Regulatory environments are constantly changing, influenced by economic, political and environmental factors beyond your company’s control. It might seem like a daily battle to deal with the push and pull of complying with changing regulations. So how do you stay focused, prepared and sane in the world of regulatory compliance?
One critical step is to ensure that you have well documented, well communicated and well understood corporate policies.
Policies provide the foundation, governing the way in which your employees will work and how they will meet new regulatory requirements. When the foundation is strong, with clear policies that are followed and enforced consistently, additional external expectations and requirements are much easier to incorporate.
Here are just a few best practices to consider:
- Ensure that policies are written clearly. Avoid company jargon or acronyms that may be unclear to new employees or external regulators.
- Make policies easily accessible to all employees. If you are already using policyIQ, ensure that a policyIQ link is posted or communicated regularly.
- Clarify whether any exceptions might be approved to the policy, and communicate the process for approval for exceptions. If it is not clear, employees may be more likely to decide it will be easier to ask for forgiveness than permission.
- Document how policy violations will be addressed or how policies will be enforced.
- Revisit, review and revised policies regularly. Do not allow policies to become outdated or appear to be outdated. Even if no changes are made, regularly note that content has been reviewed, so that employees
- Map policies to your regulatory requirements or other compliance programs. As regulations change, you can more easily identify any changes that must be made in your policies to address those changes.
What other best practices would you highlight for a clear corporate policy platform? Add yours in the comments and share ideas! Learn more about how to utilize policyIQ’s various read-only options by checking out a recent blog post by policyIQ Product Manager, Travis Whalen.
Many organizations have used policyIQ for their Policy Management needs, and each client of ours has their own unique needs and for providing transparent and accessible policies to their users, public website, auditors, or other audience type. However, the process is largely the same, regardless of the unique needs.
In nearly all cases, the policy content is created in policyIQ, reviewed, approved, and then published. Making that content available is where the differences come in to play. There are a few options for doing so:
A shared, Read-only account:
Create a Read-only user account in your policyIQ site (which is free, by the way), and apply the Read-only account as a viewer only on all applicable policy pages in your site. Be sure to make sure that this account also has view access to the necessary folders, as well.
Then, share the Read-only account credentials with your user base. Once logged in, the policyIQ view this user will have is a scaled down look – just folders and policy content, in this case. Because the very nature of the account is Read-only, there is minimal risk in sharing the credentials with a large group of people.
A shared, Read-only account accessed via policyIQ Reader:
A similar process to the one above, but with a different look to the program and no login needs.
After creating the Read-only user profile and applying the user to security where necessary, edit the user profile. Under the “required” tab of the Edit User window, scroll to the bottom to find a unique link called “policyIQ Reader“. This hyperlink can be placed anywhere you like: bookmarked in your browser, stored on your desktop, placed in a shared network drive, or even on your intranet. Once a location is selected, users anyone that clicks the link will gain instant, Read-only access to your policyIQ site. No login required, and the “reader” look – a straightforward, no nonsense look at content, which is displayed in the table area to the right instead of a separate window, as seen below.
Individual Read-only accounts:
Create an individual Read-only account per-user, which allows for greater flexibility in terms of seeing policies that are applicable to certain divisions, but not others. Perhaps your finance and accounting folks have policies and procedures that apply to them, but not to the vast majority of other employees. Creating separate accounts for everyone ensures the user experience in the product is directly related to their role.
Individual policies accessed from an outside source:
Some of our clients choose to have their policies accessed from their primary company website. In this case, the policyIQ pass-through link is ideal: eliminate login needs, access individual policies, and don’t display the main policyIQ site from which the policies were created. Instead, display only the pages themselves.
Create a primary Read-only user account, and again add it to the view security on all applicable pages. Now, view a page of your choice that is published. A the very bottom, the page ID sits, and contains a link. Click the link to open a small window that contains the policyIQ Passthrough link . Copy and paste this link to the destination of your choice. Selecting this link from an outside source will open the policy page only, and not require a login to the system.
Did you know policyIQ also handles Policy Sign-offs, as well? It’s a simple process at a minimal cost. Add Standard Users to your site in bulk (50 to over 10,000+) to completely revamp the way your organization automates creating, approving and storing certifications and sign-offs.
Does something here sound like it might be right for you? If so, let’s talk about it! Scheduling a half hour with a policyIQ expert on our team is not only free of charge, but will pay dividends moving forward as the management of your processes becomes easier by the day. Many adjustments to existing sites take minutes to change, and new sites are even simpler! Contact us at Support@policyIQ.com or 412-263-3330 to begin.
- Has your organization recently engaged in merger or acquisition activity?
- Was a valid and somewhat likely risk of financial statement misstatement discovered?
- Has your organization recently become subject to Sarbanes Oxley requirements?
- Did your auditor advise you to formalize your FCPA program?
If faced with one of these (or another) critical governance, risk, and compliance issue, are you prepared with appropriate subject matter expertise and systems to respond? Because you are here and these are examples of circumstances where RGP and our GRC Technology (policyIQ) excel, you are prepared, now!
With more than 70 wholly owned offices around the globe and professionals with 10-20 years’ experience and expertise in a range of subject matters, RGP is prepared to hit the ground running. What our clients quickly learn is different about us is that we build long-term, trusted partnerships by engaging top talent to impart knowledge and expertise—leaving our clients’ employees better equipped while meeting the business’ objectives. Rather than a binder, we leave you with a job well-done and a reliable contact for future reference.
Dictionary.com defines agility as “the power of moving quickly and easily; nimbleness”. GRC Analyst, Michael Rasmussen, says that agility in a GRC technology provider also means being “adaptable to a changing business environment.” Here are some of the characteristics of policyIQ that allow our clients the flexibility to quickly adapt to changing needs:
- Easy to setup and implement (average 4-6 weeks—rather than months or years)
- Familiar look and feel means little to no training required for users
- Flexibility to customize configuration as needs change (in your hands)
- Security control allows multiple entities, departments and priorities in one platform
- Affordable to implement enterprise-wide for a variety of solutions
The greatest testimony we have to policyIQ’s flexibility is our clients! While policyIQ started in Policy Management and Risk and Compliance plus certifications fifteen years ago, our clients began applying the easy-to-employ technology for things like Account Reconciliation Management and Capital Appropriations Approvals.
Click to zoom in and check out a sample of our clients’ policyIQ applications:
Are you tasked with having to respond to changing business needs? Are you interested in seeing solid improvements and results in about a month? Of course, you are! Reach out today: Info@policyIQ.com, 866-753-1231.
Where are you at in your leases project? Have you settled on a lease accounting system? Do you have a plan for how you will gather all of your leases and begin pulling the critical data together? How confident are you that you’ve identified all of hiding places in your organization for the lease information including shared folders, binders, SharePoint sites, filing cabinets, spreadsheets, George’s desk, and even camouflaged within other agreements?
One thing we can be confident about—if the new accounting standards have highlighted your organization’s critical need to better manage all of your contracts and agreements, you’re not alone.
Of course, I’m about to tell you that we can help!
- policyIQ is centrally accessible and easy to populate—helping you to bring order to all of your decentralized structured and unstructured lease data.
- Easily customize templates and standardize the approach to capturing lease data (and complement your lease accounting tool).
- Use reports within/across leases to examine data and identify gaps.
- Customize workflow and leverage policyIQ’s secure platform to request specific data from specific individuals and fill gaps.
- Attach reference materials or supporting documentation, as needed.
- Customize policyIQ for each area to store executed leases and track lease data on an ongoing basis.
- Simplify oversight for management review at a high level.
- Implement controls and data governance providing evidence of entire data collection process and resulting data.
And if you’re not sure that you have adequate leasing talent on staff, RGP can support you with subject matter expertise to lead and/or support your team and ensure successful implementation of the new standards. If you haven’t worked with us in the past, what you will experience is a different level of professional partnership. We will transfer knowledge and leave your team better equipped to address challenges that arise in the future.
Contact us to learn more about our talent and technology to support your data collection, contract review, compliance, audit, policy management and other initiatives. We’re looking forward to working with you!
Did you miss our recent training session on completing our SOX Risk Assessments and scoping exercises in policyIQ? Not to worry – we have you covered!
How Can I Catch Up?
If you want to get into the details, we have the training session and materials available for download!
- You can access the slides here.
- You can also view the recording from our policyIQ training page.
The training page is linked from your policyIQ login page – and available from within the online Help Guide. If you don’t have access to the training page, please reach out and we’ll send you the link!
Just the Highlights, Please!
This training session aimed to ensure that participants are able to…
We discussed common SOX risk assessments at the financial statement line item level, targeting risk factors like…
In addition to illustrating how to create the calculation directly in policyIQ, we also acknowledged that some folks love their MS Excel process. policyIQ can handle that, too, through the import option!
Then we took a close look at the relationships between the content that allows for the most effective scoping options.
And finally, we walked through the reports that provide the final step in the scoping process.
We would love to help YOU get started on your risk assessments in policyIQ, so that we can link into your SOX work for ease of annual scoping. Contact us today and we’ll meet with you at no cost to help you get on your way!
Spreadsheets, email, shared network drives…
…this is where most of our critical work starts! With the deadline to comply with the Revenue Recognition Standard now in our sights, many of your corporate accounting peers have met the harsh reality that these commonly used tools are not meeting their contract review needs. Disconnected spreadsheets do not keep their reviewers in-step with each other’s developments. They are habitually shared via insecure channels and we often find, even with the best of intensions and development, lists, formulas, and formatting within a spreadsheet can be compromised resulting in an unreliable tool. Aggregation of data for analysis and consolidation of conclusions for management review are nearly impossible feats with dozens (or, certainly, thousands) of manual spreadsheets.
For those of you who are relatively new to the policyIQ community, you might not have heard that policyIQ has been a constant in the RGP toolbox, serving to solve our clients’ problems for nearly 15 years. We don’t make commission on software sales and are not incentivized to upsell you or to sell you a new tool or module. In fact, we work hard to make it possible to serve all areas of your business within one platform—we don’t have extra modules to sell you!
The flexibility of policyIQ to be easily customized for various initiatives has made it possible for our clients to hit the ground running in applying our web-based technology to their pressing Revenue Recognition needs.
A company may utilize policyIQ for the full contract cycle or simply as a contract repository, centralizing access and simplifying assignment of contracts to reviewers for ASC 606 analysis. In addition to guiding the reviewer through the 5 Steps outlined in ASC 606 required for each detailed review of contracts that are in scope, policyIQ also provides a place to document evidence of the reviewer’s considerations and tools to leverage that information for necessary analysis. Key conclusions from each step are automatically pulled out into a summary. Reviewers add final notes to the summary and systematically route all related content for review and approval, as desired and customized for each client.
The ability to report on results of contract reviews in aggregate gives way to analyses not possible in spreadsheets. Look across all Performance Obligations by Revenue Stream, Geography, Business Division, Over Time vs Point in Time, Sales Channel, or Reviewer, for example. Reports also aid in the management of contract reviews—in the assessment phase and with ongoing reviews. Report on issues as they are being identified, assignment of contract reviews, progress of reviews, and impact of the standard on various divisions or revenue streams. Use reports to easily identify those contracts that warrant follow-up action.
We delivered many new features in 2016 and some were developed specifically to sharpen the Revenue Recognition solution. We are wrapping up another release for spring and have an impressive road map that will go into development while the spring release is undergoing formal testing. And did you hear that upgrades are included free-of-charge?
We’re here to serve and grow with you.
Can you say that about your Revenue Recognition tool? Reach out to schedule a tour of policyIQ’s capabilities for ASC 606, compliance, audit, policy management or your other pressing information management needs!
With our upcoming release of policyIQ version 7.7, we are rolling out an unexcitingly named feature we refer to as “Form Bundle Imports”. It might not have the flashiest name, but the feature can open new doors for your organization!
Form Bundles and Their Purpose
If you are familiar with forms in policyIQ, you know that you can pull forms together into bundles. Form bundles are really just collections of forms to be issued at the same time, and bundling them together can make it easier to push them out. Form bundles do serve another purpose, though. By creating a form bundle, you are able to add unique default data to each instance of the form that is being issued.
For example, if you issue Account Reconciliation Forms, you may add the account number and account name to the form, so that you ensure that each account is covered in the reconciliations. If you use a form bundle to collect Control Self-Assessments or Control Reviews, you will link each instance to a different Control page, so that each control is covered in the assessment.
Typically, the first set-up of the form bundle can be a bit cumbersome, as you likely either had to set up each individual instance by hand, or perhaps you engaged our support team to import the details for you. After the initial set-up, you probably just copied the form bundle for subsequent periods. Because of the cumbersome nature of the set-up, it is unlikely that you added new, customized data each time.
Now – Let’s Imagine Being Able to Import Detailed Default Data On Demand!
Account Reconciliations is the area where we expect that this import option offers the most dramatic change. Now, a simple import can pull in unique data on the first day of the month – including account name, account number, and current balance!
We also know that the controls that your organization manages do not always stay static. Being able to import based on your current list of in-scope key controls will allow you to more quickly create an accurate and complete Control Review or Control Self-Assessment process. And if you bring on a new entity or acquire a new company? No problem! A quick import will add their controls to the mix.
We’ve also recently talked to clients about automating Evidence Requests, and this import function will make it easy to create forms and push out requests when needed. Simply create your list of evidence required, who is required to provide it, and import. Boom.
Tell Us How You Will Use Form Bundle Imports!
We know that when we release a feature like Form Bundle Imports, we will have clients who will be thinking of new ways to use the feature that never occurred to use before. What do you think? How are you planning to use this new feature?
Is your project for bringing your company into compliance with the Revenue Recognition Standard underway?
With the January 2018 effective date fast approaching, organizations (public, private, and non-profit) are pressed to come up with a plan to review each of their agreements, and for each one that is in scope, to work through each of these five steps:
RGP’s Revenue Recognition subject matter experts (SME) have developed an approach that effectively addresses all steps of the complex standard. And, again, RGP has gone the extra distance to develop a technology solution that will help you to tackle this effort. Beyond the repository for contracts and the secure data room for document review and project management, policyIQ now has a solution to both simplify and standardize detailed contract reviews while providing oversight, progress reporting, visibility for management review, and evidence for external auditors.
If you haven’t yet defined your approach for assessing your organization’s contracts and setting a course for compliance with ASC 606 by the deadline, don’t worry. We have a complete, cost effective solution and we’re ready to help you make up some ground. Contact us for more information.