What comes to mind when you hear “digital evidence”?

Who cares?

I mean, who actually has to care about digital evidence? Consider the audiences or different roles of people who need to produce or rely on digital evidence: management and business unit leaders; auditors; information management, technology, compliance, and security professionals; and the officers of your organization. We are producing unstructured data, much of it valuable, at a breakneck pace. Do you know who your producers of quality digital evidence are?

When I hear digital evidence, I think of the artifacts that may be considered digital evidence such as raw data, reports, signed documents, test results, specifications, and performance receipts. Documentation of activities that provide assurance, including procedures, work instructions, training sessions and materials, and attestations are also critical. Have you identified which practices and assurances are closest to your significant accounts, risks, and controls?

How do we wrap our arms around digital evidence?

There are systems and practices that provide the bookends for ensuring relevant and reliable results contributing to digital evidence such as systematic management and monitoring of workflow, milestones, deadlines, analyses, and remediations. Digital evidence also relies on the trail of bread crumbs that show who touched what and when including the audit trail of changes, versions, handoffs, and approvals. Without a central portal or system in place, it is plain to see, we cannot reliably manage digital evidence.

Are you taking advantage of all that policyIQ has to offer in these areas?

Alerts, dashboard notifications, and email generated systematically by RGP’s policyIQ helps employees know when work is required of them. The taxonomy of the digital content is configurable and can be subject to the information governance preferences of your organization with appropriate read, write, and approve rights established during initial configuration. policyIQ can provide an enforceable framework to manage contributions, the complete capture, monitoring, and reporting on critical documentation and evidence.

If your opportunity has more to do with the quality of your existing evidence or the need for corroborating evidence, RGP’s subject matter experts can help to assess your need and to fill any gaps identified. Right now—whether related to technology, process, quality, or completeness—make a note of some of those gaps or pain points that just crossed your mind. And then reach out to us: Information@policyIQ.com; 412-263-3330.

How to Transition from Manual to Automated Workflows

Tis the season for fresh starts!

Let us help you manage the development, hand-offs, review and approval of your GRC content more efficiently! Have you designated the parties responsible for updating your Process Narratives and Control documentation? Do you have a process defined for who captures testing details and who performs the final review of audits?

Have you mapped out hand-offs in your processes?

The workflow features in policyIQ support multiple levels of authoring, reviewing, and final approval by individuals or groups, such as one of two line staff or any of 3 auditors. These features allow you to institute your expectation for updates and hand-offs so that those actually responsible for performing various duties are prompted by the system to properly wrap up their work and to establish a defensible audit trail with appropriate documentation and evidence.

Is your team utilizing the Check-in/Check Out capability to collaborate with fellow contributors? Have you added external auditors and other stakeholders as Viewers on your documentation? Rest assured that Viewers will have Read-only access only after your content has completed your designated approval process.

Ensure greater communication, security, performance, and cost savings with automated workflows

We are standing by ready to talk through your options on how to transition from manual maintenance to automated workflows. It’s 2019! Time for a fresh start and more efficient and effective processes. Talk to you soon!

How many spreadsheets are you trying to manage for ASC 606?

RGP is hearing from Public and Private companies who are working to get a handle on their Revenue Recognition compliance efforts. As with many new initiatives, most of those tasked with the responsibility of rolling out a contract review process began with authoring the process in Excel. This particular process, more than some, requires a number of people with varying technical skills and technical accounting expertise to work through a long checklist or multiple spreadsheets full of questions and considerations. And, like many others, these teams are racked with frustration over the common ills of spreadsheet-based processes:

  • Almost as soon as the tool is put to use, the version is out of date and the data does not reconcile with other versions.
  • It is difficult to track and understand which version is the latest or the “best”.
  • Often, spreadsheets are not properly secured and suffer unintended changes.
  • Changes to data attributes in the spreadsheets can have significant impact on conclusions.
  • Sharing and communicating lessons and conclusions is a massive and disjointed effort.
  • It is difficult to roll-up the results from multiple spreadsheets for analysis and reporting to management and auditors.
  • If multiple people must work in and make adjustments to the spreadsheet, it can be remarkably challenging to trace the changes back to the appropriate party.
  • It is virtually impossible to dictate order of responsibilities and to consistently communicate and enforce an approval process.

RGP has a few remedies that can help you to treat or avoid these ills.

Private Companies –  RGP has a proven Revenue Recognition solution that can help companies from your early assessment through planning how you will fill gaps in policies and systems and can aid your team with the implementation of agreed upon solutions, controls, policies and associate training and communication.

Public Companies – Those who worked to tackle ASC 606 compliance on your own in year one can certainly still call on us to evaluate your program and to identify and guide you to address and close gaps.

All Companies can take advantage of RGP’s proprietary tool, policyIQ, to remedy the ills associated with spreadsheet based processes. Companies have the option of

  1. leveraging the flexible and configurable policyIQ to automate your own checklist or questionnaire or
  2. you can adopt the RGP solution with pre-built templates that guide the reviewers through the contract review process.

In either case, you can put your spreadsheet worries to rest and bring centralized access, version control, workflow, reporting for analysis and management review to your Revenue Recognition program.

Contact us to learn more about our technical accounting expertise, project support, and proprietary technology: support@policyIQ.com.

ASC 606, can your contract review tool do this?

Spreadsheets, email, shared network drives…

…this is where most of our critical work starts! With the deadline to comply with the Revenue Recognition Standard now in our sights, many of your corporate accounting peers have met the harsh reality that these commonly used tools are not meeting their contract review needs. Disconnected spreadsheets do not keep their reviewers in-step with each other’s developments. They are habitually shared via insecure channels and we often find, even with the best of intensions and development, breakfreelists, formulas, and formatting within a spreadsheet can be compromised resulting in an unreliable tool. Aggregation of data for analysis and consolidation of conclusions for management review are nearly impossible feats with dozens (or, certainly, thousands) of manual spreadsheets.

For those of you who are relatively new to the policyIQ community, you might not have heard that policyIQ has been a constant in the RGP toolbox, serving to solve our clients’ problems for nearly 15 years.  We don’t make commission on software sales and are not incentivized to upsell you or to sell you a new tool or module. In fact, we work hard to make it possible to serve all areas of your business within one platform—we don’t have extra modules to sell you!

The flexibility of policyIQ to be easily customized for various initiatives has made it possible for our clients to hit the ground running in applying our web-based technology to their pressing Revenue Recognition needs.

A company may utilize policyIQ for the full contract cycle or simply as a contract repository, centralizing access and simplifying assignment of contracts to reviewers for ASC 606 analysis. In addition to guiding the reviewer through the 5 Steps outlined in ASC 606 required for each detailed review of contracts that are in scope, policyIQ also provides a place to document evidence of the reviewer’s considerations and tools to leverage that information for necessary analysis. Key conclusions from each step are automatically pulled out into a summary. Reviewers add final notes to the summary and systematically route all related content for review and approval, as desired and customized for each client.

piq_benefitsforrevrecThe ability to report on results of contract reviews in aggregate gives way to analyses not possible in spreadsheets. Look across all Performance Obligations by Revenue Stream, Geography, Business Division, Over Time vs Point in Time, Sales Channel, or Reviewer, for example. Reports also aid in the management of contract reviews—in the assessment phase and with ongoing reviews. Report on issues as they are being identified, assignment of contract reviews, progress of reviews, and impact of the standard on various divisions or revenue streams. Use reports to easily identify those contracts that warrant follow-up action.

plansforleasesWe delivered many new features in 2016 and some were developed specifically to sharpen the Revenue Recognition solution. We are wrapping up another release for spring and have an impressive road map that will go into development while the spring release is undergoing formal testing. And did you hear that upgrades are included free-of-charge?

We’re here to serve and grow with you.

Can you say that about your Revenue Recognition tool? Reach out to schedule a tour of policyIQ’s capabilities for ASC 606, compliance, audit, policy management or your other pressing information management needs!

Approval Workflow: Coming soon in policyIQ 7.6

Whoa…what’s that over in the left hand navigation?


For many clients, Approval Workflow has been on their wishlist for some time…and with the holidays approaching, I thought I’d give you all a small gift:  Previews of what our development team has been hard at work on!

After receiving feedback from clients and users, it became apparent that a more complete process for approving content was needed. In a nutshell, Approval Workflow will bring some much needed automation and clarity for our users’ pages and forms that need to walk through a more thorough (or simple) approval process.  This module, featured on the left hand navigation, will give our customers just that.


The Approval Workflows can be customized to an organization’s needs.   Various approval types can be selected, giving users the chance to have pages or forms move through a simple Single-Step Approval where ANYONE in the list can approve the item, or ALL users will have to approve before an item is finalized.

Separately, a Multi-Step Approval has been created to allow Administrators to have content move through a step by step approval, with each step being an ANY or ALL approval before the content moves on.

With huge increases in Approval Process flexibility, policyIQ 7.6 is sure to make quite an impression with our clients.

Thinking about something you like or something that makes you concerned?  Let us know!  We’re happy to talk about it!

Contact Support:  Support@policyIQ.com.

“Available for Checkout”: Black Hole of policyIQ or Misunderstood Gem?

I find myself frequently saying the words, “I don’t recommend using the Available for Checkout stage as a part of your process” – and I have a lot of good reasons.  Available for Checkout essentially means this: a page in policyIQ is not published, but it is also not currently sitting in someone’s queue to be worked on.  You can see how easily these pages might be overlooked and forgotten.  If the responsibility isn’t spelled out, it’s easy to assume that someone else will take care of it.

availableforcheckoutAnd then a funny thing happened.  A few months ago, I found myself specifically recommending the Available for Checkout stage for one of our policyIQ users – for exactly the reasons that I would normally avoid it.

The client uses policyIQ to manage their Sarbanes-Oxley documentation, with multiple business units and locations.  Some processes in certain business units are not in scope – but the risk assessments and controls are retained, and test pages are even created each year.  For those units not in scope, the information is simply left in a Draft state so that it is available should a situation occur to change the scope.

The audit team, however, actively uses their Checked Out to Me queue to manage their workload – and several hundred pages of not-in-scope Risks, Controls and Tests really gum up the works.

We considered some options.  They could simply publish the pages, but they need to be sure that their final audit reports, made available to external auditors within policyIQ, do not include these out of scope pages.  View security could accomplish this, but then every auditor would need to remember to update the View security if an item were to be changed to in scope (or to remove security if something were discovered to be out of scope).

Ultimately the right – and simple – answer was to pull all of those pages into Available for Checkout and keep them out of the queue for active work.

After this experience, I find myself rephrasing my previous words to be more clear.  “Typically, we don’t recommend using Available for Checkout as a part of your active workflow, because pages may be lost or forgotten.”

Now easier than ever to delegate work to someone else. You’re welcome.

About a month ago, we reminded you in this blog about a little used Page Security property called Editors.  Editors serve a unique function as users to whom a Page might be assigned, but who are not able to finalize and publish the Page.  This distinction from their Administrator counterparts, gives you the ability to build in three levels of workflow for your content: Editors (to create and edit the item), Administrators (to review, Publish and Send for Approval) and Approvers (to take one final look at Approve and Publish).

We want to encourage more of you to consider this type of process – to better delegate and distribute responsibility for content updates.  (Really – shouldn’t your Control Owners be making those updates to Controls?  Don’t you want the front line staff to document the Procedures they use every day?)  We found that many organizations who have wanted to build in these levels of responsibilities were struggling when it came to checking out the pages to the right users.  The people to whom they wanted to assign the Page weren’t in the list of options.  What was happening?  Why is it so difficult?

Let’s make it easier to Check Out Pages to new people.

In version 6.6, if you want to check a page out to a user, he must already be listed among the Administrators or Editors that has access to that page.  To do that, you as the Administrator of the Page must go to the Page Security tab, seach and add the user or his Group, and save the Page.  Then you can check it out to your new Editor.

coto_selectIn our new version 6.7, we’re going to save you some steps and, just maybe, some headaches.

Go to the Check Out to Others function.  If your user is not already one of the Administrators or Editors, that’s okay – you can add him using the Select User icon right from this same window.  The user selected will be added as an Editor, and the Page will be checked out to him.  Easy peasy.

We haven’t taken away the cool little drop down option, either.  If your users are already set up in your Page Security, the drop down list will display all of the individuals who can edit or can administer the page so that you can easily pick the right one.

Ready to start using Editors?  Want to learn more about version 6.7?  Just really like chatting with the policyIQ support team?  Send us an email and let us know how we can help to support your organization and your policyIQ implementation.