Author Archives: Chris Burd

About Chris Burd

Chris is the Vice President of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, reads too many books, and spends more time than she should taking photos of her cats. She's on a mission to visit the hometown of every US President - so far managing to get to 14. She would like to be a rock star when she grows up.

Five Ways to Take Control of Internal Controls

Posted on by
Reply

“Managing” internal controls means more than just documentation and annual walkthroughs.  Controls are living processes—some automated by technology and others performed by human hands.  policyIQ does more than just capture the control documentation.  Are you taking advantage of all that policyIQ has to offer?

Managing Controls

If you are interested in learning more about the various ways that policyIQ can be used to manage controls, join us on January 14 at 1 PM ET (10 AM PT) for our upcoming CPE webinar, “Managing Controls in policyIQ: From Documentation to Control Performance”.  Click here to register today!

If you want to learn more right away, don’t hesitate to reach out to us at info@policyIQ.com or support@policyIQ.com.

Request, Route, Approve, Complete: Simplify any request process with policyIQ

Posted on by
Reply

email_legal

How many times a day does an email similar to the one above land in the inbox of someone you work with? Or maybe even your own.  How often do they fall through the cracks?  Often these simple requests are a critical part of the control environment, but the routing and tracking of the requests is not truly controlled.  Lost or delayed requests for critical processes, such as the legal document review above, can mean lost opportunities or compliance violations.

policyIQ can help – and you can start today.

Even those who are familiar with policyIQ’s electronic forms are sometimes unaware that these forms don’t have to be assigned to users. policyIQ forms can be used to allow an employee to initiate a request at any time.  (We refer to this as “Public Forms”, but you decide which employees actually have access to the forms.)

In the example above, the process might look something like this:

  • Sales Manager submits a Legal Document Review request via policyIQ.
  • Request gets routed directly to Legal, and because it was submitted as an “NDA Review”, it is placed in a queue for the paralegal support review.
  • The Paralegal checks his queue, which is sorted by the date “Needed By”.   This urgent request floats to the top.
  • The document is reviewed, comments are returned to the requestor, and the partnership can move forward!

How many routine requests could be better managed?

Legal document reviews are just one process that could be better managed in policyIQ’s public forms. Consider some of the following:

  • System Access Requests
  • Employee Time Off Requests
  • New System Feature Requests
  • Capital Expenditure Requests
  • Project Approval Requests
  • Proposal Assistance Requests
  • Technology Purchase Requests

You can set up your electronic form in just a few minutes. If you need some logic built into the approval routing, policyIQ rules allows you to determine where the request gets sent based on the inputs.

Want to get started? Contact us today, and we’ll help you get your first electronic form set up for free!  Or join us on Thursday, October 17th for our Feature Focus training session, in which we’ll go over how to utilize Public Forms in policyIQ.

Is anything more critical than the security of your data?

Posted on by
Reply

The security of your data – and that of your customers – poses arguably the biggest risk to businesses today, and is, therefore, the most critical compliance initiative that your company will undertake.  The stakes are high and the regulatory requirements can be vast.  And as more companies outsource tasks and utilize cloud services and infrastructure, the ability to control all of the aspects of data security becomes more difficult.

With all of the risk and complexity inherent in data security, the technology that you use to keep track of your compliance efforts should be simple.

itsecuritychalkboard

policyIQ serves as a great case study for policyIQ!

The policyIQ application has clients around the world who rely on the software, the team that supports the software, and the infrastructure on which the software resides to keep their data safe.  And the security compliance program for policyIQ involves many of the same complexities that our clients are managing:

  • Risk inherent in the storage of our own data, and even more critically in the management of our clients’ data
  • Distributed responsibility for critical aspects of IT security
    • RGP, our corporate parent, is responsible for things like employee background checks and HR functions;
    • We utilize Amazon Web Services (AWS) as our hosting partner, and rely on their IT security program to provide physical and environmental security for our data center.
  • Multiple IT and data security requirements, including…
    • SOC 2
    • SOX
    • GDPR

To keep our own commitments to data security, we utilize policyIQ to capture our IT policies, controls, action items, and audit trails.

With our own implementation of policyIQ, we are able to follow the SOC 2 framework and link our controls to the related requirements.  Controls are designated as being performed by our policyIQ division, RGP Corporate, or our AWS partner, allowing any team member to more quickly reach the right resource with questions or clarifications.

When it comes time for an external security audit, we can prepare evidence in advance of the on-site audit based, pull out policy documents to meet the audit requests, and document any follow-ups or recommended action items provided by our auditors to further enhance our security program.

Join us on Monday, July 8th at 1 PM ET / 10 AM PT for our CPE event on IT Security Compliance in policyIQ, where we’ll dig deeper into policyIQ as a case study for policyIQ – and take a look at other frameworks and resources that your organization might utilize for your security compliance!

And look for more blog posts through the month of July that highlight IT and data security compliance in policyIQ.

Are your contracts in order? Your time, reputation, and revenue are at stake.

Posted on by
Reply

When organizations think about governance, risk, and compliance initiatives, managing contracts is not typically the first thing they think about.  However a contract is, by its nature, a governance tool that is designed to mitigate risk.

In a recent webinar, we explored the challenges and risks of poor contract management, and outlined best practices for effective contract administration that can be implemented by organizations of any size.  Watch the recording of our webinar for the full story, or keep reading to see the highlights!

Do any of these sound familiar?

Whether we are helping organizations manage contracts from the buy side (contracts with vendors or suppliers) or from the sell side (contracts with their customers), there are some common challenges that organizations face.  Do any of these sound familiar?

  • We waste a lot of time tracking down contracts when we need them.
  • Contracts have renewed automatically before we had a chance to renegotiate the terms.
  • We received an invoice for a service that we weren’t using, but the contract continued to auto-renew.
  • We have been in non-compliance with a client contract due to a lack of communication around non-standard terms.
  • Our company has multiple service providers for similar services, because we were not aware of all of our existing contracts.
  • It seems like we’re always wasting time trying to remember who has to approve what and when.

 

timemoneyreputation2

What’s at risk with poor contract management?

Managing contracts well is good business.  Poor contract administration wastes time, damages your reputation, and impacts your bottom line.

Simply put:  Your time, reputation and money are at risk.

 

Seven contract management best practices for any size organization

Good contract management involves people, processes and technology – and we’ve outlined seven best practices that require all three.  The best practices below can be implemented by companies of any size – and policyIQ’s GRC platform can provide the technology you need!

goodcontractmanagement

  1. Central Repository
    Identify or procure a central location that can be accessed by the right people at the right time.  Cloud-based solutions are a great choice, as they offer accessibility from any location on a 24/7 schedule.
  2. Define & Capture Meta Data
    Identify key data, and capture those details within your repository.  Expiration or renewal dates, contract value, contact information, and details about non-standard terms can all be critical data points that will feed into…
  3. Key Reports & Metrics
    Use that meta data to create key reports and metrics that drive your business decisions.  When evaluating contract administration systems, validate your ability to customize the data captured, as well as the flexibility of reporting on that data.
  4. Robust Search
    Your central repository should provide a robust search, so that you can find contracts by key word or phrase, searching through all contract documents.
  5. Identify Contract Owner (outside of procurement!)
    Most organizations identify a contract owner, but often the internal contact is not the business user of the product or service.  Clearly identify, and maintain, the contact person for every vendor or supplier contract – and ensure that the contact knows and understands how those products or services are being used.
  6. Alerts and Reminders
    Don’t miss a deadline or allow a contract to renew without notification.  Be sure that you can set up alerts – via email or regular reporting – to let the right individuals know when contracts are up for review.
  7. Clear Procedures
    All of the technology in world is only as good as the procedures that are designed to ensure that it is used properly.  Create procedures that instruct your employees on the who, what and where of contract management – and keep that documentation accessible.

 

policyIQ can help!

pIQ_CMBP

Would you like to improve your contract management process to decrease risk?  Contact us today, and we’ll be happy to help you lay out a plan for the people, process, and – our specialty – the technology you need!

Community Credit Unions Need policyIQ

Posted on by
Reply

We’ve talked a lot about the breadth of industries that are served by policyIQ, and the diversity of our users.  When it comes to who can benefit from policyIQ, we have yet to find an organization for which we have no value to add.  We also recognize that some industries and niches need our product more than others, and community credit unions are a perfect fit.

Community Credit Unions Need policyIQcreditunion

While financial regulations can be intense and difficult to navigate, community credit unions need compliance technology that is simple and easy to use.

  • Fast and easy setup
  • Simple navigation, with little user training required
  • Flexibility that allows a single technology to be used for many needs
  • Incredibly low cost for small teams
  • Dedicated user support team committed to exceptional service

Are you exploring compliance technology for your organization?  Find out how policyIQ meets your needs by contacting us today!

Review, Revisit and Revise: Let us help.  For Free. For Real.

Posted on by
Reply

If this blog post sounds familiar, it is because you have likely heard us say this before.  However, we think it bears repeating.

We want to help you make the most of policyIQ.

As with any product that is continuously evolving, it can be difficult to keep up with all of the new possibilities that are available within the policyIQ application.  Maybe you didn’t even know that every upgrade and every new feature developed is rolled out to all of our clients automatically at no additional cost.

If you implemented policyIQ last year, there are already new features that might save time or allow you to create a solution for your team that you haven’t thought about yet.

If you implemented policyIQ more than five years ago and have not revisited the way that the application is configured, we need to talk.

What does that expert review and guidance cost you?  An hour of your time.  That’s it.  For real.  We know your time is valuable, but an hour of your time with one of our policyIQ implementation specialists can save you far more time in the long run.

Contact us today – and ask to set up a meeting with a policyIQ implementation specialist to talk about the way that you are using policyIQ!

Policies Provide Foundation through Changing Regulatory Environment

Posted on by
Reply

Regulatory environments are constantly changing, influenced by economic, political and environmental factors beyond your company’s control.  It might seem like a daily battle to deal with the push and pull of complying with changing regulations.  So how do you stay focused, prepared and sane in the world of regulatory compliance?

One critical step is to ensure that you have well documented, well communicated and well understood corporate policies.  

Policies provide the foundation, governing the way in which your employees will work and how they will meet new regulatory requirements.  When the foundation is strong, with clear policies that are followed and enforced consistently, additional external expectations and requirements are much easier to incorporate.  

Here are just a few best practices to consider:

  1. Ensure that policies are written clearly.  Avoid company jargon or acronyms that may be unclear to new employees or external regulators.

  2. Make policies easily accessible to all employees.  If you are already using policyIQ, ensure that a policyIQ link is posted or communicated regularly.

  3. Clarify whether any exceptions might be approved to the policy, and communicate the process for approval for exceptions.  If it is not clear, employees may be more likely to decide it will be easier to ask for forgiveness than permission.

  4. Document how policy violations will be addressed or how policies will be enforced.

  5. Revisit, review and revised policies regularly.  Do not allow policies to become outdated or appear to be outdated.  Even if no changes are made, regularly note that content has been reviewed, so that employees

  6. Map policies to your regulatory requirements or other compliance programs.  As regulations change, you can more easily identify any changes that must be made in your policies to address those changes.  

What other best practices would you highlight for a clear corporate policy platform?  Add yours in the comments and share ideas! Learn more about how to utilize policyIQ’s various read-only options by checking out a recent blog post by policyIQ Product Manager, Travis Whalen.