Have you automated your Narrative reviews?

Are you paying employees to inventory email responses or spend hours in update meetings to accomplish tasks that can be automated? With the application of policyIQ forms, your employees can take back time that was spent on tedious tasks and focus on work that matters.

If your team is still using Word, Excel, and email to manage 302 CertificationsControl Self Assessments and Narrative Reviews, they are engaging in the frustrating task of having to inventory the responses from their inbox and then babysit and pester people to complete their work. As responses do arrive, they evaluate who they’ve heard from, who hasn’t responded, and evaluate whether/which follow-up activities are warranted. They are likely also having to pull together routine assessments regarding the status of responses to share with management and others.

Before anyone invests another minute on the effort of pulling together the Narrative Reviews for next quarter, contact us to help your team realize these benefits right away:

  • Simplified roll-out of questions/certifications each quarter
  • Easy access to real-time information for monitoring of status
  • Automation of reminders going out to outstanding respondents
  • Automated compiling of results
  • Effortless reporting for management

There are lots of products out there that will set you back $50-$500k annually that promise efficiency gains in your compliance processes. For a fraction of that cost, we’ll deliver on that promise in a matter of weeks—not months or years. Work smarter. Spend smarter. Contact us today to schedule your configuration session. 

Who wants to avoid redundant effort and rework?

RGP consultant, Jason Chiang, recently wrote:

Jason Chiang
Expert in risk management and audit

“A narrative provides mid-level detail of the transactions and internal controls within a business process and includes who, how frequent, and in what location the transactions and controls are being performed…

…Narratives should be updated as changes are implemented in the organization. The updates should follow a workflow where there is a review process for significant changes.”

For many clients, automating the process of updating compliance documentation is a critical but often overlooked part of their practices. Each year, various aspects of controls may change, such as steps of the control procedure, the control description, or control ownership.  As these critical bits of information are updated, it is important, as Mr. Chiang stated, that the associated narrative pages are also updated to reflect the latest information.

Who wants to avoid redundant effort and rework?!

If you haven’t already implemented policyIQ or you have policyIQ and you haven’t taken advantage of this feature, this is a good time to tune in and make a note: policyIQ has a “linked field” option that allows you to update control language (or other documentation) in one place and present the updated language in related documents—here’s the key: without redundant effort or rework!

Displaying all related Controls in the Narrative is probably the most common request, but you can also display Risk language in Controls, Control language in Tests, and the contract review conclusions in a management summary page, among a seemingly infinite number of options! No more hunting down related documents to make small tweaks–it’s already done!

To learn more about how reduce redundant effort and rework, contact our team at Support@policyIQ.com.

Your Risk Assessment spreadsheets are costing you!

Are your employees still manually managing Risk Assessments using spreadsheets?
If you answered yes, they are likely struggling to work with others efficiently, they are frustrated by version control issues, and they are wasting time trying to figure out who has given input and who still needs to provide information.

The data in spreadsheets is difficult to aggregate. Performing analyses within a spreadsheet is limited, and across multiple spreadsheets it is nearly impossible. There are nearly always issues with data entry and, therefore, data integrity. So, your employees are likely also spending time having to validate and track down information and they’re likely performing rework to shore up assessments and findings. For all of these reasons, spreadsheets prolong the time and expense of audits.

RGP’s policyIQ team has developed features that help you to automate questionnaires, inventories, risk ratings, capability measures, track gaps and roll-up findings. Your management and audit teams can begin collaborating on their finance, operational, fraud and enterprise risk assessments right away.  Contributors from your locations can work together in one flexible and easy to use tool with confidence in the security and accuracy of their information and analyses. Templates for various risk assessments are easy to customize. Notes and assumptions from previous assessments can be easily referenced and considered in current risk calculations.

Your auditors can remotely review the content that you choose to make available to them and only after it has completed the review process that you enforce using policyIQ.

Reach out to us to request your free trial site and to learn more about how your team can end their reliance on spreadsheets. Work smarter.

Who has access to your critical documentation?

Think, for a moment, about your human resources policies, risk documentation, safety specs, audit issues, training materials, accounting procedures or your IT controls.

  • Do external audiences, as well as internal employees, need access?
  • And do these audiences require access to different subsets of your content?
  • Does the intended audience know exactly where and how to locate all relevant content?
  • Is the latest version of the content available to your audience?
  • What steps do you have to take to disseminate content changes to your audience?

These are among the information governance considerations that RGP systematically addresses using policyIQ.

One of the lesser known perks of policyIQ is the ease with which you can provide free, simple, secure and tailored read-only access to your audience.

In this related blog post, we described one feature of policyIQ that gives organizations an easy-to-setup and easy-to-use solution for presenting and disseminating content to your read-only users.

If you are trying to develop a plan for appropriately sharing different types of documentation with their respective audiences, get in touch with us! We enjoy brainstorming and problem-solving challenges like this!

This Audit Trail will Reduce Organization Liability

Many organizations have pockets of well-developed and maintained policies and procedures. Leaders in various business units might have overseen the development of certification processes (“I have read and understood the policy…”, “I have not observed fraud…”). Fewer, though, are the number of organizations that have a coordinated enterprise strategy on policies.

GRC 20/20’s Michael Rasmussen had this to say about a strategy on policies:

We could write a series of posts delineating how policyIQ provides powerful technology support for a coordinated enterprise Policy Management strategy. For this post, however, let’s focus on Rasmussen’s last sentence in the paragraph above. policyIQ houses a comprehensive audit trail comprised of a number of features that allow the history of changes and versions to be examined from a variety of perspectives.

Historical Review

Version History is retained on all policyIQ content. It is possible to examine exactly what was presented in any version at any point in the content’s history. Attachments to documentation (evidence, forms, supplier documentation, etc) are also retained for historical review.

Change History is even more specific than Version history. This feature of policyIQ tracks specifically who made changes to content, what change was made, and when—dating all the way back to the inception of the documentation.

The viewing history of each page in policyIQ is also tracked. Do you want to know if that employee or the external auditor accessed the content last week as was reported? policyIQ can tell you.

Certifications

The ability to create and tailor certifications, attestations, and questionnaires and to customize how they are made available or scheduled for delivery leaves endless possibilities for organizations wishing to gather information from employees (and third parties) on their commitments, agreements, observations, performance, opinions and on and on. The “Forms” functionality in policyIQ eliminates the risk that an employee’s response will be overlooked in the sea of email.

Reporting Capability

All of these changes are made evermore valuable with the associated reporting features. Do you want to know who made changes to Accounting policies in the most recent quarter? Maybe you escalate a monthly review of any Exceptions documented on Information Security policies. Can you easily identify all procedures, projects, divisions or positions that will be impacted by the technology that you’re scheduled to replace? Yes—with policyIQ, you can.

Snapshot at a Point in Time

And if all of that wasn’t enough, policyIQ also allows organizations to schedule the capture of a complete backup of their database, called a Snapshot, containing all data at the time the Snapshot was captured.  Snapshots are a free benefit to policyIQ clients. While it is not common, it is an invaluable service to be able to present and review content as it was two years ago on that day in May, let’s say. For a small fee, clients also have the option to request an electronic extract of all content from their policyIQ site that they may provide in the event of an investigation or audit.

Safe and Direct Access

If the need presents itself, it is possible to provide investigators, auditors, litigators or other specified parties with direct access to your policyIQ site. This type of access would allow them to review documentation in the application and save on legal fees or administrative fees for copying or making information

RGP has received positive reviews for the breadth and depth of the audit trail provided in policyIQ. And while we have a number of testimonies to value that these features and services have yielded for various functions and divisions of our clients, that value is exponentially greater when applied enterprise-wide.

Maybe we’ll have to circle back to talk more about Michael Rasmussen’s related blog post and how policyIQ can help you to combine Case Management and Policy Management without sinking a huge investment of time and money into a big GRC platform. RGP has you covered with the subject matter expertise and technology there, too. Feel free to reach out to us directly if you’d like to know more or explore your options sooner than later!

A complete solution – presented in a policyIQ CPE event!

As part of our ongoing quarterly CPE event for policyIQ, we are putting together something a bit different – and bigger – than normal!

Join us on Thursday, November 30, 2017 at 12pm Eastern Time for the one hour CPE event presented via the web, showcasing policyIQ’s abilities, features and processes for all of your Policy Management needs.  Hosting this session will be Chris Burd, policyIQ Managing Director, and Travis Whalen, policyIQ Product Manager.  Learn more about policyIQ’s solution possibilities here.

In this Introduction to policyIQ CPE session, participants will be able to (among other milestones):

  • See how to utilize the import utility to centralize previously disparate content
  • Secure documentation with read, write and edit access – and approval processes
  • Apply search and reporting features to quickly gather information that is critical to decision-making

Sign up for this training here, and learn more about how policyIQ can be an effective solution for your organization’s Policy Management needs.

 

Enterprise-wide GRC made more powerful *and* simple with our new list fields!

By now, you likely are aware that policyIQ is a flexible GRC platform that can be easily configured and customized into various GRC and other solutions. One of policyIQ’s strengths is the ability to tailor security at a broad and granular level allowing organizations to implement policyIQ in many areas without stepping on each other’s toes, so to speak. Because of this security capability, with our user-based pricing (rather than the common software model of pushing multiple products or add-on modules), our clients have long been able to leverage policyIQ throughout the organization for multiple initiatives at a reasonable cost.

The latest release of policyIQ includes features that support robust enterprise-wide applications of policyIQ for a range of initiatives. In the past, users in different areas of the organization would create a folder, manual, dropdown or multi-select list to track different critical pieces of information pertinent for their documentation. And while this setup could have been perfect for the audit team’s testing documentation, the same location list, for example, would have to be recreated by the technical accountants performing ASC 606 contract reviews. That was then. Clients leveraging policyIQ’s version 7.8 are able to create and manage Global Lists that can be shared across the organization. If your list of Field Offices is leveraged in various types of content throughout the organization, it can now be centrally maintained and updated rather than having to be updated in several department-specific templates.

Similarly, clients historically had to create independent dropdown fields to track people or responsibilities in their content (i.e. Control Owners, testers, contract reviewers). Now, the lists of users created under Groups and Users and established as a part of user profiles can be leveraged as fields within templates. Once and done.

Here are more examples of where this might be pertinent to you. If you have fields or folders tracking these things and would like to save time and sanity managing them, we recommend looking into the new shared fields (Global Lists, Users Lists):

  • Currency
  • Location
  • Revenue Stream
  • Process Area
  • Business Unit
  • Control Owners
  • Significant Accounts
  • System Applications
  • Relevant Compliance Area
  • Prepared By

Of course, reach out to us if you have questions on how to make the adjustments to your policyIQ site.

Executive Oversight in policyIQ: Dashboards, Charts and Graphs

Does management want or need oversight of your policyIQ work?  Perhaps YOU want a quick way to check the progress your team has made on SOX work, audit prep, policy updates, or the like.

Simplify the sometimes chaotic world of GRC documentation with policyIQ’s arrangement of Custom Charts and Graphs – all available to be placed on any Advanced user’s Dashboard.

Charts and Graphs are a visual version of your reports in the system.  Simply create a new Page Report, and then choose a chart or graph as your Report Layout. Perhaps control owners are updating controls for the new SOX year – or maybe even performing testing on financial controls.   Set the report filter to any of these types of content.

As usual, pick the display filters/columns that you want to see in the results, with the first or top selection being the chart parameter (how you’d like the chart divided up).  In the case of many site administrators, they’re going to want to set the chart parameter to something like Stage – which will show which pages are in draft, are checked out, or are finished and published.

Save and run the report/chart, and see your results!  Because it is built in the same spirit as a report, the chart can be accessed (with proper security setup) by other users in the site, and even stored on their Dashboards.

Thinking about automating administrator oversight of your policyIQ site?  Look no further than Custom Charts and Graphs, available on every policyIQ site!

policyIQ 7.8: Saving Clicks – One Rule at a Time

In the GRC world (like most others), time is money.  Finding a tool like policyIQ that keeps your organization’s critical documentation accessible, updated and organized is key.  But even within our own tool, we’re always looking to make our software simpler for users to interact with, and improve the experience for our users.

policyIQ 7.8 (available this summer) will feature Field Rules for the very first time.  Field Rules will allow Administrators to set up behind-the-scenes triggers on user selections of List Fields that change other fields on the same page or form.  For example, Field 1 may have a rule built that electing “Yes” on that field will prompt the following 3 fields to be required.  Or, that same field could have a response of “No” trigger all remaining fields to be skipped (and the user wouldn’t have the option to fill them in).  Alternatively, you could also set up fields to be auto-filled with an answer.

Talk about a game-changer!  A feature like this will likely cause our clients to want to rethink the way they have their templates set up, and what kinds of questions they ask for Controls, Testing, Policies, or and type of sign-off or certification.

Other features Global and User List Fields are going to make our users happy, as well.  Gone are the days of spending lots of time building a List Field only to have to replicate that work throughout in other templates.  Now, Administrators can create a List Field outside of the template area in the Global List Management area.  Once the list is created, access it from any Template!  Think of it as a “shared list”.  Need to make updates to the list?  Make the change in the Global List Management area, and those changes are reflected on all pages new and old – saving a ton of “maintenance” type work.

User Lists are List Fields made up from user accounts in the policyIQ system.  Rather than typing out user names in a list field, select a group in your groups and users tree to make up your List Field options. Done!

Other features will allow you to:

  • Create a page that is pre-linked and indexed to a folder
  • Delete and replace an attachment in one click
  • Use field prompts on Forms and Pages
  • Toggle Linked Field properties on/off
  • Add company logos when printing pages

7.8 is all about saving clicks, increasing productivity, and making the management of content and data easier.

To be first in line for policyIQ 7.8, or to get an early demonstration of how these features will work, contact us at 412-263-3330 to set up some time with a policyIQ expert.