Can your organization provide evidence that your house is in order?

Actions by the U.S. Securities and Exchange Commission (SEC) have amounted to more than a billion dollars in disgorgement, fines and penalties every year for nearly two decades. On average, nearly a quarter of actions filed also included named individuals as defendants. What does it mean for your organization if one of your employees engages in illegal activity? Well, that depends. Can your organization provide evidence that your house is in order?

The executives who sleep well at night know that 1) they have policies in place, 2) they have and enforce a process to ensure policies and procedures are kept up to date, and 3) the organization has gone to great lengths to ensure that all employees and third-party agents of the company are aware of the policies and procedures.

Upon request, managers in their organizations can provide the latest policies, proof of maintenance, access to previous versions, a list of all changes including who made them and when, as well as evidence of employee notification and certification.

Employees in these organizations can also rely on their policy management systems to help them work more effectively and efficiently. Their policies and procedures are appropriately linked to related regulations, risks, controls, and principles, and they include ties to responsible parties, departments, relevant locations, and systems touched. If a new employee, system, or regulation is introduced, they can see who and what is impacted.

The most adept organizations have a broadly communicated philosophy regarding policy documentation and practices that provides a shared foundation for all divisions, departments, and regulatory management teams throughout the enterprise. They utilize a centrally accessible policy management platform that supports collaborative authoring and monitoring while also providing all employees with easy access to the latest approved versions.

How well have you been sleeping? Reach out to us and soon you can rest, too, knowing your house is in order: 412.263.3330.

What comes to mind when you hear “digital evidence”?

Who cares?

I mean, who actually has to care about digital evidence? Consider the audiences or different roles of people who need to produce or rely on digital evidence: management and business unit leaders; auditors; information management, technology, compliance, and security professionals; and the officers of your organization. We are producing unstructured data, much of it valuable, at a breakneck pace. Do you know who your producers of quality digital evidence are?

When I hear digital evidence, I think of the artifacts that may be considered digital evidence such as raw data, reports, signed documents, test results, specifications, and performance receipts. Documentation of activities that provide assurance, including procedures, work instructions, training sessions and materials, and attestations are also critical. Have you identified which practices and assurances are closest to your significant accounts, risks, and controls?

How do we wrap our arms around digital evidence?

There are systems and practices that provide the bookends for ensuring relevant and reliable results contributing to digital evidence such as systematic management and monitoring of workflow, milestones, deadlines, analyses, and remediations. Digital evidence also relies on the trail of bread crumbs that show who touched what and when including the audit trail of changes, versions, handoffs, and approvals. Without a central portal or system in place, it is plain to see, we cannot reliably manage digital evidence.

Are you taking advantage of all that policyIQ has to offer in these areas?

Alerts, dashboard notifications, and email generated systematically by RGP’s policyIQ helps employees know when work is required of them. The taxonomy of the digital content is configurable and can be subject to the information governance preferences of your organization with appropriate read, write, and approve rights established during initial configuration. policyIQ can provide an enforceable framework to manage contributions, the complete capture, monitoring, and reporting on critical documentation and evidence.

If your opportunity has more to do with the quality of your existing evidence or the need for corroborating evidence, RGP’s subject matter experts can help to assess your need and to fill any gaps identified. Right now—whether related to technology, process, quality, or completeness—make a note of some of those gaps or pain points that just crossed your mind. And then reach out to us: Information@policyIQ.com; 412-263-3330.