What comes to mind when you hear “digital evidence”?

Who cares?

I mean, who actually has to care about digital evidence? Consider the audiences or different roles of people who need to produce or rely on digital evidence: management and business unit leaders; auditors; information management, technology, compliance, and security professionals; and the officers of your organization. We are producing unstructured data, much of it valuable, at a breakneck pace. Do you know who your producers of quality digital evidence are?

When I hear digital evidence, I think of the artifacts that may be considered digital evidence such as raw data, reports, signed documents, test results, specifications, and performance receipts. Documentation of activities that provide assurance, including procedures, work instructions, training sessions and materials, and attestations are also critical. Have you identified which practices and assurances are closest to your significant accounts, risks, and controls?

How do we wrap our arms around digital evidence?

There are systems and practices that provide the bookends for ensuring relevant and reliable results contributing to digital evidence such as systematic management and monitoring of workflow, milestones, deadlines, analyses, and remediations. Digital evidence also relies on the trail of bread crumbs that show who touched what and when including the audit trail of changes, versions, handoffs, and approvals. Without a central portal or system in place, it is plain to see, we cannot reliably manage digital evidence.

Are you taking advantage of all that policyIQ has to offer in these areas?

Alerts, dashboard notifications, and email generated systematically by RGP’s policyIQ helps employees know when work is required of them. The taxonomy of the digital content is configurable and can be subject to the information governance preferences of your organization with appropriate read, write, and approve rights established during initial configuration. policyIQ can provide an enforceable framework to manage contributions, the complete capture, monitoring, and reporting on critical documentation and evidence.

If your opportunity has more to do with the quality of your existing evidence or the need for corroborating evidence, RGP’s subject matter experts can help to assess your need and to fill any gaps identified. Right now—whether related to technology, process, quality, or completeness—make a note of some of those gaps or pain points that just crossed your mind. And then reach out to us: Information@policyIQ.com; 412-263-3330.

5 Simple Steps to GRC Technology Implementation

Whether for IT Security Compliance, Enterprise-wide Policy Management, Contract and Lease Administration, your organization’s GRC or Audit program, policyIQ can be up and running in 5 simple steps. Read on for more information and contact us to automate your initiative in Q1!

Step 1: Configuration
A policyIQ expert will assist you and/or your RGP Consultant to customize the design of the user interface in policyIQ for input of data, navigation, reporting, content and user security based on your input and feedback. Of course, we do not progress to step 2 until you, the client, approve of the configuration.

Step 2: Prepare data
RGP Consultant requests data from your team or organization, then scrubs provided data to help ensure completeness and accuracy. You give approval regarding the condition of the data before progressing to step 3.

5 Simple Steps to Go-Time!

Step 3: Populate
RGP Consultant populates approved data (import or authoring, depending on your needs) and subsequently validates the completeness of what is in the system to the approved data. The RGP Consultant will provide you with a walkthrough of your site and data for feedback and your approval.

Step 4: Refine (Reports, Dashboard, Planning for roll-out/training)
RGP Consultant demonstrates the policyIQ user interface using the populated data. You provide a live example of a transaction, and with your RGP Consultant’s side-by-side help, you drive the live example from input to reporting. Any additional configuration items identified during this process will be considered for further customization. You give the green light when you’re ready to go-live.

Step 5: Go live and train
Often there are a handful of “power users” who are expected to regularly participate in the process that is being automated using policyIQ. The RGP Consultant sits side-by-side with your power users, individually or as a group, to train on use of the software. Your power users will be directed to policyIQ’s written and recorded materials that you can leverage for your personalized procedural guide. Your RGP Consultant and the policyIQ support team are available onsite or remotely for any questions.

Our methodology your yours?
What initiatives or processes are you looking to digitize and manage more efficiently in 2019? Hit the ground running with RGP’s subject matter experts implementing our proven methodology in our technology or we can support your team to implement your methodology. What kind of support do you need? Contact us, information@policyIQ.com, and we’ll help you to get the ball rolling!

7 Features to Boost Efficiency in Your Daily Work

In case you were out enjoying your summer and missed announcements on the latest policyIQ release, we’re here to share the highlights! The theme of policyIQ’s version 7.9 is Convenience. We rolled out 7 features that help to boost efficiency in the flow of your daily work.

  1. Navigation continues to get easier and faster! Save time by leveraging “Favorite Folders” to lift your critical work to the top of the list.
  2. Is yours one of the organizations that uses policyIQ primarily for Account Reconciliations, 302 Certifications, or Policy Sign-offs? Perhaps you’d like to have Form Management as your top navigation option? Site Administrators, you can highlight your prioritized activities that your organization engages in most by reordering items in the left navigation pane.
  3. Paste content into policyIQ from a range of other document and file types and retain your formatting with this upgraded HTML/Rich Text Editor.
  4. Perform calculations on multiple figures originating in related content (Calculated Linked Fields). This allows you to perform activities like determining cumulative risk calculations and arriving at the sum of Standalone Selling Prices for each Performance Obligation linked to the contract.  The flexibility of policyIQ to provide more custom solutions for a wide range of business initiatives just got a boost with this feature!
  5. Approvers – we’re thinking of you.
    1. Some people rely on email to keep them apprised when their attention is needed and others loathe the ever-growing number of items in their inbox. Now, policyIQ lets you decide which approvers in the approval string will be automatically notified via email when items have been submitted for their review.
    2. Prior to this release, an individual could only occupy one step in the approval process. It was not historically possible to approve, pass the content to other approvers, and then bring it back around for final approval. If a process requires the same person to step in multiple times, policyIQ now supports that process.
  6. Rolling forward just got easier! If your organization likes to leverage the previous period’s tests rather than starting from blank templates, you can accomplish roll forward in fewer steps with the ability to Remove Attachments in Bulk.
  7. Take advantage of the flexibility of policyIQ! Changes in process, regulation, org structure, or responsibilities might lead to the need for adjustments to solutions and templates. Solution designers (policyIQ administrators) will be happy to learn that it is now possible to copy fields from one template to another, making it easier to leverage the work of previous solutions for new or improved solutions.

Would you like some help taking advantage of features that were rolled out after your original configuration (from this summer’s release or past releases)? Contact us and we’ll be happy to walk you through the steps!

Have you automated your Narrative reviews?

Are you paying employees to inventory email responses or spend hours in update meetings to accomplish tasks that can be automated? With the application of policyIQ forms, your employees can take back time that was spent on tedious tasks and focus on work that matters.

If your team is still using Word, Excel, and email to manage 302 CertificationsControl Self Assessments and Narrative Reviews, they are engaging in the frustrating task of having to inventory the responses from their inbox and then babysit and pester people to complete their work. As responses do arrive, they evaluate who they’ve heard from, who hasn’t responded, and evaluate whether/which follow-up activities are warranted. They are likely also having to pull together routine assessments regarding the status of responses to share with management and others.

Before anyone invests another minute on the effort of pulling together the Narrative Reviews for next quarter, contact us to help your team realize these benefits right away:

  • Simplified roll-out of questions/certifications each quarter
  • Easy access to real-time information for monitoring of status
  • Automation of reminders going out to outstanding respondents
  • Automated compiling of results
  • Effortless reporting for management

There are lots of products out there that will set you back $50-$500k annually that promise efficiency gains in your compliance processes. For a fraction of that cost, we’ll deliver on that promise in a matter of weeks—not months or years. Work smarter. Spend smarter. Contact us today to schedule your configuration session. 

Who wants to avoid redundant effort and rework?

RGP consultant, Jason Chiang, recently wrote:

Jason Chiang
Expert in risk management and audit

“A narrative provides mid-level detail of the transactions and internal controls within a business process and includes who, how frequent, and in what location the transactions and controls are being performed…

…Narratives should be updated as changes are implemented in the organization. The updates should follow a workflow where there is a review process for significant changes.”

For many clients, automating the process of updating compliance documentation is a critical but often overlooked part of their practices. Each year, various aspects of controls may change, such as steps of the control procedure, the control description, or control ownership.  As these critical bits of information are updated, it is important, as Mr. Chiang stated, that the associated narrative pages are also updated to reflect the latest information.

Who wants to avoid redundant effort and rework?!

If you haven’t already implemented policyIQ or you have policyIQ and you haven’t taken advantage of this feature, this is a good time to tune in and make a note: policyIQ has a “linked field” option that allows you to update control language (or other documentation) in one place and present the updated language in related documents—here’s the key: without redundant effort or rework!

Displaying all related Controls in the Narrative is probably the most common request, but you can also display Risk language in Controls, Control language in Tests, and the contract review conclusions in a management summary page, among a seemingly infinite number of options! No more hunting down related documents to make small tweaks–it’s already done!

To learn more about how reduce redundant effort and rework, contact our team at Support@policyIQ.com.

Community Credit Unions Need policyIQ

We’ve talked a lot about the breadth of industries that are served by policyIQ, and the diversity of our users.  When it comes to who can benefit from policyIQ, we have yet to find an organization for which we have no value to add.  We also recognize that some industries and niches need our product more than others, and community credit unions are a perfect fit.

Community Credit Unions Need policyIQcreditunion

While financial regulations can be intense and difficult to navigate, community credit unions need compliance technology that is simple and easy to use.

  • Fast and easy setup
  • Simple navigation, with little user training required
  • Flexibility that allows a single technology to be used for many needs
  • Incredibly low cost for small teams
  • Dedicated user support team committed to exceptional service

Are you exploring compliance technology for your organization?  Find out how policyIQ meets your needs by contacting us today!

Policies Provide Foundation through Changing Regulatory Environment

Regulatory environments are constantly changing, influenced by economic, political and environmental factors beyond your company’s control.  It might seem like a daily battle to deal with the push and pull of complying with changing regulations.  So how do you stay focused, prepared and sane in the world of regulatory compliance?

One critical step is to ensure that you have well documented, well communicated and well understood corporate policies.  

Policies provide the foundation, governing the way in which your employees will work and how they will meet new regulatory requirements.  When the foundation is strong, with clear policies that are followed and enforced consistently, additional external expectations and requirements are much easier to incorporate.  

Here are just a few best practices to consider:

  1. Ensure that policies are written clearly.  Avoid company jargon or acronyms that may be unclear to new employees or external regulators.

  2. Make policies easily accessible to all employees.  If you are already using policyIQ, ensure that a policyIQ link is posted or communicated regularly.

  3. Clarify whether any exceptions might be approved to the policy, and communicate the process for approval for exceptions.  If it is not clear, employees may be more likely to decide it will be easier to ask for forgiveness than permission.

  4. Document how policy violations will be addressed or how policies will be enforced.

  5. Revisit, review and revised policies regularly.  Do not allow policies to become outdated or appear to be outdated.  Even if no changes are made, regularly note that content has been reviewed, so that employees

  6. Map policies to your regulatory requirements or other compliance programs.  As regulations change, you can more easily identify any changes that must be made in your policies to address those changes.  

What other best practices would you highlight for a clear corporate policy platform?  Add yours in the comments and share ideas! Learn more about how to utilize policyIQ’s various read-only options by checking out a recent blog post by policyIQ Product Manager, Travis Whalen.

RGP engaged with audit professionals in Orlando


The policyIQ team joined our RGP colleagues at the Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, Florida on March 20th-22nd. Once again, this was a great event packed with learning and networking opportunities!

Representatives from RGP included:

The conference was attended by more than a thousand audit professionals and we were only able to speak to about 200 of them. If we didn’t get to have a conversation with you, here’s what might have transpired had we connected:


The conference sessions inspired some great discussions!

We carried on the conversations started by the keynote speakers and others. We talked about the hats that auditors are asked to wear, the importance of the internal audit function and profession, and the value of independence, maintaining integrity and having the courage to do the right thing against, sometimes, great personal risk. With integrity being among the core values at RGP and 20+ years’ experience serving as a professional services firm in this field, we are charged by discussions in this vein and by the opportunity to encourage our clients and peers in the audit profession.

We talked about how the times have changed. Once upon a time, we recognized that not all companies were performing regular risk assessments and we were encouraging them to get started with annual risk assessments. In the last few years, we see that the demands of business, technology, competition, culture and so many more are requiring companies to be more nimble and to both assess and respond to risk on a continuous basis. We participated in discussions around what it takes to be prepared and resilient in these times and how RGP’s Data Solutions practice can help companies to better collect, manage, secure and leverage their data.

Cyber security was a hot topic again this year! We discussed the struggles that some companies experience in identifying and developing the necessary expertise to address the present and growing need to address cyber security. We heard that companies are looking across various functions to address their security concerns. RGP’s maturity in integrated solutions, leveraging expertise across information security, audit, data solutions, process improvement (and more) allows us to be responsive, provide a high quality service and to tailor comprehensive solutions to each client’s needs.


We shared our story…how RGP and policyIQ stand out from the pack.

Another theme in our conversations with other professionals at GAM: how RGP is different. There’s certainly no shortage of consulting firms and technology providers at these things, right? The vendor hall can be a little bit intimidating for the introverts among us. At the RGP booth and throughout the conference, we worked to jump quickly to how we at RGP and our GRC Technology are different from most others.

Our consultants have 10-20 years’ experience. They are true subject matter experts who can lead your initiative or project and work alongside your team with valuable knowledge to share and teach. Rather than the checklist approach, our consultants build tailored solutions and collaborative partnerships. Remember the mention of integrity being a core value? We have a track record of long-term, trusted partnerships, evidenced by a 100% retention rate of our top 50 clients.

RGP also has 70+ offices around the globe—these are our offices, not affiliates. This means our people, our culture, and our standards; therefore, we deliver consistently high quality results worldwide.

And our GRC technology, policyIQ, packs a powerful punch in a nimble and affordable, centrally accessible platform. We serve companies from risk assessment through compliance initiatives, testing, reporting of findings and remediation like many other enterprise GRC tools. We also provide solutions for ASC 606 contract review, lease data capture, contract administration, policy management, automation of evidence request and collection, 302 certifications, legal and data room, support for integration with mergers and acquisitions, account reconciliation management and many more ALL IN ONE TOOL. It’s a matter of security configuration (part of the information governance planning that we guide you through as a matter of course at no additional charge). People find it amazing that they can do so much in one easy to use tool.

What’s more, a solution or initiative can be implemented in policyIQ in 4-6 weeks—not months or years, like most other products. And policyIQ is so easy to setup and use that NO IT RESOURCES ARE REQUIRED. We like to include and engage IT in the early conversations because a company can better leverage policyIQ for various departments and initiatives when the IT department includes it among their suite of solutions for their stakeholders. (Pssst—it saves time and money for IT departments, too!)


Next year, we’re going to have the biggest booth and the loudest parties!

Just kidding. You know, I often start off feeling a little bit small at these huge conferences. We don’t have the biggest booth or the most extravagant events to woo attendees to come and visit with us. (Although we heard from a bunch of folks that we did have the best swag this year with our super cool phone charger pens.)

Still, every year, I leave energized!

We deliver excellence! We have amazing clients and valuable partnerships and we build on them every year. I don’t have to feel pressure to be bigger and flashier to land sales. The truth of who we are and what we have to offer at RGP holds tremendous value, builds solid relationships and is a great story to share.

If we didn’t get to shake hands at GAM or elsewhere, yet, and you’d like to hear the good news first-hand, please reach out to any of us. We’d love to buy you a cup of coffee and learn about your business issues that we’ll help to remedy.

 

 

ASC 606, can your contract review tool do this?

Spreadsheets, email, shared network drives…

…this is where most of our critical work starts! With the deadline to comply with the Revenue Recognition Standard now in our sights, many of your corporate accounting peers have met the harsh reality that these commonly used tools are not meeting their contract review needs. Disconnected spreadsheets do not keep their reviewers in-step with each other’s developments. They are habitually shared via insecure channels and we often find, even with the best of intensions and development, breakfreelists, formulas, and formatting within a spreadsheet can be compromised resulting in an unreliable tool. Aggregation of data for analysis and consolidation of conclusions for management review are nearly impossible feats with dozens (or, certainly, thousands) of manual spreadsheets.

For those of you who are relatively new to the policyIQ community, you might not have heard that policyIQ has been a constant in the RGP toolbox, serving to solve our clients’ problems for nearly 15 years.  We don’t make commission on software sales and are not incentivized to upsell you or to sell you a new tool or module. In fact, we work hard to make it possible to serve all areas of your business within one platform—we don’t have extra modules to sell you!

The flexibility of policyIQ to be easily customized for various initiatives has made it possible for our clients to hit the ground running in applying our web-based technology to their pressing Revenue Recognition needs.

A company may utilize policyIQ for the full contract cycle or simply as a contract repository, centralizing access and simplifying assignment of contracts to reviewers for ASC 606 analysis. In addition to guiding the reviewer through the 5 Steps outlined in ASC 606 required for each detailed review of contracts that are in scope, policyIQ also provides a place to document evidence of the reviewer’s considerations and tools to leverage that information for necessary analysis. Key conclusions from each step are automatically pulled out into a summary. Reviewers add final notes to the summary and systematically route all related content for review and approval, as desired and customized for each client.

piq_benefitsforrevrecThe ability to report on results of contract reviews in aggregate gives way to analyses not possible in spreadsheets. Look across all Performance Obligations by Revenue Stream, Geography, Business Division, Over Time vs Point in Time, Sales Channel, or Reviewer, for example. Reports also aid in the management of contract reviews—in the assessment phase and with ongoing reviews. Report on issues as they are being identified, assignment of contract reviews, progress of reviews, and impact of the standard on various divisions or revenue streams. Use reports to easily identify those contracts that warrant follow-up action.

plansforleasesWe delivered many new features in 2016 and some were developed specifically to sharpen the Revenue Recognition solution. We are wrapping up another release for spring and have an impressive road map that will go into development while the spring release is undergoing formal testing. And did you hear that upgrades are included free-of-charge?

We’re here to serve and grow with you.

Can you say that about your Revenue Recognition tool? Reach out to schedule a tour of policyIQ’s capabilities for ASC 606, compliance, audit, policy management or your other pressing information management needs!