1 in 3 do not have a plan!

The policyIQ team recently hosted a webinar presented by GRC analyst, Michael Rasmussen, focused on how to drive employee engagement through effective policy management and communication. During the session, we asked the audience: “Does your organization have a policy communication plan?” Remarkably, one in three respondents answered, “no”.

In recent posts, we have drawn attention to the potential hazards of NOT keeping your employees informed, trained, and certified. No doubt, some companies have learned a multi-million-dollar lesson on why it is important to build out a policy communication plan. In case your organization can relate to the third of respondents who identified with not having a formal plan, we want to share some ideas on how you can get started crafting your plan and reducing legal exposure right away.

What is the risk?

1 in 3 respondents reported not having a formal policy communication plan in place.

Are you having a hard time figuring out how to prioritize your policy updates? Consider, first, how your policies are related to your risk environment and what practices you must have in place to protect the organization from the top down. Next, you may wish to focus on the policies and procedures that you have in place to safeguard your organization: security policies and procedures. The next area in need of attention, depending on your type of organization, may be documentation related to ensuring that product, process, or service quality is delivered. If you have a quality system in place, you likely already have associated documentation on a regular cadence of review.

How will you know that all of these practices are actually taking place and operating as designed? You could also prioritize the documentation and routine practice of monitoring, from an operations and financial perspective. Auditing your business and finance functions will go a long way to provide assurance that you have the right practices in place.  

Can your organization provide evidence that your house is in order?

Who is the audience?

Retail store managers, truck drivers, accounting and finance personnel, nurses, IT project managers—there is a seemingly infinite list of roles in the pool of potential policy and procedure audience members. Rather than drafting policies and simply publishing them for broad access or distribution on the company’s intranet, you may want to take a step back and consider more closely, again, the level of risk associated with the documentation. Starting with your areas of greatest exposure, which of your employee roles would be impacted by the absence of the policy or documentation? Pay particular attention to those roles that are directly tied to your high-risk areas and critical controls.

How will you reach them?

The question, here, may be two-fold: What level of assurance does the situation demand? What media is most accessible to the audience?

Policies related to hours-of-service limits for truck drivers and anti-bribery policies for employees working in high-risk geographies may be among your top priorities as it relates to communicating your organization’s values and practices, but they certainly do not have the same work environment or access to information. An important step in your communication plan is the consideration of the level of assurance that the situation demands. Simply publishing some policies may be enough, but for others, it will be critical that you capture a receipt of your employees’ review, their attestation that they understand and agree to follow your policies, and some may warrant training and certification evidencing the employees’ understanding of the critical values and practices.

Can your training materials for efficient and repeatable distribution when possible, but be sure to bring employees in for training on values and practices that are mission critical.

If you want to better ensure engagement by your employees, you may also wish to consider whether the content requires live and in-person training or if delivery to your employees’ mobile devices will be satisfactory. Getting into the flow of what your employees do and see every day is the best way to boost the likelihood that they will see and interact with your content.

Next steps:

RGP’s own policyIQ is an easy to setup and use SaaS platform that can be leveraged to author, manage and share policies, procedures, links to training materials, certifications, and other related documentation on an employee’s device-of-choice. Click here to learn more about our policy management solution or reach out to us, directly! We are happy to help you see your data in a free policyIQ trial site.

And if all of this still feels like a lot to consider, you may wish to reduce your organization’s exposure sooner than later by bringing in a subject matter expert to spearhead the effort. RGP’s professional consultants can help to assess your organization’s documentation and lead the effort to map out and implement the execution of your policy management program and communication plan. Click here to be put in touch with an expert in your area.


Again, special thanks to GRC 20/20’s Michael Rasmussen for sharing his expertise with our audience (and us, too!). If you are interested in learning more from Mr. Rasmussen, we encourage you to check out his website and, specifically, his “Policy Management by Design” white paper.

A complete solution – presented in a policyIQ CPE event!

As part of our ongoing quarterly CPE event for policyIQ, we are putting together something a bit different – and bigger – than normal!

Join us on Thursday, November 30, 2017 at 12pm Eastern Time for the one hour CPE event presented via the web, showcasing policyIQ’s abilities, features and processes for all of your Policy Management needs.  Hosting this session will be Chris Burd, policyIQ Managing Director, and Travis Whalen, policyIQ Product Manager.  Learn more about policyIQ’s solution possibilities here.

In this Introduction to policyIQ CPE session, participants will be able to (among other milestones):

  • See how to utilize the import utility to centralize previously disparate content
  • Secure documentation with read, write and edit access – and approval processes
  • Apply search and reporting features to quickly gather information that is critical to decision-making

Sign up for this training here, and learn more about how policyIQ can be an effective solution for your organization’s Policy Management needs.

 

7.7 Feature: Custom Chart and Graph Data Output

In policyIQ version 7.6, we introduced our clients to custom charts and graphs for the very first time.  This feature lets users to show their data using the chart or graph output of the report builder that they use in other areas of the product.

chart

After its release this summer, many users provided feedback that they would like the ability to access pages directly from the chart or graph.

Great news-we listened!

Clicking the “Show All” link within your Dashboard chart or graph will now display all content that was generated.  The data will be displayed in the table row by row just as it would if it was generated using a typical Detail Report layout.  At this point, users can take action on items by selecting them and looking to the toolbar for their options.

The only part of this experience is the generation of the chart or graph itself.  Originally, we only allowed users to select one “column” for the chart, and this selection would dictate how the chart was divided up (in the example above and below, we divided by page Stage).  Because users wanted to interact with the data, we wanted to allow users to add more than one “column” of data so that clicking “Show All” would yield more than a single column worth of results.

chartcolumns

When generating the chart, select as many columns as you like, making sure that the selection you want to divide the char tor graph by is in the first position (above).  Click save, and then save and run your chart or graph.

The chart will generate, and you can then select “Show All”.  Here are the results for my example here:

chart_data

You can see that any typical action can now be taken on your results…not bad, huh?  We’re excited about it, too!  Think of all the ways you may want to use custom charts and graphs in your processes.

If  you’d like to provide us additional feedback, please do!  Support@policyIQ.com

policyIQ creates Efficient ERM

We want to thank everyone who joined us this week for our latest training session, Enterprise Risk Management in policyIQ.  In this 60 minute webinar, we highlighted how to apply the policyIQ technology to your ERM program.

Check out the recording of the session, download the slides, or keep reading for a brief summary.

ERM – A Six Phase Approach

RGP’s Governance, Risk and Compliance practice has developed a six phase approach based on years of working with companies around the world to implement effective Enterprise Risk Management.  In policyIQ, we use the same six phases to organize and structure ERM.

Enterprise Risk Management Sustainable Process

Enterprise Risk Management Sustainable Process

Use policyIQ Technology to add Efficiency Every Step of the Way

In this training session, we covered ways that clients use policyIQ within each phase of the ERM process.  For more information, reach out and schedule some time to talk about your ERM needs!

Preparation: Corporate Goals & Objectives and Cultural Evaluation

ERM should be implemented to support corporate goals and objectives, so ensure that you have those goals clearly documented and made available to all employees.  Remember – policyIQ provides free read-only access, allowing you to easily make that information available to all at no additional cost!

And if you aren’t certain whether your organization is ready for ERM, use policyIQ to survey your employees and better understand the current risk environment.  Perhaps you’ll find that most employees are risk adverse, while you may later find that your corporate goals require an aggressive risk approach.  Knowing that there is a disconnect allows your team to provide additional training, tailored mentoring or even to think about some new hires in key positions.

Phase 1: Risk Inventory

Before you can start prioritizing your risk, you need to really understand all of the risks that impact your business.  We discussed two possible approaches:

a. Use a standard list of risks and ask employees to tell you if the risks apply

b. Start with a blank slate and ask employees to think of all of the risks that keep them up at night.

In either case, policyIQ aggregates all of the responses, including aggregating the contents of Excel files that might be sent out to capture risks in that “blank slate” approach.  And remember – don’t just survey your executives and senior management!  Employees at all levels of the organization will provide different insight into risk, and asking a cross-section of individuals will help to identify risks that you may otherwise not be aware of.

Enterprise Risk Management - Risk Gathering

Ask employees to tell you what “keeps them up at night” – and aggregate responses from multiple spreadsheets into a single report.

Phase 2: Consistent and Specific Risk Measures

When prioritizing risks, be sure that the measurements used are specific and consistently applied.  Ranges of dollar amounts, for example, represent the impact of a risk.

Phases 3 & 4: Clear Risk Appetite Statement and measurable Risk Tolerance

Effective ERM requires a clearly articulated Risk Appetite Statement, describing the amount of risk and kinds of risks that the company is willing to accept.  Are you risk adverse?  Risk Aggressive?  Do you accept some risk, but have zero tolerance for others?

High level Risk Appetite Statements can then be broken down into specific and measurable Risk Tolerance statements.  Risk Tolerance is something that can be measured, tested and adjusted for a certain type of risk.

Enterprise Risk Management - Risk Appetite and Risk Tolerance

Define your Risk Appetite and break down specific and auditable Risk Tolerance measurements.

Phase 5: Reviewing Risk KPIs / Auditing Risk Tolerance

Regularly review actual performance against those Risk Tolerance measures.   Document your audit results in policyIQ, remembering to include the data that was tested as attachments to your test results.

Enterprise Risk Management - Audit Risk Tolerance

Document the testing and conclusions.  Be sure to upload the data tested.  If risk is not being managed appropriately – too little or too much risk being taken – document your remediation plan and assign it with deadlines, reminders and follow-up directly in policyIQ!

Phase 6: Incorporate ERM into the rest of your business 

Finally, it is critical that your ERM program doesn’t exist in a silo.  Risk management is happening all around your business, and the results are feeding your ERM program.  Link those lower level process risks and mitigation procedures to your ERM program, giving full visibility into all levels of risk management.

 

We are looking forward to working with many of you to implement Enterprise Risk Management into policyIQ!  Contact us to schedule a meeting – no cost and no obligation – so that we can discuss the specific aspects of your ERM program that can be improved through technology.

White Paper Alert: Tail Spend Sourcing

RGP is pleased to announce a new white paper entitled Tail Spend Sourcing, which explores the role and impact of an effective and strategic approach to tail spend – commonly defined as the “bottom 20 percent” of a company’s non-core spend.

Senior Practice Director David Matthews and Managing Consultant Kaush Oza present a practical and tested 5-step framework to target tail spend and drive value. The white paper is available HERE.wp

Please contact us if we can assist with your procurement cost restructuring initiative or if you’d like a complimentary assessment of your tail spend strategy.

New RGP Training Opportunities!

August better prepare:  it will have a hard time handling all the new training opportunities that policyIQ and RGP are throwing at it!  Be sure to follow proper procedures (included in the sign-up after the links) for CPE credit, if applicable.  Here is a quick glance at the upcoming events:

policyIQ Training:

August 20: policyIQ “Introduction to policyIQ” Training

It’s that time again!  As part of our ongoing quarterly training, this event will be hosted via WebEx and will include helpful notes, ideas and tips for new or prospective users of policyIQ.  Participants will learn the basic navigation of policyIQ, create and edit content, and even learn what is possible with our reporting module.  Even more experienced users will find valuable new tips to share with colleagues.  Plus, we’ll provide you with a recording of the session just for attending.  You won’t want to miss it!

RGP Training:

August 6: Third Party Oversight – Vendor Risk Management

Third Party Oversight is now a significant compliance initiative for many companies, and requires comprehensive controls and oversight.  In this webcast, RGP professionals will provide an overview of the compliance initiative, examine how companies are establishing and advancing their programs, and discuss RGP’s proven methodology used with our clients to achieve sustainable compliance with these important regulatory requirements.

August 13: FASB & IASB Update – Financial Instruments and Insurance Projects

Join RGP for an update on the status of projects currently being developed by the FASB and IASB. Although these are “joint projects”, we will also review the areas in which the FASB and IASB have diverged. We will also discuss the future of the IFRS in the United States.

August 27: Cyber Security Risk Assessment: A Practical Approach

RGP’s Rebecca Snevel and Ed Glover will present strategies and best practices to protect sensitive corporate data and provide a holistic approach to Cyber Security.  Among the items discussed will be Risk Assessments, Vendor/Business Partner Risk Assessments, and information security control design.  This session will not only demystify the complexities of Information Security but give you practical steps you can implement to better protect your organization from a security breach.

Be prepared, August.  There’s a lot on your plate.

Reports: Smart, efficient access to all of your policyIQ Data

One of the most useful parts of policyIQ is our built-in Reports module that allows users to report on various types of content within the site.  Three kinds of Reports can be run in policyIQ:  Reports on Users, Pages, or Forms.

reports

User Reports

Reports on Users are designed with Site Administrators in mind—they allow the user to quickly report on various aspects of users within the site. The Report can be run on roles or account types, user information, or even changes made to the user accounts.  For large organizations, there may be many users with changing account types or accounts that are no longer in use.  This Report will bring all users to the surface, and allow Site Administrators to clean up their site.

Page Reports

Pages can be reported on in a number of ways, including their stage, template used, fields on the pages, folders the pages are stored in, or changes made to certain pages.  This kind of Report is also great for users that need to make changes to a large number of pages.   A page Report can be run to bring up, for example, every Control page in the site.  With the pages displayed in the grid, select all of them and then take bulk action from the toolbar.

Form Reports

There are two different ways that Reports can be run on forms: Status and Detail.

Form Status Reports are great for a user that is responsible for administration of forms such as a policy sign-off.  The Report can be run to show the status of each individual form.  Filters can be added to single out Open Forms, Submitted Forms, and Approved Forms. One of the ways that Form Administrators can make best use of Form Status Reports by running a Report on Open Forms, selecting all of the results, and using the “Email Reminder” option in the toolbar to remind all users with open forms that they need to be completed.

Form Detail Reports are a bit different because they specifically allow Form Approvers to actually Report on responses to form fields.  For example, a business may want to find out how many users answered a question a certain way.  If a new policy has a sign-off asking users to agree or disagree in complying with the new policy, the Form Approver would likely be interested in knowing if there were users that disagreed.  A Report can be run on that specific field, and display the individual forms in the Report.

There are so many ways that Reports can be adjusted to provide users with the exact information they desire.  The Reports module can be intimidating to users who are not familiar with it—but have no fear!  Our Support Team has been helping many users build comprehensive Reports that fit their exact criteria.  Just contact Support, and they can help you with all of your Reporting questions.

New Year, New RGP Training Sessions!

As the business world jumps into 2015, RGP has put together new training sessions to help everyone kick-off the new year!  Filled with experts from various practice areas, these sessions are sure to be insightful for a variety of business needs.

Improving Organizational Performance with Supply Chain Policies and Procedures: January 21

RGP’s supply chain  experts Kevin Deely and Margaret Robinson will lead a look at how companies are revisiting their supply chain policies and procedures. They will review how industries such as the Oil & Gas industry have moved to shore up their supply chain and procurement organizations to ensure consistent application of best practices.

Financial Reporting Update and The Year Ahead – The Outlook for 2015: January 29

Join RGP’s Shauna Watson for insight on financial reporting, accounting review and analysis-including the latest FASB pronouncements, and SEC and PCAOB standard settings. This session will provide you with what you need to know to comply with these changes and help you to stay a step ahead.

Data Governance & Revenue Recognition: February 12

Global MD of Finance & Accounting Rebecca Sneval will be on hand with RGP’s Shauna Watson to discuss the new Revenue Recognition standards and their impact on data governance.  How are companies expected to meet this new challenge?  This session will provide the answers, and help you and your company meet these requirements.

 

Each of these RGP Training Sessions have 1 CPE credit available for your participation. So don’t wait any longer…sign up today!

 

 

Introduction to policyIQ Training – Sign up now!

The policyIQ team would like to announce that its next training event is scheduled for Thursday, November 20th at 12 noon EST.  The CPE eligible webinar, An Introduction to policyIQ, is one of our quarterly training sessions geared specifically toward newer users of the product.  Topics to be covered include:

  • Locating content, and site navigation
  • Adding content, and linking it to other pages and forms
  • Monitor, analyze, and share findings using reports

Each of our trainings will be recorded, and the link to the first training is now available here.  While this quarterly session will follow a very similar agenda each quarter, we will be introducing new examples highlighting various uses of policyIQ and focusing attention on new features and enhancements introduced since the previous event.  Even if you are an experienced user, it may be worthwhile to attend and share the recording with your colleagues!

Feedback from viewers of the past session was very positive.  We plan to continue this session as a high-level, step-by-step walkthrough of the selected topic areas—an approach that can be a big help to newcomers!  As always, we welcome suggestions for additional training ideas, as well.  If you or any of your colleagues have an idea of what you would like to see us cover in future training sessions, please let us know!

CPE credit will be available, so be sure to register today, and keep an eye out for details on credit requirements.

We are excited, and looking forward to November 20th.  See you then!

RGP Webcast on November 18th — Culture Interrupted: Best Practices for Merging Knowledge-Based Companies

In today’s knowledge-intensive economy, every organization relies substantially on its most mobile asset – high value talent.  In many industries, the employee talent pool defines the value of their company.  However, when companies merge, there is a very high risk of talent flight which, in knowledge intensive industries, can seriously erode company value.  Statistics have shown that between 70% and 90% of mergers fail and people issues and culture compatibility are cited as the top integration failure factors.

In this November 18th webcast, RGP takes a look at several of the standard employee engagement markers and presents a culture based solution and best practices for successful integration.  Click here to register and learn how to apply this methodology, thus becoming proactive and effective in helping to attract and retain your most important talent.