About Stacey Zearott

Stacey is the Client Success Manager for policyIQ. She has a very strong background in sales and operations with over 20 years in the communications sales industry. Not only does she bring this knowledge and background to the team, but a love of theatre, fun hair and just the need for a daily dose of laughter.

Give Thanks!

It’s that time of year again—a time where we stuff ourselves with delicious foods, fall asleep on the couch, watch football all day and get up at a ridiculous hour to get the best deals on Black Friday! Yes, friends, it’s almost Thanksgiving here in the US.

More importantly, it’s a time when we give thanks for all that we have in our lives. At many dinner tables, friends and family members will go around the room and tell each other what they are thankful for. I thought it would be fun to ask my co-workers what they are most thankful for this year and wanted to share their answers with you!

group of people making toast

Photo by fauxels on Pexels.com

“As the newest member of the policyIQ team, I am thankful for the office welcoming me and making me feel like a part of the team from the moment I got here!”

“I am thankful for the fact my girlfriend and I finally found a home and will be moving in soon!”

“I am thankful for great friends, family, and coworkers! I am grateful for good health and I am happy to keep learning new things every day.”

“I am thankful for my amazing support system of friends and family, coffee, my cats, my uniqueness, and my coworkers that, even on tough days, can make me laugh.”

“I am most thankful for a good joke, my wife (don’t know how she puts up with my shenanigans), paydays, health, co-workers that make you feel at home, my family and friends, and sunshine.”

“I am thankful for pets that get along extremely well, particularly Max (dog) and Bandit (ferret), Playstation 4 & Nintendo Switch, good music, weekends, family & friends, good health, and an amazing work environment & team.”

“I am most thankful for my daily Starbucks Trenta black iced coffee; last minute first class upgrades on cross-country flights; technology that allows me to keep in touch with friends around the world; empowered, curious, powerful nieces who unknowingly push me to be a better person; and working with a team and clients who make me want to come into the office every day!”

One of the things that I know all of my colleagues are thankful for, because we talk about it all the time, is having such awesome clients. I’m not kidding! We love the partnerships (and friendships) we’re able to build, and the wonderful feeling that comes from finding a solution that makes the lives of our clients just a little bit easier.

On that note, I’d like to wish you all a very Happy Thanksgiving! Enjoy the holiday with the people and things that matter the most!

Please feel free to share with us in the Comments what you are thankful for!

Gobble! Gobble!  thanks

Process + Technology = Effective Issue Management

Let’s face it—nothing is perfect.  Mistakes are made, processes are never fully optimized, and improvements can always be made.  All of those issues – big and small, critical and unimportant – mean risk or opportunity for your organization.

How are you managing those issues?  Do you have insight into the big picture? IssueMgt

Start with a consistent issue management process…

Having a consistent process in place to document and resolve issues throughout the company is a great first step.  Provide guidance, so that all departments and all projects use the same format for tracking, remediating, and resolving issues.  That process should include the following steps (although not always in this order):

  1. Document an issue as soon as it is identified in a central location.
    Emails are great, but having a standard location to enter an issue as soon as it is discovered is the key to full transparency.

  2. Assign the issue to the appropriate contact (or committee).
    Your process may have a central point of contact that reviews and assigns issues – or this may be built into the issue reporting process.  In either case, assignment to an individual or a specific committee is critical.  Issues will never be resolved if no one is accountable for them.  (That person may ultimately delegate or reassign the issue later, but assignment brings accountability.)

  3. Rate the risk or opportunity that the issue poses.
    Issues are not always about risk – sometimes an issue is simply the recognition that there’s an opportunity that could be addressed.  To determine the priority of addressing issues, each should be rated to understand the risk posed or the opportunity available.

  4. Determine if and how the issue will be resolved, and what the timeline should be.
    Will the issue be addressed?  Low risk/low opportunity issues may simply be put on hold or removed from the list, accepted as imperfections in the daily business. If the issue is to be addressed, document a plan and set a timeline.  The less urgent the issue and the farther out the timeline, the more general or vague the plan may be.  A “next step” should always be defined, even if that’s a plan to create a plan.

  5. Assign the remediation plan to the right individuals.
    For smaller organizations, it’s more likely that the original issue owner is also going to be the individual responsible for the remediation.  However, for large companies, issues may be owned by a division or department leader, while the remediation of the issue falls to someone on the front line of the organization.

  6. Regularly review the open issues and ensure that updates are documented.
    Ensure that open issues are reviewed regularly, and that progress is being made and documented.  If issues and remediation plans are never updated, the process will stop being effective.  If progress on an issue has stalled out, a regular review will highlight that challenge and allow it to be addressed.

  7. As remediation is completed, audit the process to ensure that the issue is resolved.
    The remediation plan may be marked complete, but has it really been fully implemented?  Was the remediation plan effective in addressing the issue?  Is there something more that must be done?

…and make sure you have technology in place to support it!

Consider the insight gained if you had a web application that allowed employees to report issues, issue owners to build remediation plans, and management teams to review the status of all issues across the company.

policyIQ is that application.

From a simple reporting mechanism to dashboards to track progress, policyIQ offers a technology platform that supports the issue management process.

Want to learn how?  Join us on October 22nd for a policyIQ training event, where we’ll focus on this issue management process – and how you can support all of the steps within the policyIQ application.

If you want to talk to us before October, we’re happy to connect with you to talk about issue management!  Contact us today.


IT Security Regulations, Frameworks, and policyIQ

Organizations all over the globe follow information technology and data security guidelines to meet regulatory requirements, improve processes, strengthen security, and achieve other business objectives.

These IT security frameworks give us a common language that can be used by:

  • Internal stakeholders to evaluate controls in place within their own organization.
  • External auditors to evaluate and attest to controls in place within an organization.
  • Third parties (potential customers, investors, etc.) to evaluate the potential risks of partnering with an organization.

Because information technology impacts every area within an organization, it only makes sense that IT compliance is a process that needs constant attention and monitoring. Choosing a framework, following a set ofIT.jpg standards, and having a comprehensive internal controls monitoring program in place help organizations meet the needs of their various stakeholders.

We recently took a deep dive into regulations and frameworks that impact IT security, in our July training session, IT Security Compliance in policyIQ.

Some questions addressed in our training were:

  • What is the difference between regulations and frameworks?
  • What are some of the most common regulations impacting IT security? What are some of the most common frameworks?
  • Where can I access IT security frameworks?
  • How can policyIQ help to manage the IT compliance program?

We invite you to listen for yourself and to reach out to us today to see how policyIQ could benefit your organization with IT compliance!

Happy Memorial Day!

Wishing a beautiful Memorial Day weekend to all the friends of the policyIQ community! While we remember and honor those who have fallen in service to our country, we also thank those veterans and active service members for all that you have and continue to do for us.

Memorial Day_WP

The policyIQ Team

2016 GAM Conference – stop by and say, “hi”!

2016 GAM Conference Header

GRC Technology: policyIQ2016 GAM Conference Header

Once again, the policyIQ Team and RGP are looking forward to attending the IIA GAM Conference, March 7– 9, 2016 in Dallas-Ft. Worth, TX. We are excited for the opportunity to engage with other key influencers in the areas of:

  • Talent and Resource Strategies
  • Regulatory & Compliance Issues
  • Risk Management
  • Innovation & Technology
  • Stakeholder Relationships and Expectations

While we are highlighting RGP’s service offering–which ranges from strategy and advisory services to implementation solutions that help support clients’ efforts at any stage of their initiatives—we are also always excited to discuss  the latest version of our GRC Technology: policyIQ. We make it simple and efficient to manage all of your Compliance and Audit processes and content in policyIQ.

Please stop by and say, “hi”!  We would love to shake hands and get a chance to meet face to face!  We will have lots of goodies to hand out, and there will be some great giveaways you won’t want to miss!

We look forward to seeing you soon!

Federal Signal achieved GRC efficiency. So can you.

Are you as efficient as you would like to be in your Governance, Risk and Compliance initiatives?  Federal Signal implemented policyIQ to get a handle on their Sarbanes Oxley program, and have since expanded their use.  Having previous experience with other tools, the team at Federal Signal found policyIQ to be unmatched in flexibility, cost and overall ease of use.

The team at Federal Signal has become “smarter” users of policyIQ over the years, learning how to best use the software to suit their needs. The reporting capabilities within the system have become an asset within the organization, streamlining the process of finding deficiencies during testing periods. Dolores De La Torre, auditor at Federal Signal, specifically calls out the value of having a system that their external auditors can access directly.

“Our external auditors like the tool because they are able to see all necessary paperwork in our site without having to reach out to us.”

RGP Consultants teamed up with Federal Signal and were  able to develop a configuration for their policyIQ site that was practical, and immediately drove efficiency into their SOX testing program.  It has been a great partnership!

Check out the full case study here.




White Paper Alert: Tail Spend Sourcing

RGP is pleased to announce a new white paper entitled Tail Spend Sourcing, which explores the role and impact of an effective and strategic approach to tail spend – commonly defined as the “bottom 20 percent” of a company’s non-core spend.

Senior Practice Director David Matthews and Managing Consultant Kaush Oza present a practical and tested 5-step framework to target tail spend and drive value. The white paper is available HERE.wp

Please contact us if we can assist with your procurement cost restructuring initiative or if you’d like a complimentary assessment of your tail spend strategy.