in

smartercommunity

Bringing policyIQ users together

This Blog

Syndication

Tags

policyIQ Blog

September 2010 - Posts

  • Put the policyIQ Dashboard to work for you!

    Earlier this week, we talked about all of the great things that Custom Alerts can do to enable your content to reach out of policyIQ and ping individuals about tasks to complete, deadlines approaching or special circumstances to be aware of.  What we didn't mention was that the same Custom Alert functionality that will push out emails can also be set up to display Alerts right on the policyIQ Dashboard.  Keeping reading to learn more about how Custom Alerts and other Dashboard windows can provide you with a powerful "first glance" at your policyIQ responsibilities.

    Have you put your policyIQ Dashboard to work for you?

    If you are a power user of policyIQ, you probably already have your policyIQ Dashboard just the way you want it. 

    • If you are a Site Administrator, you might be seeing the Administrative Overview to keep an eye on the size of your site, the number of users or the number of attachments being uploaded. You might also have the chart of Advanced User Roles appearing, so that you always know how many Site Administrators or Project Managers are in your site at a point time.

    • If you review and approve Account Reconciliation Forms, the first item on your Dashboard is probably Forms to Approve, listing out those Reconciliations that are completed and waiting for your action. If you are responsible for completing reconciliations, you most likely focus on Forms Assigned and In Process when you first log in.

    • Internal Control Testers are likely going to have the Checked Out to Me Dashboard item at the top of their screen, so that they can see at a glance which Test pages are currently assigned and in their queue.

    • As the Internal Audit Director, you may focus on Favorite Reports - having already created those critical reports that you need to review on a regular basis to keep track of your compliance programs or deficiency remediation.

    There are a total of 22 possible windows that you might add to your Dashboard (depending on your Role and responsibilities in policyIQ), and an almost infinite combination of those.  (Bonus bragging points if anyone posts in the comments on how many actual combinations there are!)  If your Dashboard isn't currently providing you with a terrific overview of what you need to focus on in policyIQ, maybe it is time to re-evaluate which windows you are seeing when you log in.

    Add Custom Alerts for an even more powerful first glance!

    The newest Dashboard option in version 6.7 is the Custom Alerts Dashboard window.  Like email alerts, Dashboard alerts can be set to notify any user of dates that are approaching (on Contracts, Remediation Plans, Project Tasks or Policy "Expiration Dates", for example). 

    Those alerts can also be used to ping a user about a Failed Test that may mean that a Gap page must be created or a Remediation Plan developed.  If you are responsible for keeping a Policy document updated, you might need to know if any of the related Policies or Procedures have been changed.  An alert can be set up to notify you on your Dashboard (or via email) when that related page has been updated.  (Note that the alerts are set up on the related page - so if you want to receive an alert, be sure to coordinate with the Administrators of that content!)

    Custom Alerts can be set up on any policyIQ page and based on any of the custom fields on the Template (with the notable exception of Short Text and Rich Text fields).  When the Alert is created, a custom message can be added - so that you don't just receive a generic alert, but a practical and clear notification that some action should be taken or some circumstances should be evaluated.

    Need some help?

    Contact us and let us make some recommendations of Dashboard items that will give you the best insight into your tasks in policyIQ.  Are you struggling with Dashboard windows that have become out of control?  It is not uncommon to find that the Pages to Read or Expired and Expiring Items lists have become too long and no longer useful due to a misunderstanding about their purpose or a lack of maintenance.  Let us know and we can help you to clear these out and start fresh.  If you have suggestions for items that aren't yet options for your Dashboard, we want to hear those, too!

    Posted Sep 30 2010, 08:58 AM by chrisburd with 1 comment(s)
    Filed under: , , ,

  • Stay on top of your daily tasks with policyIQ’s Custom Alerts!

    I use my email inbox as a "to-do" list and my calendar is a color-coded road map of tasks, projects and meetings for my day, my week and my month.  When I have a task to complete that hasn't come via email, I send myself a message so that I can keep track of it.  If I need to follow-up with someone because of an upcoming project deadline, I set a calendar reminder to follow-up on a specific day.  My Blackberry chirps throughout the  weekend as my reminders pop-up for hair appointments, lunch dates with friends, or trips to the post office that I would otherwise forget to make. 

    Does this sound familiar?

    It's a fact of life in this technology age that we rely on electronic reminders to get us through our busy days.  And as more companies rely on policyIQ to manage their projects, contracts, compliance programs and critical initiatives, we recognize that policyIQ users need more options for customized alerts related to policyIQ content.

    Custom Alerts make your policyIQ content a part of your daily task management

    policyIQ content isn't just valuable to the users who are logging in every day - it's also valuable to users who might otherwise not know that they NEED to log in or take action.  In the latest version of policyIQ (being released to all clients over the next several weeks), we are introducing functionality that allows you to create Custom Alerts on your policyIQ content that will trigger email messages to any user or email address.  We're often asked if policyIQ interfaces with your email program for project management or task management.   Now it can.

    Think about your policyIQ content for a minute.  Go ahead.  We'll wait.

    Done?  Okay. 

    Were you thinking about your Sarbanes-Oxley content?  If so, you might be tracking Deficiencies - or you might even have separate pages in policyIQ that document the Remediation Plan for those Deficiencies.  When the remediation plan was agreed on and documented, you set some deadlines for when that plan needed to be completed.  You might have even set a date at which you planned to review progress.  Wouldn't it be great if policyIQ could send a reminder out to the remediation plan owner and the audit team as those dates approach?  DONE.  policyIQ's Custom Alerts can be used to set up an email reminder to go out any number of days prior to that deadline.  30 days?  7 days?  Both?

    Wait...what if you don't just want an email to go to the process owner, but you also want a reminder to go to his boss - who is not currently a policyIQ licensed user?   Done.  You are not limited to sending Custom Alerts to just licensed policyIQ users.  If an email address exists, you can send a reminder to it.

    You were thinking about your Corporate Policies?  Would you like to alert the Compliance Director when a corporate policy is updated and published?  Cool.  Set up a Custom Alert based on the Stage of the item changing to "Published" and an email can be sent every time the page is published. 

    Did your mind wander to those Contracts you're tracking?  Custom Alerts around the milestone and expiration dates are obvious improvements in your process.  But have you considered setting up Custom Alerts to notify your Procurement Director any time a contract is entered with a value greater than $50,000?  It's likely that high value contracts require more attention - and setting up Custom Alerts on your contracts will help to confirm that you aren't forgetting to properly notify your management team when those contracts come in.  Create the Alert to trigger when the Contract Value is greater than $X.

    Now take a moment and think about what you aren't tracking in policyIQ.  Projects?  Contracts?  Policies?  Procedures?  Internal Control Testing?  Is your current process or tool able to generate email alerts based on your custom fields or milestone dates that you've entered?  Do you have to rely on individuals reviewing the content every day to ensure that all tasks are getting their proper follow-up?

    Are you ready to have policyIQ make that easier for you?

    Contact us and let us talk to you about how policyIQ will make your process easier to manage through the use of Custom Alerts.  If you want to check out the step-by-step how-to for setting up a Custom Alert, check out our online Help for the details.

    Posted Sep 28 2010, 03:41 PM by chrisburd with 2 comment(s)
    Filed under: , , , , , , , ,

  • More Effective and Efficient Risk Assessment Process

    We enjoyed great turnout and great questions from those who attended our recent CPE event walking through the automation of Risk Assessment. Special thanks to our guest presenter, Leslie Tamayo, who testified to the effectiveness of the process as well as the value of policyIQ to make the assessment even more efficient.

    The greatest challenge in presenting this topic was trying to fit 20 pounds of material into a 5 pound sack! There’s a lot of great information for this topic. Let’s re-cap and look at some of what we could not share during our time together.

    The Risk Assessment Process

    Use the AS5, top-down, risk-based approach to help you focus on what truly matters. Identify risks underlying relevant financial statement assertions. Then perform a thorough analysis to determine which controls really matter and, therefore, which tests are necessary.

    Bring automation to your process using policyIQ

    You can capture your Risk Assessment in policyIQ. We created a “K” Template in policyIQ to represent the 10K Line Item Risks. By creating a Template for our 10K Line Item Risks, rather than having a Drop Down field or representing each line item within a Folder structure, we are able to illustrate the relationship between each line item to relevant business processes and to locations more easily. This is also the best way to demonstrate the relationship between each line item risk and the relative controls for your control rationalization process.

    By indexing the line item risks to the appropriate Folders in policyIQ, we “mapped” them to relevant Business Processes (and you could map them to relevant location folders, too).

    A very important step is to link 10K Risks to Control Activities in policyIQ. You may also wish to break down your Financial Statement Assertion field on your Control Template—instead of having a Multi-Select field, you could capture each assertion as its own field with a Yes/No choice. These two steps make the Detail Link Report simple to create and to view from different perspectives for your Control Rationalization process.


     
    Use policyIQ Reports to see the “big picture” and to create a “dynamic” view of your Control Environment in real time.

    • Create a list of each line item’s rating for various Risk Assessment Factors and to calculate the risk
    • Validate your assessment of which Business Processes are significant by listing your 10K Line Item Risks with related Business Process Folders
    • Review complete lists of your Business Process Risks and your Control Activities
    • Add Financial Statement Assertions to your Controls list so that you can verify that each Control addressing an assertion is, indeed, identified as a Key Control (later, in your analysis, you may determine that some can be downgraded if they are redundant Controls)
    • Analyze coverage of Financial Statement Assertions by Controls for each of your Financial Statement Line Items

    With the automation of the Risk Assessment Process you will spend less time on the manual/mechanical preparation of your assessment and more time on analysis. Create a process that is more effective and more efficient by spending valuable time identifying Gaps, Redundancies and determining which Controls are truly important.

    “Help!”

    Want more information? Check out these resources:

    Our online Help guide walks through the process, provides specific guidance on how to configure your site and how to build the Reports that we presented in our session. You will also notice that the session’s presentation deck and a link to the recording of the session are available in Help. Click here to go directly to the Risk Assessment related Help content. 

    What’s preventing you from automating your Risk Assessment process in policyIQ?

    Let us help you to get started!

    Contact us and we can connect you with experts in your area who can hit the ground running and work with you to perform and document your assessment. They can help you to begin with your 10K Risk Assessment and to work through the full cycle which brings you back to confidence in your internal control environment.

    Of course, we also can connect you with policyIQ experts to address your policyIQ implementation questions. We’re waiting and looking forward to hearing from you (support@policyIQ.com, or 1-866-753-1231)!

     


     

    Posted Sep 24 2010, 05:15 PM by stepheniebuehrle with 1 comment(s)
    Filed under: , , , , , ,

  • Having trouble receiving e-mail from policyIQ?

    Are you experiencing any problems receiving e-mail from your policyIQ site?  You're not alone, but fortunately our Support Team has been able to assist many clients with identifying policyIQ e-mail as coming from a trusted business partner.

    Let's take a look at the most common cause for policyIQ e-mail to be blocked:

    "Spoofing Blockers" are the most common cause of policyIQ e-mail delivery issues

    When an e-mail is sent from policyIQ, the e-mail address listed in the sending user's profile becomes the sender address used in the e-mail message.  For example, if Mary Smith from ABC Company is initiating the e-mail, the message will be "From" msmith@abccompany.com.  Mail servers may block incoming e-mail if the domain of the sender is the same as the internal domain of the company. 

    If Mary's mail server expects all e-mail with a sender domain of "@abccompany.com" to originate internally, it may block any e-mail coming from an outside source with this same domain.  This is known as a spoofing blocker, and is a very common problem for policyIQ users to encounter. 

    Don't get us wrong - spoofing blockers can play a valuable role in an organization by blocking disreputable senders from attempting to convince you that an e-mail is from a legitimate internal source. But we promise - our e-mails are safe.  We just need to convince your mail server of that!


    There are solutions.  And we are happy to help.

    There are several solutions to the Spoofing Blocker issue.

    • Set the SMTP Override - Setting change can be made by any Site Administrator

      Use the SMTP Override feature in policyIQ to setup a generic sender address for all outgoing e-mail. Typically a generic address such as Admin@policyIQ.com or CompanyName@policyIQ.com is used to denote e-mail as coming from your policyIQ site. This setting can be changed by any Site Administrator in your policyIQ site in the Setup>System Setup>E-mail Settings menu item.
    • Whitelist the policyIQ Mail Server - Must be done by your IT department

      It's possible that your IT department could allow access from our sending mail server so that e-mail will not be blocked or marked as spam. This is typically known as whitelisting, and could be the most efficient long-term solution.

    If you or your IT department would like to take these steps, but you need assistance or more information, please contact our support team.  We can provide information about our mail server so that your IT department can identify us as a trusted partner.


    We're going to make it even easier to identify policyIQ e-mail!

    In our upcoming version 6.7 release, we will begin sending all hosted policyIQ site e-mail from a dedicated mail server.  This will include e-mail generated from our new "Custom Alerts" feature in version 6.7.  The new mail server will make it much easier for your IT department to identify e-mail as coming from a trusted business partner in policyIQ, since it will be generated from a consistent location and can be easily traced back to a policyIQ domain. 

    Please contact our Support Team if you are experiencing any problems sending e-mail from your policyIQ site, and would like to receive more information on how this enhancement could be helpful to you.

    Posted Sep 21 2010, 08:31 AM by brianwhalen with 1 comment(s)
    Filed under: ,

  • Now easier than ever to delegate work to someone else. You're welcome.

    About a month ago, we reminded you in this blog about a little used Page Security property called Editors.  Editors serve a unique function as users to whom a Page might be assigned, but who are not able to finalize and publish the Page.  This distinction from their Administrator counterparts, gives you the ability to build in three levels of workflow for your content: Editors (to create and edit the item), Administrators (to review, Publish and Send for Approval) and Approvers (to take one final look at Approve and Publish).

    We want to encourage more of you to consider this type of process - to better delegate and distribute responsibility for content updates.  (Really - shouldn't your Control Owners be making those updates to Controls?  Don't you want the front line staff to document the Procedures they use every day?)  We found that many organizations who have wanted to build in these levels of responsibilities were struggling when it came to checking out the pages to the right users.  The people to whom they wanted to assign the Page weren't in the list of options.  What was happening?  Why is it so difficult? 

    Let's make it easier to Check Out Pages to new people.

    In version 6.6, if you want to check a page out to a user, he must already be listed among the Administrators or Editors that has access to that page.  To do that, you as the Administrator of the Page must go to the Page Security tab, seach and add the user or his Group, and save the Page.  Then you can check it out to your new Editor. 

    In our new version 6.7, we're going to save you some steps and, just maybe, some headaches. 

    Go to the Check Out to Others function.  If your user is not already one of the Administrators or Editors, that's okay - you can add him using the Select User icon right from this same window.  The user selected will be added as an Editor, and the Page will be checked out to him.  Easy peasy.

    We haven't taken away the cool little drop down option, either.  If your users are already set up in your Page Security, the drop down list will display all of the individuals who can edit or can administer the page so that you can easily pick the right one.

     

    Ready to start using Editors?  Want to learn more about version 6.7?  Just really like chatting with the policyIQ support team?  Send us an email and let us know how we can help to support your organization and your policyIQ implementation.

    Posted Sep 16 2010, 10:37 AM by chrisburd with no comments
    Filed under: , , ,

  • Reduce Time and Effort Testing Fewer Controls

    Who doesn’t want to reduce their total number of controls and, therefore, the effort required to test your controls?

    In this month’s policyIQ Training for CPE session, we are grateful to have Leslie Tamayo with us, from Resources Global Professionals, to present a tried and true process for performing your Risk Assessment, evaluating your Controls and performing your Control Rationalization process. (Click here to register for our CPE training session: “policyIQ for Automation of Risk Assessment”, September 21st, 3:00pm ET.)

    policyIQ helps to more efficiently analyze which Financial Statement Assertions, relative to each of your 10K line items, are adequately controlled, which are left vulnerable and those for which there exists significant redundancy! The pay-offs for this work:

    1. With this process, you are able to confidently assess your internal control over financial statements and to make more informed business decisions.
    2. This analysis of your Controls turns your gap analysis and justification to reduce your total number of controls (and therefore to reduce your testing effort) into a cut and dry process.

    Having confidence in your Control Rationalization process and your internal control environment then allows you to come full circle and to look at all of the other Risks that you previously identified. You might conclude that some of those Risks are not as critical to the business as you might have originally assessed. This Control Rationalization process will help you to be more effective and more efficient and to simplify your work through each testing cycle.

    We hope that you’ll join us for our Risk Assessment session coming up next Tuesday! In the mean time, if you’d like to connect with an expert who can partner with your team and help you with this process, or if you’d like to chat with a policyIQ expert, contact us and we’ll take care of you!


    Posted Sep 13 2010, 03:46 PM by stepheniebuehrle with no comments

  • On Your Way to a Stronger Internal Control Environment

    A solid internal control environment is a key indicator of reliable financial information. Do you feel confident that your control environment is effective and efficient? Do you feel confident that your business is focusing on relevant and critical risks?

    How do I implement a “top-down risk based approach”?

    The Public Company Accounting Oversight Board’s (PCAOB) adoption of Auditing Standard No. 5 (AS5) in 2007 helped companies to save time and costs by encouraging them to focus on a top-down risk based approach and helped them to reduce testing of medium-risk controls and to eliminate testing of low-risk controls. And while this “top-down risk based approach” to documentation and testing has become more commonplace, many organizations can spend an inordinate amount of time capturing and classifying relevant financial statement line items and identifying relevant risks to perform this analysis. 

    Risk Assessment is really an ongoing cycle

    Resources Global Professionals has helped a number of organizations to perform their Risk Assessment and, this month, we are going to walk you through the steps to perform this process as well as show you how you can bring automation to your Risk Assessment process in policyIQ. (Click here to register for our CPE training session “policyIQ for Automation of Risk Assessment”, September 21st, 3:00pm ET.) Following our guidelines for automating your Risk Assessment, you can then map your 10K line items to relative Business Processes and, therefore, to your Controls.

    Control Rationalization:  you may be able to test even fewer controls…really!

    Stay tuned! We’ll continue this discussion about how the Risk Assessment process leads to sound rationalization for reducing your Controls and your Control Testing in our upcoming training session and in a blog post coming up in the next week or so.

    Want to get a jump start on automating your Risk Assessment process in policyIQ?

    Let us help you to get started!

    Contact us and we can connect you with experts in your area who can hit the ground running and work with you to perform and document your assessment. They can help you to begin with your 10K Risk Assessment and to work through the full cycle which brings you back to confidence in your control environment.

    Of course, we also can connect you with policyIQ experts to address your policyIQ implementation questions. We’re waiting and looking forward to hearing from you (support@policyIQ.com, or 1-866-753-1231)!

     

    Posted Sep 09 2010, 02:05 PM by stepheniebuehrle with 2 comment(s)

  • Want to categorize reports for the entire organization? Site-wide Report Categories are coming in 6.7!

    I think we might have mentioned recently that we're pretty excited about version 6.7.  The introduction of Custom Alerts will open up new doors for our policyIQ users - allowing you to use policyIQ to stay on top of those things that are most important to your organization.

    But Custom Alerts is not the only new feature coming in version 6.7.  In fact, the introduction of Site-Wide Report Categories is likely to be met with even more enthusiasm by our existing clients.  When we rolled out version 6, we were thrilled to be able to offer Report Categories, allowing users to better organize all of those reports that they create and run - or those that are shared with them. At the time, it seemed most important to make those categories user-specific, so each individual could have their own custom categories.  As we've learned over the past few years, site-wide, shared categories are even higher in demand.

    You asked.  We answered.

    Site Administrators in your policyIQ site can now create Categories, and designate those as "visible site-wide".  With this setting, the Report Category will be available in the left hand navigation of the Reports module for all users who have access to reports.

    Don't worry - those personal Report Categories aren't going anywhere.  Users will still be able to have their own Categories - and Reports can be indexed into as many Categories as you'd like.  Keep your own lists of Reports, but use Site-Wide Reports to share those most critical to your entire user base.

    Need some ideas of Categories?  We're full of ideas!

    • Sarbanes-Oxley Reports
      All of the critical reports in your SOX process can be bundled together and made available via a standard Category. If you have various locations, you might consider creating a Category for each Location, with reports filtered to just those results that apply to them.

    • Site Maintenance Reports
      For organizations with a number of Site Administrators or Location Administrators, create a Category into which you can place some standard maintenance reports. User lists with most recent log-in date, or pages with the Last Updated Date. Keep on top of the information that is going stale - or just report on Pages in Draft that still need to be completed and published.

    • Policy Management Reports
      Using policyIQ for Corporate Policies? Keep a Category of reports available to include reports on things like All Policies Updated in the last 30 days, or Policies past their expiration date.

    • External Auditor Reports
      You've created reports for your external auditors - now make it simple for them to pull up those reports and dive into their audit work!

     

    No matter how you are using policyIQ, I'm sure you can think of ways that you'd like to implement site-wide Report Categories.  Not a Site Administrator?  Contact your Site or Location Administrator for help in creating a site-wide Category that will be useful for the organization.  Need help?  Contact our support team!

    Posted Sep 09 2010, 11:48 AM by chrisburd with no comments
    Filed under: , , , , ,

  • We’re excited about policyIQ version 6.7.

    The start of September is my favorite time of the year.  It's not exactly "cool" yet here in the Pittsburgh area, but the mornings are decidedly cooler than they were just a few weeks ago.  I'm putting away my sandals and breaking out my loafers.

    And while I'm breaking out my winter wardrobe, the policyIQ team is preparing to break out our latest release of the policyIQ application.  Version 6.7 is on its way in the coming weeks.

    We've been talking about version 6.7 for awhile.  Why? 

    We're excited!  It's not often that we get to launch new features that not only improve your policyIQ experience, but truly open up entirely new ways to use our application.  With version 6.7's Custom Alerts feature, we want you to re-evaluate the way you look at policyIQ.

    So what's the big deal with Custom Alerts?

    I'm not going to spend too much time dwelling on the details of Custom Alerts.  If you want details, you can check out this blog post that provided a sneak peek into the feature, or this recent blog post where we summed up our latest training session that illustrated this new feature.

    Instead, let me just tell you about some of the things that policyIQ can do for you when you set up Custom Alerts:

    • Send an email message to your Process Owners when a Test has failed in their business area during your SOX testing efforts. Include the next steps - such as instructing those Process Owners to create and submit an Action Plan.

    • Escalate (via email or Dashboard alert) to a supervisor or Department Director when an Action Plan Due Date is reached. Include the most recent copy of the Action Plan from policyIQ, so that they can review and confirm if all of the tasks have been completed and the documentation has been updated by the Action Plan Owner. And they can do it all without logging into policyIQ!

    • Send email alerts to Contract Owners when contracts are within 90, 60, or 30 days of their Expiration or Renewal Date. Include instructions for the best steps to take to follow-up. Create other alerts to go out to the Legal Department, Procurement Director or Managers to keep them updated on contracts coming up for renewal.

    • Send an email to your Board of Directors - who may not even be users of policyIQ - to notify them when critical documentation is updated or posted. Include the information as attachments to the email message and provide them with the details without requiring them to be policyIQ users.

    I'm sure I would be exaggerating to say that the possibilities are endless - but I have yet to find the "end" of the ideas that I have for implementing this great new feature.  In fact, all month we are going to focus on how Custom Alerts can be used in various areas - Compliance, Contract Management, Project Management and more.

    What else is in store?

    While we're excited about Custom Alerts, there are also some great improvements you can look for in version 6.7.  Such as:

    • Report Categories - now available both as user-specific and site-wide options.

    • Check Out to Others - Check a page out to another user more easily and automatically add him/her as an Editor in a single step.

    • Expired and Expiring Items on your policyIQ Dashboard are now more manageable, with better filter and toolbar options when viewing the complete list.

    • Search for Forms in the Home module using the simple Search functions. Results in Search will now include Forms.

    • Send email notifications (today or on a future date) to those users added via the Import function.

     

    We continue to strive to solve your business problems - with solutions in policyIQ and enhancements to make our product (and YOU) more efficient in your daily work.  Stay tuned to the blog this month as we explore the new features.

    Don't hesitate to contact us at support@policyIQ.com with any questions about this release - or suggestions for the next one!

    Posted Sep 03 2010, 08:36 AM by chrisburd with 1 comment(s)
    Filed under: , ,
© 2011 Resources Global Professionals