in

smartercommunity

Bringing policyIQ users together

This Blog

Syndication

Tags

policyIQ Blog

April 2011 - Posts

  • Viewers, Folders and Searching: It turns out that they are important when it comes to Forms.

    Picture it: Pittsburgh, 2007.  I was sitting, along with several of my policyIQ teammates, in a conference room hashing out some design ideas for the new policyIQ version 6.  We were talking about Forms.  What a concept!  The Compliance Questions of version 5 were going to become these amazing, robust, customizable and miraculous web forms that would allow organizations to collect information - even files! - from their audience.  Forms were going to be a HUGE hit with our policyIQ community.

    We weren't wrong about Forms.  They have proven to be every bit as miraculous as we had hoped - and our policyIQ clients have taken the product into entirely new areas of their business based on the functionality of Forms alone.  But we were wrong about a few things.  (Okay, maybe even a lot of things.) 

    In designing Forms for version 6.0, it seemed so logical that all of your completed Forms would be organized into the Activities from which they were generated.  "2011 HR Policy Sign-Offs" would sit as an Activity, and could be used for reporting.  Forms didn't need to be organized into Folders the same way as Pages - it just wasn't necessary.

    Uh...

    And as for who would want to see those completed Forms - well, obviously that would be only the assigned reviewers (or Approvers) and the individuals who submitted them.  It wasn't going to be useful to have other users have access to view those items.

    Well...

    And it would NEVER be important to do a regular key word search in the Home module for those responses.  That information would just not be the type of content that you'd want to search on.

    Um...oops?

    Okay - so we were wrong about a few things, but we listen to all of you, we learn our lessons and we make those adjustments to the product. 

    Did you know that you can add Forms to Folders, assign Viewers and even search by keyword in Home?

    As our users have taken to using Forms for more and more process automation, response tracking and audit work, we have added those critical features. 

    • Index Forms into Folders

      When you create a Form Template, a Form List or an Activity, you have the option of establishing what Folder or Folders the responses should be indexed into when they are completed and approved. For example, you might index all of your Account Reconciliation Forms into folders by month, so that they are easy for your auditors to find later.  Or create a folder for all of your certification responses with a sub-folder for "Exceptions" so that you can easily go back and review any exceptions and your follow-up to those responses.
    • Add Viewers who can see Approved Forms

      Like adding Folders, you can also set the Viewers of Forms by Form Template, Activity, or on any individual Form. The Viewer rights behave very similarly to Page Viewers - you can only see the item once it has been Approved. Draft items or those still waiting for approval are not available to the Viewers.

      This is a great way to allow your External Auditors to have view access to all of your compliance responses, or account reconciliations. They can report or just spot-check items to complete their audits - and if they are organized into easy-to-navigate folders, they can complete their audits even more quickly!



    • Search for Approved Forms in the Home Module

      Do you need to find any of the account reconciliations regarding a specific account - but you really don't want to build a report? Do a quick search in the Home module and your results will include any approved Forms that you are allowed to view. Are you using Forms to track system access requests? Search for the name of an application, a specific user or a location to find requests that are applicable.

     

    We're always willing to help you with any of the policyIQ features - so let us know if we can provide more detail about how to set up Folders or Viewers for your forms.  And of course, keep that feedback coming about what we can do to continue to make policyIQ a more effective and efficient tool for your business!

    Posted Apr 28 2011, 08:29 AM by chrisburd with no comments
    Filed under: , , , ,

  • Automating 302 – Thank you for the rich discussion!

    Sincere thanks to participants in our recent CPE session (addressing automation of the quarterly 302 certification process using policyIQ) for engaging in the conversation!  We covered the process and application from soup to nuts and encouraged the audience to not only ask questions, but to take advantage of the session, the audience and the chat feature to create a discussion.

    You delivered. Thank you!

    Read on for session highlights and to review some of the Q&A and discussion.

    What is 302 Certification?
    Sarbanes Oxley section 302 is all about accountability for an organization’s officers. It requires corporate management (the Chief Financial Officer and Chief Executive Officer) to:

    • certify financial and other information contained in the organization’s quarterly and annual reports
    • certify the internal controls over financial reporting
    • have designed internal controls, or caused such controls to be designed
    • provide reasonable assurance as to the reliability of the financial reporting process 
    • disclose any material changes in the company’s internal controls that have occurred during the most recent fiscal quarter

    Of course, nobody wants to sign off on something of such significance and consequence without confidence that all of these points have been investigated and each is, in fact, true! To this end, nearly every organization subject to SOX requirements executes some version of a sub-certification process.

    The Process Steps
    In our session, we talked about the processes of setting up and managing 302 Certifications leading up to and within policyIQ. Here’s a recap:

    1. Outside policyIQ
      1. Generate set of questions
        1. High level, generic vs. detailed and specific
      2. Plan sub-certification process
        1. How many levels required?
      3. Establish distribution lists
        1. Based on level of question detail
        2. Update: new hires, terminations, position changes
    2. policyIQ Setup and Management
      1. Add Groups to match Distribution lists
      2. Build a Form Template for each Group of respondents
        1. Add Instruction, “Agree/Disagree” Questions, Comments Fields
        2. Use “Common” (predefined drop-down fields) for useful reports
      3. Bundle into Form Lists to simplify and consolidate administration, distribute
      4. Monitor Activities for real-time status and to send reminders
      5. Use Reports to review responses and to create management summary

    Interested in the details?
    Our session highlighted the range of approaches to certification. Some organizations distribute a small number of more generalized questions, while others gather responses to very detailed question that get to the specific areas of the business.

    We polled our audience and found:

    • A slightly larger percentage of organizations utilize   “A small number high level questions”,
    • Utilization of multi-level sub-certification is about the same as distributing all sub-certification questions at the same time,
    • And, by far, more organizations provide detailed support and guidance for managers to access relevant materials (Controls, Gaps, etc.) than those with a more hands-off approach.

    We have captured example sets of questions in the policyIQ online Help guide (click on the link and scroll down to see the attachments). We also encourage you to check out this Help page for access to the recording of our session, the PowerPoint slides and other presentation materials.

    A Picture’s Worth 10,000 Words
    Want to help your respondents to more easily navigate the certification process while minimizing confusion and work required for administrators? Provide respondents with a visual aid or a cheat sheet that visually walks them through the process!




    We have some great tools that make it relatively simple to create a guide like this tailored to your site and process for your users. Let us know if you’d like us to create one for you.

    Lots of great questions and discussion!
    We do not always post this level of detail from the Chat that takes place during our sessions, but this was an especially rich session! Here are some of the highlights from our discussion:

    Q: Does the 302 certification practice vary from large accelerated filers versus smaller filers?
    A: In interviewing our clients, it seems that the approach to 302 Certification depends largely on the culture of the organization and the process administrators and less on the size of the organization. Some organizations (both large and small) are relatively flat in their structures, so they do not require multi-level sub-certification.

    Q: If you use multiple levels of sub-certifications, do the responses get shared or processed through the managers before they reply to "corporate"?
    A: [A response from another attendee] Since the next level up is certifying all below, I'd want that in place.
    The policyIQ Team has observed this to generally be the case among our clients, as well—key discoveries are reviewed before providing own responses and moving up to the next level.

    Q: Sounds like this application is in the "cloud". How can we be sure our info / responses are secure?
    A: policyIQ is a hosted product, with a SAS 70 Type II certified data center.
    Every user will also have a secure log-in to the site - and the site is secured via SSL encryption.  We're happy to further address security issues for any organization!

    Q: When you send reminder emails, does everyone see all people or can they see only their name?
    A:  They will see only their own forms.  Each individual will receive an email with a list of forms that only that individual has outstanding.
    If you send a custom message from your local email client, that's a great way to send a general message, but hide the recipients.

    Q: Regarding “Comments” fields: Is there a way to set it so that if they disagree a comment is required so that you don't have review and follow up?
    A: At this time, policyIQ does not have the ability to have a "conditionally required" field.  Therefore, we recommend the approach noted by another attendee, which is to add language to the text of the question that requests explanation for negative responses in the Comments field. 

    Q: We have 143 respondents, will they all need to be advanced users? And what would be the cost?
    A: Respondents only need to be Standard Users in policyIQ.  You might also consider the option of using a monthly contract if you have a large number of periodic respondents.  Standard Users are $6 / user / month.

    Q: Is there a way to focus on the specific response without panning through all their answers.  Can you drill down on the report to the answer?
    A: You can definitely choose to create reports on just a specific field.  We showed reports that were more oversight reports and general - but you can definitely drill into a specific field or look for a specific answer.
    [Answer from another attendee] The policyIQ Support Team has generated reports for me that are specific to all “disagree” responses and all “agree with comments”, so I don't have to go through all of them.

    Q: Does policy IQ allow for tracking how handler has cleared issue e.g. some type of status to clearing comments that come in to document you have appropriately handled response?
    A: It is definitely possible to add such a field - even a field that is available only to the approver.
    There is also a "Comments" tab on the form response where those comments can be logged. It also logs the date, time, and user who made the comment. Keep in mind that a field added to the Template is reportable while the discussion captured in the Comments tab is not reportable (it is retained and reviewable only within the specific Form).

    Any additional questions? Add your Comment below or send your question directly to Support@policyIQ.com.

    Regarding LDAP: A couple of attendees also had an exchange regarding LDAP integration. From the policyIQ Help guide:

    LDAP can be used to authenticate users by checking against your Directory Service instead of policyIQ authentication.  LDAP allows users to enter their network username and password to gain access to policyIQ.  The benefits of LDAP include A) Guaranteeing users are a part of your network, B) The ability to add users to policyIQ if they are a part of your network, C) Simplifying the login process since users do not need to remember a separate password, D) LDAP can be configured to also add information to a user's profile such as contact information and Location/Position restrictions.

    If you are interested in exploring LDAP integration for your organization, let us know and we’ll put you in touch with a technical support contact.

    Thanks, again, everyone for a great and interactive session!
    Hope to see you next month when we'll be exploring Best Practices for implementing, maintaining and expanding the use of policyIQ.

     

    Posted Apr 25 2011, 10:42 AM by stepheniebuehrle with no comments
    Filed under: , , ,

  • policyIQ is now fully compatible with Internet Explorer v.9!

    A few weeks ago, we had posted a note that policyIQ was not fully compatible with the new Internet Explorer version 9.  We're happy to report that the compatibility issue has been resolved, and you can feel comfortable downloading the new version of Internet Explorer for use with policyIQ.

    You must have Windows Vista or Windows 7 as your operating system in order to run IE 9 - and if you are interested in more information, please check out the Microsoft site.

    As always, please feel free to contact us if you have any questions!

    Posted Apr 21 2011, 04:39 PM by chrisburd with no comments
    Filed under: ,

  • Inventory 302 Responses Simply with Common Fields

    I hope that you’ll be joining us for our CPE session on Thursday, April 21st, where we’ll focus on the automation of your 302 Quarterly Certification Process using policyIQ! This process utilizes policyIQ’s Forms Management functionality and employs a number of related features to save organizations a significant amount of time, money, and heartburn associated with the manual management of the process.

    A great policyIQ feature to expedite your certification process!

    One of the headaches associated with the process is gathering responses to certifications and identifying those that may require follow-up. Rather than literally leafing through all responses and looking for negative responses, in policyIQ, one can use report filters and Common Fields to arrive quickly and confidently at the narrowed down list of individuals who responded that they “disagree” with a certification or who responded with comments.

    We introduced common fields several years ago, now, but you might have worked through the setup of your forms without noticing the option or recognizing the benefits. If you want a reminder of how they work, refresh your memory by taking a look back at our blog post on Common Fields that we posted last year.

    "See you" in training on Thursday! (If you can’t make it, but would like to bounce some ideas off of someone regarding the automation of your 302 process, shoot us a message and we’ll set up some time to work through it with you!)

    Posted Apr 19 2011, 08:19 AM by stepheniebuehrle with no comments
    Filed under: , , , ,

  • Instant Gratification: Efficient 302 Certification Process!

    Is your organization subject to Sarbanes Oxley requirements? If you are, we know that you are especially busy this time of year! Of course, we hope that you are using policyIQ for documentation and management of your narratives, risks, controls, tests and deficiencies. We also want to help you get past the struggle and inefficiency of managing a manual 302 certification process.

    Resources to learn about 302 in policyIQ:

    You may have read our blog posts on the implementation of policyIQ for 302 Certification and on the common best practice of implementing a sub-certification process. Perhaps you are even registered to see it for yourself in our upcoming training session Automate Quarterly 302 Certification Process in policyIQ on April 21st at 9:00 a.m. PT (12:00p.m. ET). 


    Wishing for 25 hours in a day?

    For many, the problem is not that they are not aware of the opportunity or steps to automate, but that they are simply too busy with their day-to-day operations (maybe even on the management of their manual 302 certification process) to take time away to set up the automated process in policyIQ and roll it out to end users! If this sounds familiar, let us unload this burden for you by allowing us to set up the process directly in your policyIQ site!

    Among the benefits that automation of this process has brought to other policyIQ clients are:

    • Simplified roll-out of questions/certifications each quarter
    • Easy access to real-time information for monitoring of status
    • Expedited process for identifying and reminding outstanding respondents
    • Automated compiling of results
    • Effortless reporting for management

    You could begin realizing the benefits by next quarter!

    Contact us and we'll get started today on building the process for your next certification cycle.

     

    Posted Apr 14 2011, 05:30 AM by stepheniebuehrle with no comments

  • Even more efficiency in your quarterly or monthly processes!

     

    We are talking a lot about using policyIQ to "automate" your quarterly certification processes this month.  policyIQ forms allow your organization to easily distribute, track and report on responses for a variety of regular processes - monthly or quarterly - and can save a great deal of administrative time. 

    But are you as efficient as you could be with your quarterly processes?

    In the past year, we've made a critical improvement to policyIQ forms that might have slipped by you. 

    Before:

    Prior to this improvement, when you chose to Run a Form (or Form List), it immediately looked at the Groups to which the forms were assigned and created the Forms for the users in that Group.  You may have set an Open Date sometime in the future - and therefore the forms wouldn't appear to the users until that date arrived, but they were created some time ago.

    After:

    But now, when you choose to Run a Form (or Form List), policyIQ logs that request and waits until the Open Date arrives.  On that date, policyIQ looks at the Groups to which the forms are assigned and creates the forms for the users in that Group.

    It sounds like a very technical and insignificant change - but it makes a WORLD of difference in allowing to do some work in advance, and save yourself the extra step at quarter end. 

    Why does that change matter? 

    Let's say that you set up your quarterly process for the entire next year today, April 12th.  If you have a Group called "302 Certification Respondents", for example - you can set up your SOX 302 Quarterly Certification forms to go out at the beginning of each new quarter to the assigned group of "302 Certification Respondents". 

    On the Open Date - July 1st, for example - policyIQ will look at the Group named "302 Certification Respondents" and send a form to every member of the group.  Joe Smith was just promoted to a Director in the company on June 20th, but he's now responsible for signing off as a part of that process.  He wasn't a member of the Group on April 12th, but by the time the Open Date rolls around, he's there.  And automatically, policyIQ knows to send him a form.

    This doesn't just apply to 302 Certifications - although because of the upcoming training, we are focusing a bit on that area right now.  Consider SOX Control Self-Assessments, Account Reconciliations, Policy Sign-Offs... the possibilities are endless.

    Okay, I'm convinced.  What do I need to do?

    There are a few things you need to be sure that you have in place in order to take advantage of this feature.

    1.) Be sure that you have Groups defined for all of your respondents. Even if the form gets assigned to a single person, create a Group (under Setup à Groups and Users) to define the position that person holds. That way, if the individual changes, you can simply swap out the user(s) under the Group.

    2.) Assign the Forms or Form Lists based on those Groups, not out to individuals.

    3.) Run your Forms or Form Lists today, and assign an Open Date for the day that you would like the forms to be created and sent out to your users.

    Voila! 

    We know that quarter end is a hectic time.  You have better ways to spend your time than worrying about pushing out forms.  Take a few minutes during your slow time and get your quarterly processes ready to roll for the upcoming year.  And don't worry - if you need to change the process or adjust the Templates, you can always delete the Activity before the Open Date and the forms are never created.

    There's no downside.  Honest.

    Need help?  Reach out and let us help you!

    Posted Apr 12 2011, 10:43 AM by chrisburd with no comments
    Filed under: , , , , , , , , ,

  • Approver Notification Options on Forms

    For clients that use multiple Approvers on your Form Templates, remember that your users can choose which Approvers to notify when submitting their Forms from the Home module.  From the Edit Form window, the Submit>Submit with Notes toolbar option should be used to access the Approver notification options:

    This loads a Submit window with an option to notify specific Approvers:

    This screen is also provided when a user selects Submit from Forms>Assigned or Forms>In Progress on the level one Table toolbar.  This differs from the Submit>Submit toolbar option in that you can target which Approvers to notify of your Submit action (i.e. this Submit option notifies all Approvers by default).

    When an Approver accesses their Forms To Approve Dashboard list, it's automatically filtered by their "My Notified" items.  Similarly, when an Approver drills into the Submitted count of a Form Activity in the Create And Edit>Forms area, this is also automatically filtered by their My Notified items.  

    By using the Approver Notification options in Home, your users can help target which Approver(s) are most relevant for their submission and increase the visibility of their Submitted Forms.  This also assists in "waterfall" type Approval when All Approvers are required, and the initial Approver could be notified using this method.

    Posted Apr 11 2011, 09:56 AM by brianwhalen with 2 comment(s)

  • Certifications and Sub-Certifications – Building confidence from below

    Sarbanes-Oxley Section 302 requires that the Chief Executive Officer and Chief Financial Officer (or those in equivalent positions) of all companies publicly traded in the US certify the accuracy of all annual and quarterly financial reports.  The actual text of the act itself is, of course, far more detailed - but the nutshell that we've all come to know is that the CEO and CFO have to sign-off on the financial reports and thereby take on personal responsibility for any inaccuracies or misrepresentation of the company's financial status.  Technically, it is the signatures of those two individuals that make up the 302 Certification.

    Unless your entire company has fewer than 10 employees - in which case you probably aren't subject to SOX requirements anyway - it is unlikely that your CEO or CFO is going to be comfortable simply signing off on the financial statements without something more to go on.  They could go through and double-check every audit result, document and calculation.  They could if they cloned themselves several times over and focused on nothing else all year.  It's not even in the ballpark of practical.  So what do they do?

    They take it down a level.  Enter the 302 Sub-Certification Process.

    I would venture to guess that almost every company subject to SOX requirements has some sort of 302 sub-certification process in place.  At what level those sub-certifications are made varies across companies.  Even more varied is the efficiency and effectiveness of those sub certifications.

    I'm not going to pretend to provide advice on how deep your organization might want to go with sub-certification processes.  That's a decision to be made based on how you do business, how many levels of management are between the top and the bottom, and how much risk you think there is that something can go wrong in between.  What I can do is help you to make that process more effective and more efficient with policyIQ.

    Roll-up the sub-certifications.

    Setting up your 302 Certifications in policyIQ is a matter of creating forms to push out to Standard Users.  (I won't go into the boring details of setup in this blog post, but you can check out our help guide - or our training on April 21st - for more information.)

    If you want to build in several levels to your 302 sub-certifications, you may copy those Form Templates for each level in the process. 

    • Level 1 certifies, and their answers roll-up to Managers A - F.
    • Managers A - F certify, and their answers roll-up to Directors G - J.
    • Directors G - J certify, with their answers rolling up to the VPs K - N.
    • And finally those VPs certify with their responses rolling up to the CEO and CFO.

    Your process might not be quite so complicated - but at each level, you can have those answers sent on to the appropriate Manager, Director or VP.  A few things you may want to consider when rolling out this type of sub-certification process:

    a.) The more levels you have, the more time you'll need to allow for responses to come in. Consider sending all of the certifications out at once - even if you expect that each level will wait for the one below to submit first. If your Directors have a deadline looming, they will be more motivated to remind their managers that they need responses.

    b.) Assign an Administrator who will have oversight into the whole process - at all levels. That individual should be checking in to make sure that responses are being submitted and sending reminders as necessary. (Even if a VP has a deadline looming, the task of submitting a certification is likely to get lost in the daily list of meetings and tasks.)

    c.) Balance the time frame that you want to have available for easy reporting with archiving off older answers. policyIQ will retain all of the responses until you decide to delete them. After a couple of years, your site may seem too busy with so many forms and reports. Consider keeping just two years worth of responses in your active site, and use the snapshot functionality to keep a backup if you need to go back further.

    Implement for 302 Certifications and Sub-Certifications today!

    If you aren't already using policyIQ for SOX 302 sub-certifications, what is stopping you?  The setup is simple and the cost is low.  Most importantly, the result is a process that is efficient and easy to manage - with answers stored period over period in one central place for quick reporting.  (Reminder: Check out our training session on April 21 at noon ET if you want to learn more about implementing policyIQ for SOX 302 Certifications!)

    If you are thinking that the process sounds great, but you just don't have the time or resources to spare to get it implemented, contact us.  We can help you to implement your 302 Certifications - we even have some sample forms and questions.

    Posted Apr 06 2011, 12:12 PM by chrisburd with no comments
    Filed under: , , , ,
© 2011 Resources Global Professionals