In this second half of our Q&A follow-up from our February 23rd training class, we'll address those questions related to:
-
Reports
-
Training
-
Other policyIQ uses
Haven't read Part 1, yet? Check it out here!
Reports
When we dug into the topic of Reports, there were a great number of really terrific, detailed questions. This topic always strikes up some great conversations - and we'd love to hear from some of you in the comments to let us know if you have other answers that you have given to your fellow policyIQ users!
Question: Is there a Template or linking ability to a Summary of Aggregated Deficiencies (SAD) Report?
Answer: This is definitely a possibility within policyIQ Reports.
Based on my understanding of what is required as a part of a typical Summary of Aggregated Deficiencies report, you essentially need to pull together a report of all Deficiencies that are not closed out by the end of your testing year. By documenting your Deficiencies in policyIQ and linking them to failed Tests, you can keep track of the status of the Deficiency (some clients go so far as to link a Remediation Plan), and include fields for the Severity and even the Cost or Estimated Financial Exposure related to the Deficiency. When pulling this information back out for your end of the year reporting, you will likely use a Detail Link report type, starting with your Open Deficiencies in data set 1 and including critical details from the Test, Control and ultimately the Risks that are linked back to this Deficiency.
Question: Are the reports in the Unfiled-Administer and Unfiled-View Only viewable to all users?
Answer: Not necessarily. You can make reports available to all Advanced users or specific Groups of users by adding them as "Viewers" to the Report properties. Those reports that appear in the Unfiled-Administer area are those reports that you can administer, but that you have not filed into a specific Category. Those in Unfiled-View Only are reports that you can view, but not administer that have not yet been categorized.
Question: How can I create that report that you are describing now?
Answer: Please check out our Help guide for some additional details about how to create the various reports that we created in our training class, along with several others that may be important for your Sarbanes-Oxley process.
Question: Are the Page hyperlinks available in the Excel export of the Report?
Answer: Starting in version 6.6, you will be able choose to include the Item URL as one of the columns in your exported report, which will then appear as a hyperlink in your Excel export. (Check out version 6.6 release notes for more information.)
Question: Can Report Categories be assigned differently per user or only by the report designer?
Answer: Report Categories are always defined by the specific user. When you create Categories in your Reports module, those Categories are specific for you – so that you can organize reports in any way that makes the most sense for your daily work.
Question: Can a summary report be generated that indicates the number of control deficiencies/exceptions by department or division for risk management reporting (i.e., KRI, KPI trends, etc?)
Answer: Yes! Another one of those questions we love to receive, because it allows us to talk about the depth of possibilities in policyIQ.
Most clients will document Deficiencies on their own unique Pages, with a specific Template for all of those fields that must be captured related to a Deficiency. Those Deficiencies are indexed into those Folders that outline your Business Processes and also in to the Folders for Locations or Divisions, alongside the Controls and Tests. This allows you to create a Summary Report (along with so many other possibilities) of all Deficiencies identified in this testing cycle by Business Process and Division (or Location). You can quickly pinpoint which Processes or Divisions pose the greatest risk to your organization. You might also have a field on your Deficiency Template that defines the Severity of the Deficiency. Is it a material weakness? You could then create a different Summary Report of all Deficiencies identified this testing cycle by Severity and Process (or Division) to see where the greatest risk lies.
The above illustration is just a quick example of what this might look like. Remember that Summary Reports allow you to drill down, as well - either into a specific Process to see sub-Processes, a Region to see specific office locations, or by clicking on any of the numbers in the report to see the detail of the Deficiencies represented.
Question: What is the difference between Standard and Read-Only user types?
Answer: Standard Users have access to a few additional things that Read-Only users do not: Standard users can respond to Forms, they have a Dashboard to keep track of Forms assigned or Pages to read, and they access to Advanced Search! Advanced Search allows a user to create a simple "Detail Report" of content.
In version 6.6, Standard and Advanced users will be able to create and save Advanced Searches to create their own custom views or queries to be accessed within their left-hand navigation. (
Check out version 6.6 release notes for more information.) Read-Only accounts do not have any personalized content or access to Advanced Search.
Question: What examples do you have available in the Internal Audit and Enterprise Risk Management areas?
Answer: We don’t plant attendees to ask leading questions, but sometimes it feels like we do! Join us next month when we host our next CPE training event that will focus on Enterprise Risk Management in policyIQ. We’ll show you a little bit more about how you can incorporate elements of your ERM program into policyIQ. Keep an eye on our blog or on your policyIQ log-in screen for more details!
For more information on how to use policyIQ for Internal Audit, check out our whitepaper that is available now in our online Help guide. This guide will walk through how policyIQ can be set up to manage workpapers and operational audit documentation.
Question: What further training would you recommend to develop a deep knowledge of policyIQ?
Answer: Our policyIQ Training Center offers a great deal of options for getting more knowledge and in depth training on policyIQ. Training courses are broken down by both the policyIQ Module (such as Create And Edit or Setup), as well as by user type (such as "Content Manager" or "Site Administrator").
If you are brand new to policyIQ, we recommend starting with the Introduction to policyIQ followed by the Workflow – Overview session. The combination of those two sessions is just about 30 minutes of recorded training, but will provide a solid overview for new users.
Question: Can we get a copy of the questions & answers in chat?
Answer: Yes.
*whew* Those were some GREAT questions. Of course, every organization is just a little bit different and has different reporting and documentation needs. Contact our support team or speak with your account manager if you'd like to talk more about how you can utilize policyIQ most effectively for your SOX compliance.
And don't forget those great resources available to you in the policyIQ online Help guide!