5 Simple Steps to GRC Technology Implementation

Whether for IT Security Compliance, Enterprise-wide Policy Management, Contract and Lease Administration, your organization’s GRC or Audit program, policyIQ can be up and running in 5 simple steps. Read on for more information and contact us to automate your initiative in Q1!

Step 1: Configuration
A policyIQ expert will assist you and/or your RGP Consultant to customize the design of the user interface in policyIQ for input of data, navigation, reporting, content and user security based on your input and feedback. Of course, we do not progress to step 2 until you, the client, approve of the configuration.

Step 2: Prepare data
RGP Consultant requests data from your team or organization, then scrubs provided data to help ensure completeness and accuracy. You give approval regarding the condition of the data before progressing to step 3.

5 Simple Steps to Go-Time!

Step 3: Populate
RGP Consultant populates approved data (import or authoring, depending on your needs) and subsequently validates the completeness of what is in the system to the approved data. The RGP Consultant will provide you with a walkthrough of your site and data for feedback and your approval.

Step 4: Refine (Reports, Dashboard, Planning for roll-out/training)
RGP Consultant demonstrates the policyIQ user interface using the populated data. You provide a live example of a transaction, and with your RGP Consultant’s side-by-side help, you drive the live example from input to reporting. Any additional configuration items identified during this process will be considered for further customization. You give the green light when you’re ready to go-live.

Step 5: Go live and train
Often there are a handful of “power users” who are expected to regularly participate in the process that is being automated using policyIQ. The RGP Consultant sits side-by-side with your power users, individually or as a group, to train on use of the software. Your power users will be directed to policyIQ’s written and recorded materials that you can leverage for your personalized procedural guide. Your RGP Consultant and the policyIQ support team are available onsite or remotely for any questions.

Our methodology your yours?
What initiatives or processes are you looking to digitize and manage more efficiently in 2019? Hit the ground running with RGP’s subject matter experts implementing our proven methodology in our technology or we can support your team to implement your methodology. What kind of support do you need? Contact us, information@policyIQ.com, and we’ll help you to get the ball rolling!

Have you automated your Narrative reviews?

Are you paying employees to inventory email responses or spend hours in update meetings to accomplish tasks that can be automated? With the application of policyIQ forms, your employees can take back time that was spent on tedious tasks and focus on work that matters.

If your team is still using Word, Excel, and email to manage 302 CertificationsControl Self Assessments and Narrative Reviews, they are engaging in the frustrating task of having to inventory the responses from their inbox and then babysit and pester people to complete their work. As responses do arrive, they evaluate who they’ve heard from, who hasn’t responded, and evaluate whether/which follow-up activities are warranted. They are likely also having to pull together routine assessments regarding the status of responses to share with management and others.

Before anyone invests another minute on the effort of pulling together the Narrative Reviews for next quarter, contact us to help your team realize these benefits right away:

  • Simplified roll-out of questions/certifications each quarter
  • Easy access to real-time information for monitoring of status
  • Automation of reminders going out to outstanding respondents
  • Automated compiling of results
  • Effortless reporting for management

There are lots of products out there that will set you back $50-$500k annually that promise efficiency gains in your compliance processes. For a fraction of that cost, we’ll deliver on that promise in a matter of weeks—not months or years. Work smarter. Spend smarter. Contact us today to schedule your configuration session. 

Consider how technology can advance your ERM program

Our firm, RGP (Resources Global Professionals), has been on the road presenting in cities around the country on the “Keys to Success in Enterprise Risk Management”. We’ve had some terrific conversations with Risk, Finance, Legal, Compliance, Security and Audit professionals and facilitated conversations drawing from everyone’s experience to address the hurdles that different companies are facing. These exchanges and new partnerships are invaluable!

Among the keys to success, one that has been identified is the value that technology can bring to several phases throughout the ERM implementation process. If you’re a reader of the policyIQ blog or are a part of the RGP community, you have likely heard that policyIQ is often used for Risk and Compliance documentation, audit, policy management and related process automation. This includes Enterprise Risk Management!

Capturing the full ERM cycle of information in one place helps to ensure that everyone has easy access to the information—the ability to grab a pulse on various aspects of the program in real time from anywhere. This is also of chief importance to a successful program: keeping ERM accessible and an ongoing part of every strategic conversation.

To give some examples:

Questionnaires or surveys
policyIQ provides tools to make the administration of any collection of information more efficient. At your fingertips, you can see who you have heard from, who still has a questionnaire outstanding and you can automate the reminder to those with outstanding surveys or questionnaires.

With that, our tool is utilized to help organizations better understand their risk culture by gathering opinions from strategic members of the organization by conducting a survey—one that might even allow anonymous submission of responses to encourage the most candid feedback possible.

This same functionality is applied to gather an initial and to capture principals’ thoughts on the priority of risks.

Key Documentation and Support
It is critical that a solid ERM process include a number of discussions and agreements among the organization’s risk owners as a matter of course. What conclusions were drawn from the culture assessment? What risks bubbled up to be considered the most critical? What definition (thresholds in dollars, numbers, events, etc.) did you give to your rating of those critical risks? What are the parameters for acceptable (or unacceptable) risks that you use to define your organization’s risk appetite? And the agreed upon considerations or limits for risk tolerance?

Assess, Adapt, Monitor, Measure
In addition to providing a place to collect and gather all of the key pieces of information, policyIQ provides excellent reporting ability. You can zero in on a specific metric in cases where you have a concern and you can schedule delivery of information on a routine basis to aid in ongoing monitoring of performance.

Without a doubt, technology will help any organization to more effectively and efficiently manage their ERM program. We have presented some ideas in broad statements here. Contact us to see and discuss, in more detail, how policyIQ will help your organization to mature your ERM program to the next level.

Twitter-review of the 2015 GAM Highlights

The IIA put on another impressive General Audit Management (GAM) Conference again this year. Below is a quick twitter-review of some 2015 #IIAGAM highlights. Remember that RGP is a Professional Services Firm with expertise in:

  • Human Capital
  • Finance & Accounting
  • Information Management
  • Governance, Risk & Compliance
  • Supply Chain
  • Legal & Regulatory
  • Corporate Advisory & Restructuring
  • Strategic Communications

We are particularly strong in cross-functional support, listening, helping to identify the common threads and root issues, and guiding an organization with a team of experienced professionals who will walk alongside your employees and leave them more knowledgeable and ready to make progress and gains than before we arrived.

Reach out to us and we’ll connect you with an RGP representative in your area.

Now, on to the GAM highlights!

Lots of speakers addressed the more prominent role of Internal Audit in the heavy activity of Mergers and Acquisitions.


If they were not already making it a top priority, I’d bet 1,400 audit professionals attending GAM took the message back to their colleagues that they need to give cyber-security more attention


Of course, Risk Management continues to be a hot topic.


Don’t underestimate the work involved in preparing to comply with the Revenue Recognition Accounting Standard.


These were just a few of the key topics discussed at the GAM Conference this year. You can gather more information from the IIA website, Twitter and other social resources and, you can join the conversation next year! We’ll look forward to visiting with you at the RGP booth!

8 Panels, 7 Keynotes and a Head Full of Ideas: Compliance Week 2014

logo-cw2014I am just returning from Compliance Week’s 2014 conference, held in Washington DC this past Monday through Wednesday.  I’m leaving with a new tote bag, a t-shirt, 36 pages of notes taken during the sessions and a head bursting with ideas that I want to share with all of you.  I participated in CW 2014 strictly as an attendee, to learn from the best in class compliance officers.  8 breakout session panels, 7 key note addresses and a whirlwind of conversations later – I’m happy to report that I accomplished that mission.

While there are some specific topics that we’ll dig into deeper in the coming weeks (after I’ve had a chance to digest those 36 pages of notes), I wanted to provide a couple of highlights in time for our May newsletter!

Cyber Security is a Hot Topic

For many compliance executives, it doesn’t feel like cyber security should belong in the compliance department’s realm.  Alan Brill, Senior Managing Director at Kroll, agrees that the domain of cyber security is unclear, but stresses that it is a compliance issue.  He suggests that compliance teams and IT security teams partner more closely in this age of “everything cyber” to put compliance tools in the hands of the IT resources who need them.

One very practical suggestion made by Mr. Brill was to partner with IT to issue employee communications about good data security practices, using the compliance mindset to provide guidance and understanding of why the topic should be taken seriously.  (The example used was the number of employees who likely have a personal DropBox account, where they store work in progress to be accessible from multiple locations.)

My takeaway: How can we help organizations to push their compliance processes-controls, testing, reporting, employee communication-to the IT security side?  In some cases we already work with both financial compliance and IT compliance, but where we don’t, can we help to foster more coordination?

Third Party Risk Management is Critical

It is surprising, to be honest, how many organizations are still underestimating the exposure they face due to third parties.  The actions of suppliers, partners, contractors and sometimes even customers can bring risk onto your organization.  The need for effective – and efficient – third party risk management and due diligence was a key theme through many Compliance Week 2014 sessions.

How to do third party due diligence and risk management in a reasonable, cost-effective and resource-efficient way was a matter of much discussion – both during panel events and in the hallways over breaks.  Panel experts stressed the need to push the due diligence process down to the business units and owners of the third parties, while having compliance oversight – and audits – to make sure the process is working.

My takeaway: policyIQ can help organizations to build a 3rd party due diligence process.  Over the next couple of months, we should illustrate more specifically so that our clients can see the process in action in a practical – and cost-effective – way.

Compliance Should Be Embedded in the Business

This theme ran through virtually every session at the conference – and while it is definitely a desire of most attendees, there did seem to be some skepticism about how to accomplish it.

One session specifically focused on “Tone at the Middle”, taking the common idea of “Tone at the Top” to a new level.  It is the middle-managers that are closer to the majority of the workforce, and the commitment to compliance and ethical conduct at this level can be even more critical.  (Of course, it is clear that “Tone at the Top” is critical to THIS level of commitment.)  The idea boils down to the concept that if you have an ethical environment that is committed to compliance, compliance shouldn’t feel like a hurdle that has to be overcome.

The other side to this coin is the concept that in the ideal world, compliance can be seen as a revenue positive activity.  Compliance departments can work within the business to identify opportunities for process improvement – in line with compliance initiatives.  Risk management and issue management can also be viewed within a revenue-positive light.

Practical advice on this subject was a bit thin, however it is clear that everyone wants compliance to be seen as a positive force, rather than a revenue-restriction.

My takeaway: How can we talk about processes like risk management and issue management in revenue-positive language?  Consider ways to identify opportunities rather than issues.

So much more…

I have notes on issue management, creating a positive “speak up” culture, ideal issue escalation processes, risk-focused issue management, suggestions for creating better relationships with regulators, and much more.  Stay tuned for more notes and ideas!  If you have a specific question or if you are curious about a specific area, don’t hesitate to reach out to us.