Process + Technology = Effective Issue Management

Let’s face it—nothing is perfect.  Mistakes are made, processes are never fully optimized, and improvements can always be made.  All of those issues – big and small, critical and unimportant – mean risk or opportunity for your organization.

How are you managing those issues?  Do you have insight into the big picture? IssueMgt

Start with a consistent issue management process…

Having a consistent process in place to document and resolve issues throughout the company is a great first step.  Provide guidance, so that all departments and all projects use the same format for tracking, remediating, and resolving issues.  That process should include the following steps (although not always in this order):

  1. Document an issue as soon as it is identified in a central location.
    Emails are great, but having a standard location to enter an issue as soon as it is discovered is the key to full transparency.
  2. Assign the issue to the appropriate contact (or committee).
    Your process may have a central point of contact that reviews and assigns issues – or this may be built into the issue reporting process.  In either case, assignment to an individual or a specific committee is critical.  Issues will never be resolved if no one is accountable for them.  (That person may ultimately delegate or reassign the issue later, but assignment brings accountability.)
  3. Rate the risk or opportunity that the issue poses.
    Issues are not always about risk – sometimes an issue is simply the recognition that there’s an opportunity that could be addressed.  To determine the priority of addressing issues, each should be rated to understand the risk posed or the opportunity available.
  4. Determine if and how the issue will be resolved, and what the timeline should be.
    Will the issue be addressed?  Low risk/low opportunity issues may simply be put on hold or removed from the list, accepted as imperfections in the daily business. If the issue is to be addressed, document a plan and set a timeline.  The less urgent the issue and the farther out the timeline, the more general or vague the plan may be.  A “next step” should always be defined, even if that’s a plan to create a plan.
  5. Assign the remediation plan to the right individuals.
    For smaller organizations, it’s more likely that the original issue owner is also going to be the individual responsible for the remediation.  However, for large companies, issues may be owned by a division or department leader, while the remediation of the issue falls to someone on the front line of the organization.
  6. Regularly review the open issues and ensure that updates are documented.
    Ensure that open issues are reviewed regularly, and that progress is being made and documented.  If issues and remediation plans are never updated, the process will stop being effective.  If progress on an issue has stalled out, a regular review will highlight that challenge and allow it to be addressed.
  7. As remediation is completed, audit the process to ensure that the issue is resolved.
    The remediation plan may be marked complete, but has it really been fully implemented?  Was the remediation plan effective in addressing the issue?  Is there something more that must be done?

…and make sure you have technology in place to support it!

Consider the insight gained if you had a web application that allowed employees to report issues, issue owners to build remediation plans, and management teams to review the status of all issues across the company.

policyIQ is that application.

From a simple reporting mechanism to dashboards to track progress, policyIQ offers a technology platform that supports the issue management process.

Want to learn how?  Join us on October 22nd for a policyIQ training event, where we’ll focus on this issue management process – and how you can support all of the steps within the policyIQ application.

If you want to talk to us before October, we’re happy to connect with you to talk about issue management!  Contact us today.

 

IT Security Regulations, Frameworks, and policyIQ

Organizations all over the globe follow information technology and data security guidelines to meet regulatory requirements, improve processes, strengthen security, and achieve other business objectives.

These IT security frameworks give us a common language that can be used by:

  • Internal stakeholders to evaluate controls in place within their own organization.
  • External auditors to evaluate and attest to controls in place within an organization.
  • Third parties (potential customers, investors, etc.) to evaluate the potential risks of partnering with an organization.

Because information technology impacts every area within an organization, it only makes sense that IT compliance is a process that needs constant attention and monitoring. Choosing a framework, following a set ofIT.jpg standards, and having a comprehensive internal controls monitoring program in place help organizations meet the needs of their various stakeholders.

We recently took a deep dive into regulations and frameworks that impact IT security, in our July training session, IT Security Compliance in policyIQ.

Some questions addressed in our training were:

  • What is the difference between regulations and frameworks?
  • What are some of the most common regulations impacting IT security? What are some of the most common frameworks?
  • Where can I access IT security frameworks?
  • How can policyIQ help to manage the IT compliance program?

We invite you to listen for yourself and to reach out to us today to see how policyIQ could benefit your organization with IT compliance!

Happy Memorial Day!

Wishing a beautiful Memorial Day weekend to all the friends of the policyIQ community! While we remember and honor those who have fallen in service to our country, we also thank those veterans and active service members for all that you have and continue to do for us.

Memorial Day_WP

The policyIQ Team

First Impressions from the 2018 GAM Conference

After three days filled with auditors, firms, software vendors and everything in between,  the 2018 GAM was a special blend of thought leaders from around the globe.  Some of the brightest minds in the industry were on hand to provide insight and perspective on all things audit – with a few areas sticking out to all of those in attendance.

AI – Artificial Intelligence/Robotics

For the second time in as many years, Artificial Intelligence was a topic impossible to avoid – much like its expected impact on the industry’s future.  While many speakers touched on the impact it has had in test environments and early adopters, a common trend was something that wasn’t immediately expected – fear!  Most attendees are auditors themselves, or lead audit teams in a Chief/Director of Audit role.  The implementation of AI and Robotic systems will ultimately lead to the decrease in demand for audit work hours, and surely, auditors themselves.  As the thought of audit team size shrinking in coming years looking like a sure thing, a few speakers provided some comfort and reassurance to those in attendance.

In short, automated systems like AI and Robotics are going to be great for taking repetitive, manual tasks out of human hands.  However, these systems will need to be observed and checked for accuracy a LOT early on.  Furthermore, the systems themselves are a source for additional auditing needs – creating additional work for perhaps smaller audit teams in the future.  Finally, a few of the Chief Audit Officers in attendance are expecting that, while the repetitive parts of the audit team jobs may move to automated systems, their newly found “free time” won’t necessarily translate to job loss or going home early!  In face, these executives plan to challenge their teams to spend their newly freed up time into areas that are maybe not investigated as thoroughly as they should be – providing a more complete audit of the business, aided in part by AI.

Analytics

Another hot trend continues to be the need for analytics, and finding the appropriate ways to use graphical representations of data.  As more and more companies seek software packages to provide documentation sharing, workflow and reporting capabilities, the visual representation of this data becomes even more critical.  Executive teams don’t wish to look through numbers and decipher data – instead, graphics provide a high level overview of the audit and quickly show where gaps may be, tests have failed, or any other arrangement of data.

Agile – EVERYONE Needs to be!

On more than one occasion, attendees pointed out that their small audit team was “too small to be agile”, and could invest time/effort into becoming more agile.   This is exactly the reason why you’d want to be more agile!  Small audit teams particularly don’t have the luxury of moving work from one group to another.  In fact, many auditors work long hours and are overworked during “crunch time”.  Investing time in automating as many processes as possible and improving communication will greatly improve agility and reduce the overload of work that many teams feel.

Stay tuned for more information from the 2018 General Audit Management Conference, trends, analysis, and what we can look forward to next year!

2018 GAM Conference – policyIQ will be in Las Vegas!

policyIQ Product Manager Travis Whalen will be representing policyIQ at the 2018 GAM (General Audit Management) Conference on March 12-14 at the Aria in Las Vegas!  Come by the RGP booth to learn more about RGP’s premier consultation services, professional service lines,  and areas of expertise – all across the globe.

In addition, Travis will be on hand representing policyIQ – RGP’s SaaS (software as a service) for many areas of the Governance, Risk and Compliance world.  Stop by to learn about our highly customizable software solutions for organizations large and small, public and private, including:

solutions2

Stop by the RGP booth to say hi to Travis, learn about RGP, and take a peak at policyIQ!  We hope to see you there.

 

policyIQ 7.9 is all about YOU!

With policyIQ 7.9 just around the corner, customers have been asking, “What’s next?”  The answers are exciting, and a welcome sight as they enhance current policyIQ features and provide increased flexibility moving, and a better user experience that saves time and clicks moving forward.

Many clients have sought a way for their users to access critical business information – faster than we have before.  Common questions have centered around their users’ folders – “How can my users get to THEIR content faster and with less clicks?”  The answer comes in the form of Favorite Folders in policyIQ 7.9.  Each user’s account will be able to mark any number of folders in the structure as favorites, and access them from a separate, smaller structure – making the process of accessing their relevant  content easier than ever.

With the addition of Field Rules and Calculations in policyIQ in version 7 releases, double checking the proper application of these properties is imperative – especially with several of each going on at once.  The Page Template preview window will now operate much like a “test page” of sorts – with Rules and Calculations each operating within the template preview window.  Historically, a user would need to create a few actual pages to test out the application of their rules/calculations.  This can now all be done in preview, requiring less steps to ensure your work has been added how you like.

Have a field on one template that you want to use on another?  Getting this set up has never been easier.  Fields can now be copied from one template to another with just a few flicks of the mouse!  Easier maintenance, and much faster work.

And finally, policyIQ will introduce a new HTML editor for long text field on pages and forms!  Complete with a new pasting option, the enhanced editor is a simpler and easier to work with HTML editor.  The new pasting option is specifically designed to aid users that copy content from Microsoft Word and paste directly into policyIQ HTML fields.  This copy feature is built with code that targets, reads, and aligns the formatting challenges that many web HTML editors face when having content from another program pasted into them.  Formatting is copied over to the editor with near perfect results, regardless of where the content comes from!

We also have developed several smaller additions that will help administrators clean up their sites, including a fast way to strip file attachments, copy pages and so much more!

There’s a lot to look forward to in policyIQ 7.9.  Please send us your questions, comments and you’ll be hearing from us very soon.

Lesson’s Learned from a Policy Management Software Implementation

Last week, the policyIQ team hosted our quarterly “Introduction to policyIQ” class–this one focused on a full scale policy management solution.  While many aspects of the presentation are typical of any policyIQ Solution, there are a few that lend themselves to the policy management world.

  • Importing of documentation – saves a ton of time and manual entry of policies.  All policies can be created and set up in an Excel spreadsheet, and importing into policyIQ in just minutes.  In addition to populating many of the content fields (policy owner, reference number, summary statement, etc.), many aspects of workflow, folder indexing, and security can dictated, as well.
  • Setup of policy sign-offs – automated email reminders and follow-up. Once the policy sign-offs have been issued out to your organization, it is a huge benefit to have policyIQ automate regular email follow-ups to users with sign-offs that have not been submitted.  Gone are the days of hunting down employees via email or phone calls – policyIQ does this for you!
  • Response filtering – find the important information quickly.  Sort through hundreds or even thousands of policy sign-off responses in seconds by looking for the outliers, and taking critical action on those items: follow-up, meetings or clarifications.

These, among many others, offer a some great benefits to checking out policyIQ for your Policy Management needs.  However, every organization’s needs are different – which makes policyIQ an ideal solution.  It’s easily configurable!  Let’s meet via the phone or webcast to discuss if policyIQ can be configured to meet your needs.

A recording of this demonstration is available here. 

To learn more about the complete policyIQ Policy Management solution, visit our website.

A complete solution – presented in a policyIQ CPE event!

As part of our ongoing quarterly CPE event for policyIQ, we are putting together something a bit different – and bigger – than normal!

Join us on Thursday, November 30, 2017 at 12pm Eastern Time for the one hour CPE event presented via the web, showcasing policyIQ’s abilities, features and processes for all of your Policy Management needs.  Hosting this session will be Chris Burd, policyIQ Managing Director, and Travis Whalen, policyIQ Product Manager.  Learn more about policyIQ’s solution possibilities here.

In this Introduction to policyIQ CPE session, participants will be able to (among other milestones):

  • See how to utilize the import utility to centralize previously disparate content
  • Secure documentation with read, write and edit access – and approval processes
  • Apply search and reporting features to quickly gather information that is critical to decision-making

Sign up for this training here, and learn more about how policyIQ can be an effective solution for your organization’s Policy Management needs.