Let’s face it—nothing is perfect. Mistakes are made, processes are never fully optimized, and improvements can always be made. All of those issues – big and small, critical and unimportant – mean risk or opportunity for your organization.
How are you managing those issues? Do you have insight into the big picture?
Start with a consistent issue management process…
Having a consistent process in place to document and resolve issues throughout the company is a great first step. Provide guidance, so that all departments and all projects use the same format for tracking, remediating, and resolving issues. That process should include the following steps (although not always in this order):
- Document an issue as soon as it is identified in a central location.
Emails are great, but having a standard location to enter an issue as soon as it is discovered is the key to full transparency.
- Assign the issue to the appropriate contact (or committee).
Your process may have a central point of contact that reviews and assigns issues – or this may be built into the issue reporting process. In either case, assignment to an individual or a specific committee is critical. Issues will never be resolved if no one is accountable for them. (That person may ultimately delegate or reassign the issue later, but assignment brings accountability.)
- Rate the risk or opportunity that the issue poses.
Issues are not always about risk – sometimes an issue is simply the recognition that there’s an opportunity that could be addressed. To determine the priority of addressing issues, each should be rated to understand the risk posed or the opportunity available.
- Determine if and how the issue will be resolved, and what the timeline should be.
Will the issue be addressed? Low risk/low opportunity issues may simply be put on hold or removed from the list, accepted as imperfections in the daily business. If the issue is to be addressed, document a plan and set a timeline. The less urgent the issue and the farther out the timeline, the more general or vague the plan may be. A “next step” should always be defined, even if that’s a plan to create a plan.
- Assign the remediation plan to the right individuals.
For smaller organizations, it’s more likely that the original issue owner is also going to be the individual responsible for the remediation. However, for large companies, issues may be owned by a division or department leader, while the remediation of the issue falls to someone on the front line of the organization.
- Regularly review the open issues and ensure that updates are documented.
Ensure that open issues are reviewed regularly, and that progress is being made and documented. If issues and remediation plans are never updated, the process will stop being effective. If progress on an issue has stalled out, a regular review will highlight that challenge and allow it to be addressed.
- As remediation is completed, audit the process to ensure that the issue is resolved.
The remediation plan may be marked complete, but has it really been fully implemented? Was the remediation plan effective in addressing the issue? Is there something more that must be done?
…and make sure you have technology in place to support it!
Consider the insight gained if you had a web application that allowed employees to report issues, issue owners to build remediation plans, and management teams to review the status of all issues across the company.
policyIQ is that application.
From a simple reporting mechanism to dashboards to track progress, policyIQ offers a technology platform that supports the issue management process.
Want to learn how? Join us on October 22nd for a policyIQ training event, where we’ll focus on this issue management process – and how you can support all of the steps within the policyIQ application.
If you want to talk to us before October, we’re happy to connect with you to talk about issue management! Contact us today.
Organizations all over the globe follow information technology and data security guidelines to meet regulatory requirements, improve processes, strengthen security, and achieve other business objectives.
These IT security frameworks give us a common language that can be used by:
- Internal stakeholders to evaluate controls in place within their own organization.
- External auditors to evaluate and attest to controls in place within an organization.
- Third parties (potential customers, investors, etc.) to evaluate the potential risks of partnering with an organization.
Because information technology impacts every area within an organization, it only makes sense that IT compliance is a process that needs constant attention and monitoring. Choosing a framework, following a set of standards, and having a comprehensive internal controls monitoring program in place help organizations meet the needs of their various stakeholders.
We recently took a deep dive into regulations and frameworks that impact IT security, in our July training session, IT Security Compliance in policyIQ.
Some questions addressed in our training were:
- What is the difference between regulations and frameworks?
- What are some of the most common regulations impacting IT security? What are some of the most common frameworks?
- Where can I access IT security frameworks?
- How can policyIQ help to manage the IT compliance program?
We invite you to listen for yourself and to reach out to us today to see how policyIQ could benefit your organization with IT compliance!
Wishing a beautiful Memorial Day weekend to all the friends of the policyIQ community! While we remember and honor those who have fallen in service to our country, we also thank those veterans and active service members for all that you have and continue to do for us.
The policyIQ Team
We are so grateful to have clients and prospects like you in our lives.
We look forward to continuing our partnership with you, continuously enhancing your experience in the policyIQ application, and helping you to work smarter in 2018!
From all of us on RGP’s policyIQ team, have a very Happy Holiday and a Prosperous New Year!
Once again, the policyIQ Team and RGP are looking forward to attending the IIA GAM Conference, March 7– 9, 2016 in Dallas-Ft. Worth, TX. We are excited for the opportunity to engage with other key influencers in the areas of:
- Talent and Resource Strategies
- Regulatory & Compliance Issues
- Risk Management
- Innovation & Technology
- Stakeholder Relationships and Expectations
While we are highlighting RGP’s service offering–which ranges from strategy and advisory services to implementation solutions that help support clients’ efforts at any stage of their initiatives—we are also always excited to discuss the latest version of our GRC Technology: policyIQ. We make it simple and efficient to manage all of your Compliance and Audit processes and content in policyIQ.
Please stop by and say, “hi”! We would love to shake hands and get a chance to meet face to face! We will have lots of goodies to hand out, and there will be some great giveaways you won’t want to miss!
We look forward to seeing you soon!
Are you as efficient as you would like to be in your Governance, Risk and Compliance initiatives? Federal Signal implemented policyIQ to get a handle on their Sarbanes Oxley program, and have since expanded their use. Having previous experience with other tools, the team at Federal Signal found policyIQ to be unmatched in flexibility, cost and overall ease of use.
The team at Federal Signal has become “smarter” users of policyIQ over the years, learning how to best use the software to suit their needs. The reporting capabilities within the system have become an asset within the organization, streamlining the process of finding deficiencies during testing periods. Dolores De La Torre, auditor at Federal Signal, specifically calls out the value of having a system that their external auditors can access directly.
“Our external auditors like the tool because they are able to see all necessary paperwork in our site without having to reach out to us.”
RGP Consultants teamed up with Federal Signal and were able to develop a configuration for their policyIQ site that was practical, and immediately drove efficiency into their SOX testing program. It has been a great partnership!
Check out the full case study here.
RGP is pleased to announce a new white paper entitled Tail Spend Sourcing, which explores the role and impact of an effective and strategic approach to tail spend – commonly defined as the “bottom 20 percent” of a company’s non-core spend.
Senior Practice Director David Matthews and Managing Consultant Kaush Oza present a practical and tested 5-step framework to target tail spend and drive value. The white paper is available HERE.
Please contact us if we can assist with your procurement cost restructuring initiative or if you’d like a complimentary assessment of your tail spend strategy.
RGP Continues to offer regular free CPE opportunities. Here’s a look at the next two upcoming sessions!
November 18th – Culture Interrupted: Best Practices for Merging Knowledge-Based Companies
In today’s knowledge-intensive economy, every organization relies substantially on its most mobile asset – high value talent. In many industries, the employee talent pool defines the value of their company. However, when companies merge, there is a very high risk of talent flight which, in knowledge intensive industries, can seriously erode company value. Statistics have shown that between 70% and 90% of mergers fail and people issues and culture compatibility are cited as the top integration failure factors.
In this November 18th webcast, RGP takes a look at several of the standard employee engagement markers and presents a culture based solution and best practices for successful integration. Click here to register and learn how to apply this methodology, thus becoming proactive and effective in helping to attract and retain your most important talent.
December 11th – Optimizing Finance by Improving the Financial Close
Companies are under increasing pressure – whether it be from shareholders or regulation – to report their financials quickly, transparently and accurately. The financial close is critical this and improving the close process not only helps meet reporting demands but also enables companies to be more proactive and make informed business decisions. The financial close is not just about accounting, however, it also includes people, process and technology.
In this webcast, RGP discusses the financial close process and share leading practices that finance organizations have implemented to enhance their process. RGP also explores market trends and inhibitors, as well as share some tools and techniques.
Register today and let RGP lead the way to a smoother Financial Close process.