This Audit Trail will Reduce Organization Liability

Many organizations have pockets of well-developed and maintained policies and procedures. Leaders in various business units might have overseen the development of certification processes (“I have read and understood the policy…”, “I have not observed fraud…”). Fewer, though, are the number of organizations that have a coordinated enterprise strategy on policies.

GRC 20/20’s Michael Rasmussen had this to say about a strategy on policies:

We could write a series of posts delineating how policyIQ provides powerful technology support for a coordinated enterprise Policy Management strategy. For this post, however, let’s focus on Rasmussen’s last sentence in the paragraph above. policyIQ houses a comprehensive audit trail comprised of a number of features that allow the history of changes and versions to be examined from a variety of perspectives.

Historical Review

Version History is retained on all policyIQ content. It is possible to examine exactly what was presented in any version at any point in the content’s history. Attachments to documentation (evidence, forms, supplier documentation, etc) are also retained for historical review.

Change History is even more specific than Version history. This feature of policyIQ tracks specifically who made changes to content, what change was made, and when—dating all the way back to the inception of the documentation.

The viewing history of each page in policyIQ is also tracked. Do you want to know if that employee or the external auditor accessed the content last week as was reported? policyIQ can tell you.

Certifications

The ability to create and tailor certifications, attestations, and questionnaires and to customize how they are made available or scheduled for delivery leaves endless possibilities for organizations wishing to gather information from employees (and third parties) on their commitments, agreements, observations, performance, opinions and on and on. The “Forms” functionality in policyIQ eliminates the risk that an employee’s response will be overlooked in the sea of email.

Reporting Capability

All of these changes are made evermore valuable with the associated reporting features. Do you want to know who made changes to Accounting policies in the most recent quarter? Maybe you escalate a monthly review of any Exceptions documented on Information Security policies. Can you easily identify all procedures, projects, divisions or positions that will be impacted by the technology that you’re scheduled to replace? Yes—with policyIQ, you can.

Snapshot at a Point in Time

And if all of that wasn’t enough, policyIQ also allows organizations to schedule the capture of a complete backup of their database, called a Snapshot, containing all data at the time the Snapshot was captured.  Snapshots are a free benefit to policyIQ clients. While it is not common, it is an invaluable service to be able to present and review content as it was two years ago on that day in May, let’s say. For a small fee, clients also have the option to request an electronic extract of all content from their policyIQ site that they may provide in the event of an investigation or audit.

Safe and Direct Access

If the need presents itself, it is possible to provide investigators, auditors, litigators or other specified parties with direct access to your policyIQ site. This type of access would allow them to review documentation in the application and save on legal fees or administrative fees for copying or making information

RGP has received positive reviews for the breadth and depth of the audit trail provided in policyIQ. And while we have a number of testimonies to value that these features and services have yielded for various functions and divisions of our clients, that value is exponentially greater when applied enterprise-wide.

Maybe we’ll have to circle back to talk more about Michael Rasmussen’s related blog post and how policyIQ can help you to combine Case Management and Policy Management without sinking a huge investment of time and money into a big GRC platform. RGP has you covered with the subject matter expertise and technology there, too. Feel free to reach out to us directly if you’d like to know more or explore your options sooner than later!

This entry was posted in Features and tagged , , , , by Stephenie Buehrle. Bookmark the permalink.

About Stephenie Buehrle

Stephenie is the “solutions” expert on the policyIQ team. With RGP since 2004, she designs and develops solutions that capitalize on the best practices of the hundreds of companies that she has touched, while tailoring each configuration to meet the unique needs of each client. Before joining RGP and the policyIQ team, Stephenie enjoyed working as an independent consultant in the non-profit sector. Stephenie also previously performed analyst services for a major brewer ranging from roles in biological and chemical services to analytical roles in business process improvement and innovation. Stephenie quips that she still doesn’t know what she wants to be when she grows up, but hopes to spend her days helping others (companies, individuals, and communities) to realize their full potential.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s