Our policies have been created…now what?

Many organizations have used policyIQ for their Policy Management needs, and each client of ours has their own unique needs and for providing transparent and accessible policies to their users, public website, auditors, or other audience type.  However, the process is largely the same, regardless of the unique needs.

In nearly all cases, the policy content is created in policyIQ, reviewed, approved, and then published.  Making that content available is where the differences come in to play.  There are a few options for doing so:

A shared, Read-only account:

Create a Read-only user account in your policyIQ site (which is free, by the way), and apply the Read-only account as a viewer only on all applicable policy pages in your site.  Be sure to make sure that this account also has view access to the necessary folders, as well.

Then, share the Read-only account credentials with your user base.  Once logged in, the policyIQ view this user will have is a scaled down look – just folders and policy content, in this case.  Because the very nature of the account is Read-only, there is minimal risk in sharing the credentials with a large group of people.

A shared, Read-only account accessed via policyIQ Reader:

A similar process to the one above, but with a different look to the program and no login needs.

After creating the Read-only user profile and applying the user to security where necessary, edit the user profile.  Under the “required” tab of the Edit User window, scroll to the bottom to find a unique link called “policyIQ Reader“.  This hyperlink can be placed anywhere you like: bookmarked in your browser, stored on your desktop, placed in a shared network drive, or even on your intranet.  Once a location is selected, users anyone that clicks the link will gain instant, Read-only access to your policyIQ site.  No login required, and the “reader” look – a straightforward, no nonsense look at content, which is displayed in the table area to the right instead of a separate window, as seen below.

pIQ_Reader

Individual Read-only accounts:

Create an individual Read-only account per-user, which allows for greater flexibility in terms of seeing policies that are applicable to certain divisions, but not others.  Perhaps your finance and accounting folks have policies and procedures that apply to them, but not to the vast majority of other employees.  Creating separate accounts for everyone ensures the user experience in the product is directly related to their role.

 Individual policies accessed from an outside source:

Some of our clients choose to have their policies accessed from their primary company website.  In this case, the policyIQ pass-through link is ideal: eliminate login needs, access individual policies, and don’t display the main policyIQ site from which the policies were created.  Instead, display only the pages themselves.

Create a primary Read-only user account, and again add it to the view security on all applicable pages.  Now, view a page of your choice that is published.  A the very bottom, the page ID sits, and contains a link.  Click the link to open a small window that contains the policyIQ Passthrough link .  Copy and paste this link to the destination of your choice.  Selecting this link from an outside source will open the policy page only, and not require a login to the system.

Next steps:

Did you know policyIQ also handles Policy Sign-offs, as well?  It’s a simple process at a minimal cost.  Add Standard Users to your site in bulk (50 to over 10,000+) to completely revamp the way your organization automates creating, approving and storing certifications and sign-offs.

Does something here sound like it might be right for you?  If so, let’s talk about it!  Scheduling a half hour with a policyIQ expert on our team is not only free of charge, but will pay dividends moving forward as the management of your processes becomes easier by the day.  Many adjustments to existing sites take minutes to change, and new sites are even simpler!  Contact us at Support@policyIQ.com or 412-263-3330 to begin.

 

A Simple policyIQ Success Story

Two years ago, a nationally known oil and gas company came to RGP and the policyIQ team seeking some much needed help with their existing one-dimensional SOX environment.  In addition, they were acquiring a smaller oil and gas company, meaning they would be supporting two different Risk and Control environments for a period of two years.

The company met with me for a period of two hours, and we discussed their then-current Risk and Control environment.  It was a flat world, with a mix of internal drives, Word documents, Excel documents, and various versions of all risks and controls were being confused by members of their organization.  Version control was a constant uphill battle, and organizing all these documents into an easily accessible file for their audit teams was a struggle, as well.

Enter policyIQ.

In a matter of four total weeks, we had designed Page Templates for each kind of document they wanted to store:  Process Narratives, Risks, Controls and Tests.  These templates were completed with fields of varying characteristics, capturing essential details of each document type.  Each Risk, Control, and Narrative were uploaded to Excel spreadsheets by document type, and mass-imported to policyIQ.  Hundreds of Risks, Controls and Narratives were built into the site within a matter of minutes.  Organizing the Excel files was done with the help of a policyIQ expert, while the input of data and manipulation of various content was done by the client on their own time.  Within each import, we were also able to link Risks to the appropriate Controls.  All documents were organized within the folder structure by process area to ensure a familiarity with their organization.  Because they were acquiring a smaller oil/gas company at the time, we were able to separate all Company A documents from Company B documents.

Users from both companies were granted various levels of access to the policyIQ site, and to each document type.  While we presented them with several really locked-down, intricate security options, they elected to go a more generic route.  A common phrase we kept coming to was, “Keep it simple.”   In this way, their group and user structure was easily understood by all members of their management group.

Today, the company continues to enjoy the paperless world of policyIQ, and the reporting capabilities it offers.  Many reports are saved once they’re built, so running these reports on-demand is one click.  Results of the reports can be exported out of the system, emailed, or accessed by other users, if desired.

Finally, once all necessary testing on controls has been completed for the year, we open up the Narrative, Risk, Control and Test Pages to external audit users.  We set up these particular external users so that they see the finished product of SOX work only, and don’t have access to other solutions areas of policyIQ that the company takes advantage of: Policy Management, Contract Management and many more.

Have you found yourself in a similar situation?  This is just one of hundreds of success stories that we see every year.  Give us a call at 412.263.3330 or send an email to support@policyIQ.com to schedule a free, no hassle custom demonstration with a policyIQ expert, and see if policyIQ can help your organization.

Save time with Audit Evidence Collection in policyIQ!

For many years, we have been encouraging our clients to utilize policyIQ for all aspects of their compliance programs – from the assessment of risk through the remediation of issues.  However, during a recent conversation with long-time client, Travis Heyer (Director of Internal Audit at Great Lakes Dredge and Dock), we realized that we had not yet clearly illustrated in a live training session how to effectively request and capture audit evidence within policyIQ.

Travis graciously agreed to work with us to create a training session – and brought his colleague, Amit Patel (Senior Auditor) along with him.  On Thursday, March 31, we presented this session to a large number of very active participants.  (You can check out the recording of the session, or download the slides for a quick overview.)

quoteHeyer

It’s really all about saving time

Automating the requests for audit evidence can allow your internal audit team to…

  • Avoid playing “Match the evidence to the request!”
  • Minimize risk of using an old version of a file
  • Waste time sending annoying follow-ups
  • Secure documentation more effectively

It comes down to a huge time savings, freeing up internal audit resources to do the real, value-add work that your organization needs.

Pages or Forms?

While the training presentation focused on an evidence collection process in policyIQ pages, a similar process can be built within policyIQ forms.

evidencerequest

Pages offer the advantage of a two-way link between the Evidence Request and the Test page, so that your internal auditors can simply leave the files attached to the Evidence Request.  Pages also allow more than one individual user to contribute directly to the same Request.  However, utilizing Pages requires that all users who participate in the process of providing evidence are Advanced Users, a more expensive license in policyIQ.

Forms offer their own advantages, allowing for a simple issuing and follow-up process.  However, the link between the Evidence Request form and the Test page is less visible.  Evidence files will need to be downloaded and re-uploaded to the Test page by the auditor.  The significant advantage of the Forms process is that any individual providing evidence needs only to have a Standard User license, a less expensive license that can keep costs low!

Getting started in 5 easy steps

Our training session focused on how to get started in just five easy steps:

  1. Create Evidence Request template
  2. Build list of evidence in Excel
  3. Import evidence request list
  4. Assign requests
  5. Track progress and follow-up

We encourage you to check out the recording or the slides for more details on these steps – and reach out to us to help you to get your bearings and get started!

New Company, New Controls: policyIQ Handled it All

Any quick look around the marketplace reveals that companies big and small are constantly acquired, bought, sold and merged on a constant basis.  Many of these public companies then have to figure how how their SOX compliance will be affected, and this can put a ton of stress on the audit teams that bear the responsibility of “making compliance happen”.

Fortunately for companies using policyIQ that have purchased or merged with others, the SOX issue goes from, “Can we make this transition in policyIQ, as well?” to “WOW.  That was pretty easy!”

A recent long time policyIQ client acquired a company, and each had their own set of risks and controls.  Ultimately, their goal was to combine these two separate entities into one SOX environment, and easily distinguish between SOX work from Company A and Company B.

entity.png

Our team and product made this easy.  To begin, we simply added a single-select field on their controls and risks called “Entity”, with options for Company A or B.  By doing so, we created an  easily reportable way of sorting content from one company to another.  This was conducted by an Import to Update (via an Excel document), meaning that much of the work was easily done in a simple spreadsheet offline.  Simple!

All new documentation from Company B was then mass imported into policyIQ a few days later.

Entities.png

Some companies might like this arranged differently, and that makes total sense.  We had discussed using additional folders to distinguish the risks and controls from company to company.  Advantages?  One less field per page, and a more organized folder structure-less content per folder.  Disadvantages?  There are more folders, and some folks like a really simple structure.  A difference in results or reporting?  None!

Do you feel like you should partner with a policyIQ expert to work on your SOX work this year?  Do you have  a couple of ideas you’d  like to run by us?  Send us an email!   Support@policyIQ.com

Federal Signal achieved GRC efficiency. So can you.

Are you as efficient as you would like to be in your Governance, Risk and Compliance initiatives?  Federal Signal implemented policyIQ to get a handle on their Sarbanes Oxley program, and have since expanded their use.  Having previous experience with other tools, the team at Federal Signal found policyIQ to be unmatched in flexibility, cost and overall ease of use.

The team at Federal Signal has become “smarter” users of policyIQ over the years, learning how to best use the software to suit their needs. The reporting capabilities within the system have become an asset within the organization, streamlining the process of finding deficiencies during testing periods. Dolores De La Torre, auditor at Federal Signal, specifically calls out the value of having a system that their external auditors can access directly.

“Our external auditors like the tool because they are able to see all necessary paperwork in our site without having to reach out to us.”

RGP Consultants teamed up with Federal Signal and were  able to develop a configuration for their policyIQ site that was practical, and immediately drove efficiency into their SOX testing program.  It has been a great partnership!

Check out the full case study here.

 

 

 

Next week: “An Introduction to policyIQ” Webinar

title

Just before the holiday break, the policyIQ team would like to announce an upcoming quarterly training on Thursday, November 19th at 12:00 noon Eastern.  Continuing our ongoing “Introduction to policyIQ“ quarterly webinars, this session will again be focused on new and prospective users of policyIQ, touring various aspects of the product at a high level.

This session will use Policy and Procedure management as the basis for content, but understand that the features we’ll be working through (creating a page, sending forms, running reports) can easily be applied to nearly ALL uses of policyIQ—regardless of the business needs it happens to be fulfilling.

Keep in mind that all those in attendance will receive 1 CPE credit.  This is a terrific opportunity to learn more about the basics of policyIQ, and share the information with your company.  All attendees will also receive a recording of the webinar to share with their teams.

We hope to see you Thursday, November 19th!

Customer Partnership for Upcoming Features!

Our policyIQ team has created a new partnership with our customers in an effort to discover, test, and deploy new features into upcoming releases of the software.  Greg Hoover (Support Analyst and Business Analyst, has been meeting via webcasts with our clients to discuss future product releases, specific needs within their industry, and other policyIQ needs.

Our team then creates mock-ups of our ideas for a given solution, and work with customers to decide if this is the type of solution they are looking for.  If it seems like a solution that our clients will stand to gain from, we move forward with internal discussions about developing this new feature to our product.

Greg and our leaders at policyIQ then set each feature at a different priority, based on customer feedback.  Currently, we have several different features that are being tested, shown to clients, and adjusted based on their feedback.

If you would like to discuss a feature request of your own, or view some of the upcoming features that are currently in development, please contact Greg and our Development team via the Support Team:  support@policyIQ.com.

Time to “Regroup”?

It’s that time of year when everyone is planning out their budgets, projects and goals for the coming year. If you’re considering bringing more automation and efficiency to a new area of your organization or just to a new process within an area that is already using policyIQ, you will likely be revisiting how your users are organized. With the recent release of policyIQ’s version 7.5, it is now possible to make adjustments to multiple users at the same time—making your task of implementing the new process that much easier.

Maybe you have several employees who are already in your “Directors” Group that you’d like to add to a new Group called “SOX 302 Level 2”. Is your organization going through a restructuring and that department is moving under a new VP? These types of adjustments now take just a few seconds in policyIQ. Simply highlight multiple users in the table and select “Move” from your options in the toolbar. Within the resulting window, you are able to adjust all of the selected users’ groups in bulk. Move_User

If you have questions about best practices for managing your users, Groups, or expanding your use of policyIQ, reach out to us and we’ll schedule a FREE working session to get you started in no time!

New Training Opportunities from RGP

Our technology experts may be particularly interested in these two upcoming RGP training sessions, as each deals with different aspects of technology in the GRC space.  Take a look!

November 17: Technology-based Innovation in the Digital Economy

The hills throughout Pittsburgh are filled with all kinds of beautiful Autumn color.  Fall nearly always means significant change to the weather and scenery of Western Pennsylvania, and this year is no exception.

Technology changes even faster–we can’t fight or resist the next big innovation may happen.  So, as companies, we need to be prepared to adapt these changing market conditions on a constant basis.  RGP Consultant Dr. Irvin Wladawsky-Berger will help us take a look at some of the technological hurdles we all experience, and how to best deal with these.  1 CPE credit is available for attending this event.

Click to sign up and emerge from the technology cloud more competitive and flexible than you ever imagined.

December 3: Cloud Computing and Business Performance Management

Speaking of clouds (technological, not those that bring rain), RGP experts have arranged an event to help bring some answers to cautious cloud-computing users.  Some find the idea of cloud-computing both stressful and confusing.  Does a cloud based environment really mean less security?  What are the benefits?  Attend this event, and get 1 CPE credit for participating.

Learn more about cloud computing and how it may be applied to your organization.

Make policyIQ part of your budget for next year!

For many companies, October means 2016 BUDGET TIME!  While there is plenty to consider in terms of adding or trimming from your budget, policyIQ should always be part of your business.  In fact, we’ve found that many of our clients have chose to expand their policyIQ site into new areas of their business!

While some products charge “an arm and a leg” for their software, policyIQ continues to keep costs affordable–meaning a relatively large implementation can be purchased for under half the cost of our competitors.  

Just take a look at all of the business needs that policyIQ has solved over the years:policyIQ_uses

policyIQ saves you money by automating various processes and streamlining documentation.  Many of our clients use policyIQ Pages house audit documentation.  Pages come with complete customized security, meaning some users can have exclusive access to edit and create new content, while others have read-only access to all the essential documents.

Forms make certifications and sign-offs a breeze, as Administrators can deploy hundreds, even thousands of forms in just the click of a mouse.  Responses are organized and aggregated in simple reports, allowing Approvers to quickly scan through answers and find problem areas that require follow up.  Have employees need some nudging to get their forms in by a certain date?  Automate the follow-up with email reminders that keep after your users until their work is complete.

policyIQ can handle many business needs at once.  Do you see an area in your business that could use the help of policyIQ?  Send us a message, and we can give you an open and honest assessment for FREE.

So why pay for multiple tools when policyIQ can handle them all?  Save money on next years budget and let policyIQ handle many of your processes.