Overview of policyIQ for SOX: Training Q&A – Reports and Training (Part 2 of 2)

In this second half of our Q&A follow-up from our February 23rd training class, we’ll address those questions related to:

  • Reports
  • Training
  • Other policyIQ uses

Haven’t read Part 1, yet?  Check it out here!

Reports

When we dug into the topic of Reports, there were a great number of really terrific, detailed questions.  This topic always strikes up some great conversations – and we’d love to hear from some of you in the comments to let us know if you have other answers that you have given to your fellow policyIQ users!

Question: Is there a Template or linking ability to a Summary of Aggregated Deficiencies (SAD) Report?

Answer: This is definitely a possibility within policyIQ Reports.

Based on my understanding of what is required as a part of a typical Summary of Aggregated Deficiencies report, you essentially need to pull together a report of all Deficiencies that are not closed out by the end of your testing year. By documenting your Deficiencies in policyIQ and linking them to failed Tests, you can keep track of the status of the Deficiency (some clients go so far as to link a Remediation Plan), and include fields for the Severity and even the Cost or Estimated Financial Exposure related to the Deficiency. When pulling this information back out for your end of the year reporting, you will likely use a Detail Link report type, starting with your Open Deficiencies in data set 1 and including critical details from the Test, Control and ultimately the Risks that are linked back to this Deficiency.

Question: Are the reports in the Unfiled-Administer and Unfiled-View Only viewable to all users?

Answer: Not necessarily. You can make reports available to all Advanced users or specific Groups of users by adding them as “Viewers” to the Report properties. Those reports that appear in the Unfiled-Administer area are those reports that you can administer, but that you have not filed into a specific Category. Those in Unfiled-View Only are reports that you can view, but not administer that have not yet been categorized.

Question: How can I create that report that you are describing now?

Answer: Please check out our Help guide for some additional details about how to create the various reports that we created in our training class, along with several others that may be important for your Sarbanes-Oxley process.

Question: Are the Page hyperlinks available in the Excel export of the Report?

Answer: Starting in version 6.6, you will be able choose to include the Item URL as one of the columns in your exported report, which will then appear as a hyperlink in your Excel export. (Check out version 6.6 release notes for more information.)

Question: Can Report Categories be assigned differently per user or only by the report designer?

Answer: Report Categories are always defined by the specific user. When you create Categories in your Reports module, those Categories are specific for you – so that you can organize reports in any way that makes the most sense for your daily work.

Question: Can a summary report be generated that indicates the number of control deficiencies/exceptions by department or division for risk management reporting (i.e., KRI, KPI trends, etc?)

Answer: Yes! Another one of those questions we love to receive, because it allows us to talk about the depth of possibilities in policyIQ.

Most clients will document Deficiencies on their own unique Pages, with a specific Template for all of those fields that must be captured related to a Deficiency. Those Deficiencies are indexed into those Folders that outline your Business Processes and also in to the Folders for Locations or Divisions, alongside the Controls and Tests. This allows you to create a Summary Report (along with so many other possibilities) of all Deficiencies identified in this testing cycle by Business Process and Division (or Location). You can quickly pinpoint which Processes or Divisions pose the greatest risk to your organization. You might also have a field on your Deficiency Template that defines the Severity of the Deficiency. Is it a material weakness? You could then create a different Summary Report of all Deficiencies identified this testing cycle by Severity and Process (or Division) to see where the greatest risk lies.  

deficienciesreport3 

 

 

 

 

 

 

The above illustration is just a quick example of what this might look like.  Remember that Summary Reports allow you to drill down, as well – either into a specific Process to see sub-Processes, a Region to see specific office locations, or by clicking on any of the numbers in the report to see the detail of the Deficiencies represented.

Question: What is the difference between Standard and Read-Only user types?

Answer: Standard Users have access to a few additional things that Read-Only users do not: Standard users can respond to Forms, they have a Dashboard to keep track of Forms assigned or Pages to read, and they access to Advanced Search! Advanced Search allows a user to create a simple “Detail Report” of content.

In version 6.6, Standard and Advanced users will be able to create and save Advanced Searches to create their own custom views or queries to be accessed within their left-hand navigation. (Check out version 6.6 release notes for more information.)  Read-Only accounts do not have any personalized content or access to Advanced Search.  

Question: What examples do you have available in the Internal Audit and Enterprise Risk Management areas?

Answer: We don’t plant attendees to ask leading questions, but sometimes it feels like we do! Join us next month when we host our next CPE training event that will focus on Enterprise Risk Management in policyIQ. We’ll show you a little bit more about how you can incorporate elements of your ERM program into policyIQ. Keep an eye on our blog or on your policyIQ log-in screen for more details!

For more information on how to use policyIQ for Internal Audit, check out our whitepaper that is available now in our online Help guide. This guide will walk through how policyIQ can be set up to manage workpapers and operational audit documentation.

Question: What further training would you recommend to develop a deep knowledge of policyIQ?

Answer: Our policyIQ Training Center offers a great deal of options for getting more knowledge and in depth training on policyIQ. Training courses are broken down by both the policyIQ Module (such as Create And Edit or Setup), as well as by user type (such as “Content Manager” or “Site Administrator”).

If you are brand new to policyIQ, we recommend starting with the Introduction to policyIQ followed by the Workflow – Overview session. The combination of those two sessions is just about 30 minutes of recorded training, but will provide a solid overview for new users.

Question: Can we get a copy of the questions & answers in chat?

Answer: Yes.

*whew*  Those were some GREAT questions.  Of course, every organization is just a little bit different and has different reporting and documentation needs.  Contact our support team or speak with your account manager if you’d like to talk more about how you can utilize policyIQ most effectively for your SOX compliance.

And don’t forget those great resources available to you in the policyIQ online Help guide!

This entry was posted in Solutions, Training by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s