About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

ICYMI: Assessments and Scoping in policyIQ

Did you miss our recent training session on completing our SOX Risk Assessments and scoping exercises in policyIQ?  Not to worry – we have you covered!

How Can I Catch Up?

If you want to get into the details, we have the training session and materials available for download!

  • You can access the slides here.
  • You can also view the recording from our policyIQ training page.
    The training page is linked from your policyIQ login page – and available from within the online Help Guide.  If you don’t have access to the training page, please reach out and we’ll send you the link!

Just the Highlights, Please!

This training session aimed to ensure that participants are able to…

rascope1

We discussed common SOX risk assessments at the financial statement line item level, targeting risk factors like…

rascope3

In addition to illustrating how to create the calculation directly in policyIQ, we also acknowledged that some folks love their MS Excel process.  policyIQ can handle that, too, through the import option!

rascope4

Then we took a close look at the relationships between the content that allows for the most effective scoping options.

rascope2

And finally, we walked through the reports that provide the final step in the scoping process.

rascope5

We would love to help YOU get started on your risk assessments in policyIQ, so that we can link into your SOX work for ease of annual scoping.  Contact us today and we’ll meet with you at no cost to help you get on your way!

15 minutes might save you money on your car insurance, but just 2 minutes can save you time on audit testing!

Auditors and testing teams have been asking for an even easier way to view information about the associated Control or Procedure that they are testing.  Rather than having two screens open side by side in policyIQ, auditors would prefer to see critical details about the control that they are testing right there on their test screen.

Now you can make that happen – with NO DUPLICATION OF DATA!  And it literally takes less than 2 minutes, with no additional data entry required.

linkedfields

How?  If you are a Site Administrator, you need just 2 minutes, I promise!

On your Test page template, simply add a new field and select “Linked Field” as the field type.  Select the field that should be linked from another page template, save it and VOILA!

If you’ve added the Control Description field from the Control template, for example, you’ll automatically see the Control Description displayed on a Test page for any Control that is linked to it.  If there are multiple controls linked to a single Test, you’ll see multiple Control Descriptions, identified by the page name.

This function does not apply to audit testing alone!  Consider these other ideas:

  • Pull vendor information into a Contract page.
  • Bring risk descriptions to Control pages.
  • Create Process pages that pull in linked Control Descriptions.
  • Pull project task descriptions into Action Items.
  • Bring issue details into a Remediation Plan.

Want more information?  Contact us at support@policyIQ.com.

Talking about Audit Efficiency in Atlanta (TAC 2016)

RGP and the policyIQ team were honored to be invited to speak at the Atlanta chapter of the Institute of Internal Auditors (IIA)’s conference, held on Friday, September 16.

policyIQ’s Managing Director, Chris Burd, tackled the topic of “Ways that Technology Can Expedite Internal Audit’s Daily Work”.  With attendance for the session well over 200, the topic was clearly one that generated a lot of interest.

An unscientific “show of hands” poll of the audience found that only about half of the attendees currently utilize a software application that is designed for Internal Audit or Governance, Risk and Compliance programs.  For those not utilizing an application, the session generated a number of ideas and stressed the value of having a tool to expedite and streamline the process.

For those that do use an internal audit application, however, the conversation also allowed the attendees to ask and offer suggestions to others of ways to improve their current audit work.  The discussion followed the following steps in the Audit Cycle:

auditcycle

Two specific areas that were called out as areas of interest by the attendees were the work of Evidence Collection and that of Issue Tracking.

Evidence Collection

In evidence collection, we talked about ways to automate the evidence collection process, as well as some of the challenges of doing so.   While a fully automated evidence collection process is the ideal end goal, the discussion touched on making sure that you also provide the right amount of training and oversight to those individuals participating in the process, to alleviate stress of a new process and minimize the risk of invalid evidence submission.

Issue Management

The topic of issue management focused primarily on the idea that issues are most effectively managed when they can be easily linked to the audit testing, controls, processes, or risks from which they originated.  Having a central system to manage risk assessments, internal controls and procedures, audit testing and issues allows for this flow of information.

 Looking for Technology that is Simple to Use and Implement!

As a sponsor, RGP was also able to meet with attendees as they stopped by to say hello.  Folks that stopped by to talk about technology almost invariably said the same thing – they wanted to find software that was easy to use and easy to implement.  Long and costly implementations caused many to simply continue doing things in the same Microsoft Office tools that they have always used.

Do you want to learn more about how to make your internal audit team more efficient and effective?  Contact us today and we’d be happy to meet to talk about some of the specific ideas and how policyIQ can meet those needs!

The Challenge: Technical Memos; The Solution: policyIQ

takecontrolWhen we think about all of our compliance initiatives, policy requirements and technical accounting adjustments that companies have to deal with, we often focus on specific types of initiatives and content – risks, financial or operational controls, contract reviews, audit testing, etc.

Recently we were approached with a question that really took us back to the basics of “content management”.

The Challenge:  Technical Memos and more

“Technical Memos, Accounting Documents, Whitepapers, Footnotes, Position Statements…these things are not stored in a consistent manner.

“It is very difficult to locate documentation that is stored in various formats on hard drives and shared drives…and sometimes still in filing cabinets!”

Our audience – in this case a gathering of SEC professionals – had been sharing ideas to better manage the various documentation, technical memos, position statements and whitepapers that they needed to retain.  Network drives, paper formats, or email archives were just not the right solution.  They acknowledged that many of them struggled with ease of access, security of the documentation, version control and audit trails of changes.

The Solution: policyIQ

We were invited to speak to the group about policyIQ, and how the application – with its simple interface, cloud-based access and flexible structure – provided a perfect solution.   By implementing policyIQ, even with a small group of licensed users and a larger audience of free read-only access, their organizations could benefit from:

  • Centrally Accessible
  • Searchable
  • User Friendly
  • Customizable Folder Hierarchy
  • Version Control
  • Tailored Security
  • No IT Resources Required
  • Multiple Solutions in One Tool

 

Regardless of what type of information or content your organization needs to get a handle on, consider policyIQ’s flexible structure and simple interface to help organize, distribute and manage your critical business content.  Accounting, HR, Legal, IT, Operations – and even your Board of Directors!  All departments need a simple way to manage critical content.

Contact us to find out more.

Work Smarter – policyIQ On-The-Go!

IMG_3479We’ve all heard the phrase “Work Smarter, not Harder”.  We keep that phrase in mind with every release of policyIQ, as we try to make each version of policyIQ smarter than the version before.

In version 7.6, we’ve added an improved mobile interface, allowing easier and more functional access to policyIQ on your mobile devices.  When policyIQ recognizes that it is being used from a mobile device, it will adjust the settings and provide a different interface, allowing you to easily search, navigate, approve items or respond to forms!

Respond to Forms via Mobile Devices!

IMG_3480Probably the biggest change in the newest version of the mobile interface is the ability to respond to forms.  When issuing out 302 Certifications, Control Reviews, Risk Assessments, Policy Sign-Offs or other critical certifications and questionnaires, your employees can now review the information on their mobile device to quickly complete their certifications.  For those team members who are frequently travelling – or for folks without regular access to desktop computers – this is invaluable!

Mobile access has our clients buzzing!

IMG_3481In one of our early release notes review sessions, Donna McLean, Knowledge Manager at Surgical Care Affiliates, expressed her excitement about the mobile access.  Now that version 7.6 has been released, we asked Donna how she feels about the mobile interface:

I love it!  It will give me quick access to look up a policy reference for a facility that is in the throes of a survey, or an Administrator who needs to refer to an HR policy and is having trouble locating it, and I’m not sitting at my desk to do so.  I’ll be travelling in a couple of weeks, and I know that inevitably things will pop up while I’m waiting for planes and I’ll need to get to PIQ in a hurry.  It is nice to know that I can from my tablet or phone.

Have you hesitated in the past to add your certifications or sign-offs to policyIQ?  There is no better time than NOW.   Contact us about pricing to expand the number of users who have access to forms, or to get some help to set up your new process!

Efficiency Throughout the SOX Process

In a number of blog posts, we’ve highlighted the ways that policyIQ can be used throughout the entire SOX process – from risk assessments through issue remediation.  This past Thursday, July 28th, we took an hour to walk through the entire process in a CPE webinar to highlight ways to create efficiency at each step.

Did you miss it?

Before we hit the highlights below, we want to point you to the session recording and the slides, both of which are available for download.

The Big Picture

We highlighted a number of big picture advantages of using policyIQ not just for SOX, but for all of your compliance initiatives.  We talked about…

  • Simplicity of rolling out and managing a cloud-based
  • Advantages of being able to assign security and access
  • And the efficiency of a single source of information through the entire compliance and audit environment.

A single source means that when you make a change in one place, that change feeds all of the different perspectives on the data.

Controls

Efficiency at Every Step

We also dug into the efficiency that can be gained at every step of the process.  Just some of those ideas are presented below.  We also mentioned additional training available for some steps, and have linked those training sessions.

process

  1. Risk Assessments
    • Tie risk assessments at the 10K line item level to your risks and controls for ease of scoping.
  2. Control Updates & Review
    • Allow your control owners to make updates directly in policyIQ as things change, or require regular reviews of control documentation.
  3. Walkthroughs & Testing
    • Collaborate early (and often) with external auditors to ensure that your testing is capturing all of the detail expected.
  4. Issue Tracking & Remediation
    • Assign remediation plans to owners and use automated reminders to ensure responses are provided.
  5. Conclusions & Reporting
    • Utilize flexible reporting capabilities to trace issues back to the vulnerable risks and compensating controls to make a final determination about significant deficiencies or material weaknesses.

 

We also included the supporting functions that feed the process.

 

We’re ready to help you build more efficiency into your SOX program.  Contact us today and ask to speak with our client service team to walk you through implementing some new ideas!  Not yet a policyIQ client?  Contact us and ask us for a personalized demonstration!

Recap: Creating Efficiency in SOX Compliance with Technology

RGP was recently invited to participate in the ACS Live SOX and Internal Controls seminar in San Francisco.  GRC Senior Practice Leader, Les Sussman was joined by policyIQ’s Managing Director, Chris Burd, in presenting a 90 minute session on Creating Efficiency in SOX Compliance with Technology.

The session generated a great conversation among those SOX professionals in the room.  While the material covered all aspects of the SOX (and SOX audit) process, a few topics were clearly top of mind for the attendees.

Risk Assessment: Quantitative versus Qualitative

Pulling the risk assessment into your SOX tool and linking that assessment to your SOX controls and testing can streamline and simplify your scoping process.  However, the basic question of what that risk assessment should look engaged the attendees to share their experiences and their best practices.

While most audience members seemed to agree that some degree of quantitative analysis was necessary–numerically driven risk ratings–it was also clear that those coming from an internal audit perspective were far more likely to look for a quantitative assessment, while those coming from a management perspective saw the need for assessments that included qualitative aspects.

What does this mean for those policyIQ clients looking to manage their risk assessments?  While we often focus on quantitative examples, we do encourage our clients to provide for a qualitative override and comments that may be necessary when the numbers don’t tell the whole story.

Centralized Access for Control Owners, SOX Team and Internal Audit is Key

About half of the organizations in attendance were still struggling to manage their SOX compliance programs without a centralized SOX application.  The complexities of managing access to Excel spreadsheets, narratives and audit testing is a daily effort.  Those who are using a SOX application were quick to concur–and add their own experiences–with the efficiencies gained from a centralized tool.

A single source of information allows updates to feed all of the various viewpoints, reports and data needs.

controlstoreports

When used to manage multiple compliance programs, that single source of information becomes even more powerful, as the updates (and testing, issue management, etc) can feed multiple compliance programs.

controlstocompliance

COSO, Issue Management and SOX 302 Certifications

Other areas of interest to the audience included the ease of managing the COSO mapping, the ability to assign and communicate issues and remediation plans, and the ability to create a SOX 302 sub-certification process.

Are you looking to make your SOX process even more efficient?  Reach out and let us know if there are still areas of your SOX compliance program that feel klunky and time consuming, and let us help you make a shift!

 

Save time with Audit Evidence Collection in policyIQ!

For many years, we have been encouraging our clients to utilize policyIQ for all aspects of their compliance programs – from the assessment of risk through the remediation of issues.  However, during a recent conversation with long-time client, Travis Heyer (Director of Internal Audit at Great Lakes Dredge and Dock), we realized that we had not yet clearly illustrated in a live training session how to effectively request and capture audit evidence within policyIQ.

Travis graciously agreed to work with us to create a training session – and brought his colleague, Amit Patel (Senior Auditor) along with him.  On Thursday, March 31, we presented this session to a large number of very active participants.  (You can check out the recording of the session, or download the slides for a quick overview.)

quoteHeyer

It’s really all about saving time

Automating the requests for audit evidence can allow your internal audit team to…

  • Avoid playing “Match the evidence to the request!”
  • Minimize risk of using an old version of a file
  • Waste time sending annoying follow-ups
  • Secure documentation more effectively

It comes down to a huge time savings, freeing up internal audit resources to do the real, value-add work that your organization needs.

Pages or Forms?

While the training presentation focused on an evidence collection process in policyIQ pages, a similar process can be built within policyIQ forms.

evidencerequest

Pages offer the advantage of a two-way link between the Evidence Request and the Test page, so that your internal auditors can simply leave the files attached to the Evidence Request.  Pages also allow more than one individual user to contribute directly to the same Request.  However, utilizing Pages requires that all users who participate in the process of providing evidence are Advanced Users, a more expensive license in policyIQ.

Forms offer their own advantages, allowing for a simple issuing and follow-up process.  However, the link between the Evidence Request form and the Test page is less visible.  Evidence files will need to be downloaded and re-uploaded to the Test page by the auditor.  The significant advantage of the Forms process is that any individual providing evidence needs only to have a Standard User license, a less expensive license that can keep costs low!

Getting started in 5 easy steps

Our training session focused on how to get started in just five easy steps:

  1. Create Evidence Request template
  2. Build list of evidence in Excel
  3. Import evidence request list
  4. Assign requests
  5. Track progress and follow-up

We encourage you to check out the recording or the slides for more details on these steps – and reach out to us to help you to get your bearings and get started!