It’s true! policyIQ is a misfit among typical software providers.

Have you been burned by a software provider?

Sheesh—who hasn’t?!

You worked for months (years for some), listening to promises from several different people who kept handing you off and never addressing your concerns. You found yourself with more time and money invested than you care to admit and you have grown to look at all software providers with skepticism (if not disgust).

Does this sound familiar?

I hear you. Your frustration was echoed by countless people that I spoke with at a national conference in March. Because a number of people felt compelled to share their horror stories about other providers with me, I got comfortable jumping quickly to the things that make us different than the typical software company:

  • All-in-one_BubblesRGP is NOT a software company! Integrity is at the core of our firm. We want to create great relationships and serve you so impressively that, when you need a consultant, you already know the quality that you can expect from us.
  • We don’t have a huge policyIQ booth at conferences and our software does not have the huge price-tag required to pay for that presence (policyIQ starts at <$5k/year).
  • We don’t sell multiple modules or products and aim to upsell you. policyIQ really does accommodate multiple business areas and needs in one affordable tool.
  • Our goal is to solve for your information, content, process, and workflow challenges across the Governance, Risk and Compliance (GRC) space, not to land a sale.
  • Your sales person does not make commission or hand you off to an implementation team that’s unaware of promises made during the sales process—we walk alongside you the whole way and help to tailor the implementation to your organization’s needs.
  • Our product does what we tell you it does (and we answer truthfully if you ask us about something we don’t do or plan to develop).
  • We have a support team that truly cares to give you excellent and timely service.

We think of our clients as part of our community with whom we will have a long partnership. We listen to your needs, plans, wishes and heartaches and work continuously to problem solve with you.

We’re proud to be a misfit among typical software providers.

pIQ_Misfit_smWe’re ready to prove it and to earn your trust.

We encourage you to take a peek at this introduction to policyIQ, and then reach out to us!  We’d be glad to schedule a personalized tour of policyIQ. Also, we invite you to kick the tires! Sign up for a 30-day trial, completely risk-free.

We look forward to working with you!

Which part of your SOX program do you want to improve this year? This list of resources will help.

Soup to nuts—or Risk Assessment to Review of Evidence, we are ready to help you make your 2016 Sarbanes Oxley compliance work more efficient than ever! You will notice that we have another post this month that talks about rolling forward last year’s SOX work to create the baseline for your 2016 work. Some of you might not want to repeat last year’s work. Maybe you didn’t use policyIQ last year or you’d like to make improvements on what was done in previous years and take advantage of all that policyIQ has to offer. We have some tips and tools to help you:

chart1

  • Risk Assessment – We previously shared a sample template with you that you might want to implement for 2016. If you already have your Financial Statement Risk Assessment complete, we can help you with your plan to import and tie the results of that assessment to relevant assertions and controls. Capturing the full cycle in one place will not only help your organization to be much more efficient, it will also save time and money when your external auditors are looking to connect.
  • PCAOB’s Auditing Standard No. 5 – Are you looking to make improvements to your process and work more efficiently this year? Check out this visual summary or watch the full recording of the webinar that walks through the application of AS5.
  • chart2Link related compliance elements and utilize various reports to monitor progress, analyze performance, and stay on top of your program. We have lots of ideas about SOX reporting. Check out you online Help manual and this post for some ideas.
  • Automate supporting processes – are you still using Word, Excel, and email to manage your 302 Certifications, Control Self Assessments and Narrative Reviews? One of the most frustrating parts of this work is having to inventory the responses and pester people to get their work done. You can literally perform the setup of these tasks one time and then consider it complete forever after using policyIQ’s Forms functionality to automate the inventory and reminders.
  • consultantsGrant External Auditors access to only that content which you want them to see! Have you done this yet? I recall being scolded by a client who told me that we don’t brag about this benefit enough. He felt that he could have saved a significant amount of time and money over the years and wished he had granted their external auditors access much sooner. It’s really easy to bring them into the fold and show them only what you want them to be able to review. Here’s how.
  • Evidence gathering – If you find that a lot of time is spent by auditors, managers—everyone—rounding up information, perhaps it is time to commit to one main holding place for your evidence. You can even use policyIQ to help automate and monitor the collection of evidence. We have some posts discussing what has been done in the past and we’ll be taking a fresh look at options surrounding the Evidence Collection effort in an upcoming training session—please join us!

E012649We hope that this list of resources is helpful to you or at least has you thinking about things that you’d like to manage more efficiently. We often work with people who feel like they just don’t have time to figure out how to save time! We get it. That’s what we’re here for! If you don’t have time to read posts and play around in policyIQ, but want to realize the benefits sooner than later, reach out to us and we’ll walk you through some simple adjustments that you can make to gain relief and command over your information right away!

Time and Expense Reporting – What do you need to know about your projects?

44827953_s
Copyright: pratyaksa / 123RF Stock Photo

policyIQ version 7.4 first introduced the Time and Expense reporting features.  Teams can now track projects and tasks, and enter the hours and dollars that are spent on any task.  Project managers can track their budget against actuals, and assign tasks to users.

After releasing 7.4, we listened to our clients’ feedback.  While the data around projects was being tracked, some questions about that information weren’t easily answered. With policyIQ version 7.5, the T&E tracking has been further enhanced with more reporting options to answer those questions.

Project progress details at your fingertips!

With these new reporting options, you can have progress details on your projects available at your fingertips.  Reporting options include…

  • Project Detail
  • Task Detail
  • Time/Expense Detail

By selecting the option that you want to focus on, you choose the level of detail that you’ll be drilling down into.  Time/Expense Detail report types, for example, will bring up results listing individual time or expense records that meet your filter criteria.

Take a quick look at some of these possible reports – and consider how YOU might benefit from managing projects in policyIQ!

  • All Open (Incomplete) Tasks related to Audit Testing
    • Task Detail Report Type
    • Filters would include:
      • Properties = Not Completed
      • Links to Templates = Audit Test
  • Budget vs Actuals Comparison of 2015 Projects
    • Project Detail Report Type
    • Filters would include:
      • Dates between 01/01/2015 – 12/31/2015 (or filtered by Category if categorized by year)
    • Columns would include:
      • Estimated Hours
      • Actual Hours
      • Estimated Cost
      • Actual Cost
  • My Hours So Far This Year
    • Time/Expense Detail Report
    • Filters would include:
      • Assigned To (Me)
      • Submitted after 01/01/2015

 

If you haven’t yet explored the Time and Expense features of policyIQ, drop us an email and we’d be happy to connect and discuss further!  Or join our upcoming policyIQ Q&A sessions via live webinar

Stop Costly Mining of Information for Each Audit

Many organizations have seen a shift in their SOX environment in recent years. SOX has become commoditized and leadership is concerned about buckling down on the level of work and on the cost of SOX. While many companies have reviewed, rationalized and streamlined their controls down to a more manageable level, focusing on testing only the key controls amounting to less than 150 in most cases, we still see that many have not entirely streamlined their management of the full cycle of analysis and documentation. Have you?

  • FinancialStatementsWho performs your Financial Statement Risk Assessment? Where is the documentation of that process and the conclusions regarding significant accounts and relevant assertions kept?
  • Have you plainly identified and documented your Financial Statement Risks and are you able to demonstrate which Controls are critical to their mitigation?
  • Of course, tests are being performed; but how are you tracking the evidence associated with those tests and does it seem that the process of defining and assigning audits is as efficient as it could be?
  • Do you have historical record of your audit findings, issues and methods of remediation? Can you easily review and determine the most cost effective approaches to remediation?
  • Can you pull up evidence of COSO coverage as simply as you can share your Risk-Control matrix?
  • Apart from the staples of SOX documentation, where do you document things such as considerations and assumptions for key decisions, exceptions or overrides?

Probably the most simple question yielding the most telling answer regarding whether your SOX program is as effective and efficient as it can be is this: do you perform and maintain all of this documentation in one system or is it someone’s responsibility to mine information and evidence for each external audit? piggybankIf each of these processes is happening in different mediums, stored in different repositories and managed with a wide range of workflows and procedures that are in place simply because “it’s always been that way”, then you have a significant opportunity to save time and money while more effectively managing your SOX program and, therefore, improving the bottom line of your company.

Of course, this message is for those organizations that have yet to bring automation and the power of a database to their SOX processes and documentation. Still, this message should not be lost on the many policyIQ clients who already experience how easily the collaboration of work, hand-offs, review and approval can be managed in policyIQ. We work with many companies who still have portions of their SOX cycle in various systems. Aside from the plain-to-see expense of paying for many different systems, there is cost associated with ongoing maintenance, training, and the time required to bring all of the information together and to relate the key components that paint the picture of an effective internal control environment.

Reach out to us and we’ll provide you with a free demonstration and configuration guidance on streamlining the various segments of your SOX program into one efficient and manageable cycle. We can schedule your configuration session within the week and have you up and running in the next 4-6 weeks! Talk to you soon!

Consider how technology can advance your ERM program

Our firm, RGP (Resources Global Professionals), has been on the road presenting in cities around the country on the “Keys to Success in Enterprise Risk Management”. We’ve had some terrific conversations with Risk, Finance, Legal, Compliance, Security and Audit professionals and facilitated conversations drawing from everyone’s experience to address the hurdles that different companies are facing. These exchanges and new partnerships are invaluable!

Among the keys to success, one that has been identified is the value that technology can bring to several phases throughout the ERM implementation process. If you’re a reader of the policyIQ blog or are a part of the RGP community, you have likely heard that policyIQ is often used for Risk and Compliance documentation, audit, policy management and related process automation. This includes Enterprise Risk Management!

Capturing the full ERM cycle of information in one place helps to ensure that everyone has easy access to the information—the ability to grab a pulse on various aspects of the program in real time from anywhere. This is also of chief importance to a successful program: keeping ERM accessible and an ongoing part of every strategic conversation.

To give some examples:

Questionnaires or surveys
policyIQ provides tools to make the administration of any collection of information more efficient. At your fingertips, you can see who you have heard from, who still has a questionnaire outstanding and you can automate the reminder to those with outstanding surveys or questionnaires.

With that, our tool is utilized to help organizations better understand their risk culture by gathering opinions from strategic members of the organization by conducting a survey—one that might even allow anonymous submission of responses to encourage the most candid feedback possible.

This same functionality is applied to gather an initial and to capture principals’ thoughts on the priority of risks.

Key Documentation and Support
It is critical that a solid ERM process include a number of discussions and agreements among the organization’s risk owners as a matter of course. What conclusions were drawn from the culture assessment? What risks bubbled up to be considered the most critical? What definition (thresholds in dollars, numbers, events, etc.) did you give to your rating of those critical risks? What are the parameters for acceptable (or unacceptable) risks that you use to define your organization’s risk appetite? And the agreed upon considerations or limits for risk tolerance?

Assess, Adapt, Monitor, Measure
In addition to providing a place to collect and gather all of the key pieces of information, policyIQ provides excellent reporting ability. You can zero in on a specific metric in cases where you have a concern and you can schedule delivery of information on a routine basis to aid in ongoing monitoring of performance.

Without a doubt, technology will help any organization to more effectively and efficiently manage their ERM program. We have presented some ideas in broad statements here. Contact us to see and discuss, in more detail, how policyIQ will help your organization to mature your ERM program to the next level.

Twitter-review of the 2015 GAM Highlights

The IIA put on another impressive General Audit Management (GAM) Conference again this year. Below is a quick twitter-review of some 2015 #IIAGAM highlights. Remember that RGP is a Professional Services Firm with expertise in:

  • Human Capital
  • Finance & Accounting
  • Information Management
  • Governance, Risk & Compliance
  • Supply Chain
  • Legal & Regulatory
  • Corporate Advisory & Restructuring
  • Strategic Communications

We are particularly strong in cross-functional support, listening, helping to identify the common threads and root issues, and guiding an organization with a team of experienced professionals who will walk alongside your employees and leave them more knowledgeable and ready to make progress and gains than before we arrived.

Reach out to us and we’ll connect you with an RGP representative in your area.

Now, on to the GAM highlights!

Lots of speakers addressed the more prominent role of Internal Audit in the heavy activity of Mergers and Acquisitions.

GAM_MandA

If they were not already making it a top priority, I’d bet 1,400 audit professionals attending GAM took the message back to their colleagues that they need to give cyber-security more attention

GAM_CyberSecurity

Of course, Risk Management continues to be a hot topic.

GAM_RiskManagement

Don’t underestimate the work involved in preparing to comply with the Revenue Recognition Accounting Standard.

RevRec

These were just a few of the key topics discussed at the GAM Conference this year. You can gather more information from the IIA website, Twitter and other social resources and, you can join the conversation next year! We’ll look forward to visiting with you at the RGP booth!

New Year, New RGP Training Sessions!

As the business world jumps into 2015, RGP has put together new training sessions to help everyone kick-off the new year!  Filled with experts from various practice areas, these sessions are sure to be insightful for a variety of business needs.

Improving Organizational Performance with Supply Chain Policies and Procedures: January 21

RGP’s supply chain  experts Kevin Deely and Margaret Robinson will lead a look at how companies are revisiting their supply chain policies and procedures. They will review how industries such as the Oil & Gas industry have moved to shore up their supply chain and procurement organizations to ensure consistent application of best practices.

Financial Reporting Update and The Year Ahead – The Outlook for 2015: January 29

Join RGP’s Shauna Watson for insight on financial reporting, accounting review and analysis-including the latest FASB pronouncements, and SEC and PCAOB standard settings. This session will provide you with what you need to know to comply with these changes and help you to stay a step ahead.

Data Governance & Revenue Recognition: February 12

Global MD of Finance & Accounting Rebecca Sneval will be on hand with RGP’s Shauna Watson to discuss the new Revenue Recognition standards and their impact on data governance.  How are companies expected to meet this new challenge?  This session will provide the answers, and help you and your company meet these requirements.

 

Each of these RGP Training Sessions have 1 CPE credit available for your participation. So don’t wait any longer…sign up today!