fifteen years ago, our clients began applying the easy-to-employ technology for things like Account Reconciliation Management and Capital Appropriations Approvals.

Click to zoom in and check out a sample of our clients’ policyIQ applications:

Are you tasked with having to respond to changing business needs? Are you interested in seeing solid improvements and results in about a month? Of course, you are! Reach out today: Info@policyIQ.com, 866-753-1231.

Need help getting a handle on your lease data?

The consensus is that the task of data collection to implement the new accounting standards is a daunting one.

Where are you at in your leases project? Have you settled on a lease accounting system? Do you have a plan for how you will gather all of your leases and begin pulling the critical data together? How confident are you that you’ve identified all of hiding places in your organization for the lease information including shared folders, binders, SharePoint sites, filing cabinets, spreadsheets, George’s desk, and even camouflaged within other agreements?

One thing we can be confident about—if the new accounting standards have highlighted your organization’s critical need to better manage all of your contracts and agreements, you’re not alone.

Of course, I’m about to tell you that we can help!

  • policyIQ is centrally accessible and easy to populate—helping you to bring order to all of your decentralized structured and unstructured lease data.
  • Easily customize templates and standardize the approach to capturing lease data (and complement your lease accounting tool).
  • Use reports within/across leases to examine data and identify gaps.
  • Customize workflow and leverage policyIQ’s secure platform to request specific data from specific individuals and fill gaps.
  • Attach reference materials or supporting documentation, as needed.
  • Customize policyIQ for each area to store executed leases and track lease data on an ongoing basis.
  • Simplify oversight for management review at a high level.
  • Implement controls and data governance providing evidence of entire data collection process and resulting data.

And if you’re not sure that you have adequate leasing talent on staff, RGP can support you with subject matter expertise to lead and/or support your team and ensure successful implementation of the new standards. If you haven’t worked with us in the past, what you will experience is a different level of professional partnership. We will transfer knowledge and leave your team better equipped to address challenges that arise in the future.

Contact us to learn more about our talent and technology to support your data collection, contract review, compliance, audit, policy management and other initiatives. We’re looking forward to working with you!

ICYMI: Assessments and Scoping in policyIQ

Did you miss our recent training session on completing our SOX Risk Assessments and scoping exercises in policyIQ?  Not to worry – we have you covered!

How Can I Catch Up?

If you want to get into the details, we have the training session and materials available for download!

  • You can access the slides here.
  • You can also view the recording from our policyIQ training page.
    The training page is linked from your policyIQ login page – and available from within the online Help Guide.  If you don’t have access to the training page, please reach out and we’ll send you the link!

Just the Highlights, Please!

This training session aimed to ensure that participants are able to…

rascope1

We discussed common SOX risk assessments at the financial statement line item level, targeting risk factors like…

rascope3

In addition to illustrating how to create the calculation directly in policyIQ, we also acknowledged that some folks love their MS Excel process.  policyIQ can handle that, too, through the import option!

rascope4

Then we took a close look at the relationships between the content that allows for the most effective scoping options.

rascope2

And finally, we walked through the reports that provide the final step in the scoping process.

rascope5

We would love to help YOU get started on your risk assessments in policyIQ, so that we can link into your SOX work for ease of annual scoping.  Contact us today and we’ll meet with you at no cost to help you get on your way!

policyIQ 7.8: Saving Clicks – One Rule at a Time

In the GRC world (like most others), time is money.  Finding a tool like policyIQ that keeps your organization’s critical documentation accessible, updated and organized is key.  But even within our own tool, we’re always looking to make our software simpler for users to interact with, and improve the experience for our users.

policyIQ 7.8 (available this summer) will feature Field Rules for the very first time.  Field Rules will allow Administrators to set up behind-the-scenes triggers on user selections of List Fields that change other fields on the same page or form.  For example, Field 1 may have a rule built that electing “Yes” on that field will prompt the following 3 fields to be required.  Or, that same field could have a response of “No” trigger all remaining fields to be skipped (and the user wouldn’t have the option to fill them in).  Alternatively, you could also set up fields to be auto-filled with an answer.

Talk about a game-changer!  A feature like this will likely cause our clients to want to rethink the way they have their templates set up, and what kinds of questions they ask for Controls, Testing, Policies, or and type of sign-off or certification.

Other features Global and User List Fields are going to make our users happy, as well.  Gone are the days of spending lots of time building a List Field only to have to replicate that work throughout in other templates.  Now, Administrators can create a List Field outside of the template area in the Global List Management area.  Once the list is created, access it from any Template!  Think of it as a “shared list”.  Need to make updates to the list?  Make the change in the Global List Management area, and those changes are reflected on all pages new and old – saving a ton of “maintenance” type work.

User Lists are List Fields made up from user accounts in the policyIQ system.  Rather than typing out user names in a list field, select a group in your groups and users tree to make up your List Field options. Done!

Other features will allow you to:

  • Create a page that is pre-linked and indexed to a folder
  • Delete and replace an attachment in one click
  • Use field prompts on Forms and Pages
  • Toggle Linked Field properties on/off
  • Add company logos when printing pages

7.8 is all about saving clicks, increasing productivity, and making the management of content and data easier.

To be first in line for policyIQ 7.8, or to get an early demonstration of how these features will work, contact us at 412-263-3330 to set up some time with a policyIQ expert.

RGP engaged with audit professionals in Orlando


The policyIQ team joined our RGP colleagues at the Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, Florida on March 20th-22nd. Once again, this was a great event packed with learning and networking opportunities!

Representatives from RGP included:

The conference was attended by more than a thousand audit professionals and we were only able to speak to about 200 of them. If we didn’t get to have a conversation with you, here’s what might have transpired had we connected:


The conference sessions inspired some great discussions!

We carried on the conversations started by the keynote speakers and others. We talked about the hats that auditors are asked to wear, the importance of the internal audit function and profession, and the value of independence, maintaining integrity and having the courage to do the right thing against, sometimes, great personal risk. With integrity being among the core values at RGP and 20+ years’ experience serving as a professional services firm in this field, we are charged by discussions in this vein and by the opportunity to encourage our clients and peers in the audit profession.

We talked about how the times have changed. Once upon a time, we recognized that not all companies were performing regular risk assessments and we were encouraging them to get started with annual risk assessments. In the last few years, we see that the demands of business, technology, competition, culture and so many more are requiring companies to be more nimble and to both assess and respond to risk on a continuous basis. We participated in discussions around what it takes to be prepared and resilient in these times and how RGP’s Data Solutions practice can help companies to better collect, manage, secure and leverage their data.

Cyber security was a hot topic again this year! We discussed the struggles that some companies experience in identifying and developing the necessary expertise to address the present and growing need to address cyber security. We heard that companies are looking across various functions to address their security concerns. RGP’s maturity in integrated solutions, leveraging expertise across information security, audit, data solutions, process improvement (and more) allows us to be responsive, provide a high quality service and to tailor comprehensive solutions to each client’s needs.


We shared our story…how RGP and policyIQ stand out from the pack.

Another theme in our conversations with other professionals at GAM: how RGP is different. There’s certainly no shortage of consulting firms and technology providers at these things, right? The vendor hall can be a little bit intimidating for the introverts among us. At the RGP booth and throughout the conference, we worked to jump quickly to how we at RGP and our GRC Technology are different from most others.

Our consultants have 10-20 years’ experience. They are true subject matter experts who can lead your initiative or project and work alongside your team with valuable knowledge to share and teach. Rather than the checklist approach, our consultants build tailored solutions and collaborative partnerships. Remember the mention of integrity being a core value? We have a track record of long-term, trusted partnerships, evidenced by a 100% retention rate of our top 50 clients.

RGP also has 70+ offices around the globe—these are our offices, not affiliates. This means our people, our culture, and our standards; therefore, we deliver consistently high quality results worldwide.

And our GRC technology, policyIQ, packs a powerful punch in a nimble and affordable, centrally accessible platform. We serve companies from risk assessment through compliance initiatives, testing, reporting of findings and remediation like many other enterprise GRC tools. We also provide solutions for ASC 606 contract review, lease data capture, contract administration, policy management, automation of evidence request and collection, 302 certifications, legal and data room, support for integration with mergers and acquisitions, account reconciliation management and many more ALL IN ONE TOOL. It’s a matter of security configuration (part of the information governance planning that we guide you through as a matter of course at no additional charge). People find it amazing that they can do so much in one easy to use tool.

What’s more, a solution or initiative can be implemented in policyIQ in 4-6 weeks—not months or years, like most other products. And policyIQ is so easy to setup and use that NO IT RESOURCES ARE REQUIRED. We like to include and engage IT in the early conversations because a company can better leverage policyIQ for various departments and initiatives when the IT department includes it among their suite of solutions for their stakeholders. (Pssst—it saves time and money for IT departments, too!)


Next year, we’re going to have the biggest booth and the loudest parties!

Just kidding. You know, I often start off feeling a little bit small at these huge conferences. We don’t have the biggest booth or the most extravagant events to woo attendees to come and visit with us. (Although we heard from a bunch of folks that we did have the best swag this year with our super cool phone charger pens.)

Still, every year, I leave energized!

We deliver excellence! We have amazing clients and valuable partnerships and we build on them every year. I don’t have to feel pressure to be bigger and flashier to land sales. The truth of who we are and what we have to offer at RGP holds tremendous value, builds solid relationships and is a great story to share.

If we didn’t get to shake hands at GAM or elsewhere, yet, and you’d like to hear the good news first-hand, please reach out to any of us. We’d love to buy you a cup of coffee and learn about your business issues that we’ll help to remedy.