Fierce Competitors are Built on Strong Core Processes

If your goal is to be a fierce competitor and to protect and defend your organization against the never-ending barrage of risks and change, a great place to start is by strengthening your core processes.

Policy management is the backbone of successful and sustainable organizations.

What do you think of when you think of policies? Does your Human Resources department manage a set of company policies that you have to attest to annually? Maybe you recognize the fact that your organization has a password policy and a policy regarding the use of social media on company equipment and company time.

In our recent webinar with guest presenter Michael Rasmussen, we heard a whole host of examples and reasons why organizations should be concerned with policies. If, up until now, you have not been particularly concerned about the value of your organization’s policies, you might want to lean in and peruse these notes from the Blueprint for Effective Policy Development and Management session:

Raise your hand if you are aware of where to find your organization’s index of official policies representing all areas of your business. Mr. Rasmussen asked a similar question of his audience at a recent conference and just 2% of attendees acknowledged awareness of an index maintained at the enterprise level of the organization’s policies.

Only a very small number of organizations see policies as the critical documents that they are. Mr. Rasmussen noted that policies are often not given proper attention and are strewn about in various systems, websites, shared drives and so on. Employees don’t know where to go to find documents or whether the document they found holds the latest version of the policy. In our session, Rasmussen emphasized why employees and leaders should value policies and highlighted some examples of how policies are at the core of every organization’s critical work:

  • Policies are GOVERNANCE documents.
    • Policies are critical documents.
    • They help to set boundaries to reliably achieve objectives
    • Policies ensure consistent business behavior and transactions.
  • Policies are RISK documents.
    • The existence of each policy was preceded by the identification of a risk!
    • Still, many business leaders do not think of risks when they think of policies and many do not tie organization policies to risks.
    • Policies help to identify risks and control risks within certain boundaries.
  • Policies are COMPLIANCE documents.
    • Policies help us to act with integrity as it relates to
      • Regulatory requirements
      • Contract obligations
      • Code of conduct
      • Values and Ethics
      • Corporate social responsibility
      • And so much more

Policies are at the core of all Governance, Risk, and Compliance work.
If the advantages of effective policy development and management are not compelling enough to motivate your leaders to establish policies throughout the organization, this regulatory environment might force the issue. An evidence trail is critical in today’s regulatory environment. Policy management requires a complete system of record and an audit trail.

policyIQ provides company and division leaders with a highly adaptable technology for managing the full range of policy, compliance, and audit needs in one cost-effective platform scalable from specific regulatory environments and department functions to division business units and at the enterprise level. Maintaining a clear and defensible audit trail is paramount to the service and benefit provided by our GRC technology.

In part I of the policy management educational series hosted by RGP’s policyIQ team, Michael Rasmussen highlighted the considerations that are critical for development of a policy management strategy, the roles that contribute to policy management, and he drilled deep into the effective policy management lifecycle.

In part II, Michael will concentrate on the second half of the effective policy management lifecycle. The attendees of our first session gave rave reviews of the presentation. Be sure to register for Part II: Engage the Front Lines Through Effective Policy Communication.

We also encourage you to peruse upcoming events hosted by the policyIQ team. This audience, in particular, might be interested in our Introduction to policyIQ session that is delivered quarterly and demonstrates how organizations leverage policyIQ to establish consistent documentation templates, prescribe workflow and approval processes, communicate and distribute policies, monitor and enforce compliance with policies, and to establish a maintenance process for your critical documentation.

Click here to register for the sessions that interest you and we invite you to reach out to us (information@policyIQ.com or 866.753.1231) with questions about effective policy management, policyIQ (our governance, risk, and compliance technology), or if you could use the support and expertise of a RGP professional to help get your program off the ground.

We look forward to seeing you in future sessions!

A Remedy for Decentralized Audit Approaches

Is your organization still struggling with manual audit processes? Do you have audit projects, past audits, and workpapers strewn about in various shared network folders (or worse, on various hard drives)? Do your auditors have to rely on email to collaborate and share documents? How about your naming convention—has your audit group standardized the way that documentation is labeled to help you to keep the information organized and easy to reference? Speaking of standardization, have audit processes been standardized across the organization or does each location or division manage their own audit program? And what would you say about your review and approval process? Is it clearly mapped, followed, and approvals communicated? Are audit findings routinely rolled up and reported?

RGP’s policyIQ addresses each of these challenges so that you can realize more effective and efficient management of your organization’s audit function. Leverage predefined Templates, Folders, Workflow, Reports, and Audit Trail for your compliance, audit, or policy management documentation. It is also simple to customize the structure to accommodate ongoing changes or characteristics that are unique to your organization, program, or team.

Configuration adjustments are at your fingertips. You do not have to reach out to a support desk or technical team to add templates for specialized workpapers, IPEs (Information Provided by Entity), or for your PBC (Provided by Client) process. Adjustments can be made directly by users authorized in your organization. If you haven’t yet incorporated those templates into the flow of your work and want some help getting them set up, we do have support and configuration specialists who are happy to walk you through the setup of your custom program.

We expect all of RGP’s policyIQ audit clients to be enjoying these benefits in your audit program:

  • Consistent enterprise-wide audit process
  • Centralized access to workpapers and IPEs
  • Simplified administration of PBCs and audit process
  • Ability to easily locate and leverage audit templates/projects and previous audits
  • Streamlined communication among management, auditors (internal and external), and approvers
  • Real-time monitoring capability and status reporting
  • Simplified management and audit committee reporting

We’re ready to help you reach your goals!

Whether you are an existing policyIQ user or a new one, we want to help you to improve and automate your audit program. Perhaps you are new to the administration of your site or you are not sure how to make adjustments to the configuration of your site’s templates or structure. Reach out to us and we’ll be happy to help you get started or to optimize your implementation. Support@policyIQ.com.

7 Features to Boost Efficiency in Your Daily Work

In case you were out enjoying your summer and missed announcements on the latest policyIQ release, we’re here to share the highlights! The theme of policyIQ’s version 7.9 is Convenience. We rolled out 7 features that help to boost efficiency in the flow of your daily work.

  1. Navigation continues to get easier and faster! Save time by leveraging “Favorite Folders” to lift your critical work to the top of the list.
  2. Is yours one of the organizations that uses policyIQ primarily for Account Reconciliations, 302 Certifications, or Policy Sign-offs? Perhaps you’d like to have Form Management as your top navigation option? Site Administrators, you can highlight your prioritized activities that your organization engages in most by reordering items in the left navigation pane.
  3. Paste content into policyIQ from a range of other document and file types and retain your formatting with this upgraded HTML/Rich Text Editor.
  4. Perform calculations on multiple figures originating in related content (Calculated Linked Fields). This allows you to perform activities like determining cumulative risk calculations and arriving at the sum of Standalone Selling Prices for each Performance Obligation linked to the contract.  The flexibility of policyIQ to provide more custom solutions for a wide range of business initiatives just got a boost with this feature!
  5. Approvers – we’re thinking of you.
    1. Some people rely on email to keep them apprised when their attention is needed and others loathe the ever-growing number of items in their inbox. Now, policyIQ lets you decide which approvers in the approval string will be automatically notified via email when items have been submitted for their review.
    2. Prior to this release, an individual could only occupy one step in the approval process. It was not historically possible to approve, pass the content to other approvers, and then bring it back around for final approval. If a process requires the same person to step in multiple times, policyIQ now supports that process.
  6. Rolling forward just got easier! If your organization likes to leverage the previous period’s tests rather than starting from blank templates, you can accomplish roll forward in fewer steps with the ability to Remove Attachments in Bulk.
  7. Take advantage of the flexibility of policyIQ! Changes in process, regulation, org structure, or responsibilities might lead to the need for adjustments to solutions and templates. Solution designers (policyIQ administrators) will be happy to learn that it is now possible to copy fields from one template to another, making it easier to leverage the work of previous solutions for new or improved solutions.

Would you like some help taking advantage of features that were rolled out after your original configuration (from this summer’s release or past releases)? Contact us and we’ll be happy to walk you through the steps!

Have you automated your Narrative reviews?

Are you paying employees to inventory email responses or spend hours in update meetings to accomplish tasks that can be automated? With the application of policyIQ forms, your employees can take back time that was spent on tedious tasks and focus on work that matters.

If your team is still using Word, Excel, and email to manage 302 CertificationsControl Self Assessments and Narrative Reviews, they are engaging in the frustrating task of having to inventory the responses from their inbox and then babysit and pester people to complete their work. As responses do arrive, they evaluate who they’ve heard from, who hasn’t responded, and evaluate whether/which follow-up activities are warranted. They are likely also having to pull together routine assessments regarding the status of responses to share with management and others.

Before anyone invests another minute on the effort of pulling together the Narrative Reviews for next quarter, contact us to help your team realize these benefits right away:

  • Simplified roll-out of questions/certifications each quarter
  • Easy access to real-time information for monitoring of status
  • Automation of reminders going out to outstanding respondents
  • Automated compiling of results
  • Effortless reporting for management

There are lots of products out there that will set you back $50-$500k annually that promise efficiency gains in your compliance processes. For a fraction of that cost, we’ll deliver on that promise in a matter of weeks—not months or years. Work smarter. Spend smarter. Contact us today to schedule your configuration session. 

Who wants to avoid redundant effort and rework?

RGP consultant, Jason Chiang, recently wrote:

Jason Chiang
Expert in risk management and audit

“A narrative provides mid-level detail of the transactions and internal controls within a business process and includes who, how frequent, and in what location the transactions and controls are being performed…

…Narratives should be updated as changes are implemented in the organization. The updates should follow a workflow where there is a review process for significant changes.”

For many clients, automating the process of updating compliance documentation is a critical but often overlooked part of their practices. Each year, various aspects of controls may change, such as steps of the control procedure, the control description, or control ownership.  As these critical bits of information are updated, it is important, as Mr. Chiang stated, that the associated narrative pages are also updated to reflect the latest information.

Who wants to avoid redundant effort and rework?!

If you haven’t already implemented policyIQ or you have policyIQ and you haven’t taken advantage of this feature, this is a good time to tune in and make a note: policyIQ has a “linked field” option that allows you to update control language (or other documentation) in one place and present the updated language in related documents—here’s the key: without redundant effort or rework!

Displaying all related Controls in the Narrative is probably the most common request, but you can also display Risk language in Controls, Control language in Tests, and the contract review conclusions in a management summary page, among a seemingly infinite number of options! No more hunting down related documents to make small tweaks–it’s already done!

To learn more about how reduce redundant effort and rework, contact our team at Support@policyIQ.com.

Your Risk Assessment spreadsheets are costing you!

Are your employees still manually managing Risk Assessments using spreadsheets?
If you answered yes, they are likely struggling to work with others efficiently, they are frustrated by version control issues, and they are wasting time trying to figure out who has given input and who still needs to provide information.

The data in spreadsheets is difficult to aggregate. Performing analyses within a spreadsheet is limited, and across multiple spreadsheets it is nearly impossible. There are nearly always issues with data entry and, therefore, data integrity. So, your employees are likely also spending time having to validate and track down information and they’re likely performing rework to shore up assessments and findings. For all of these reasons, spreadsheets prolong the time and expense of audits.

RGP’s policyIQ team has developed features that help you to automate questionnaires, inventories, risk ratings, capability measures, track gaps and roll-up findings. Your management and audit teams can begin collaborating on their finance, operational, fraud and enterprise risk assessments right away.  Contributors from your locations can work together in one flexible and easy to use tool with confidence in the security and accuracy of their information and analyses. Templates for various risk assessments are easy to customize. Notes and assumptions from previous assessments can be easily referenced and considered in current risk calculations.

Your auditors can remotely review the content that you choose to make available to them and only after it has completed the review process that you enforce using policyIQ.

Reach out to us to request your free trial site and to learn more about how your team can end their reliance on spreadsheets. Work smarter.