New policyIQ Solution: Detailed Contract Review for Rev Rec

Is your project for bringing your company into compliance with the Revenue Recognition Standard underway?

rr-headlines

With the January 2018 effective date fast approaching, organizations (public, private, and non-profit) are pressed to come up with a plan to review each of their agreements, and for each one that is in scope, to work through each of these five steps:

5-steps

RGP’s Revenue Recognition subject matter experts (SME) have developed an approach that effectively addresses all steps of the complex standard. And, again, RGP has gone the extra distance to develop a technology solution that will help you to tackle this effort. Beyond the repository for contracts and the secure data room for document review and project management, policyIQ now has a solution to both simplify and standardize detailed contract reviews while providing oversight, progress reporting, visibility for management review, and evidence for external auditors.

policyiq-rr-solution

If you haven’t yet defined your approach for assessing your organization’s contracts and setting a course for compliance with ASC 606 by the deadline, don’t worry. We have a complete, cost effective solution and we’re ready to help you make up some ground. Contact us for more information.

Guidance for Streamlining Audits by Granting Access to External Auditors

Each year we notice more and more policyIQ clients are engaging their external auditors to perform their audits electronically using policyIQ. Earlier this year, we shared how data from policyIQ could be extracted to share it with external auditors. Many organizations find it helpful to give auditors direct access to policyIQ so that they can use the functionality of policyIQ to locate documentation.

Tips for Granting External Auditors Access to policyIQ

If it’s been some time since you implemented or expanded your use of policyIQ, you might have forgotten how to set things up so that new users have appropriate access to content. Here are the critical steps for granting viewing rights to appropriate content to your external auditors:

1. Add Group for External Auditors – policyIQ sites included a group for External Auditors by default, so you might start by locating the group in your structure. If it has been deleted, it is simple to drill down to the position in your Groups and Users structure where you would like to add the group and choose Add > New Group from the table toolbar. Going forward, rather than adding any individual auditors to view Pages, you will only have to manage the users added to this group—this will simplify maintenance.

2. Add Group as Viewers on Pages – Remember that Pages are the root of security in your policyIQ site. The easiest way to grant your new External Auditors group viewing rights to your Pages is to create a report that will pull back all relevant Pages and use the reporting toolbar options to make the change in bulk.

Bulk Report Change

3. Verify Folder Security is Properly Set – Many companies have chosen to allow policyIQ Folders to be visible to all users. If the security of your policyIQ Folders has been restricted to viewing by only specific groups, then you will want to ensure that the External Auditors Group that you added is also among the Viewers of your Folders.

Folder Security

Remember that Page security trumps Folder security. Removing Viewers from a Folder will only make the appearance of the Folder in the left navigation disappear from the Viewers—Search and Report results will still return all Pages upon which any users have been granted rights as Viewers.

4. Ensure Pages are Published – Note that Viewers on Pages are only able to see those Pages once the Pages are Published. Your team can comfortably continue performing their work and updating content knowing that it is only visible to those with appropriate security access rights (Administrators and Editors of the Page and anyone with Global Permissions to view Pages in the site—such as your Site Administrators). When you’re ready to share with your external auditors and any other Viewers of the Pages, be sure to Publish the Pages.

A Bonus Tip Regarding User Profiles

If you are unsure of which type of Access to grant your External Auditors, here’s a reminder of some characteristics of each profile that might be helpful to you:

Read Only Users – These accounts can be shared and are always free. Read-only users do not have access to Advanced Search or Reports. They must use the Folder Structure or Search capability to locate content.

Standard Users – There is a small fee for Standard Users (contact us to look at your agreement). These users will have access to Advanced Search—the option in the left navigation that is a slimmed down version of Reports. It allows users to create a list of Pages narrowed down by any number of Filters.

Advanced Users – There is a fee for Advanced Users (contact us to look at your agreement). Advanced Users have access to both Advanced Search and the Reports module. This is the type of account that can utilize Reports such as a Risk-Control-Test Matrix (a Detail Link Report) to view and analyze content.

If you have any questions about granting access to your External Auditors, contact us at support@policyIQ.com and we’ll get you started right away!

 

Let us help you implement the COSO 2013 structure in policyIQ in under an hour!

If you have not already implemented policyIQ to more efficiently work through your transition to COSO’s 2013 Internal Control – Integrated Framework, we can help you to get started!  Companies with a calendar year-end are rushing to map their controls and address gaps with appropriate controls so that they are ready for testing in Q4.

Have policyIQ COSO-Ready in Under an Hour

The adjustments to your policyIQ site and import of the COSO Principles and Points of Focus can all be completed in under an hour and in these four steps:

4 Steps to policyIQ COSO Readiness_blog
NOTE: We have pre-populated spreadsheets that we are happy to share with you. Or, if you prefer, our policyIQ Support team can complete the entire COSO setup and import for you. Contact us for more information: Support@policyIQ.com.

Mapping, Analysis, Rationalization and Evidence

Now you are ready to begin the COSO mapping process. You may run a report of your Controls and link each one to the appropriate Principle or Point of Focus. You may already be aware that companies following the COSO Framework must demonstrate that all 17 COSO Principles are “Present” and “Functioning”. The Points of Focus, while not required, are uploaded and included in the mapping process by many companies, as they provide added assurance and justification for your control mapping decisions.

Once all of your Controls (typically Entity Level Controls) are properly mapped, you can use policyIQ’s Detail Link Report to see a view of all Principles, linked Points of Focus and Linked Controls. This report provides an excellent foundation for Gap Analysis and for Control Rationalization. It also can serve as evidence of coverage for your external auditors.

Let us connect you with the experts!

If you find that your team is struggling to find time, resources or the necessary subject matter expertise for your COSO Transition Project, contact us and we’ll align you with a subject matter expert who can help you in the areas where you need it most (from the initial setup, mapping, gap analysis, establishment of new controls—or documentation of controls that have, to this point, been less formal—to control rationalization and testing).

Contact us today—for your free copies of the import spreadsheets, to request the import to be completed by our support team or to learn more about working with one of our subject matter experts!

 

Save Time and Money with HTML Extracts for your External Auditors!

CDHow many hours do your external auditors spend gathering, scanning or saving documentation while completing their audit work?  How much is that costing you?  Did you know that for a small service charge, you can provide your auditors with an electronic copy of all of your SOX or compliance documentation, including all of the attached evidence, workpapers and files?  Your external auditors can have all of the documentation packaged and ready to go – requiring no hours of searching or downloading.

Will the external auditors be able to find what they are looking for?

The extract of your data into HTML format is organized into folders, just like your policyIQ application.  Your folder structure is replicated in the HTML extract.  Here’s an example – pulled from our training site – of the HTML extract on a local hard drive:

HTMLExtract_Folders

Every individual page in policyIQ becomes its own .html file.  Any supporting documentation is linked to the page – but also stored in a separate folder called “_SupportingFiles”.

HTMLExtractPage

While there are no reporting capabilities within the extract, your external auditors can certainly use this file as their backup and retained copy, with access to your production site providing them with the full host of features to create reports to analyze results.

A few tips to make extracts function optimally

When extracting pages into a Windows friendly folder structure, there are a few tips that could make this run more smoothly.

1. We need to zip the folder and files to allow us to provide it to you on CD / DVD.  We currently suggest that you use WinZip version 16.5 or higher to extract the files.  (A 30 day free trial is available from http://www.winzip.com.)  Other extraction tools may not be able to extract the complete hierarchy of folders.

2. File names have a character limit – and policyIQ allows a much longer character limit on page names.  If you know that you want to utilize the HTML extract option regularly, consider a page naming convention that is simple and brief.  (The policyIQ team has, in the past, encouraged utilizing the full 300 characters for page names.  We now realize that in many circumstances, this can be inconvenient.)

3. Index all of your pages into folders!  Sometimes we find that organizations link pages together and can easily access content from reports, but not all of the pages are added to folders.  Any page that is not indexed into a folder will appear in one “UnindexedPages” area in the extract, making it more difficult to find it.

Are you interested in receiving an HTML extract?  Contact us for more information on timing and pricing!