Know thy data, Know thyself: Improve your Business IQ with Reporting

Business Intelligence is defined by the good people at Wikipedia as referring to skills, processes, technologies, applications and practices used to support decision making.

calculate1So how can you improve your “Business IQ” and make better, more informed decisions?  If you are using policyIQ, the first step is to fully utilize your Reports module to understand your data and get smarter about your business.

In an effort to help you to boost that IQ, we’ve given you some ideas for the reports that you might need, or reports that will make you a more efficient part of the process.  In just this sample of report possibilities, we’ve covered reports for

–  Policy and Procedure Management
–  Compliance Efforts (SOX, MAR, PCI, etc)
–  Contract Management
–  Account Reconciliation process

Regardless of how you are using policyIQ, reports can add value and can improve the quality of the decisions that you make!

Reporting on Policies, Procedures and Process Documentation

If you are using policyIQ for policies, procedures and basic process documentation, you might be thinking “I don’t need reports.  This doesn’t apply to me.”  Go ahead and admit it – you won’t hurt our feelings.  But there are so many ways that well structured Reports can help you to better manage your content.

  • What policies and procedures haven’t been reviewed in awhile?

Don’t underestimate the need to keep your information current!  Your users want to know that they can trust the data – and seeing that the page was last reviewed within the past year will give them greater peace of mind that they are, in fact, looking at the most current version of you the policy or procedure.  policyIQ already has a standard field for the “Expiration Date” on the content – and standard reports available to track of things as they expire.  Or use Change filters to find pages that haven’t been updated in a certain period of time.

  • What policies or procedures aren’t yet published and available?  What is being worked on?

Run a quick report to see those policies that are still unfinished and not published for your audience – and then follow up with the individual to whom the page is checked out to check on the status.

  • We’ve just implemented a new enterprise wide application.  What policies and procedures need to be updated because they reference the legacy system?

When you implement a new application or move responsibility from one job position to another, you should go through your existing documentation and be sure that the information is up to date.  But how do you identify everything that might be affected?  The easiest way to find all of the pages that might need to be adjusted is to run a report – or do a Search – for all content that contains that application name or that job title.  The list of the content that comes back should be reviewed – and you can easily review all of the pages or assign the pages out to their respective owners to be reviewed right from your results!

Reporting on your Compliance Efforts – SOX, Model Audit Rule (MAR), Payment Card Industry (PCI), SEC Rule 38a-1, Canadian Bill 198 (“C-SOX”)

There are a lot of different compliance efforts that our clients manage in policyIQ, but our experience has been that your needs boil down to the same thing:  You have to have procedures or controls in place that mitigate risks (or meet regulations) – and you need to confirm that your organization is performing those procedures properly.

For compliance efforts, reporting is CRITICAL.  Having controls in place and testing them is only half the battle.  You need to PROVE that the testing has been completed to your auditors.  The compliance management teams need to provide reports to management and executive level, as well as to external auditors.

  • Risk / Control / Testing Matrix

A “Detail Link” report will allow you to pull together Risks, Controls and Tests into a single report (even adding on Gaps or Deficiencies, if desired).  You can create one report for the entire company, or break it down by division, business process, location, etc using filters.

  • Executive Summary of Gaps by Process or by Location

Your executive team wants to know where the problems are – and what areas of the business have the greatest potential liability.  A “Summary” report of all Gaps distributed by Business Process and Location (or Division) is a great way of illustrating the trouble spots.

  • Testing Status Report

There are a variety of ways to provide status reports of the Testing process, depending on the level of detail that is desired by the audience.  A simple “Summary” report can show the number of Tests that are in various stages of completion – and can be broken down by Business Process or Location, as desired.  A “Detail” report can list all Test pages, sorted by the Status of those Tests.

  • Period End Testing Results

Again, there are a variety of ways to provide this report, depending on the level of detail desired.  A “Summary” report can show the number Tests that have Passed, Failed, Remediated, etc, and can be broken down by Business Process or Location.  A “Detail” report can simply list all Test pages, with columns for the Results and Conclusions.

Perhaps even more useful, though, is a “Detail Link” report, with Controls and Tests – where both the Control information and the current period Test information is provided side by side in the “Detail Link List” export format.

But reporting for compliance efforts isn’t all about deliverables; there are a lot of reports that can help you to manage the process along the way.

  • Are all of my Controls linked properly?  Tests?  Gaps / Deficiencies?

Run a “Detail Link” report with Risks in the first data set and Controls in the second data set to confirm that all of your Risks are linked properly to your Controls.  Or switch the order of the data sets to confirm that all of your Controls are linked to at least one Risk.   Similar “Detail Link” reports can be used to confirm that Tests (in dataset 1) are linked to their respective Controls (in dataset 2), or that Deficiencies are linked to a Test or Control page.

  • Have any of the Controls changed from Key Controls to non-Key or vice versa this year?

You need to concentrate your testing on the Key Controls – and you need to know if that has changed this year. Create a “Detail” report and use the Change filters to narrow down any Control pages where the “Key/Non-Key” field has changed. (Change filters all you to narrow down results to changes on a specific field.)

  • Who still has Testing that is incomplete?

A “Detail” report filtered by all Test pages with an Incomplete status will tell you what isn’t yet finished.  Be sure to include the column of “Checked Out To”, so that you can follow-up with the appropriate tester.

Reports for Contract Management

In the world of contract management, reporting is critical to keep track of what is coming up for renewal, what needs to be reviewed, etc.   Here are just some of the questions you could answer using policyIQ reports.

        • What contracts with vendors are set to renew in the next 60 days?
        • What client contracts are expiring in the next 60 days?
        • Who are our largest clients?  (or “What client contracts are worth more than $X?”)
        • What contracts are under legal review?
        • Which of our vendor agreements are on an auto-renewal schedule?

 Account Reconciliation Reports

For those using policyIQ for account reconciliation, one of the key benefits that policyIQ offers is the ability to easily report on the reconciliation progress and results.

        • Which accounts are not yet reconciled for this month (or quarter)?
        • Which accounts have an unreconciled balance?
        • What reconciliations this month have an unreconciled balance greater than $X?
        • For this specific account, what is its balance and reconciliation history?

policyIQ can be used to manage so many different types of business content – and we’ve touched on just a few of those here.  Check out our description of a variety of policyIQ Solutions for even more ideas on how your organization might be using the application.  With each type of business content or new area that you move into, consider the reporting needs of your audience, your management team and yourself – and ask us how you can best utilize policyIQ reporting to increase your business IQ!

This entry was posted in Features by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s