When deploying a technology platform for any GRC process, many questions are considered during the procurement process.
“How long will this take to get up and running?”
“Is it customizable?”
“Is this software affordable – and what if we choose to expand the scope of our deployment?”
Within the scope of GRC, policyIQ can be used to implement nearly any type of risk assessment – and can be done quickly (with custom tailored content), all at an affordable price. It’s a system that grows as you grow. But as you likely know, risk assessments are an area that has a seemingly infinite number of options on how to get from A to Z. Fraud Risk? Financial Risk? Third Party Risk? And the various methodologies to achieve each can be staggering.
Can I implement my own methodology, or am I forced to use the software’s built-in items?
You’d be surprised to find that for many software platforms, the response to this doesn’t always yield positive answers. One of the benefits of utilizing policyIQ is that the keys are in your hand for making this decision. We have clients from all corners of the globe that choose to use their own methodologies when leveraging our software – and are able to do so with excellent results. Likewise, many organizations have sought subject matter expertise, looking for a proven methodology and guidance to help them get the ball rolling.
Regardless of the approach, policyIQ’s flexible platform is fine-tuned by the client to become the go-to place for establishing a consistent and reliable risk assessment environment, year after year.
By now, you likely are aware that policyIQ is a flexible GRC platform that can be easily configured and customized into various GRC and other solutions. One of policyIQ’s strengths is the ability to tailor security at a broad and granular level allowing organizations to implement policyIQ in many areas without stepping on each other’s toes, so to speak. Because of this security capability, with our user-based pricing (rather than the common software model of pushing multiple products or add-on modules), our clients have long been able to leverage policyIQ throughout the organization for multiple initiatives at a reasonable cost.
The latest release of policyIQ includes features that support robust enterprise-wide applications of policyIQ for a range of initiatives. In the past, users in different areas of the organization would create a folder, manual, dropdown or multi-select list to track different critical pieces of information pertinent for their documentation. And while this setup could have been perfect for the audit team’s testing documentation, the same location list, for example, would have to be recreated by the technical accountants performing ASC 606 contract reviews. That was then. Clients leveraging policyIQ’s version 7.8 are able to create and manage Global Lists that can be shared across the organization. If your list of Field Offices is leveraged in various types of content throughout the organization, it can now be centrally maintained and updated rather than having to be updated in several department-specific templates.
Similarly, clients historically had to create independent dropdown fields to track people or responsibilities in their content (i.e. Control Owners, testers, contract reviewers). Now, the lists of users created under Groups and Users and established as a part of user profiles can be leveraged as fields within templates. Once and done.
Here are more examples of where this might be pertinent to you. If you have fields or folders tracking these things and would like to save time and sanity managing them, we recommend looking into the new shared fields (Global Lists, Users Lists):
Relevant Compliance Area
Of course, reach out to us if you have questions on how to make the adjustments to your policyIQ site.