Fierce Competitors are Built on Strong Core Processes

If your goal is to be a fierce competitor and to protect and defend your organization against the never-ending barrage of risks and change, a great place to start is by strengthening your core processes.

Policy management is the backbone of successful and sustainable organizations.

What do you think of when you think of policies? Does your Human Resources department manage a set of company policies that you have to attest to annually? Maybe you recognize the fact that your organization has a password policy and a policy regarding the use of social media on company equipment and company time.

In our recent webinar with guest presenter Michael Rasmussen, we heard a whole host of examples and reasons why organizations should be concerned with policies. If, up until now, you have not been particularly concerned about the value of your organization’s policies, you might want to lean in and peruse these notes from the Blueprint for Effective Policy Development and Management session:

Raise your hand if you are aware of where to find your organization’s index of official policies representing all areas of your business. Mr. Rasmussen asked a similar question of his audience at a recent conference and just 2% of attendees acknowledged awareness of an index maintained at the enterprise level of the organization’s policies.

Only a very small number of organizations see policies as the critical documents that they are. Mr. Rasmussen noted that policies are often not given proper attention and are strewn about in various systems, websites, shared drives and so on. Employees don’t know where to go to find documents or whether the document they found holds the latest version of the policy. In our session, Rasmussen emphasized why employees and leaders should value policies and highlighted some examples of how policies are at the core of every organization’s critical work:

  • Policies are GOVERNANCE documents.
    • Policies are critical documents.
    • They help to set boundaries to reliably achieve objectives
    • Policies ensure consistent business behavior and transactions.
  • Policies are RISK documents.
    • The existence of each policy was preceded by the identification of a risk!
    • Still, many business leaders do not think of risks when they think of policies and many do not tie organization policies to risks.
    • Policies help to identify risks and control risks within certain boundaries.
  • Policies are COMPLIANCE documents.
    • Policies help us to act with integrity as it relates to
      • Regulatory requirements
      • Contract obligations
      • Code of conduct
      • Values and Ethics
      • Corporate social responsibility
      • And so much more

Policies are at the core of all Governance, Risk, and Compliance work.
If the advantages of effective policy development and management are not compelling enough to motivate your leaders to establish policies throughout the organization, this regulatory environment might force the issue. An evidence trail is critical in today’s regulatory environment. Policy management requires a complete system of record and an audit trail.

policyIQ provides company and division leaders with a highly adaptable technology for managing the full range of policy, compliance, and audit needs in one cost-effective platform scalable from specific regulatory environments and department functions to division business units and at the enterprise level. Maintaining a clear and defensible audit trail is paramount to the service and benefit provided by our GRC technology.

In part I of the policy management educational series hosted by RGP’s policyIQ team, Michael Rasmussen highlighted the considerations that are critical for development of a policy management strategy, the roles that contribute to policy management, and he drilled deep into the effective policy management lifecycle.

In part II, Michael will concentrate on the second half of the effective policy management lifecycle. The attendees of our first session gave rave reviews of the presentation. Be sure to register for Part II: Engage the Front Lines Through Effective Policy Communication.

We also encourage you to peruse upcoming events hosted by the policyIQ team. This audience, in particular, might be interested in our Introduction to policyIQ session that is delivered quarterly and demonstrates how organizations leverage policyIQ to establish consistent documentation templates, prescribe workflow and approval processes, communicate and distribute policies, monitor and enforce compliance with policies, and to establish a maintenance process for your critical documentation.

Click here to register for the sessions that interest you and we invite you to reach out to us (information@policyIQ.com or 866.753.1231) with questions about effective policy management, policyIQ (our governance, risk, and compliance technology), or if you could use the support and expertise of a RGP professional to help get your program off the ground.

We look forward to seeing you in future sessions!

Flexible Risk Assessment Frameworks with World-class Subject Matter Expertise

When deploying a technology platform for any GRC process, many questions are considered during the procurement process.

“How long will this take to get up and running?”

“Is it customizable?”

“Is this software affordable – and what if we choose to expand the scope of our deployment?”

Within the scope of GRC, policyIQ can be used to implement nearly any type of risk assessment – and can be done quickly (with custom tailored content), all at an affordable price.  It’s a system that grows as you grow.  But as you likely know, risk assessments are an area that has a seemingly infinite number of options on how to get from A to Z.  Fraud Risk?  Financial Risk?  Third Party Risk?  And the various methodologies to achieve each can be staggering.  

Can I implement my own methodology, or am I forced to use the software’s built-in items?

You’d be surprised to find that for many software platforms, the response to this doesn’t always yield positive answers.  One of the benefits of utilizing policyIQ is that the keys are in your hand for making this decision.  We have clients from all corners of the globe that choose to use their own methodologies when leveraging our software – and are able to do so with excellent results.  Likewise, many organizations have sought subject matter expertise, looking for a proven methodology and guidance to help them get the ball rolling. 

Regardless of the approach, policyIQ’s flexible platform is fine-tuned by the client to become the go-to place for establishing a consistent and reliable risk assessment environment, year after year.

Learn more about RGP’s professional services, or have a look at policyIQ’s solutions for GRC initiatives.

A complete solution – presented in a policyIQ CPE event!

As part of our ongoing quarterly CPE event for policyIQ, we are putting together something a bit different – and bigger – than normal!

Join us on Thursday, November 30, 2017 at 12pm Eastern Time for the one hour CPE event presented via the web, showcasing policyIQ’s abilities, features and processes for all of your Policy Management needs.  Hosting this session will be Chris Burd, policyIQ Managing Director, and Travis Whalen, policyIQ Product Manager.  Learn more about policyIQ’s solution possibilities here.

In this Introduction to policyIQ CPE session, participants will be able to (among other milestones):

  • See how to utilize the import utility to centralize previously disparate content
  • Secure documentation with read, write and edit access – and approval processes
  • Apply search and reporting features to quickly gather information that is critical to decision-making

Sign up for this training here, and learn more about how policyIQ can be an effective solution for your organization’s Policy Management needs.

 

New Training Opportunities from RGP

Our technology experts may be particularly interested in these two upcoming RGP training sessions, as each deals with different aspects of technology in the GRC space.  Take a look!

November 17: Technology-based Innovation in the Digital Economy

The hills throughout Pittsburgh are filled with all kinds of beautiful Autumn color.  Fall nearly always means significant change to the weather and scenery of Western Pennsylvania, and this year is no exception.

Technology changes even faster–we can’t fight or resist the next big innovation may happen.  So, as companies, we need to be prepared to adapt these changing market conditions on a constant basis.  RGP Consultant Dr. Irvin Wladawsky-Berger will help us take a look at some of the technological hurdles we all experience, and how to best deal with these.  1 CPE credit is available for attending this event.

Click to sign up and emerge from the technology cloud more competitive and flexible than you ever imagined.

December 3: Cloud Computing and Business Performance Management

Speaking of clouds (technological, not those that bring rain), RGP experts have arranged an event to help bring some answers to cautious cloud-computing users.  Some find the idea of cloud-computing both stressful and confusing.  Does a cloud based environment really mean less security?  What are the benefits?  Attend this event, and get 1 CPE credit for participating.

Learn more about cloud computing and how it may be applied to your organization.

policyIQ a big hit at the GAM Conference!

GAM BannerAs the IIA has been known to do, their General Audit Management (GAM) Conference was packed with many high caliber speakers again this year! Presenters provided a wide array of insights falling within five tracks:

  • Talent & Resource Strategies
  • Regulatory & Compliance Issues
  • Risk Management
  • Innovation & Technology
  • Stakeholder Relationships & Expectations

Click here to check out the 2015 GAM Twitter highlights!

This year’s conference drew a record crowd and it seemed that the number of visitors to the RGP booth reflected that—we kept very busy talking about the things that differentiate us from other firms, such as

  • 3,000+ professionals in 70+ wholly owned offices (not affiliates) worldwide
  • Consultants have 10-20 years’ experience
  • 87 of the Fortune 100 served
  • 100% retention of top 50 clients
  • Served more than half the Fortune 1000

RGP_PartnersWe had more inquiries about policyIQ this year than at any previous conference. This was in keeping with a theme at the conference regarding leveraging technology to help audit to be more effective and more efficient. Our GAM audience seemed pleasantly surprised and asked the most follow-up questions when they realized that policyIQ can serve several Governance, Risk and Compliance needs within one tool—we do not require, cajole or have to finagle unsuspecting clients into purchasing additional tools or modules to meet their needs. Unlike other audit and GRC tool providers, we are focused on solving their problems and helping them to be more efficient—not on trying to milk them for multiple software applications and upgrades!

pIQ_All-in-oneOther policyIQ qualities that caught the attention of GAM attendees:

  • policyIQ is significantly less expensive than other tools
  • Implementation takes 4-6 weeks (not months or years)
  • Expert configuration support is included
  • Our team is known for “Excellent” service and support

There are some things that you DON’T get with policyIQ that stunned some technology shoppers, too:

  • No extra modules to buy
  • No up-front license fee
  • No upgrade fees
  • No hardware to purchase
  • No IT resources required

This summed up my experience at GAM this year:

GAM_FriendsIf I didn’t have an opportunity to address your questions at GAM and/or you’d like to talk more about how you can employ policyIQ to make your team more efficient, reach out to us at Support@policyIQ.com or 866-753-1231. We’ll have you up and running within the next quarter!

2014 Conference GAM-Packed with Great Speakers, Topics, and Connections!

I attended IIA’s 2014 GAM Conference with my colleagues, Les Sussman (Senior Practice Leader of RGP’s Governance, Risk and Compliance Practice) and Susan Miller (Managing Director, Client Service of RGP’s Parsippany office). We took in a lot of great information over the packed three-day conference and want to share some highlights with you in the form of my “Twitter Notes”! (You can check out the IIA’s Recap here.)

Virginia Gambale, Director of JetBlue Airways and Managing Partner of Azimuth Partners, was the keynote speaker addressing the topic of “The Board’s View of Governance and the Important Role of Internal Audit”.

pIQTweet1

Gambale talked of how the priorities of audit have shifted with the changing tides in technology as well as with climate issues and the threat of terrorism. She highlighted that Boards need to shift, too (if they haven’t already), to include members with social media and marketing capability, technology, human capital, finance/accounting background, and industry experience.

pIQTweet2

 

pIQTweet3

For many organizations, an annual audit plan is not appropriate any longer. A key takeaway from the great panel discussion that included principals from Cisco Systems, LinkedIn and Google was to be dynamic and agile in audit planning. Participating on the panel were Thomas Austin, VP, Governance Risk & Control at Cisco Systems; Inder Gulati, Head of Internal Audit at LinkedIn; and Lisa Lee, Director of Internal Audit at Google. Lee followed up with a great quote and apparent mantra at Google:

pIQTweet4

More takeaways from the panel:

pIQTweet5
We heard from the National Association of Corporate Directors’ Peter Gleason on “Engaging with the Audit Committee”:

pIQImage6

pIQImage7
Joel Kramer, Managing Director of the MIS Training Institute, was an engaging speaker with a number of great points and memorable quotes! He reminded the audience of audit professionals to “go after the whales, not the minnows” and urged us to not simply roll forward last year’s controls—“business is changing too dramatically and continuously”. Plan to perform a new risk assessment [at least] annually. Here are a couple more Kramer notes:

pIQImage8

pIQImage9Of course, we appreciate his emphasis as we (RGP) have 70 wholly-owned offices around the world with experienced subject matter experts from a range of disciplines (Human Capital, Finance/Accounting, Risk & Compliance, Supply Chain, Legal, Information Management and other operational expertise in addition to Audit Expertise) that can support and supplement your audit teams. Check out our site for more information: http://www.rgp.com.

Olivia Kirtley, Deputy President of the Board of the International Federation of Accountants, further emphasized the need for audit to focus on people as one of their top priorities:

pIQImage10

And there was certainly a great deal of talk about the role of technology—in generating new challenges for audit professionals, as well as in aiding auditors to be more effective and efficient as they take on evermore responsibility:

pIQImage11

pIQImage12
I engaged in an interesting conversation at one of our breaks and it was clear that there is still some confusion regarding the COSO 2013 Internal Control – Integrated Framework and whether it is necessary (for companies subject to SOX requirements who are using the COSO framework) to demonstrate the presence of all 17 of the Principles called out in the updated framework. Yes. And it was great to hear directly from COSO Chairman, Robert Hirth. Here are some of the takeaways:

pIQImage13

pIQImage14

pIQImage15pIQImage16pIQImage17pIQImage18
I really enjoyed listening to Jeanette Franzel, one of five members who make up the Public Company Accounting Oversight Board (PCAOB).

pIQImage19

Acknowledging the timing of the PCAOB’s Inspection Report which has led firms to require more evidence and documentation alongside the updated COSO Framework, Franzel commented that we are in the…

pIQImage20She discussed the Board’s willingness to visit with companies who have concerns or questions and cited some interesting examples.

pIQImage21

pIQImage22
I wish that I could have cloned myself to attend more sessions at this year’s GAM Conference and to take more notes (share more tweets)! Overall, the conference provided some assurance that RGP and policyIQ are on the right track; providing appropriate guidance regarding audit planning, risk assessments, auditing, Auditing Standard No. 5, subject matter expertise, application of the updated COSO framework to finance and accounting professionals and beyond SOX, and that we have a great solution in policyIQ to pull all of the documentation and processes together to promote more effective and efficient teams and processes.

I sincerely appreciate the great connections made and information gathered! If we didn’t get a chance to connect at GAM or you would like to chat more, please feel free to reach out to me (or to have me put you in touch with someone in your local office)!

sbuehrle@rgp.com, and follow us on Twitter: @policyIQ, @ResourcesGlobal