A Remedy for Decentralized Audit Approaches

Is your organization still struggling with manual audit processes? Do you have audit projects, past audits, and workpapers strewn about in various shared network folders (or worse, on various hard drives)? Do your auditors have to rely on email to collaborate and share documents? How about your naming convention—has your audit group standardized the way that documentation is labeled to help you to keep the information organized and easy to reference? Speaking of standardization, have audit processes been standardized across the organization or does each location or division manage their own audit program? And what would you say about your review and approval process? Is it clearly mapped, followed, and approvals communicated? Are audit findings routinely rolled up and reported?

RGP’s policyIQ addresses each of these challenges so that you can realize more effective and efficient management of your organization’s audit function. Leverage predefined Templates, Folders, Workflow, Reports, and Audit Trail for your compliance, audit, or policy management documentation. It is also simple to customize the structure to accommodate ongoing changes or characteristics that are unique to your organization, program, or team.

Configuration adjustments are at your fingertips. You do not have to reach out to a support desk or technical team to add templates for specialized workpapers, IPEs (Information Provided by Entity), or for your PBC (Provided by Client) process. Adjustments can be made directly by users authorized in your organization. If you haven’t yet incorporated those templates into the flow of your work and want some help getting them set up, we do have support and configuration specialists who are happy to walk you through the setup of your custom program.

We expect all of RGP’s policyIQ audit clients to be enjoying these benefits in your audit program:

  • Consistent enterprise-wide audit process
  • Centralized access to workpapers and IPEs
  • Simplified administration of PBCs and audit process
  • Ability to easily locate and leverage audit templates/projects and previous audits
  • Streamlined communication among management, auditors (internal and external), and approvers
  • Real-time monitoring capability and status reporting
  • Simplified management and audit committee reporting

We’re ready to help you reach your goals!

Whether you are an existing policyIQ user or a new one, we want to help you to improve and automate your audit program. Perhaps you are new to the administration of your site or you are not sure how to make adjustments to the configuration of your site’s templates or structure. Reach out to us and we’ll be happy to help you get started or to optimize your implementation. Support@policyIQ.com.

7 Features to Boost Efficiency in Your Daily Work

In case you were out enjoying your summer and missed announcements on the latest policyIQ release, we’re here to share the highlights! The theme of policyIQ’s version 7.9 is Convenience. We rolled out 7 features that help to boost efficiency in the flow of your daily work.

  1. Navigation continues to get easier and faster! Save time by leveraging “Favorite Folders” to lift your critical work to the top of the list.
  2. Is yours one of the organizations that uses policyIQ primarily for Account Reconciliations, 302 Certifications, or Policy Sign-offs? Perhaps you’d like to have Form Management as your top navigation option? Site Administrators, you can highlight your prioritized activities that your organization engages in most by reordering items in the left navigation pane.
  3. Paste content into policyIQ from a range of other document and file types and retain your formatting with this upgraded HTML/Rich Text Editor.
  4. Perform calculations on multiple figures originating in related content (Calculated Linked Fields). This allows you to perform activities like determining cumulative risk calculations and arriving at the sum of Standalone Selling Prices for each Performance Obligation linked to the contract.  The flexibility of policyIQ to provide more custom solutions for a wide range of business initiatives just got a boost with this feature!
  5. Approvers – we’re thinking of you.
    1. Some people rely on email to keep them apprised when their attention is needed and others loathe the ever-growing number of items in their inbox. Now, policyIQ lets you decide which approvers in the approval string will be automatically notified via email when items have been submitted for their review.
    2. Prior to this release, an individual could only occupy one step in the approval process. It was not historically possible to approve, pass the content to other approvers, and then bring it back around for final approval. If a process requires the same person to step in multiple times, policyIQ now supports that process.
  6. Rolling forward just got easier! If your organization likes to leverage the previous period’s tests rather than starting from blank templates, you can accomplish roll forward in fewer steps with the ability to Remove Attachments in Bulk.
  7. Take advantage of the flexibility of policyIQ! Changes in process, regulation, org structure, or responsibilities might lead to the need for adjustments to solutions and templates. Solution designers (policyIQ administrators) will be happy to learn that it is now possible to copy fields from one template to another, making it easier to leverage the work of previous solutions for new or improved solutions.

Would you like some help taking advantage of features that were rolled out after your original configuration (from this summer’s release or past releases)? Contact us and we’ll be happy to walk you through the steps!

5 Steps to a More Efficient Internal Control Environment

Is your team overwhelmed with activities that feel unnecessary?

How confident are you that the energy spent on testing is focused on the necessary controls?

Leverage policyIQ to systematically focus on the critical controls for management and testing. More efficiently analyze which Financial Statement Assertions, relative to each of your 10K line items, are adequately controlled, which are left vulnerable and which of your relevant assertions is over-controlled! See, plainly, the gaps in your coverage and leverage the evidence to justify the reduction of waste, and plan to concentrate effort on work that matters.

This process really starts with your risk assessment. If you have not leveraged policyIQ to bring automation and reliability to your risk assessment process and want to walk through the policyIQ solution (including the just-released feature that makes cumulative risk calculations possible), reach out to schedule a free working meeting with us! After completing your risk assessment, identifying significant accounts and relevant assertions, and determining which of your processes and objectives are in scope (all steps that can be managed in policyIQ), you can begin the process of rationalizing your controls.

Next, leverage policyIQ to move through these five Control Rationalization steps:

Each step is made more efficient with policyIQ. We can support you to customize templates for the attributes that are critical and unique to your organization. The import, linking, calculations, workflow, and reporting features will allow you to more quickly examine the effectiveness and priority of your procedures. Having confidence in your Control Rationalization process and your internal control environment then allows you to come full circle to look at the bank of risks that you previously identified. You might conclude that some process risks that have consumed time and attention for years are actually not in scope. This Control Rationalization process will help you to be more effective and more efficient through each testing cycle.

Would you like to see sample templates and schedule a working meeting to get the ball rolling? Contact us and reap the benefits by your next testing cycle!

Have you automated your Narrative reviews?

Are you paying employees to inventory email responses or spend hours in update meetings to accomplish tasks that can be automated? With the application of policyIQ forms, your employees can take back time that was spent on tedious tasks and focus on work that matters.

If your team is still using Word, Excel, and email to manage 302 CertificationsControl Self Assessments and Narrative Reviews, they are engaging in the frustrating task of having to inventory the responses from their inbox and then babysit and pester people to complete their work. As responses do arrive, they evaluate who they’ve heard from, who hasn’t responded, and evaluate whether/which follow-up activities are warranted. They are likely also having to pull together routine assessments regarding the status of responses to share with management and others.

Before anyone invests another minute on the effort of pulling together the Narrative Reviews for next quarter, contact us to help your team realize these benefits right away:

  • Simplified roll-out of questions/certifications each quarter
  • Easy access to real-time information for monitoring of status
  • Automation of reminders going out to outstanding respondents
  • Automated compiling of results
  • Effortless reporting for management

There are lots of products out there that will set you back $50-$500k annually that promise efficiency gains in your compliance processes. For a fraction of that cost, we’ll deliver on that promise in a matter of weeks—not months or years. Work smarter. Spend smarter. Contact us today to schedule your configuration session. 

Who wants to avoid redundant effort and rework?

RGP consultant, Jason Chiang, recently wrote:

Jason Chiang
Expert in risk management and audit

“A narrative provides mid-level detail of the transactions and internal controls within a business process and includes who, how frequent, and in what location the transactions and controls are being performed…

…Narratives should be updated as changes are implemented in the organization. The updates should follow a workflow where there is a review process for significant changes.”

For many clients, automating the process of updating compliance documentation is a critical but often overlooked part of their practices. Each year, various aspects of controls may change, such as steps of the control procedure, the control description, or control ownership.  As these critical bits of information are updated, it is important, as Mr. Chiang stated, that the associated narrative pages are also updated to reflect the latest information.

Who wants to avoid redundant effort and rework?!

If you haven’t already implemented policyIQ or you have policyIQ and you haven’t taken advantage of this feature, this is a good time to tune in and make a note: policyIQ has a “linked field” option that allows you to update control language (or other documentation) in one place and present the updated language in related documents—here’s the key: without redundant effort or rework!

Displaying all related Controls in the Narrative is probably the most common request, but you can also display Risk language in Controls, Control language in Tests, and the contract review conclusions in a management summary page, among a seemingly infinite number of options! No more hunting down related documents to make small tweaks–it’s already done!

To learn more about how reduce redundant effort and rework, contact our team at Support@policyIQ.com.

Your Risk Assessment spreadsheets are costing you!

Are your employees still manually managing Risk Assessments using spreadsheets?
If you answered yes, they are likely struggling to work with others efficiently, they are frustrated by version control issues, and they are wasting time trying to figure out who has given input and who still needs to provide information.

The data in spreadsheets is difficult to aggregate. Performing analyses within a spreadsheet is limited, and across multiple spreadsheets it is nearly impossible. There are nearly always issues with data entry and, therefore, data integrity. So, your employees are likely also spending time having to validate and track down information and they’re likely performing rework to shore up assessments and findings. For all of these reasons, spreadsheets prolong the time and expense of audits.

RGP’s policyIQ team has developed features that help you to automate questionnaires, inventories, risk ratings, capability measures, track gaps and roll-up findings. Your management and audit teams can begin collaborating on their finance, operational, fraud and enterprise risk assessments right away.  Contributors from your locations can work together in one flexible and easy to use tool with confidence in the security and accuracy of their information and analyses. Templates for various risk assessments are easy to customize. Notes and assumptions from previous assessments can be easily referenced and considered in current risk calculations.

Your auditors can remotely review the content that you choose to make available to them and only after it has completed the review process that you enforce using policyIQ.

Reach out to us to request your free trial site and to learn more about how your team can end their reliance on spreadsheets. Work smarter.

Flexible Risk Assessment Frameworks with World-class Subject Matter Expertise

When deploying a technology platform for any GRC process, many questions are considered during the procurement process.

“How long will this take to get up and running?”

“Is it customizable?”

“Is this software affordable – and what if we choose to expand the scope of our deployment?”

Within the scope of GRC, policyIQ can be used to implement nearly any type of risk assessment – and can be done quickly (with custom tailored content), all at an affordable price.  It’s a system that grows as you grow.  But as you likely know, risk assessments are an area that has a seemingly infinite number of options on how to get from A to Z.  Fraud Risk?  Financial Risk?  Third Party Risk?  And the various methodologies to achieve each can be staggering.  

Can I implement my own methodology, or am I forced to use the software’s built-in items?

You’d be surprised to find that for many software platforms, the response to this doesn’t always yield positive answers.  One of the benefits of utilizing policyIQ is that the keys are in your hand for making this decision.  We have clients from all corners of the globe that choose to use their own methodologies when leveraging our software – and are able to do so with excellent results.  Likewise, many organizations have sought subject matter expertise, looking for a proven methodology and guidance to help them get the ball rolling. 

Regardless of the approach, policyIQ’s flexible platform is fine-tuned by the client to become the go-to place for establishing a consistent and reliable risk assessment environment, year after year.

Learn more about RGP’s professional services, or have a look at policyIQ’s solutions for GRC initiatives.

Here’s the trick for crushing your stretch goals…

Declare this “time for a fresh start” and get organized!

Is everyone stirring and antsy at the thought of kids running out of school, hooting and hollering, and throwing papers in the air? Well, I’m a momma and my kiddos have been off kilter and frazzled with anticipation of summer break for at least two weeks! One of our practices that we carry out a couple of times each year—and every year at this time—is to clean out backpacks, cubbies, bookshelves, and the desks at school and at home. We organize items into the “this will be useful in the coming year” pile, “keep forever in the scrapbook” pile, “how in the world did this get in here?” laundry pile, and into the “recycle/retire to final resting place” pile. They are super anxious to run off to their friends’ houses, ride bikes, or dive into their latest Minecraft creation, but mom forces them to hit the skids until they have completed this chore.

Having a clean slate and getting organized for a fresh start in the next life chapter is one of our strategies for setting ourselves up for success. They might grumble and sulk for a short time, but they’ll thank me for these habits one day. That’s my hope, anyway.

Being disciplined about hitting the pause button and making time to lay the groundwork for future success is not just a chore for school children and moms. You’ll hear the same guidance from the policyIQ team as you embark on your goal to better manage your Governance, Risk, and Compliance initiatives.

Take time to organize content and users.

One of the most obvious benefits of policyIQ is that you can be up and running—actually using the tool in your organization—on the same day that you submit your order form. Our recommendation, though, is that you tap the breaks a bit and set up your site in a way that more likely ensures your long term success.  The fundamental questions to consider for any policyIQ implementation are:

  1. What are we planning to capture or manage in policyIQ?
  2. Who needs to have access [and what type of access do they need]?
  3. How can we organize information in a manner that is intuitive to our users?

Thinking of the overarching goal of the initiative or documentation and considering how the pieces of documentation may be broken down and related to adjoining processes will give your team the flexibility to home in on specific details for analysis while also overseeing completeness and performance at a high level. If you’re drawing your plan on a whiteboard and feel the need to branch off into several related items, that might be an indication that you could design more than one template to capture the different types of documentation.

Similarly, taking the time to create an organization chart, so to speak, that logically accommodates all of the hats that are worn by your policyIQ users will go a long way to simplifying access to policyIQ content going forward. Creating groups for Control Owners, Asia-Pac Approvers, 302 Respondents, and the Board of Directors, for example, makes it easy to ensure accuracy while minimizing maintenance as employees move into new roles within the company or new employees are brought on board.

This org chart does not have to match a traditional org chart with departments and position titles. That hierarchy might be a part of the structure. A tip that makes life much easier, when it comes to maintenance in the future, is to consider the other hats worn by your employees. Is the Business Unit Manager also a Process Owner or a Control Owner? Does she respond to 302 Sub-certification Questions? Does she lead any committees or projects? If those initiatives are managed in policyIQ (and they can be), then it will help to have the roles of all the players represented in your Groups structure. With a well-planned group structure, only the users require adjustment when there is turnover, not all of the documentation and responsibilities of the people coming and going.

Do you feel like you don’t have time…to save time??

That’s the perfect time to contact us! There is a standard policyIQ configuration for many GRC solutions and the experienced implementers on the policyIQ team have helped hundreds of companies to set up policyIQ for various solutions. We can help you to get started—or re-started—quickly. If you’re strapped for resources while the organization is trying to squeeze in a change in process or shifting from manual processes in Word, Excel, and email to a centrally accessible cloud solution with workflow management tools and you just don’t have time to really focus on the effort to save time, then let us put you in touch with a subject matter expert who can help you with the design of your Risk Management or Compliance or Audit process, or our professional consultants can lead your project team, or they can take on the lion’s share of the work to transition documentation. We can help you to assess your needs and close the gaps.

Happy Summer Break!

We hope that you enjoy some fun time with family and friends this summer. Let us know where we can support you to work more efficiently and more effectively to help free up some time.

Who has access to your critical documentation?

Think, for a moment, about your human resources policies, risk documentation, safety specs, audit issues, training materials, accounting procedures or your IT controls.

  • Do external audiences, as well as internal employees, need access?
  • And do these audiences require access to different subsets of your content?
  • Does the intended audience know exactly where and how to locate all relevant content?
  • Is the latest version of the content available to your audience?
  • What steps do you have to take to disseminate content changes to your audience?

These are among the information governance considerations that RGP systematically addresses using policyIQ.

One of the lesser known perks of policyIQ is the ease with which you can provide free, simple, secure and tailored read-only access to your audience.

In this related blog post, we described one feature of policyIQ that gives organizations an easy-to-setup and easy-to-use solution for presenting and disseminating content to your read-only users.

If you are trying to develop a plan for appropriately sharing different types of documentation with their respective audiences, get in touch with us! We enjoy brainstorming and problem-solving challenges like this!