Each year we notice more and more policyIQ clients are engaging their external auditors to perform their audits electronically using policyIQ. Earlier this year, we shared how data from policyIQ could be extracted to share it with external auditors. Many organizations find it helpful to give auditors direct access to policyIQ so that they can use the functionality of policyIQ to locate documentation.
Tips for Granting External Auditors Access to policyIQ
If it’s been some time since you implemented or expanded your use of policyIQ, you might have forgotten how to set things up so that new users have appropriate access to content. Here are the critical steps for granting viewing rights to appropriate content to your external auditors:
1. Add Group for External Auditors – policyIQ sites included a group for External Auditors by default, so you might start by locating the group in your structure. If it has been deleted, it is simple to drill down to the position in your Groups and Users structure where you would like to add the group and choose Add > New Group from the table toolbar. Going forward, rather than adding any individual auditors to view Pages, you will only have to manage the users added to this group—this will simplify maintenance.
2. Add Group as Viewers on Pages – Remember that Pages are the root of security in your policyIQ site. The easiest way to grant your new External Auditors group viewing rights to your Pages is to create a report that will pull back all relevant Pages and use the reporting toolbar options to make the change in bulk.
3. Verify Folder Security is Properly Set – Many companies have chosen to allow policyIQ Folders to be visible to all users. If the security of your policyIQ Folders has been restricted to viewing by only specific groups, then you will want to ensure that the External Auditors Group that you added is also among the Viewers of your Folders.
Remember that Page security trumps Folder security. Removing Viewers from a Folder will only make the appearance of the Folder in the left navigation disappear from the Viewers—Search and Report results will still return all Pages upon which any users have been granted rights as Viewers.
4. Ensure Pages are Published – Note that Viewers on Pages are only able to see those Pages once the Pages are Published. Your team can comfortably continue performing their work and updating content knowing that it is only visible to those with appropriate security access rights (Administrators and Editors of the Page and anyone with Global Permissions to view Pages in the site—such as your Site Administrators). When you’re ready to share with your external auditors and any other Viewers of the Pages, be sure to Publish the Pages.
A Bonus Tip Regarding User Profiles
If you are unsure of which type of Access to grant your External Auditors, here’s a reminder of some characteristics of each profile that might be helpful to you:
Read Only Users – These accounts can be shared and are always free. Read-only users do not have access to Advanced Search or Reports. They must use the Folder Structure or Search capability to locate content.
Standard Users – There is a small fee for Standard Users (contact us to look at your agreement). These users will have access to Advanced Search—the option in the left navigation that is a slimmed down version of Reports. It allows users to create a list of Pages narrowed down by any number of Filters.
Advanced Users – There is a fee for Advanced Users (contact us to look at your agreement). Advanced Users have access to both Advanced Search and the Reports module. This is the type of account that can utilize Reports such as a Risk-Control-Test Matrix (a Detail Link Report) to view and analyze content.
If you have any questions about granting access to your External Auditors, contact us at support@policyIQ.com and we’ll get you started right away!
Pingback: Which part of your SOX process to you want to improve? This list of resources will help. | policyIQ Blog