About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Review, Revisit and Revise: Let us help.  For Free. For Real.

If this blog post sounds familiar, it is because you have likely heard us say this before.  However, we think it bears repeating.

We want to help you make the most of policyIQ.

As with any product that is continuously evolving, it can be difficult to keep up with all of the new possibilities that are available within the policyIQ application.  Maybe you didn’t even know that every upgrade and every new feature developed is rolled out to all of our clients automatically at no additional cost.

If you implemented policyIQ last year, there are already new features that might save time or allow you to create a solution for your team that you haven’t thought about yet.

If you implemented policyIQ more than five years ago and have not revisited the way that the application is configured, we need to talk.

What does that expert review and guidance cost you?  An hour of your time.  That’s it.  For real.  We know your time is valuable, but an hour of your time with one of our policyIQ implementation specialists can save you far more time in the long run.

Contact us today – and ask to set up a meeting with a policyIQ implementation specialist to talk about the way that you are using policyIQ!

Policies Provide Foundation through Changing Regulatory Environment

Regulatory environments are constantly changing, influenced by economic, political and environmental factors beyond your company’s control.  It might seem like a daily battle to deal with the push and pull of complying with changing regulations.  So how do you stay focused, prepared and sane in the world of regulatory compliance?

One critical step is to ensure that you have well documented, well communicated and well understood corporate policies.  

Policies provide the foundation, governing the way in which your employees will work and how they will meet new regulatory requirements.  When the foundation is strong, with clear policies that are followed and enforced consistently, additional external expectations and requirements are much easier to incorporate.  

Here are just a few best practices to consider:

  1. Ensure that policies are written clearly.  Avoid company jargon or acronyms that may be unclear to new employees or external regulators.

  2. Make policies easily accessible to all employees.  If you are already using policyIQ, ensure that a policyIQ link is posted or communicated regularly.

  3. Clarify whether any exceptions might be approved to the policy, and communicate the process for approval for exceptions.  If it is not clear, employees may be more likely to decide it will be easier to ask for forgiveness than permission.

  4. Document how policy violations will be addressed or how policies will be enforced.

  5. Revisit, review and revised policies regularly.  Do not allow policies to become outdated or appear to be outdated.  Even if no changes are made, regularly note that content has been reviewed, so that employees

  6. Map policies to your regulatory requirements or other compliance programs.  As regulations change, you can more easily identify any changes that must be made in your policies to address those changes.  

What other best practices would you highlight for a clear corporate policy platform?  Add yours in the comments and share ideas! Learn more about how to utilize policyIQ’s various read-only options by checking out a recent blog post by policyIQ Product Manager, Travis Whalen.

ICYMI: Assessments and Scoping in policyIQ

Did you miss our recent training session on completing our SOX Risk Assessments and scoping exercises in policyIQ?  Not to worry – we have you covered!

How Can I Catch Up?

If you want to get into the details, we have the training session and materials available for download!

  • You can access the slides here.
  • You can also view the recording from our policyIQ training page.
    The training page is linked from your policyIQ login page – and available from within the online Help Guide.  If you don’t have access to the training page, please reach out and we’ll send you the link!

Just the Highlights, Please!

This training session aimed to ensure that participants are able to…

rascope1

We discussed common SOX risk assessments at the financial statement line item level, targeting risk factors like…

rascope3

In addition to illustrating how to create the calculation directly in policyIQ, we also acknowledged that some folks love their MS Excel process.  policyIQ can handle that, too, through the import option!

rascope4

Then we took a close look at the relationships between the content that allows for the most effective scoping options.

rascope2

And finally, we walked through the reports that provide the final step in the scoping process.

rascope5

We would love to help YOU get started on your risk assessments in policyIQ, so that we can link into your SOX work for ease of annual scoping.  Contact us today and we’ll meet with you at no cost to help you get on your way!

15 minutes might save you money on your car insurance, but just 2 minutes can save you time on audit testing!

Auditors and testing teams have been asking for an even easier way to view information about the associated Control or Procedure that they are testing.  Rather than having two screens open side by side in policyIQ, auditors would prefer to see critical details about the control that they are testing right there on their test screen.

Now you can make that happen – with NO DUPLICATION OF DATA!  And it literally takes less than 2 minutes, with no additional data entry required.

linkedfields

How?  If you are a Site Administrator, you need just 2 minutes, I promise!

On your Test page template, simply add a new field and select “Linked Field” as the field type.  Select the field that should be linked from another page template, save it and VOILA!

If you’ve added the Control Description field from the Control template, for example, you’ll automatically see the Control Description displayed on a Test page for any Control that is linked to it.  If there are multiple controls linked to a single Test, you’ll see multiple Control Descriptions, identified by the page name.

This function does not apply to audit testing alone!  Consider these other ideas:

  • Pull vendor information into a Contract page.
  • Bring risk descriptions to Control pages.
  • Create Process pages that pull in linked Control Descriptions.
  • Pull project task descriptions into Action Items.
  • Bring issue details into a Remediation Plan.

Want more information?  Contact us at support@policyIQ.com.

Talking about Audit Efficiency in Atlanta (TAC 2016)

RGP and the policyIQ team were honored to be invited to speak at the Atlanta chapter of the Institute of Internal Auditors (IIA)’s conference, held on Friday, September 16.

policyIQ’s Managing Director, Chris Burd, tackled the topic of “Ways that Technology Can Expedite Internal Audit’s Daily Work”.  With attendance for the session well over 200, the topic was clearly one that generated a lot of interest.

An unscientific “show of hands” poll of the audience found that only about half of the attendees currently utilize a software application that is designed for Internal Audit or Governance, Risk and Compliance programs.  For those not utilizing an application, the session generated a number of ideas and stressed the value of having a tool to expedite and streamline the process.

For those that do use an internal audit application, however, the conversation also allowed the attendees to ask and offer suggestions to others of ways to improve their current audit work.  The discussion followed the following steps in the Audit Cycle:

auditcycle

Two specific areas that were called out as areas of interest by the attendees were the work of Evidence Collection and that of Issue Tracking.

Evidence Collection

In evidence collection, we talked about ways to automate the evidence collection process, as well as some of the challenges of doing so.   While a fully automated evidence collection process is the ideal end goal, the discussion touched on making sure that you also provide the right amount of training and oversight to those individuals participating in the process, to alleviate stress of a new process and minimize the risk of invalid evidence submission.

Issue Management

The topic of issue management focused primarily on the idea that issues are most effectively managed when they can be easily linked to the audit testing, controls, processes, or risks from which they originated.  Having a central system to manage risk assessments, internal controls and procedures, audit testing and issues allows for this flow of information.

 Looking for Technology that is Simple to Use and Implement!

As a sponsor, RGP was also able to meet with attendees as they stopped by to say hello.  Folks that stopped by to talk about technology almost invariably said the same thing – they wanted to find software that was easy to use and easy to implement.  Long and costly implementations caused many to simply continue doing things in the same Microsoft Office tools that they have always used.

Do you want to learn more about how to make your internal audit team more efficient and effective?  Contact us today and we’d be happy to meet to talk about some of the specific ideas and how policyIQ can meet those needs!

The Challenge: Technical Memos; The Solution: policyIQ

takecontrolWhen we think about all of our compliance initiatives, policy requirements and technical accounting adjustments that companies have to deal with, we often focus on specific types of initiatives and content – risks, financial or operational controls, contract reviews, audit testing, etc.

Recently we were approached with a question that really took us back to the basics of “content management”.

The Challenge:  Technical Memos and more

“Technical Memos, Accounting Documents, Whitepapers, Footnotes, Position Statements…these things are not stored in a consistent manner.

“It is very difficult to locate documentation that is stored in various formats on hard drives and shared drives…and sometimes still in filing cabinets!”

Our audience – in this case a gathering of SEC professionals – had been sharing ideas to better manage the various documentation, technical memos, position statements and whitepapers that they needed to retain.  Network drives, paper formats, or email archives were just not the right solution.  They acknowledged that many of them struggled with ease of access, security of the documentation, version control and audit trails of changes.

The Solution: policyIQ

We were invited to speak to the group about policyIQ, and how the application – with its simple interface, cloud-based access and flexible structure – provided a perfect solution.   By implementing policyIQ, even with a small group of licensed users and a larger audience of free read-only access, their organizations could benefit from:

  • Centrally Accessible
  • Searchable
  • User Friendly
  • Customizable Folder Hierarchy
  • Version Control
  • Tailored Security
  • No IT Resources Required
  • Multiple Solutions in One Tool

 

Regardless of what type of information or content your organization needs to get a handle on, consider policyIQ’s flexible structure and simple interface to help organize, distribute and manage your critical business content.  Accounting, HR, Legal, IT, Operations – and even your Board of Directors!  All departments need a simple way to manage critical content.

Contact us to find out more.