New Company, New Controls: policyIQ Handled it All

Any quick look around the marketplace reveals that companies big and small are constantly acquired, bought, sold and merged on a constant basis.  Many of these public companies then have to figure how how their SOX compliance will be affected, and this can put a ton of stress on the audit teams that bear the responsibility of “making compliance happen”.

Fortunately for companies using policyIQ that have purchased or merged with others, the SOX issue goes from, “Can we make this transition in policyIQ, as well?” to “WOW.  That was pretty easy!”

A recent long time policyIQ client acquired a company, and each had their own set of risks and controls.  Ultimately, their goal was to combine these two separate entities into one SOX environment, and easily distinguish between SOX work from Company A and Company B.


Our team and product made this easy.  To begin, we simply added a single-select field on their controls and risks called “Entity”, with options for Company A or B.  By doing so, we created an  easily reportable way of sorting content from one company to another.  This was conducted by an Import to Update (via an Excel document), meaning that much of the work was easily done in a simple spreadsheet offline.  Simple!

All new documentation from Company B was then mass imported into policyIQ a few days later.


Some companies might like this arranged differently, and that makes total sense.  We had discussed using additional folders to distinguish the risks and controls from company to company.  Advantages?  One less field per page, and a more organized folder structure-less content per folder.  Disadvantages?  There are more folders, and some folks like a really simple structure.  A difference in results or reporting?  None!

Do you feel like you should partner with a policyIQ expert to work on your SOX work this year?  Do you have  a couple of ideas you’d  like to run by us?  Send us an email!

Which part of your SOX program do you want to improve this year? This list of resources will help.

Soup to nuts—or Risk Assessment to Review of Evidence, we are ready to help you make your 2016 Sarbanes Oxley compliance work more efficient than ever! You will notice that we have another post this month that talks about rolling forward last year’s SOX work to create the baseline for your 2016 work. Some of you might not want to repeat last year’s work. Maybe you didn’t use policyIQ last year or you’d like to make improvements on what was done in previous years and take advantage of all that policyIQ has to offer. We have some tips and tools to help you:


  • Risk Assessment – We previously shared a sample template with you that you might want to implement for 2016. If you already have your Financial Statement Risk Assessment complete, we can help you with your plan to import and tie the results of that assessment to relevant assertions and controls. Capturing the full cycle in one place will not only help your organization to be much more efficient, it will also save time and money when your external auditors are looking to connect.
  • PCAOB’s Auditing Standard No. 5 – Are you looking to make improvements to your process and work more efficiently this year? Check out this visual summary or watch the full recording of the webinar that walks through the application of AS5.
  • chart2Link related compliance elements and utilize various reports to monitor progress, analyze performance, and stay on top of your program. We have lots of ideas about SOX reporting. Check out you online Help manual and this post for some ideas.
  • Automate supporting processes – are you still using Word, Excel, and email to manage your 302 Certifications, Control Self Assessments and Narrative Reviews? One of the most frustrating parts of this work is having to inventory the responses and pester people to get their work done. You can literally perform the setup of these tasks one time and then consider it complete forever after using policyIQ’s Forms functionality to automate the inventory and reminders.
  • consultantsGrant External Auditors access to only that content which you want them to see! Have you done this yet? I recall being scolded by a client who told me that we don’t brag about this benefit enough. He felt that he could have saved a significant amount of time and money over the years and wished he had granted their external auditors access much sooner. It’s really easy to bring them into the fold and show them only what you want them to be able to review. Here’s how.
  • Evidence gathering – If you find that a lot of time is spent by auditors, managers—everyone—rounding up information, perhaps it is time to commit to one main holding place for your evidence. You can even use policyIQ to help automate and monitor the collection of evidence. We have some posts discussing what has been done in the past and we’ll be taking a fresh look at options surrounding the Evidence Collection effort in an upcoming training session—please join us!

E012649We hope that this list of resources is helpful to you or at least has you thinking about things that you’d like to manage more efficiently. We often work with people who feel like they just don’t have time to figure out how to save time! We get it. That’s what we’re here for! If you don’t have time to read posts and play around in policyIQ, but want to realize the benefits sooner than later, reach out to us and we’ll walk you through some simple adjustments that you can make to gain relief and command over your information right away!

Upcoming Training Opportunities from RGP

Here’s hoping that everyone has dug out from the winter storm that rocked the east coast over the weekend!  Assuming you’ve made it back to your desks, we’d like to offer you some free training sessions from RGP.

January 26: Using Spend Analytics to Drive Savings and Improve the Bottom Line

Join RGP as we take you through the key elements of spend analytics, and discuss how to establish a baseline from which to launch effective spend management. We will also highlight RGP’s advanced Spend Analytics solution which combines our expertise, a structured approach and leading-edge Business Intelligence that enables organizations to achieve deeper insights into value and risk mitigation opportunities.

January 28: Financial Reporting Update and an Outlook for the Year Ahead

As financial reporting implementation deadlines approach and projects continue to evolve, 2016 will be a big year for most companies – Revenue Recognition, Financial Instruments and Leasing guidance is all developing rapidly. How will the latest developments in standard setting affect your organization? What lies ahead for the upcoming year?  RGP’s Shauna Watson leads this session that will provide you with what you need to stay a step ahead.

February 18: An Overview of Cloud-based versus Traditional Systems

Join RGP experts Balaji Bondalapati and Paul Rundzieher for a discussion of cloud vs traditional ERP systems where they will provide an overview of each type of system, review major ERP vendors and their cloud product offering as well as discuss the major differences in terms of practical implementation and functionality.

Your Dashboard: Quick Access to Your Important Content!

New and prospective users of policyIQ often inquire about our dashboard, and how it is used to make everyone’s life easier.  Every time a user logs into policyIQ, the user’s Dashboard appears immediately, filled with various “buckets” of content that are automatically populated with content that fits the criteria of the particular bucket.

Some users feel that their dashboard lacks certain items–and this may be the case.  However, it is SO easy to add, rearrange, and save buckets to your dashboard. Keep in mind that every user has a Dashboard that is unique them–meaning it can be customized to your liking, and no one else has access to it.


When you decide to add a new bucket to your Dashboard, simply navigate up to the blue toolbar, and click “Add”.  The “Add Dashboard Items” menu will appear.  Check the box next to the items you would like to add to your Dashboard, and then click “Save“.  You Dashboard will refresh with all of the new buckets.  Each of these panels can be clicked and dragged to a different area of the screen, allowing the user to put more important items at the top of the screen, and lower priority items further down.

Removing buckets from the Dashboard is even easier than adding them.  Look in the heading of a given bucket for the small “X” that appears.  Click this to remove the bucket.  Oops!  Didn’t want to do that?  Just add it back in following the steps described earlier.

Within a given bucket, click the “Show All” link in blue to have all content within that bucket displayed.


Adding only essential buckets makes for easy and fast use of policyIQ.  For example, for users that primarily approve forms, they could add the “Approve Forms” bucket to their Dashboard, and remove others.  Other Advanced Users that regularly run the same reports can add the saved report to their favorites.  Then, the user could add the “Favorite Reports” bucket to  their Dashboard.  Clicking one of the reports within this bucket will immediately run the report automatically.

To see how the process of adding new buckets can be completed in just a few seconds, check out our video that specifically deals with the Dashboard.

Check out the new RGP website!

RGPRGP is excited to announce its brand-new website at  Among the updates to our site are exciting profiles of our team of accomplished Practice Leaders and highlights of their subject-matter expertise.  These leaders are among the best in the world, and drive business initiatives that help lead our clients toward their goals.

RGP’s Services tab has been organized into easy-to-find Expertise and Initiatives areas, complete with details for each individual practice area:  Practice Leaders, Insights, Case Studies, Initiatives and so much more.

We hope you will have an opportunity to browse our new site. Please do not hesitate to let us know how RGP can help support you on your company’s critical initiatives. Thanks!


Come and see policyIQ’s Version 7.4 at the GAM Conference in Vegas

Once again, the policyIQ Team and RGP are looking forward to attending the IIA GAM Conference, March 9 – 11, 2015 in Las Vegas, Nevada. We are excited for the opportunity to engage with other key influencers in the areas of:

  • Talent and Resource Strategies
  • Regulatory & Compliance Issues
  • Risk Management
  • Innovation & Technology
  • Stakeholder Relationships and Expectations

While we are highlighting RGP’s service offering–which ranges from strategy and advisory services to implementation solutions that help support clients’ efforts at any stage of their initiatives—we will also introduce the latest version of our GRC Technology: policyIQ. With version 7.4, we are making it evermore simple and efficient to manage all of your Compliance and Audit processes and content in policyIQ.

Join us at the GAM Conference!

RGP Booth at GAMStop by our RGP booth and ask us about working offline, collaborating “behind the scenes” and tracking auditors’ Time and Expenses in policyIQ. These capabilities are being added to the suite of Governance, Risk and Compliance solutions already available that have benefited by more than a decade of continuous development and customer focus. Did you know that you get all that policyIQ has to offer without having to purchase additional modules or products?

If you can’t wait for the conference or don’t plan to attend this year, reach out to us directly with any questions—we’ll help you to get started right away!

Just in time for the holidays: An Introduction to policyIQ Training event!

Just a reminder—our quarterly training session focusing on the basics of policyIQ is just around the corner! Ideal for new or prospective users of policyIQ, this training session will offer viewers the chance to check out the essential components and navigation of our cloud-based program.  In this particular session, we will pay special attention internal audit examples.  Even seasoned audit users may benefit from this walk-through of a typical audit workflow!

Participants of the training will leave knowing better how to:

  • Locate content and navigate in policyIQ.
  • Pass content through a basic workflow. (We’ll use an example of an audit, and pass a control test through a workflow.)
  • Link and attach content, such as uploading files as evidence for a test, and linking tests to controls to show relationships.
  • Monitor, analyze and share findings using reports, such as tracing Deficiencies back to Risks left vulnerable.

Join policyIQ Client Service Representative, Travis Whalen; Managing Director, Chris Burd; and Product Director, Stephenie Buehrle as we walk with you through the site and prepare you to hit the ground running.  It’s a great chance to head into the holiday break with some great new guidance on how to best use policyIQ.

We will also send out a recording of the session which you are free to share with anyone in your organization!

Participants will be eligible to earn 1 CPE credit for attending.

The session starts on Thursday, November 20, at 12:00 noon US ET.  Register today and we’ll see you there!

The message is clear: “Focus on Fraud”

Public companies subject to Sarbanes Oxley (SOX) requirements with a calendar year-end are wrapping up their projects to transition to the 2013 COSO Framework. Among the seventeen Principles formalized in the 2013 framework is Principle 8, which states, “The organization considers the potential for fraud in assessing risks to the achievement of objectives.”

Track Fraud Mitigating Controls

One step that many policyIQ clients are taking to demonstrate evidence that they have adequately addressed this principle is to “flag” their controls that are fraud mitigating. If you do not already have one, we recommend adding a field to your Control template in policyIQ to track whether a Control is fraud mitigating. This allows you to easily report on all Controls where the answer is yes and to relate those Controls to Principle 8 (unless you are linking to Points of Focus, in which case you will link each of the Controls to the most appropriate of the four Points of Focus related to Principle 8).

Address Revenue Recognition Fraud

In addition to feeling greater pressure in the last couple of years from the Public Company Accounting Oversight Board (PCAOB) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO), most companies will also be affected by the new Revenue Recognition Standard.  The new standard is the result of a joint effort by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) that aims to improve upon and to address inconsistencies between the previously held International Financial Reporting Standards (IFRS) and US Generally Accepted Accounting Principles (GAAP). No doubt, some of the most notorious cases of corporate fraud have been directly related to revenue recognition fraud.

Complying with the new standard is a big undertaking for companies. We have written on our blog about the application of policyIQ to better monitor your contracts and agreements and the work that RGP has done to prepare a deep pool of Revenue Recognition subject matter experts around the country to walk alongside accounting professionals and help them to close gaps in their practices. Here, also, is a link to access the recording of RGP’s recent webcast: The New Revenue Recognition Standard Webcast Series (Part 2): How to Begin Implementing the New Standard.

Formally Assess the Risk of Fraud

Additionally, many companies are finally formalizing their fraud programs by instituting a dedicated Fraud Risk Assessment, documenting mitigating controls, identifying gaps, and filling gaps, and so on. Whether using your methodology and questionnaires or RGP’s, we can help you to manage the process more efficiently in policyIQ.

Fraud Risk Assessment Sample

Using policyIQ, it is simple to capture and deploy your fraud questionnaire(s) to the relevant employees, inventory responses and analyze results. Similar to other compliance work in policyIQ, you can link your capabilities or controls to any Fraud Risks that were identified and use policyIQ reporting to easily highlight any gaps in coverage.

Interested in bringing automation to your program or need a subject matter expert to help you develop your Fraud Prevention Program? Reach out to us and we’ll put you in touch with the right person in your area.


COSO in policyIQ – “It was really as simple as you said it would be.”

For those of you looking to use the 2013 COSO Framework as the model for your Internal Control Environment, we want to remind you that you can use policyIQ to make quick work of capturing the COSO Principles and Points of Focus, as well as your Controls, Tests and other related documentation. We have shared some guidance on how existing policyIQ users can easily make adjustments that accommodate the new framework.

Existing policyIQ users, we can help you to get things set up in policyIQ

You don’t even have to create and populate your own spreadsheets to import the framework into policyIQ—we’ve already done the work for you, and will share it with you for FREE!


When we reached out to one of our clients to see if he had any questions about the spreadsheets or import process, he had this to say in his reply: “Once I had your template, it took just about 5 minutes to have policyIQ populated with the principles and points of focus.  It was really as simple as you said it would be.”

If you can’t spare any time to import the COSO content, we can do that part for you, too. Contact us to make arrangements.

Not a policyIQ client yet? Your new COSO-ready site can be available within the afternoon!


(Usually. Contractually, we have to say within 48 hours, but a new site is often up and running within the same day!)

For those who are not yet policyIQ users, but are considering the value of a tool now that you have to take on yet another relationship to your Controls, we have the COSO Framework ready to go in new policyIQ sites—you can move right on to the mapping part of your transition project.

Not sure what your plans are for transition to the 2013 COSO Framework?

We also want to remind you of a couple of webinars hosted by policyIQ and RGP that have been well received. Within the following posts, you will find links to the recordings.

Efficiently Transition to the 2013 COSO Internal Control – Integrated Framework Using policyIQ

Lessons Learned from Early Adopters of the 2013 COSO Framework

We have subject matter experts all across the country (and world) ready to get to work. Reach out to us and we’ll help you to get connected!