in

smartercommunity

Bringing policyIQ users together

This Blog

Syndication

Tags

policyIQ Blog

February 2011 - Posts

  • Every compliance effort demands training. Are you managing that training effectively?

    All month we've been bringing you ideas for how you can manage your compliance efforts across your entire business in policyIQ.  As I started to dig into writing this last blog post for February - intended to be an overview of the Anti-Money Laundering Legislation and how you can also integrate these compliance efforts - I kept coming back to a quote in our very first blog post this month:  "...compliance initiatives across all industries are really similar from a content management perspective..."

    That's certainly not to say that each compliance program doesn't have its own unique aspects - different reporting requirements, different objectives, different thresholds and different areas of focus.  But I'm not an expert in any one compliance program - my expertise lies in how to manage compliance programs in an automated and integrated way.  And that's not different.

    In other words, writing about Anti-Money Laundering compliance was going to be really boring. 

    Another way compliance efforts aren't different?  Training employees is a key to success!

    As I have researched several different regulatory requirements this month,  I keep stumbling across a strong focus on "training" as a part of the compliance program.  We're not talking about training your policyIQ users or training your Internal Audit staff - we're talking about training your company's employees to understand and comply with the regulations and internal controls.

    How are you going about distributing and tracking that training?

    It's very likely that you have a mix of training methods, depending on the requirements of any given regulation.  Some may require that you do in person or on-site training with employees on a semi-annual basis, while others require that you simply provide the information and track in some way that employees have read it.  Not only do you require a strong training program, but you have to be able to prove that you have a strong training program to your auditors.   And policyIQ can help!

    • Use policyIQ to make critical company policies, procedures, controls and documentation available to all employees!

      By publishing your critical content in policyIQ, you can make it available to all employees online with free read-only access. You know that your audience is viewing the most recent version of the documentation - and you can even send emails with links directly to specific policies. All documentation is then centrally located with an audit trail of changes and a full version history.

    • Use policyIQ Forms to gather sign-offs on key policies or controls from relevant employees.

      For those compliance programs that require a step further, you can use policyIQ Forms to create sign-offs - requiring specific employees to sign off on a policy or control on a regular basis. You can even go beyond sign-offs and set up "test" questions that further confirm that the individual has actually read and understood the content.

      You then have a full trail of those sign-offs in policyIQ, which can be audited as necessary to prove that you have a regular program in place. While you do pay for Standard User licenses for all users who provide their sign-off - the licensing costs are a small price to pay for the peace of mind that your training program is fully documented and auditable.

    • Use the Import function to import a spreadsheet of training attendees and key pieces of information for audit purposes.

      If you do need conduct live training, you can still use policyIQ as the central place to collect attendance records. Create a Template to track key pieces of information, such as attendees name, date training completed, and whether follow-up training is required. After each class, import the list of attendees - and the information is now available in policyIQ to report on as needed.

    • Use policyIQ forms for training registrations or follow-up quizzes

      Sometimes attendance at training isn't enough - you need attendees to respond to a survey or quiz to follow up on training. Use forms in policyIQ to send out the surveys - and use reporting to pull out and evaluate the responses. If an attendee "fails", you can send the form back to him and require that he retake the training class.

     

    Want to improve your internal training programs with policyIQ?

    Drop us an email or give us a call, and we'll be happy to help you expand your use of policyIQ to better manage your internal training programs. 

     

    Posted Feb 23 2011, 03:28 PM by chrisburd with no comments
    Filed under: , , , , , , ,

  • 10K Risk Assessment and Control Rationalization using policyIQ

    With the market busting past 12,000, many small public companies’ market cap has been immediately impacted. Other companies are experiencing growth or facing acquisition. Together, all of these companies may find their filing status changing from non-accelerated to accelerated and, consequently, they are having to prepare their internal controls environment to be evaluated by external auditors this year. 
     
    Leslie Tamayo, an experienced Accounting and Finance and Sarbanes Oxley expert, developed a tried and true process for assessing risk starting with the 10K and rationalizing which controls are necessary and which no longer require testing. To put it simply, her process makes sense, is repeatable, and proven to solidify an organization’s internal control environment. The policyIQ Team is grateful to have had the opportunity to learn and walk through the details of Leslie’s process and to partner with her to develop a method for capturing, tracking and analyzing the information in policyIQ.

    The Risk Assessment Process

    Use the AS5, top-down, risk-based approach to help you focus on what truly matters. Identify risks underlying relevant financial statement assertions. Then perform a thorough analysis to determine which controls really matter and, therefore, which tests are necessary.

    Bring automation to your process using policyIQ

    You can capture your Risk Assessment in policyIQ. We created a “K” Template in policyIQ to represent the 10K Line Item Risks. By creating a Template for our 10K Line Item Risks, rather than having a Drop Down field or representing each line item within a Folder structure, we are able to illustrate the relationship between each line item to relevant business processes and to locations more easily. This is also the best way to demonstrate the relationship between each line item risk and the relative controls for your control rationalization process.

    By indexing the line item risks to the appropriate Folders in policyIQ, we “mapped” them to relevant Business Processes (and you could map them to relevant location folders, too).

    A very important step is to link 10K Risks to Control Activities in policyIQ. You may also wish to break down your Financial Statement Assertion field on your Control Template—instead of having a Multi-Select field, you could capture each assertion as its own field with a Yes/No choice. These two steps make the Detail Link Report simple to create and to view from different perspectives for your Control Rationalization process.

     

    Use policyIQ Reports to see the “big picture” and to create a “dynamic” view of your Control Environment in real time.

    • Create a list of each line item’s rating for various Risk Assessment Factors and to calculate the risk
    • Validate your assessment of which Business Processes are significant by listing your 10K Line Item Risks with related Business Process Folders
    • Review complete lists of your Process Risks and your Control Activities
    • Add Financial Statement Assertions to your Controls list so that you can verify that each Control addressing an assertion is, indeed, identified as a Key Control (later, in your analysis, you may determine that some can be downgraded if they are redundant Controls)
    • Analyze coverage of Financial Statement Assertions by Controls for each of your Financial Statement Line Items

    With the automation of the Risk Assessment Process you will spend less time on the manual preparation of your assessment and more time on analysis. Create a process that is more effective and more efficient by spending valuable time identifying Gaps, Redundancies and determining which Controls are truly important.

    Documenting your Process Risks, Controls, Tests and Deficiencies

    Some attendees expressed an interest in hearing more about how to capture their SOX documentation in policyIQ. If you prefer to watch, listen and learn, we have a video recording of our Sarbanes Oxley Solution training that you may review at your leisure. We also have a section in our policyIQ Help guide devoted to this topic. If you would like to talk to someone live and make arrangements for additional assistance with your policyIQ implementation or your SOX program, feel free to contact us via email or call us (toll-free) at 1-866-753-1231.

    We can help you to get started this cycle!

    Written Guidance
    Our online Help guide walks through the Automation of Risk Assessment process, provides specific guidance on how to configure your site and how to build the Reports that we presented in our session. You will also notice that the session’s presentation deck and a link to the recording of the session are available in Help. Click here to go directly to the Risk Assessment related Help content

    On-site Expertise
    Contact us and we can connect you with experts in your area who can hit the ground running and work with you to perform and document your assessment. They can help you to begin with your 10K Risk Assessment and to work through the full cycle which brings you back to confidence in your internal control environment.

    policyIQ Assistance
    Of course, we also can connect you with policyIQ experts to address your policyIQ implementation questions. We’re looking forward to hearing from you (support@policyIQ.com, or 1-866-753-1231).

     


     

    Posted Feb 22 2011, 09:04 AM by stepheniebuehrle with 1 comment(s)

  • Payment Card Industry Data Security Standards: Those zany folks have their own YouTube PSA.

    It's not every day that I get to start out a policyIQ blog post with a YouTube video, but the folks at the Payment Card Industry's Security Standards Council seem to have a sense of humor.  (Most people don't put "security standards" and "sense of humor" in the same zip code, let alone the same sentence!)  You really need to check out this video: PCI Data Security Standards Rock.  I'll give you a few minutes.

    What are Payment Card Industry Data Security Standards?

    The PCI Data Security Standards (PCI DSS) are requirements that are developed by the PCI Security Standards Council to protect cardholder data.  All organizations that process, store or transmit credit cardholder data must comply with the standards, which are enforced by the founding Council members - American Express, JCB International, Discover Financial Services, Visa Inc and MasterCard Worldwide.  There are 12 requirements outlined in the Standards (and in that catchy little video) that fall into six goals:

    1.) Build and Maintain a Secure Network

    2.) Protect Cardholder Data

    3.) Maintain a Vulnerability Management Program

    4.) Implement Strong Access Control Measures

    5.) Regularly Monitor and Test Networks

    6.) Maintain an Information Security Policy

    The PCI Security Standards Council recommends a three step process for compliance with the Standards: 1.) Assess, 2.) Remediate and 3.) Report.  In their Quick Reference Guide (a surprisingly interesting and easy read), the Council refers to their recommended approach as "common sense steps that mirror best security practices".  The requirements are well defined, including details of the requirements (broken into "sub-requirements" that can be easily translated as controls) and the testing procedures to verify each of those requirements.  All of the documentation is available online at the PCI Security Standards Council website

    Out of all of the compliance programs with which I have worked, the PCI DSS program is, in my opinion, the most well-documented and straight-forward.  (I'm tempted to comment on the fact that this is not derived from government legislation, but rather from the major credit card companies need for cardholder security.)

    Don't manage PCI DSS in a silo - Gain efficiency by merging it with other compliance programs

    "Maintain a secure network", for example, should be a corporate objective regardless of whether you are required to comply with PCI DSS.  (The Council did say it was a "common sense" approach, after all.)  Some of the same controls that you already have in place for your corporate IT security over financial or operational information will apply to your PCI compliance program.  Your organization can save time and money - in the documentation, testing and remediation - by managing your compliance programs in a single system like policyIQ. 

    You will likely want to create a structure in policyIQ Folders that mimics the Goals and Requirements of the PCI Standards.  Within those folders, you may have both controls that are unique to PCI compliance, as well as controls that are already existing in your SOX or IT compliance programs.  Rather than document them a second time, simply pull those existing controls into an additional folder - the same item will appear in two folders, but updates, testing and remediation is done just once.  You'll be able to report on your compliance programs separately (using folder filters in reports), but eliminate any duplicative efforts.

    As always, our team is here to help. 

    If you don't yet have your PCI DSS program in policyIQ, we can help you get started.  Because the Standards are very straight-forward, we can even add the folders that you'll need - and potentially the requirements and tests - if you don't have the resources or time to pull it together.  If you need help implementing the requirements or remediating deficiencies, contact us and we'll put you in touch with a PCI expert in your area who can lend a hand to your internal compliance program.

    Posted Feb 14 2011, 02:04 PM by chrisburd with 1 comment(s)
    Filed under: , , , , ,

  • Streamline your EH&S Program and Documentation

    How do I streamline my EH&S program and documentation?

    Okay, no secret here: I am going to say, “Manage it in policyIQ”! But let’s talk more practically about where the rubber meets the road.

    While I am no Environmental Engineer or Safety Specialist, I do have more than a little experience streamlining processes and organizing information, which could prove useful for your Environmental, Health and Safety program and documentation efforts.

    First, let’s talk about the content that really is EH&S-specific.

    Do you currently maintain some type of EH&S Manual—maybe it’s still in hardcopy form or you might have it documented in Word? You likely have a set of EH&S policies, legal requirements, objectives and targets, training manuals, safety manuals, emergency planning and response documentation, and your plan for documenting incidents and corrective action plans, to name some of the biggies.

    Then, like most compliance and audit programs…

    You also have documentation related to your risk assessment, control procedures, audit documentation, as well as compliance checklists, self-assessments and certification forms.

    Your policyIQ implementation utilizes practices similar to the typical P&P and Financial Compliance initiatives

    Combined, your EH&S configuration might look something like this in policyIQ:

     

    Streamline your EH&S Program

    Cut hassle, time and cost from your EH&S program by consolidating documentation in one user-friendly environment with centralized access. You don’t have to worry about the integrity of information that is shared once version control is realized. Use policyIQ to formalize and capture your approval process. AND you can get started almost immediately with policyIQ’s ability to import requirements and regulations. 

    Let us do it for you!

    You can get started today by following the configuration example above. If you're strapped for time or manpower, you can contact us and we’ll put you in touch with a professional in your area who can get to work on your EH&S program and policyIQ implementation. Or, you can contract with the policyIQ Support team to simply help with the EH&S Setup in your policyIQ site. In any case, unless you would rather spend a mint on a dedicated EH&S management product, there’s no good reason to hold off on streamlining your EH&S program using policyIQ today! 


     

    Posted Feb 14 2011, 08:50 AM by stepheniebuehrle with 1 comment(s)
    Filed under: , , , , , , , , , , ,

  • Foreign Corrupt Practices Act: Don't wait until it's too late to formalize your program

    I was really excited to have an opportunity to learn more about the Foreign Corrupt Practices Act recently through our Resources Global Professionals' webcasts.  Not only was it an area of compliance that was relatively new to me, but it was of particular interest.  I had spent a summer in Russia during college studying business practices of US companies working in the Russian business environment.  At the time, many US companies were just starting to see opportunities in the emerging economy, but found themselves struggling to operate in an environment marred by organized crime, corrupt officials and poor government oversight.  

    What is the Foreign Corrupt Practices Act?

    The FCPA is not new legislation.  It has been around since 1977, but recent increases in enforcement and lawsuits have brought it back up into the spotlight for many US organizations.  In a nutshell, the FCPA states that:    

    1.) It's a crime to bribe non-US officials in order to obtain or continue business activity in that region.

    2.) Organizations must have proper records of all transactions, and controls in place to prevent bribery of non-US officials.

    (If you want a much more detailed explanation, check out the Department of Justices' "Lay Person's Guide".)

    I am by no means an expert, but here's a few of the things I've learned recently that I found interesting:

    • FCPA is enforced by both the Department of Justice and the Securities and Exchange Commission. The SEC is responsible for civil action against corporations (or individuals), while the DOJ is responsible for criminal prosecution of individuals.
    • There aren't any guidelines or standards for the internal controls (structure, documentation, etc) that US companies must keep, but many experts (including Tom Fox, RGP consultant and legal expert in the area of FCPA) seem to point to the 6 Principles in the UK Anti-Bribery Act as a good place to start.
    • Violations of the FCPA can mean up to $5 million in fines and 20 years in prison.

    Put your FCPA Compliance Program in policyIQ!

    If you are doing business internationally, your organization is required to comply with FCPA - and you probably already have a program in place.  But if you don't have it well-documented and easily accessible, you are increasing your risk.   As I see it, the keys to a successful FCPA program are the same as any compliance program: 

    1.) Assess the risk - where in the organization might you be at risk of violations and how significant is that risk?

    2.) Document (and communicate!) controls that mitigate those risks

    3.) Periodically test those controls to confirm that they are designed and operating effectively, and

    4.) Keep an auditable set of documentation to prove that you've done all of this

    If you follow these four steps, you'll be in a great position to quickly respond to any inquiry - and avoid the high cost of lengthy, invasive investigations.  This is where policyIQ shines!  Not only can you retain all of your Risk, Control, and Testing documentation in one place - but using policyIQ forms, you can also have key employees review and sign-off on your FCPA controls on an annual basis.  You'll have an audit-able record of their agreement to follow the controls and policies as they are laid out by the compliance department.  Any areas of concern can be documented, with mitigating action plans assigned and due dates set - all within policyIQ. 

    While we certainly hope that none of our policyIQ clients face an SEC or DOJ investigation for violations to FCPA, with a strong program documented in policyIQ, you can keep those investigations shorter, less expensive, and put yourself in a great position to come out the other side with no violations or findings.

    Check out some of these great resources to learn more about FCPA:

    Get started today! 

    If you are already using policyIQ for another compliance program, you are just a few minutes away from getting started.  You already have Risk, Control and Test Templates (or something very similar) - that can be used for FCPA or copied and altered just slightly to accommodate the new usage.  Create a Folder, import or create the Risks and Controls - and make the information visible to your employees.

    Don't know where to start?  Contact us.  You can't afford to wait until an audit is pending - and we're happy to help you get moving!  If you don't have FCPA controls in place - or you aren't sure if your program is strong enough - contact us and we'll put you in touch with a local expert who can get you on the right path.

    Posted Feb 09 2011, 08:20 PM by chrisburd with 1 comment(s)
    Filed under: , , , ,

  • Patrick Ross: A Valuable Asset to any Organization

    Resources Global ProfessionalsThroughout my career, I've had the pleasure of working with a lot of great people - and every once in a while you get to work with one of those rare individuals who is such a valuable asset that you wish that you got to work with them on every project you were given.  At Resources Global Professionals, we are surrounded with an entire company of those "rare" individuals - and we love taking some time to highlight our stellar colleagues!  For the policyIQ team one of those people is Patrick Ross, a Resources Consultant, who has worked directly with 8 policyIQ implementations over the course of his tenure with Resources.

    What makes Patrick "Resources' material"?

    Patrick is sincerely committed to making his clients successful.  When helping with a policyIQ implementation, he's able to visualize solutions in the product - and he understands how to utilize the technology and optimize the process to make it most efficient for the people involved.   I asked some of my colleagues to describe, in one word, what they thought of Patrick. Here is what they had to say:

    • Sharp (highly intelligent, astute)
    • Persistent (he doesn't give up on finding the right solution)
    • Committed (to finding an answer, to his clients, to Resources)

    I recently had a chance to talk with Patrick to learn a little bit more about his background and the different types of engagements he works on. I thought I would share some of our conversation with all of you:

    About Patrick

    Tell me a little bit about yourself
    "Prior to joining Resources, I was Regional Controller at American Golf Corporation and before that I was an Internal Audit Senior Manager and a Tax Manager at Allen, Ross, & Company, CPA's (formerly Grant Thornton, LLP).   My top three areas of expertise are Tax, SEC Reporting and Sarbanes-Oxley.  In my spare time, I enjoy running on the beach and playing golf."

    What made you to decide to join Resources Global Professionals?
    "Joni Noel. During my job search in 1999, I had met with Joni, who was the Client Service Director for the Denver office at the time*, and I discussed with Joni what Resources had to offer.  Several weeks later I called Joni and told her that I had received an offer from a large CPA firm but wasn't sure I really wanted to go back into public accounting.  She asked me when I needed to formally accept the offer by; I told her I had ten days to decide.   Joni said, "Give me five days."  Wouldn't you know, five days later I received a phone call from Joni with an engagement/project offer at a great client.  I have never looked back and know that I made the best possible decision for my personal and professional growth and advancement.
    * Joni Noel is currently the Regional Managing Director for the Southern California area

    We're big fans of Joni and her energy, too - but is that the only reason you came on board?
    "I really liked the business model that Resources offers its consultants (the ability to consult when I want to and choose which assignments I want) as well as the variety of engagements that are available.   I've been a Resources Consultant now for 11 years and have worked on a countless number of engagements* and have really enjoyed being able to meet and network with new clients and new people on a continual basis."
    * He really has worked on so many different engagements that he honestly can't remember the exact number!

    Is there a specific engagement that you really think highlighted the best of your skill set?
    "I was recently engaged at a Northern California provider of solar energy systems.  An audit of the organization identified some control weaknesses, and Resources consultants were brought in to work through business process engineering and control weakness remediation so that there will be no material weaknesses.  Because of the experience of myself and my colleague - as well as the support and vast experience of our client service team - Resources consultants were selected over several other major consulting firms to provide the much needed process improvements."

    Tell me a little bit about what you are doing on your current engagement
    "I am currently engaged at a $4 billion private door and window company. I am working on a team of 14 consultants (7 from Resources) on a first year SOX readiness initiative. I am personally assigned to work on the global tax documentation for worldwide (offices in North America, EMEA and Asia Pac) tax provisions and compliance."

    OK, enough about you, let's talk about policyIQ!

    Having worked on 8 policyIQ implementations, do you have any advice or tips for other organizations using policyIQ?
    "Be sure to get executive management team buy-in. Identify an internal champion (to promote the use of policyIQ across the organization). Most importantly, once you are fully implemented, be sure to properly train the rest of the users at your organization so that they are comfortable with using policyIQ."

    What are some of your favorite new features or improvements you've seen in policyIQ over the years?
    "My two favorites would be the ability for users to import (content) on their own and the enhancements made to the workflow."

    Anything else you would like to share about policyIQ?
    "I've worked with almost every member on the policyIQ team (sales, configuration, training, help desk, etc) and continue to be impressed with the 5 star support every member of their team offers to each and every one of their customers."
    * Please note that in no way was Patrick compensated for this compliment!

    Some of you may be wondering "how do I get my own Patrick?"  I can't guarantee that you will get Patrick (however great he may be, he can't work more than 24 hours*a day!) but there are over 2,700 consultants like Patrick out there waiting to add value to your business initiatives.  Resources Consultants are experienced problem solvers who average 20-years experience in fields including finance and accounting, human capital, information management, internal audit, legal and supply chain.  Whether you need some help implementing a new process like Contract Management in policyIQ or you need an experienced CFO to step in on a temporary basis, Resources Global Professionals can find the right fit.  Contact us and we'll get you in touch with your local office of Resources Global Professionals. 
    * 24 hours might be pushing even Patrick's limits.   

    Posted Feb 07 2011, 11:09 AM by jenkohlman with no comments
    Filed under: ,

  • FDICIA Compliance and Basel Accord Recommendations

    I was talking on the telephone with a client some time ago when she asked if I could help her to implement policyIQ for “fu-deesha” compliance.

    *Gulp*

    My gears locked for a moment. I didn’t recognize the term. (I didn’t even recognize that she was using an acronym!) Was I going to sound silly? But then that little voice in my head reassured me that compliance initiatives across all industries are really similar from a content management perspective – and policyIQ offers a great framework for capturing, organizing and reporting on all sorts of business information.

    “Sure,” I said. “Help me to better understand your documentation needs.”

    After just a few minutes of listening to her description of her needs, I was able to easily relate it to compliance initiatives that I was familiar with; this was really very similar to the top-down risk-based approach that many of our clients were already employing for Sarbanes Oxley compliance, Operational Audits, compliance with the insurance industry’s Model Audit Rule and the like.

    What’s FDICIA?  And where does Basel II come in?

    FDICIA stands for Federal Deposit Insurance Corporation's Improvement Act. This act was passed by the United States’ Congress in 1991 to help or better ensure that banks were adequately managing financial and compliance related risks. In practical application, while FDICIA was passed first, it may be easiest to picture this as the Sarbanes Oxley (SOX) Act for banks. Compliance with the act is required for banks over a certain size, but recommended for banks of any size.

    While less formal, the Basel Accords are still very influential, providing further recommendations for banking and financial laws and regulations internationally.  Basel I and II Accords aim to reduce credit risk and investing/lending risk, respectively.

    The application of policyIQ for your compliance documentation and certification of your employees is straight forward, regardless of the regulatory body or legislation with which you must comply. If you represent a bank or financial institution that is acquiring another institution, you are simply growing on your own to the point where you will soon surpass the “FDICIA floor”, or if your organization simply wants to exercise sound financial risk mitigation practices, you will certainly benefit from the application of a system that helps you to capture, track, and retrieve your compliance documentation, as well as one that facilitates the automation of your certification processes.  Let policyIQ be that system – and continue building a strong internal control environment across your organization.

    We have performed formal training sessions and developed written guidance for a number of Risk-based initiatives. Feel free to comb through our policyIQ online manuals or contact us.  We not only have the user friendly and scalable system for your documentation needs, but we can pair you with experts in the banking and finance industry that can support you through your compliance efforts.

    Posted Feb 04 2011, 02:08 PM by stepheniebuehrle with no comments

  • Evaluate your user log-ins (and save money!)

    Last Monday I posted a follow-up to our January training session on "Rolling Forward for a New Year".  In that post, I promised a couple of additional blogs later in the week on two topics that we didn't cover in the training session due to time.  And then I got the flu and lost 4 days of my life to sleep, ginger ale and the occasional grilled cheese sandwich.  Note to self: Do not procrastinate on that flu shot next year!

    My sincerest apologies for anyone who may have been waiting on pins and needles for those additional topics.  It turns out that it takes far more than four days to catch up on four days missed.  But I'm back now - and I really do want to talk to you all about User Logins.

    Review your user log-ins and save money!

    While it might technically be in best interests of policyIQ for your organization to have as many user accounts in the application as possible, we want those accounts to be of active, relevant users.  We're confident in the value that's provided with every policyIQ license - so we'd rather that you paid for licenses for individuals who are actively using the application.  TO that end, we recommend that you review your policyIQ users periodically to be sure that the users that you are paying for in the application are logging in.

    There's a simple report that you can run in policyIQ to pull a list of all users - and the last date and time that they have logged into your policyIQ application.  (Note that this report can only be run by a Site Administrator level user.  If you aren't a Site Administrator, you might want to check in with those individuals and recommend that they take these steps.)

    1.) Navigate to Reports.

    2.) Add a User Report.

    3.) User reports don't actually require any filters at all, so if you want to create a report of ALL active users, add no filters at all. (This is the only kind of report that does not require at least one filter.)

    4.) Click on Edit Columns to select the columns that you want to see in your results.

    5.) On the Select Columns window, be sure to drill into the "Changes" category and check the box for Last Log On. This is the critical piece of information to see all users and the last time that they logged into policyIQ. I recommend also adding Groups, Account Type and Role under the "Security" category, so that you can better evaluate what kind of user each individual account is.

    Evaluate your users based on your organization's unique use of policyIQ

    Once you have the list of users and their last log-in, you probably want to sort by last log-in to see if there are any users who have never logged in, or who haven't logged in a very long time.  "Very long time" may mean different things for every organization, however.  Keep in mind that you may have users who log in only occasionally - quarterly, annually, etc - to update documentation that is otherwise pretty static, or to sign-off on questionnaires and policies.  Particularly if your organization provides easy "read-only" access to the same documentation, you may find that administrative users log in only to make updates - and use the read-only access to view the information on a regular basis.  Evaluate your next steps based on the usage of policyIQ in your organization.  (And if you aren't sure - ask the user!  Email will be a default field on your report results, so check in directly.)

     

    Create the report today - and save it to run on a regular basis.  If you have any difficulties creating the report - or if you want to chat about best practices around managing your users - don't hesitate to reach out to our team!

    Posted Feb 01 2011, 11:16 AM by chrisburd with no comments
    Filed under: , ,
© 2011 Resources Global Professionals