5 Simple Steps to GRC Technology Implementation

Whether for IT Security Compliance, Enterprise-wide Policy Management, Contract and Lease Administration, your organization’s GRC or Audit program, policyIQ can be up and running in 5 simple steps. Read on for more information and contact us to automate your initiative in Q1!

Step 1: Configuration
A policyIQ expert will assist you and/or your RGP Consultant to customize the design of the user interface in policyIQ for input of data, navigation, reporting, content and user security based on your input and feedback. Of course, we do not progress to step 2 until you, the client, approve of the configuration.

Step 2: Prepare data
RGP Consultant requests data from your team or organization, then scrubs provided data to help ensure completeness and accuracy. You give approval regarding the condition of the data before progressing to step 3.

5 Simple Steps to Go-Time!

Step 3: Populate
RGP Consultant populates approved data (import or authoring, depending on your needs) and subsequently validates the completeness of what is in the system to the approved data. The RGP Consultant will provide you with a walkthrough of your site and data for feedback and your approval.

Step 4: Refine (Reports, Dashboard, Planning for roll-out/training)
RGP Consultant demonstrates the policyIQ user interface using the populated data. You provide a live example of a transaction, and with your RGP Consultant’s side-by-side help, you drive the live example from input to reporting. Any additional configuration items identified during this process will be considered for further customization. You give the green light when you’re ready to go-live.

Step 5: Go live and train
Often there are a handful of “power users” who are expected to regularly participate in the process that is being automated using policyIQ. The RGP Consultant sits side-by-side with your power users, individually or as a group, to train on use of the software. Your power users will be directed to policyIQ’s written and recorded materials that you can leverage for your personalized procedural guide. Your RGP Consultant and the policyIQ support team are available onsite or remotely for any questions.

Our methodology your yours?
What initiatives or processes are you looking to digitize and manage more efficiently in 2019? Hit the ground running with RGP’s subject matter experts implementing our proven methodology in our technology or we can support your team to implement your methodology. What kind of support do you need? Contact us, information@policyIQ.com, and we’ll help you to get the ball rolling!

Flexible Risk Assessment Frameworks with World-class Subject Matter Expertise

When deploying a technology platform for any GRC process, many questions are considered during the procurement process.

“How long will this take to get up and running?”

“Is it customizable?”

“Is this software affordable – and what if we choose to expand the scope of our deployment?”

Within the scope of GRC, policyIQ can be used to implement nearly any type of risk assessment – and can be done quickly (with custom tailored content), all at an affordable price.  It’s a system that grows as you grow.  But as you likely know, risk assessments are an area that has a seemingly infinite number of options on how to get from A to Z.  Fraud Risk?  Financial Risk?  Third Party Risk?  And the various methodologies to achieve each can be staggering.  

Can I implement my own methodology, or am I forced to use the software’s built-in items?

You’d be surprised to find that for many software platforms, the response to this doesn’t always yield positive answers.  One of the benefits of utilizing policyIQ is that the keys are in your hand for making this decision.  We have clients from all corners of the globe that choose to use their own methodologies when leveraging our software – and are able to do so with excellent results.  Likewise, many organizations have sought subject matter expertise, looking for a proven methodology and guidance to help them get the ball rolling. 

Regardless of the approach, policyIQ’s flexible platform is fine-tuned by the client to become the go-to place for establishing a consistent and reliable risk assessment environment, year after year.

Learn more about RGP’s professional services, or have a look at policyIQ’s solutions for GRC initiatives.

The message is clear: “Focus on Fraud”

Public companies subject to Sarbanes Oxley (SOX) requirements with a calendar year-end are wrapping up their projects to transition to the 2013 COSO Framework. Among the seventeen Principles formalized in the 2013 framework is Principle 8, which states, “The organization considers the potential for fraud in assessing risks to the achievement of objectives.”

Track Fraud Mitigating Controls

One step that many policyIQ clients are taking to demonstrate evidence that they have adequately addressed this principle is to “flag” their controls that are fraud mitigating. If you do not already have one, we recommend adding a field to your Control template in policyIQ to track whether a Control is fraud mitigating. This allows you to easily report on all Controls where the answer is yes and to relate those Controls to Principle 8 (unless you are linking to Points of Focus, in which case you will link each of the Controls to the most appropriate of the four Points of Focus related to Principle 8).

Address Revenue Recognition Fraud

In addition to feeling greater pressure in the last couple of years from the Public Company Accounting Oversight Board (PCAOB) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO), most companies will also be affected by the new Revenue Recognition Standard.  The new standard is the result of a joint effort by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) that aims to improve upon and to address inconsistencies between the previously held International Financial Reporting Standards (IFRS) and US Generally Accepted Accounting Principles (GAAP). No doubt, some of the most notorious cases of corporate fraud have been directly related to revenue recognition fraud.

Complying with the new standard is a big undertaking for companies. We have written on our blog about the application of policyIQ to better monitor your contracts and agreements and the work that RGP has done to prepare a deep pool of Revenue Recognition subject matter experts around the country to walk alongside accounting professionals and help them to close gaps in their practices. Here, also, is a link to access the recording of RGP’s recent webcast: The New Revenue Recognition Standard Webcast Series (Part 2): How to Begin Implementing the New Standard.

Formally Assess the Risk of Fraud

Additionally, many companies are finally formalizing their fraud programs by instituting a dedicated Fraud Risk Assessment, documenting mitigating controls, identifying gaps, and filling gaps, and so on. Whether using your methodology and questionnaires or RGP’s, we can help you to manage the process more efficiently in policyIQ.

Fraud Risk Assessment Sample

Using policyIQ, it is simple to capture and deploy your fraud questionnaire(s) to the relevant employees, inventory responses and analyze results. Similar to other compliance work in policyIQ, you can link your capabilities or controls to any Fraud Risks that were identified and use policyIQ reporting to easily highlight any gaps in coverage.

Interested in bringing automation to your program or need a subject matter expert to help you develop your Fraud Prevention Program? Reach out to us and we’ll put you in touch with the right person in your area.

 

Message to Audit Execs: People, Talent, Subject Matter Expertise are Critical to Your Success

Via the Institute of Internal Auditors (IIA), we’ve heard this spring from Victoria Gambale, Olivia Kirtley, Joel Kramer and many others that people, talent, and subject matter expertise are critical to your success. At any point in time we will likely find ourselves shy on expertise in a particular area. Kramer stated that “no organization has all of the competencies that they need” and that organizations “cannot be world class without a co-sourcing relationship”. Others have emphasized the value of having both institutional knowledge and rotation of staff with “fresh eyes”.

Speakers and the General Audit Management Conference emphasized that it should be a standard step in the planning process of any audit team to consider the co-sourcing relationship and your assessment of the subject matter expertise that your team is lacking from the beginning of your planning process. More than just filling the competency gaps on your audit team, SMEs can also be contracted to shore up the education and training of your staff.

This is among the differentiating characteristics of RGP consultant professionals—with an average of 18 years of experience, we are prepared to provide a new perspective while walking alongside your team and sharing proven expertise (rather than sending recent college grads with a checklist). Our culture and model of creating strong partnerships that transcend into trusted relationships is what has attracted 75% of the Fortune 500 to call on us and 100% of our top 50 clients to remain committed to those partnerships over many years. Global Footprint

With more than 70 wholly-owned offices world-wide, we are able to better ensure consistency of our model and culture, unlike many firms who employ affiliates. This allows our global firm to have a “local feel”—the quality of our work, ability to meet client goals, and building long lasting, valuable relationships becomes the personal mission of our staff in any of our locations.

PracticeAreasM

In addition to supporting our clients with direct audit support, we can also provide subject matter expertise from any of our six practice areas to work with your auditors. An SME from our Human Capital practice can partner with your auditor on an audit of your ERP system, for example.

We’d love to chat with you over a cup of coffee and begin the conversation and relationship. Reach out to us and we’ll get something scheduled!

 

Track Subject Matter Experts (Auditors, and the like) in policyIQ

Are you managing a number of auditors and working to track all of your resources so that you can more efficiently assign tests to the appropriate tester? What tool are you using to keep track of your auditors? Generally speaking, I look for opportunities to move the work that I’m tracking in the two dimensional world of Excel, Word or Email into a database like policyIQ. By moving this content into the database, I can not only easily report on all auditors that fit a certain criteria or profile, but I can also see whether I have them fully utilized and when they will become available.

Remember that you can customize Templates, Fields, Folders, Groups and so on in policyIQ and you can link pages to one another. One way that a client has used this flexibility to their advantage is by creating a “Subject Matter Expert” Template with fields that allow them to track the areas of expertise that their auditors have, as well as other fields that help them to know when the appropriate resources will be available. Here is a sample of a Page Template for tracking your Subject Matter Experts in policyIQ:

SME

Remember that all of the fields are customizable—you can amend any of the fields that you see, add additional choices, change the type of field, rearrange, and so on.

Your SME pages can be linked to test pages as each SME is assigned. This will allow you to run a report on tests with associated SMEs (Detail Link Report) so that you can visually see who is deployed.

Another method that our clients have employed is the addition of Hours Budgeted and Actual Hours fields directly on the Test pages. The combination of these Templates and Fields can help the administrators of the audit process to better oversee and manage resources while in the thick of testing and can help with budgeting and managing costs.

Have you taken advantage of the flexibility of policyIQ in a related way? What suggestions would you share with other users on how to better track resources or other key attributes? Let us know in “Comments” or email the policyIQ team directly—we’ll spread the word!