It’s true! policyIQ is a misfit among typical software providers.

Have you been burned by a software provider?

Sheesh—who hasn’t?!

You worked for months (years for some), listening to promises from several different people who kept handing you off and never addressing your concerns. You found yourself with more time and money invested than you care to admit and you have grown to look at all software providers with skepticism (if not disgust).

Does this sound familiar?

I hear you. Your frustration was echoed by countless people that I spoke with at a national conference in March. Because a number of people felt compelled to share their horror stories about other providers with me, I got comfortable jumping quickly to the things that make us different than the typical software company:

  • All-in-one_BubblesRGP is NOT a software company! Integrity is at the core of our firm. We want to create great relationships and serve you so impressively that, when you need a consultant, you already know the quality that you can expect from us.
  • We don’t have a huge policyIQ booth at conferences and our software does not have the huge price-tag required to pay for that presence (policyIQ starts at <$5k/year).
  • We don’t sell multiple modules or products and aim to upsell you. policyIQ really does accommodate multiple business areas and needs in one affordable tool.
  • Our goal is to solve for your information, content, process, and workflow challenges across the Governance, Risk and Compliance (GRC) space, not to land a sale.
  • Your sales person does not make commission or hand you off to an implementation team that’s unaware of promises made during the sales process—we walk alongside you the whole way and help to tailor the implementation to your organization’s needs.
  • Our product does what we tell you it does (and we answer truthfully if you ask us about something we don’t do or plan to develop).
  • We have a support team that truly cares to give you excellent and timely service.

We think of our clients as part of our community with whom we will have a long partnership. We listen to your needs, plans, wishes and heartaches and work continuously to problem solve with you.

We’re proud to be a misfit among typical software providers.

pIQ_Misfit_smWe’re ready to prove it and to earn your trust.

We encourage you to take a peek at this introduction to policyIQ, and then reach out to us!  We’d be glad to schedule a personalized tour of policyIQ. Also, we invite you to kick the tires! Sign up for a 30-day trial, completely risk-free.

We look forward to working with you!

Twitter-review of the 2015 GAM Highlights

The IIA put on another impressive General Audit Management (GAM) Conference again this year. Below is a quick twitter-review of some 2015 #IIAGAM highlights. Remember that RGP is a Professional Services Firm with expertise in:

  • Human Capital
  • Finance & Accounting
  • Information Management
  • Governance, Risk & Compliance
  • Supply Chain
  • Legal & Regulatory
  • Corporate Advisory & Restructuring
  • Strategic Communications

We are particularly strong in cross-functional support, listening, helping to identify the common threads and root issues, and guiding an organization with a team of experienced professionals who will walk alongside your employees and leave them more knowledgeable and ready to make progress and gains than before we arrived.

Reach out to us and we’ll connect you with an RGP representative in your area.

Now, on to the GAM highlights!

Lots of speakers addressed the more prominent role of Internal Audit in the heavy activity of Mergers and Acquisitions.

GAM_MandA

If they were not already making it a top priority, I’d bet 1,400 audit professionals attending GAM took the message back to their colleagues that they need to give cyber-security more attention

GAM_CyberSecurity

Of course, Risk Management continues to be a hot topic.

GAM_RiskManagement

Don’t underestimate the work involved in preparing to comply with the Revenue Recognition Accounting Standard.

RevRec

These were just a few of the key topics discussed at the GAM Conference this year. You can gather more information from the IIA website, Twitter and other social resources and, you can join the conversation next year! We’ll look forward to visiting with you at the RGP booth!

Pre-IPO? RGP and policyIQ Help with Preparations to Go Public

Are you considering going public and beginning to think about all of the steps you should take to prepare? RGP and our GRC tool, policyIQ, can help you to ensure that you have a solid offering and that you are presenting your company in the best possible light.

RGP creates true partnerships with our clients—educating while advising

RGP can help with a range of needs including shoring up your processes and documentation comprising of things like helping you to properly document processes, and ensuring that necessary policies and procedures are in place. This would, almost certainly, include working with you to build a sound financial reporting foundation and solid internal control environment.

We can support your organization with activities that are specific to preparing for SEC Registration such as performing an accounting review to ensure your company meets all necessary financial requirements, helping with the development of your Prospectus, and the performance of a Legal Review.

If your need is more closely related to people resources, such as the need for an interim CFO or adjustments to your Board of Directors, we can help you to make those selections, as well.

NYSE_WallSt

policyIQ: powerful, easy to use and have up and running in no time

RGP’s Governance, Risk and Compliance tool, policyIQ, is easy configure, implement, roll-out and maintain for a range of purposes that serve companies who are seeking public offering. For more than ten years, policyIQ has served clients for the development and maintenance of their SOX 404 documentation, policies and procedures, and automation of their management certification processes.

Clients also take advantage of policyIQ’s flexibility, security features and accessibility to serve their related needs; including as a data room for their Board of Directors and for the development and review of their Prospectus.

Recently, we have worked with clients to make a fresh start, helping them to automate their Financial Statement Risk Assessment and relating their significant accounts and disclosures to relevant assertions and associated risks, controls and tests. We have also made quick work of capturing the 17 Principles required by the 2013 COSO Framework, the associated 87 Points of Focus and helping clients through their transition process—mapping to relevant controls, identifying gaps, performing rationalization and strengthening documentation and procedures, where necessary.

A different kind of software provider—in the best possible way

While many other products have come and gone, been bought and sold, and experienced lags in support, development and testing that have proven difficult for their users, policyIQ has a very different history. RGP has owned policyIQ and supported policyIQ clients in the marketplace for more than a decade. Our software has undergone 29 major and more than 30 minor releases in that time, carrying out thorough testing prior to each release, without ever charging our clients for the latest enhancements or upgrades. We operate differently than a typical software provider; we work hard to keep our software up to date (offering the latest in technology and services) while keeping the cost very affordable.

Reach out to us with any questions regarding RGP’s Pre-IPO services or software. We have approximately 3,000 professionals in nearly 70 offices around the world—someone near you—ready to help you take the next step!

Addressing COSO Principle #8: Assess Fraud Risk

P8_Call_to_actionRisk and Compliance professionals generally agree that the updated 2013 COSO Internal Control – Integrated Framework is not, in essence, different from the 1992 version. And by now, we recognize that the most notable change requiring action is the formalization of COSO’s 17 Principles that were introduced by language embedded in the earlier version. Public companies subject to Sarbanes Oxley (SOX) requirements that utilize the COSO framework and have a calendar year-end will need to demonstrate that all 17 COSO Principles are “present and functioning” by the end of 2014. COSO_Principles At the conclusion of the mapping process, what many of our clients are finding is that they do already have the necessary controls in place. We are helping some clients to also identify where they have more than adequate controls and can use this thorough review as an opportunity to rationalize and reduce the number of controls that they are testing—and, in turn, reduce costs! And, in some cases, companies recognize that the practices are in place, but the controls may not be formally documented and tested. One of the Principles that is garnering a lot of attention is Principle #8: Principle8If you haven’t before, this will likely be the year that you perform a formal Fraud Risk Assessment. You may need to reinforce documentation around your related Entity Level Controls and will want to ensure that those include measurable indicators of appropriate “Tone at the Top”. If you are not sure that you have the appropriate competencies or subject matter experts on your team, we can help to lead or supplement your assessment and documentation of your related controls. Reach out to us if you’d like more information. Additionally, most companies required to comply with SOX likely already have a fraud hotline in place. Did you know that policyIQ also includes an electronic “WhistleBlower” module that is accessible to all company employees for anonymous submission of suspected financial reporting issues (or other issues, if you choose to rebrand the feature)? The WhistleBlower module is already available in all policyIQ sites and can be enabled at any time at no additional charge. Each case is assigned a 16 character code that is revealed only to the submitter of a case so that he or she may periodically review the progress of any associated investigation and even correspond anonymously with an investigator. This feature provides whistle blowers with greater assurance that their voice or accent will not give away their identity if they wish to remain anonymous. WhistleBlower It is very simple to use policyIQ to demonstrate the presence of preventive and detective fraud mitigating controls. Simply run a report of your Controls and include those two variables as columns in your display. If you haven’t already setup your policyIQ site to capture these items, here are the steps that we recommend:

  1. Add a field to your policyIQ Control Page Template to track whether a Control is fraud mitigating.
  2. Add a field to your policyIQ Control Page Template to track whether a Control is Preventive or Detective (most policyIQ clients already include this).
  3. Review your controls and update the pages to reflect whether they are fraud mitigating and whether they are preventive or detective (note that you can use the Edit Fields option from the Table Toolbar to make bulk changes and save time).
  4. Use a policyIQ Page Detail or Page Detail Link Report to list your Fraud Mitigating Controls and whether they are EvidenceforP8Preventive or Detective
    1. Use the report results to perform your gap analysis
    2. Use the report results as evidence of your compliance or coverage of COSO’s Principle #8!

If you’d like some support from a subject matter expert, have questions about the mapping process, or would like help with properly setting up policyIQ to support your transition to the 2013 COSO Framework, contact us and we’ll put you in touch with the appropriate resource in your area.

2014 Conference GAM-Packed with Great Speakers, Topics, and Connections!

I attended IIA’s 2014 GAM Conference with my colleagues, Les Sussman (Senior Practice Leader of RGP’s Governance, Risk and Compliance Practice) and Susan Miller (Managing Director, Client Service of RGP’s Parsippany office). We took in a lot of great information over the packed three-day conference and want to share some highlights with you in the form of my “Twitter Notes”! (You can check out the IIA’s Recap here.)

Virginia Gambale, Director of JetBlue Airways and Managing Partner of Azimuth Partners, was the keynote speaker addressing the topic of “The Board’s View of Governance and the Important Role of Internal Audit”.

pIQTweet1

Gambale talked of how the priorities of audit have shifted with the changing tides in technology as well as with climate issues and the threat of terrorism. She highlighted that Boards need to shift, too (if they haven’t already), to include members with social media and marketing capability, technology, human capital, finance/accounting background, and industry experience.

pIQTweet2

 

pIQTweet3

For many organizations, an annual audit plan is not appropriate any longer. A key takeaway from the great panel discussion that included principals from Cisco Systems, LinkedIn and Google was to be dynamic and agile in audit planning. Participating on the panel were Thomas Austin, VP, Governance Risk & Control at Cisco Systems; Inder Gulati, Head of Internal Audit at LinkedIn; and Lisa Lee, Director of Internal Audit at Google. Lee followed up with a great quote and apparent mantra at Google:

pIQTweet4

More takeaways from the panel:

pIQTweet5
We heard from the National Association of Corporate Directors’ Peter Gleason on “Engaging with the Audit Committee”:

pIQImage6

pIQImage7
Joel Kramer, Managing Director of the MIS Training Institute, was an engaging speaker with a number of great points and memorable quotes! He reminded the audience of audit professionals to “go after the whales, not the minnows” and urged us to not simply roll forward last year’s controls—“business is changing too dramatically and continuously”. Plan to perform a new risk assessment [at least] annually. Here are a couple more Kramer notes:

pIQImage8

pIQImage9Of course, we appreciate his emphasis as we (RGP) have 70 wholly-owned offices around the world with experienced subject matter experts from a range of disciplines (Human Capital, Finance/Accounting, Risk & Compliance, Supply Chain, Legal, Information Management and other operational expertise in addition to Audit Expertise) that can support and supplement your audit teams. Check out our site for more information: http://www.rgp.com.

Olivia Kirtley, Deputy President of the Board of the International Federation of Accountants, further emphasized the need for audit to focus on people as one of their top priorities:

pIQImage10

And there was certainly a great deal of talk about the role of technology—in generating new challenges for audit professionals, as well as in aiding auditors to be more effective and efficient as they take on evermore responsibility:

pIQImage11

pIQImage12
I engaged in an interesting conversation at one of our breaks and it was clear that there is still some confusion regarding the COSO 2013 Internal Control – Integrated Framework and whether it is necessary (for companies subject to SOX requirements who are using the COSO framework) to demonstrate the presence of all 17 of the Principles called out in the updated framework. Yes. And it was great to hear directly from COSO Chairman, Robert Hirth. Here are some of the takeaways:

pIQImage13

pIQImage14

pIQImage15pIQImage16pIQImage17pIQImage18
I really enjoyed listening to Jeanette Franzel, one of five members who make up the Public Company Accounting Oversight Board (PCAOB).

pIQImage19

Acknowledging the timing of the PCAOB’s Inspection Report which has led firms to require more evidence and documentation alongside the updated COSO Framework, Franzel commented that we are in the…

pIQImage20She discussed the Board’s willingness to visit with companies who have concerns or questions and cited some interesting examples.

pIQImage21

pIQImage22
I wish that I could have cloned myself to attend more sessions at this year’s GAM Conference and to take more notes (share more tweets)! Overall, the conference provided some assurance that RGP and policyIQ are on the right track; providing appropriate guidance regarding audit planning, risk assessments, auditing, Auditing Standard No. 5, subject matter expertise, application of the updated COSO framework to finance and accounting professionals and beyond SOX, and that we have a great solution in policyIQ to pull all of the documentation and processes together to promote more effective and efficient teams and processes.

I sincerely appreciate the great connections made and information gathered! If we didn’t get a chance to connect at GAM or you would like to chat more, please feel free to reach out to me (or to have me put you in touch with someone in your local office)!

sbuehrle@rgp.com, and follow us on Twitter: @policyIQ, @ResourcesGlobal

 

 

Realize gains from collaboration between Compliance and HR

Talk of building a collaborative enterprise to increase productivity and working cross-functionally has been around for years now. But have companies really implemented and reaped the rewards of making a shift to a more collaborative workplace? The truth is, like redirecting a speeding train, it is difficult to change the course of a corporation. Many companies still work in silos and still struggle to develop partnerships across key functions.

A recent Compliance Week article drew a spotlight to this challenge, to the benefits and business case for keeping collaboration a top priority and provided tips on how to foster better working relationships between key players. In the article, which focuses on bridging the gap between Compliance and HR, author Jaclyn Jaeger cited several sources listing a range of benefits of Compliance and HR working together, including

  • An improved organizational culture
  • An ethical culture
  • Consolidation of efforts (streamlining of resources and cost savings)
  • More effective and efficient implementation of compliance-related processes
  • Earlier detection of compliance issues

Jaeger reminds us that the Human Capital function is focused on people—and that people are the constant, central and fundamental foundation of everything that a company sets out to accomplish. Of course the Compliance function (and every other team) stands to benefit from incorporating HR players into key decisions and processes.

We encourage you to jump over to Jaeger’s “How Compliance and HR Can Get It Together” to gather tips on how your Compliance and HR teams can work together.

collaboration-imageWe also want to remind you that RGP is ready to mobilize professionals (with an average of 18 years’ experience) in Human Capital and in Compliance fields to lead or support your transition to a more collaborative, productive and effective culture that better ensures early detection of compliance and productivity issues.

RGP’s in-house application, policyIQ, has served many organizations in both of these functions and throughout the business. Grant teams from different units the appropriate access to department-specific content or shared access to content that serves multiple functions. Easy online (and secure) access, tracking of a single master version of content, the ability to quickly find and report on key variables and the assurance of a complete audit trail of changes are just some of the benefits availed to you in this very affordable and powerful tool.

Contact us for more information about our professional services and policyIQ and start building those partnerships today!