Many organizations have pockets of well-developed and maintained policies and procedures. Leaders in various business units might have overseen the development of certification processes (“I have read and understood the policy…”, “I have not observed fraud…”). Fewer, though, are the number of organizations that have a coordinated enterprise strategy on policies.
GRC 20/20’s Michael Rasmussen had this to say about a strategy on policies:
We could write a series of posts delineating how policyIQ provides powerful technology support for a coordinated enterprise Policy Management strategy. For this post, however, let’s focus on Rasmussen’s last sentence in the paragraph above. policyIQ houses a comprehensive audit trail comprised of a number of features that allow the history of changes and versions to be examined from a variety of perspectives.
Version History is retained on all policyIQ content. It is possible to examine exactly what was presented in any version at any point in the content’s history. Attachments to documentation (evidence, forms, supplier documentation, etc) are also retained for historical review.
Change History is even more specific than Version history. This feature of policyIQ tracks specifically who made changes to content, what change was made, and when—dating all the way back to the inception of the documentation.
The viewing history of each page in policyIQ is also tracked. Do you want to know if that employee or the external auditor accessed the content last week as was reported? policyIQ can tell you.
The ability to create and tailor certifications, attestations, and questionnaires and to customize how they are made available or scheduled for delivery leaves endless possibilities for organizations wishing to gather information from employees (and third parties) on their commitments, agreements, observations, performance, opinions and on and on. The “Forms” functionality in policyIQ eliminates the risk that an employee’s response will be overlooked in the sea of email.
All of these changes are made evermore valuable with the associated reporting features. Do you want to know who made changes to Accounting policies in the most recent quarter? Maybe you escalate a monthly review of any Exceptions documented on Information Security policies. Can you easily identify all procedures, projects, divisions or positions that will be impacted by the technology that you’re scheduled to replace? Yes—with policyIQ, you can.
Snapshot at a Point in Time
And if all of that wasn’t enough, policyIQ also allows organizations to schedule the capture of a complete backup of their database, called a Snapshot, containing all data at the time the Snapshot was captured. Snapshots are a free benefit to policyIQ clients. While it is not common, it is an invaluable service to be able to present and review content as it was two years ago on that day in May, let’s say. For a small fee, clients also have the option to request an electronic extract of all content from their policyIQ site that they may provide in the event of an investigation or audit.
Safe and Direct Access
If the need presents itself, it is possible to provide investigators, auditors, litigators or other specified parties with direct access to your policyIQ site. This type of access would allow them to review documentation in the application and save on legal fees or administrative fees for copying or making information
RGP has received positive reviews for the breadth and depth of the audit trail provided in policyIQ. And while we have a number of testimonies to value that these features and services have yielded for various functions and divisions of our clients, that value is exponentially greater when applied enterprise-wide.
Maybe we’ll have to circle back to talk more about Michael Rasmussen’s related blog post and how policyIQ can help you to combine Case Management and Policy Management without sinking a huge investment of time and money into a big GRC platform. RGP has you covered with the subject matter expertise and technology there, too. Feel free to reach out to us directly if you’d like to know more or explore your options sooner than later!
As part of our ongoing quarterly CPE event for policyIQ, we are putting together something a bit different – and bigger – than normal!
Join us on Thursday, November 30, 2017 at 12pm Eastern Time for the one hour CPE event presented via the web, showcasing policyIQ’s abilities, features and processes for all of your Policy Management needs. Hosting this session will be Chris Burd, policyIQ Managing Director, and Travis Whalen, policyIQ Product Manager. Learn more about policyIQ’s solution possibilities here.
In this Introduction to policyIQ CPE session, participants will be able to (among other milestones):
- See how to utilize the import utility to centralize previously disparate content
- Secure documentation with read, write and edit access – and approval processes
- Apply search and reporting features to quickly gather information that is critical to decision-making
Sign up for this training here, and learn more about how policyIQ can be an effective solution for your organization’s Policy Management needs.
By now, you likely are aware that policyIQ is a flexible GRC platform that can be easily configured and customized into various GRC and other solutions. One of policyIQ’s strengths is the ability to tailor security at a broad and granular level allowing organizations to implement policyIQ in many areas without stepping on each other’s toes, so to speak. Because of this security capability, with our user-based pricing (rather than the common software model of pushing multiple products or add-on modules), our clients have long been able to leverage policyIQ throughout the organization for multiple initiatives at a reasonable cost.
The latest release of policyIQ includes features that support robust enterprise-wide applications of policyIQ for a range of initiatives. In the past, users in different areas of the organization would create a folder, manual, dropdown or multi-select list to track different critical pieces of information pertinent for their documentation. And while this setup could have been perfect for the audit team’s testing documentation, the same location list, for example, would have to be recreated by the technical accountants performing ASC 606 contract reviews. That was then. Clients leveraging policyIQ’s version 7.8 are able to create and manage Global Lists that can be shared across the organization. If your list of Field Offices is leveraged in various types of content throughout the organization, it can now be centrally maintained and updated rather than having to be updated in several department-specific templates.
Similarly, clients historically had to create independent dropdown fields to track people or responsibilities in their content (i.e. Control Owners, testers, contract reviewers). Now, the lists of users created under Groups and Users and established as a part of user profiles can be leveraged as fields within templates. Once and done.
Here are more examples of where this might be pertinent to you. If you have fields or folders tracking these things and would like to save time and sanity managing them, we recommend looking into the new shared fields (Global Lists, Users Lists):
- Revenue Stream
- Process Area
- Business Unit
- Control Owners
- Significant Accounts
- System Applications
- Relevant Compliance Area
- Prepared By
Of course, reach out to us if you have questions on how to make the adjustments to your policyIQ site.
Does management want or need oversight of your policyIQ work? Perhaps YOU want a quick way to check the progress your team has made on SOX work, audit prep, policy updates, or the like.
Simplify the sometimes chaotic world of GRC documentation with policyIQ’s arrangement of Custom Charts and Graphs – all available to be placed on any Advanced user’s Dashboard.
Charts and Graphs are a visual version of your reports in the system. Simply create a new Page Report, and then choose a chart or graph as your Report Layout. Perhaps control owners are updating controls for the new SOX year – or maybe even performing testing on financial controls. Set the report filter to any of these types of content.
As usual, pick the display filters/columns that you want to see in the results, with the first or top selection being the chart parameter (how you’d like the chart divided up). In the case of many site administrators, they’re going to want to set the chart parameter to something like Stage – which will show which pages are in draft, are checked out, or are finished and published.
Save and run the report/chart, and see your results! Because it is built in the same spirit as a report, the chart can be accessed (with proper security setup) by other users in the site, and even stored on their Dashboards.
Thinking about automating administrator oversight of your policyIQ site? Look no further than Custom Charts and Graphs, available on every policyIQ site!
In the GRC world (like most others), time is money. Finding a tool like policyIQ that keeps your organization’s critical documentation accessible, updated and organized is key. But even within our own tool, we’re always looking to make our software simpler for users to interact with, and improve the experience for our users.
policyIQ 7.8 (available this summer) will feature Field Rules for the very first time. Field Rules will allow Administrators to set up behind-the-scenes triggers on user selections of List Fields that change other fields on the same page or form. For example, Field 1 may have a rule built that electing “Yes” on that field will prompt the following 3 fields to be required. Or, that same field could have a response of “No” trigger all remaining fields to be skipped (and the user wouldn’t have the option to fill them in). Alternatively, you could also set up fields to be auto-filled with an answer.
Talk about a game-changer! A feature like this will likely cause our clients to want to rethink the way they have their templates set up, and what kinds of questions they ask for Controls, Testing, Policies, or and type of sign-off or certification.
Other features Global and User List Fields are going to make our users happy, as well. Gone are the days of spending lots of time building a List Field only to have to replicate that work throughout in other templates. Now, Administrators can create a List Field outside of the template area in the Global List Management area. Once the list is created, access it from any Template! Think of it as a “shared list”. Need to make updates to the list? Make the change in the Global List Management area, and those changes are reflected on all pages new and old – saving a ton of “maintenance” type work.
User Lists are List Fields made up from user accounts in the policyIQ system. Rather than typing out user names in a list field, select a group in your groups and users tree to make up your List Field options. Done!
Other features will allow you to:
- Create a page that is pre-linked and indexed to a folder
- Delete and replace an attachment in one click
- Use field prompts on Forms and Pages
- Toggle Linked Field properties on/off
- Add company logos when printing pages
7.8 is all about saving clicks, increasing productivity, and making the management of content and data easier.
To be first in line for policyIQ 7.8, or to get an early demonstration of how these features will work, contact us at 412-263-3330 to set up some time with a policyIQ expert.
While the release of policyIQ version 7.7 brought some big features to the software, there were a few smaller ones that didn’t gain as much attention as they deserved. One of those is called Pinned Items.
Pinned Items is a feature available to Site Administrators under the Tools & Settings menu on the left hand navigation. This tool is used to “pin” items (Pages, Files, Public Form Templates, or Reports) to their user’s dashboard item “Pinned Items”. Think of it as “universal favorites” for your site. The appearance of the Dashboard item is not in the individual user’s control. Instead, it appears automatically at the top of Dashboards, and only if an item has been pinned. Moreover, the security settings of that item still apply even if the item has been pinned. When all pinned items have been removed, the Dashboard item will be automatically removed from the dashboards on which it appeared.
Finally, and most importantly, local security (security at the content level) still applies to items that are pinned. For example, suppose you have a published page and you’d like to pin it. The security settings on the page itself are set up to allow 5 our of 10 total users to see it. If this page is pinned, it will appear automatically on the Dashboard for those 5 users. Users who do not have viewership of the page will be unaffected, and wont see the page or Pinned Items Dashboard item.
Common uses of Pinned Items:
So far, clients have applied Pinned Items in several ways. The three most common?
- Instructional content -Some Site Administrators have wanted a way to put instructional content (either related to their pIQ content, business practices, or
pIQ-specific instructions) in front of their users that is ultra easy to find.
- Favorite Reports – Each user has the option to add reports to their favorites (which is another Dashboard item). The problem is that each user has to individually add these themselves. Pinning a report solves that problem, and opens it up to anyone with proper access.
- Others – ANYTHING that you want to put in front of your users. Specific content, a reminder of a corporate policy, etc.
Let us know if you have questions about this feature, others, or best practices! We are always happy to help. policyIQ: 866-753-1231
As last year came to a close, our policyIQ team was discussing all the new ways customers could now use our product – and we managed to surpass our expectations for the year! While some features simply add small functionality to the software, policyIQ’s 2016 releases contained HUGE improvements to visually displaying content, content history and increasing content efficiency. And the great news is that 2017 is looking to perhaps even surpass last year’s features!
Highly anticipated and incredibly useful, Linked Fields are going to change the way content in displayed in policyIQ forever. A common need from our user base is to be able to view a Control page, but also see some information from the Risk it is mitigating. Linked Fields make this a reality!
Insert a Linked Field on your Control Template, and point it to a Risk template field of your choice. In the example here, I’m just pulling in the field “Risk Description”. The field is shown and the properties of which are displayed just above the field content. You can add as many Linked Fields as you’d like!
Because the fields are linked, any changes made to the Risk Page description will be reflected and displayed on the Control Page. This saves you time, and ultimately ensures that your content is consistent without having to think about it!
Custom Charts and Graphs
Super simple to create, Custom Charts and Graphs can be used to provide oversight to a process within your policyIQ site, project manage, or any other number of uses. Simply build a new Page Report and choose a chart or graph as the report layout. That’s it! When selecting items to display (columns), keep in mind that the top or first item selected will be used as the chart parameter (the way the chart or graph will be divided up). That’s it! Save your chart and even add it to your Dashboard for review.
HTML Field History
Users can now have access to the history of their HTML fields in policyIQ. Upon each save of data within an HTML field, version and change records are kept. After a history is established, click the blue “History” link button just above the field when viewing a page to view the Field History.
On the right, select a version of the page to view. Changes made within that version can be toggled on and off using the “Show Markup” toggle in the toolbar at the top. If at at point you’d like to revert to an old version of the field, select the version to display, and then click “Restore” in the toolbar. The history window will close, and your HTML field will show the reverted version.
There are a whole lot of features that have been added over the last year!
Form Bundle Imports
This tool allows a user to create their Form Bundles in Excel outside the system, and then import them into policyIQ. This helps users work offline, and in some cases, much faster.
Sum/Average Report Results
These rows can be added within the report builder to page detail reports by clicking the checkbox on the report builder screen. Within the results of a report, two additional rows-sum and average- will be displayed as a calculation of numerical fields across all pages in the results.
Delete Open Forms
Form Administrators will love us for this one. Those outstanding open forms that you just couldn’t get rid of? Now you can delete them, and keep your form results perfectly right.
Auditors and testing teams have been asking for an even easier way to view information about the associated Control or Procedure that they are testing. Rather than having two screens open side by side in policyIQ, auditors would prefer to see critical details about the control that they are testing right there on their test screen.
Now you can make that happen – with NO DUPLICATION OF DATA! And it literally takes less than 2 minutes, with no additional data entry required.
How? If you are a Site Administrator, you need just 2 minutes, I promise!
On your Test page template, simply add a new field and select “Linked Field” as the field type. Select the field that should be linked from another page template, save it and VOILA!
If you’ve added the Control Description field from the Control template, for example, you’ll automatically see the Control Description displayed on a Test page for any Control that is linked to it. If there are multiple controls linked to a single Test, you’ll see multiple Control Descriptions, identified by the page name.
This function does not apply to audit testing alone! Consider these other ideas:
- Pull vendor information into a Contract page.
- Bring risk descriptions to Control pages.
- Create Process pages that pull in linked Control Descriptions.
- Pull project task descriptions into Action Items.
- Bring issue details into a Remediation Plan.
Want more information? Contact us at support@policyIQ.com.
In policyIQ version 7.6, we introduced our clients to custom charts and graphs for the very first time. This feature lets users to show their data using the chart or graph output of the report builder that they use in other areas of the product.
After its release this summer, many users provided feedback that they would like the ability to access pages directly from the chart or graph.
Great news-we listened!
Clicking the “Show All” link within your Dashboard chart or graph will now display all content that was generated. The data will be displayed in the table row by row just as it would if it was generated using a typical Detail Report layout. At this point, users can take action on items by selecting them and looking to the toolbar for their options.
The only part of this experience is the generation of the chart or graph itself. Originally, we only allowed users to select one “column” for the chart, and this selection would dictate how the chart was divided up (in the example above and below, we divided by page Stage). Because users wanted to interact with the data, we wanted to allow users to add more than one “column” of data so that clicking “Show All” would yield more than a single column worth of results.
When generating the chart, select as many columns as you like, making sure that the selection you want to divide the char tor graph by is in the first position (above). Click save, and then save and run your chart or graph.
The chart will generate, and you can then select “Show All”. Here are the results for my example here:
You can see that any typical action can now be taken on your results…not bad, huh? We’re excited about it, too! Think of all the ways you may want to use custom charts and graphs in your processes.
If you’d like to provide us additional feedback, please do! Support@policyIQ.com