in

smartercommunity

Bringing policyIQ users together

This Blog

Syndication

Tags

policyIQ Blog

October 2011 - Posts

  • Is compliance about checking boxes?

    I read an interesting blog post this morning, and I wanted to share and see if our blog readers had any thoughts to add.  Eric Krell at the Big Fat Finance Blog (a personal favorite information source of mine), suggested in his latest blog post that compliance really should be a matter of checking boxes.  I would bet that many gut reactions to that were similar to mine.  "Yikes!"

    But he caught my attention - and in the end, I agree with his assessment, albeit not with the way that he stated it.  If an organization has built a culture of appropriate risk assessment, governance, ethical conduct and solid business practices, "compliance" is simply a matter of checking off the boxes on the various regulatory reporting that is necessary.

    Mr. Krell also alludes to the fact that the actual effectiveness and implementation of the current regulatory environment is arguably flawed, and so it's not always quite so simple, but the primary point is still valid.  If it is difficult for organizations to respond to regulations, perhaps they should examine their business to discover why.

    Posted Oct 28 2011, 10:49 AM by chrisburd with no comments
    Filed under:

  • A Change Management Tenet: Optimize User Experience

    It goes without saying that, with any new process or system implementation, incorporation of a change management plan is of critical importance. I could write 10 blog posts on change management, but I’ll start by narrowing the scope of this post to how you can help your employees more readily adopt policyIQ by optimizing their experience.

    Think about the various groups of individuals who will access your site and what each is seeking or aiming to accomplish. Then, consider how you can give them a break and take as much of the burden off of them as possible.

    The simplest and most obvious area that you can address is utilization and promotion of the Dashboard tools. We’ve written a number of posts about the policyIQ Dashboard in the past. I’ll let you look to these previous posts for the details, but summarize here that the intention of the Dashboard is to help your policyIQ users—whether customers, vendors, line staff, technicians, managers, generalists, or members of the Board of Directors—arrive in one-click at their desired destination.

    So, if you are expanding your use of policyIQ to a new area of your business, consider what the new audience will experience and help them to pick and arrange the Dashboard panes that will provide the most pain-free transition to your new use of policyIQ.
     
    We also want to talk to you about things that you can do as you configure your site

    Of course, it makes sense to employ the various security features of policyIQ to meet your information management needs. Additionally, we recommend that you consider these configuration options to optimize the experience of your business teams that have to use policyIQ:

    Grant Users appropriate site access

    This one sounds like a no-brainer, but we have seen several examples where users are assigned a higher level Role than necessary or are placed in an overarching Group so that they will most assuredly be able to access the materials they need. It really is worthwhile to configure a Groups and Users structure that is a reflection of your organization (locations, departments, positions, yes—but also task forces, project teams and other temporary assignments). If you have a representative structure, then you can put people where they truly belong and more easily assign appropriate Administrator, Editor, and Viewer rights at the Page level as well as appropriate rights to Folders, Questionnaires, and Reports.

    Specify appropriate access to content

    Along these lines, it would also make navigation of policyIQ easier for those who add new pages if you would specify only those groups who should be adding pages as the “Content Creators” in relevant Templates. This way, the users will only have those Templates available to them in the Create And Edit module.


     
    Likewise, make sure that only the appropriate users are able to view specific Pages and Folders. By limiting the user’s view to just those Folders and content that you want them to see, you are descreasing the probability that they'll make an inappropriate guess and land in the wrong place (therefore looking at the wrong content or at no content at all).

    As you set up your policyIQ site and write out procedures that are specific to your organization, consider the influences on your users’ experiences. We’ve listed some of the biggies here. Are there others that you’ve found to be critical or rewarding? Let us know what they are--we welcome your comments below.  

     

    Posted Oct 27 2011, 07:00 AM by stepheniebuehrle with no comments
    Filed under: , , , , , , ,

  • Keeping up with the SEC and IFRS

    I don't know about you, but it seems to me that keeping up with what is happening with the SEC and IFRS is even more difficult than keeping up with the Kardashians. There are new developments with regards to specific areas of US GAAP practically every week - and the buzz words change almost as often. "Condorsement" is the latest description of the direction that the SEC may be going in.

    Luckily for us, we don't actually have to try to keep on top of things ourselves. Resources Global Professionals' Colleen Cunningham, the Global Director of our Finance and Accounting Practice, will do it for us. Check out her latest blog post letting us know about the latest developments. And follow her on Twitter for more frequent updates.

    Posted Oct 27 2011, 08:51 AM by chrisburd with no comments
    Filed under: , ,

  • Anti-Corruption Compliance in policyIQ: Training review and highlights

    *whew*  Another training session under our belts.  I’ll admit – I was nervous about this one.  The topic of Anti-Corruption Compliance is one that fascinates me and I wanted to do it justice.  There are so many different ways that policyIQ might help an organization with the various anti-corruption and anti-bribery compliance initiatives – and we had just one hour to hit the highlights. 

    While we focused on the United States’ Foreign Corrupt Practices Act (FCPA) and the United Kingdom’s Bribery Act of 2010 (UK Anti-Bribery Act), it’s also important to remember that there are many other anti-corruption laws, local regulations and related legislation that should be considered when building or strengthening your program.

    Documentation is key

    Through all of my own investigation and learning about the FCPA and the UK Anti-Bribery Act, the key takeaway for me has been that documentation is absolutely critical from start to finish.  Clearn documentation is critical not just of the ultimate expenses that are made (so that you can defend your decisions), but also of the policies, procedures and risk assessments that drive your program.

    During the training session, we stressed the need to document a variety of things, such as:

    • Policies and procedures – in detail and with as much context as possible.
    • Your risk assessment, the methodology you used and the support for your decisions around the scope of your anti-corruption programs.
    • Due diligence you conducted on your partners or third parties acting on your behalf, and be sure that they have documented their own internal policies, procedures, etc. 
    • Every payment, gift, travel expense or entertainment expense made in a transparent way, so that there can be no question about your motivations or reasons for those expenses.

    It was gratifying to hear this point reiterated by one of our attendees, David Roberts, Director at Wall Street Institute, who is responsible for the anti-corruption program in his organization. David followed up in chat to say, “Our organization is constantly reminding of us that.  It is important to note that not only is this important for the company but also the employees.  They are subject to fines and imprisonment.” 

    The potential for criminal charges and possible imprisonment should be motivation enough for any employee to get on board with this idea of documentation!


    And then you can do this.  And then you can do this.  And then you can…*breathe*

    I found myself talking a bit more quickly than normal while presenting the material – both getting excited about the possibilities and anxious about my time limit.  While preparing for the session, we identified eighteen different things that can be organized into or automated by policyIQ, and frankly that was just the eighteen things that fit nicely in our table.  We talked about Anti-Corruption Compliance using the UK’s Ministry of Justice’s guidance on six principles of compliance.  Those six principles are outlined below, along with just a few of the ways that policyIQ might help an organization manage their compliance program.

    1.     Risk Assessment

    a.   Track Risk Assessments
    b.   Report on High Risk Areas

    2.     Top Level Commitment

    a.   Publish Ethical Conduct Policy internally and externally
    b.   Allow all employees and partners to easily reach Corporate Compliance Officer to ask for clarification

    3.     Due Diligence

    a.   Track all partners and third parties
    b.   Retain all Due Diligence documentation

    4.     Policies and Procedures

    a.   Ask high risk employees and partners to sign off on critical policies
    b.   Document specific situational advice and FAQs

    5.     Effective Implementation

    a.   Use forms in policyIQ to automate Gift Reporting or Expense Request processes
    b.   Track Training Attendance

    6.     Monitoring and Review

    a.   Build and execute audit programs
    b.   Periodically review partners and agreements

     

    Great ways to learn more about Anti-Corruption Compliance - specifically FCPA and UK Anti-Bribery

    We didn't go into detail around the specifics of the FCPA or the UK Anti-Bribery Act, and some of you indicated in the evaluation that you were hoping for more information about the legislation.  There are so many nuances and details - and so many far more intelligent folks out there who have great information on the subject.  Here are just a few of the places that I go to get more information:

    - Thomas Fox's FCPA Compliance and Ethics Blog

    - Michael Volkov's Corruption, Crime & Compliance Blog

    - If you are on LinkedIn, join the group FCPA - Foreign Corrupt Practices Act - Anti-Corruption Compliance Group

    One of our attendees also pointed out that she uses resources from CCH, Deloitte and a variety of other sources found via web searches.  I'll add Compliance Week to that list, which requires a subscription but is worth it for the wealth of information!

    For more details about how to implement policyIQ's specific features and for an outline of some of the Templates that we shared during the session, go to the Anti-Corruption Guide in the policyIQ online Help pages.  If you have any questions about those materials or if you need some help organizing your thoughts to get started, don't hesitate to reach out to us and we'll be happy to talk through it!

    Posted Oct 25 2011, 08:08 AM by chrisburd with 1 comment(s)
    Filed under: , , ,

  • Peek here to see the magic behind the numbers

    OK, so you've just received an email from someone on our team (probably me) letting you know that your contract/subscription is up for renewal or maybe it says that the size of your site is over the free storage limit. You start thinking to yourself, is that right? Are those numbers correct? How do I check the accuracy of this information?  Trust me; I'm not offended that these were first thoughts that popped into your head! I understand the hint of doubt and always verify the information that other people send me.  You never know when a number can get transposed, or there is a minor typo!

    I'm going to share with you a few quick and easy steps you can take to verify your site "numbers."  The quickest and easiest way is to check the Administrative Overview on your Dashboard.  Some of you may know what I'm talking about, others are thinking "huh, what is she talking about?"  I'll show you!

    Go to your Dashboard, click on Add.

     

     

    The following pop-up appears, select Administrative Overview:

     

     

     

     

     

     

     

     

     

    Voila! The Administrative Overview is now on your Dashboard! You now know how many "active" users are set up in your site, the size of your database and lots of other great overview information. 

     

     

     

     

     

     

     

     

     

    Looking for some more detail behind the users? You could create a User Report in the Reports module or Site Administrators can give themselves quick and convenient access to this information by creating an Advanced Search in Setup (where you can make adjustments in Groups and Users, if you wish).  Of course, you can add as many details as you wish into the search but here are the basic filters and columns that I recommend:

     

     

     

     

     

     

     

     

    Looking to try and reduce the size of your database?  OK, this is one requires a little more effort and where I bring in my "experts." I can have your Account Manager or someone from our Support Team contact you to talk through your options with you.  We can help work with you to reduce your storage costs by possibly archiving and/or deleting old data from your site.

    We know that site management can be just another tedious task but a very important one! We don't want you to be overwhelmed or over-charged, so feel free to reach out to us and we can share ideas with you to help your site management become more manageable! We are always happy to help!

    Posted Oct 21 2011, 02:41 PM by jenkohlman with no comments
    Filed under: , , , , ,

  • Surge in Control Self Assessment Implementations!

    Phew! We’ve had a surge in inquiries about Control Self Assessments lately! What's more interesting is that, among the four clients that followed through with implementation in the last two weeks, each client had their own thoughts about how the process would best fit in their respective organizations.

    Control Owners Complete a Detailed Page

    For one of the clients that I worked with, the Control Self Assessment is a task or process whereby the Control Owner completes their own walkthrough of the Control. For this client, the configuration in policyIQ included the development of a new Control Self Assessment page template that very closely reflects the formal Test of the Control. The Control Owner completes one of these CSA pages each quarter and links it to the relative Control. The Internal Audit team can report on any or a combination of fields within the CSA pages. 

    Control Owners Responsible for Staying Up-to-date on Controls, Then Sign-off

    A second example of the CSA process that I observed recently was one in which the Audit team was most concerned with holding Control Owners accountable for their Control documentation. For this implementation, a CSA Form Template including a few high level, generic questions was created. Additionally, the organization is providing Control Owners guidance regarding how to create an Advanced Search that helps Control Owners to easily pull up a list of their respective Controls. Form Activities are helpful in this type of process as they allow real-time monitoring of the status of responses.

    Control Owners Review Relative Controls upon Sign-Off 

    In yet another CSA implementation within the last week or two, I worked with a client that wanted to record the sign-off of their Control Owners and, in doing so, wanted to make the process as straight forward as possible for the end users. We set up this process similar to the Form Template example above. Rather than direct Control Owners to create an Advanced Search to identify Controls, we added the Form Template to a Form List as many times as they have Control Owners. The Form Templates added to a List are then referred to as List Templates. This client customized each List Template with a link to the appropriate Control page(s) in policyIQ. So, there was only one Form Template with generic questions, but each Control Owner would see his/her own Controls linked to their CSA questionnaire. The bundling of all of the List Templates into one Form List per quarter makes it simple for the administrator of the process to roll-out the questionnaire and to monitor the responses.

    In the fourth implementation that I supported recently, the team is following a process very similar to this one, but they are applying the process in their Operations department.

    Why the surge? Do you need help, too? 

    With more than 40 different applications of policyIQ, I am accustomed to bouncing around from one solution to another (I have also presented policyIQ for Automation of Risk Assessment, Contract Administration, 302 Certification, Enterprise Risk Management, Internal Audit, Legal Documentation/Record Retention and Sarbanes Oxley within the last two weeks). What's more unusual is a spike in inquiries about one particular application, such as Control Self Assessments. Is there something going on out there that I missed? Whatever the reason, if you would like to talk about the use of policyIQ for Controls Self Assessments, the topic is fresh on my mind and I'm happy to help. 

    Contact us for more information on automating this (or any other) process for your organization. 

    You may also read up on policyIQ for CSA in more detail in this blog post that we published about a year ago.  

     

    Posted Oct 17 2011, 08:24 AM by stepheniebuehrle with no comments
    Filed under: , , , , , , , ,

  • Anti-Corruption, Anti-Bribery and the Foreign Corrupt Practices Act: Are your bases covered?

    In July of this year, the United Kingdom's Anti-Bribery Act went into effect.  That legislation is described by experts as the strictest anti-bribery legislation that has been adopted - and there is a good chance that you are subject to it.  Any company doing business in the UK, regardless of the scope or volume of that business, are considered by the UK's Ministry of Justice can be subject to enforcement.

    While the UK Anti-Bribery Act might be the most recent and arguably most wide-reaching, anti-bribery regulation is not new.  The United States has its own Foreign Corrupt Practices Act (FCPA), a federal regulation that has been in place since the 1970's.  Like the UK's Anti-Bribery Act, the FCPA focuses on bribery of foreign officials.  The continued globalization of business, as well as anti-terrorism initiatives, have made the US's Department of Justice and Securities and Exchange Commission much more diligent about their enforcement of the FCPA.  If you are a US company doing any foreign business, you need to have an FCPA compliance program in place.  (I wrote about the FCPA earlier this year, if you are interested in more detail.)

    And those are just the big names.  Anti-corruption, anti-money laundering and a wide range of anti-bribery laws exist at state and federal levels.  Legal regulations aside - your customers, investors and other stakeholders want to know that they are working with an ethical organization that is committed to fair business practices.

    Do you have an anti-corruption program in place?  Are you bases covered from both an ethical and legal standpoint?

    What does it take to cover your bases?  There are, of course, some specific guidelines for each regulation - but an overall program should consider these key points:

    1.  Tone at the Top

    Like any compliance program, anti-corruption programs start with the tone at the top.  Do your executive committee and Board of Directors make it clear that unethical and illegal behavior is unacceptable?  Is that made clear both internally to employees, and externally to customers,  vendors and investors?  Are partnerships and relationships subject to the same clear guidance?

    2.  Risk Assessment

    The depth and scope of your anti-corruption program will be driven by the depth and scope of the risk your organization faces in this area.  A company with a sales channel to Canadian retailers faces a much lower level of risk than an organization with high value construction projects in Africa or Russia.  A full risk assessment is needed to determine how far your program must go.

    3. Clear Policies and Procedures

    The tone at the top might be clear, but if the policy is murky, the message isn't going to get through. Be sure that the policies and detailed procedures provide clear guidelines for what is and is not considered "ethical" or "in compliance". Policies should not just apply to your employees - although this is arguably most critical - but also to your partners, suppliers, vendors, etc. In both the UK Anti-Bribery and US FCPA legislation, companies are responsible for the actions of their partners acting on their behalf. 

    4.  Communication

    Now you have clear policies.  Great!  Do your employees know they are there?  What about your vendors or partners?  Be sure that the information is available in a place that is easily accessible by all - and that you regularly communicate updates.  No updates?  Communicate anyway as a reminder.

    5.  Documentation

    Like any compliance program, having a program is great - but being able to prove that the program is in place and effective is critical.  Anti-corruption can be a tricky thing, with subjective decisions made within stated guidelines.  Documentation of every decision - every gift, every entertainment expense, etc - is critical, along with the rationale that was used in making that decision.

    6.  Regular Monitoring, Review and Updates

    Don't put an anti-corruption program in place and forget about it.  The policies need to be reviewed.  The training needs to be revised and redelivered.  The expenses and decisions need to be monitored.  If questions are raised, the program needs to be evaluated to determine if more clarity can be added. 

     

    Want to learn more?

    On Thursday, October 20th, our monthly policyIQ CPE event will explore how you can use policyIQ to implement and monitor an effective anti-corruption program.  Register now to join us at 3 PM ET / 12 PM PT. 

    Resources Global Professionals also has compliance experts in your local area that can help you to evaluate your existing anti-corruption program, and determine whether you have all of your bases covered.  Contact us and we'll  put you in touch with experienced compliance professionals.

    Posted Oct 13 2011, 09:12 AM by chrisburd with no comments
    Filed under: , , ,

  • Companies with the Best Trained Employees Can Still Fail

    Having helped organizations with process and system implementations for years, I have also naturally acquired several years of training experience. You might have heard me say that I’m a data nerd or that I’m a wanna-be tech geek. I could make a similar claim about training and education—I imagine that I will pursue information about how I might positively impact training and education endeavors for the rest of my days.

    I recently read an article that reminded me of the importance of keeping your eye on the ball (or the target, or goal…pick your analogy). Bill Stater’s Training: It’s Not Always the Answer is a great piece. While I work really hard to continuously improve the training sessions that I lead, this article is a nice reminder that what your organization needs—what all organizations need—is not the best trained employees, but the best performing employees!
     


    A needs analysis, he says, is a critical first step if you want to close the gap between your desired outcome and your current state. He recognizes that there are many acceptable methodologies to perform a needs analysis and a couple of great guides are featured in his paper. I sincerely appreciate easy access to useful tools and information, so I’ll share one here that I found straightforward:

    Seven-Step Needs Analysis Process:

    1. Clarify the problem.
    2. Construct an analysis plan.
    3. Collect data on current and actual states.
    4. Analyze data to reveal gaps.
    5. Validate origins and causes of gaps.
    6. Prescribe solutions for each gap.
    7. Brief affected parties on the findings and results.

    Stater suggests that we “think of needs analysis as intelligence gathering…a systematic needs analysis represents a wide open opportunity to gain valuable internal intelligence—data to help make the human side of the business more efficient, effective and competent.”

    If the processes that you are managing in policyIQ aren’t running as smoothly or effectively as you’d like, employ one (or a combination) of the needs analysis processes that are presented in Bill Stater’s paper. If you determine that the root cause is related to the site’s configuration, ineffective workflow and/or communication, or simply that users do not know how to complete a task (like checking out a page or setting up a report), then reach out to us and we’ll get to work on helping you to close the gap. If you have processes that are not running as efficiently as you wish, but don’t know where to begin (with time or staff) to perform your needs analysis, we can help you with that, too.  

    Follow this link to read the full paper and add it to your online learning transcript for future reference!

     

    Posted Oct 11 2011, 07:29 AM by stepheniebuehrle with no comments
    Filed under: , , , , , ,

  • Horses, Childhood Athletics and Patient Communication

    I enjoyed a really wonderful lunch recently. The food was terrific, but what made the lunch especially wonderful was the company. I hesitate in identifying my lunch dates. Should I call them colleagues? Clients? Both of those are definitely true. I'd like to call them "friends". I hope that they would, too.

    We chatted about a wide range of topics. I learned about the current highlights and challenges in their daily jobs.

    The best part was when our conversation meandered into our personal passions. Kids, travels, hobbies and such. It was a pleasure to hear about the activities and issues that arrest their hearts, time and attention. We all have experience with non-profit management--what an interesting and delightful surprise! We exchanged ideas and support for each others' plights.


    I usually have lunch right here...sitting at this desk in front of this computer. My recent lunch outing was a great reminder that there's tremendous value in getting out of the office and joining a colleague for a nice chat. In case you're reading blog posts while having your lunch, I thought I'd send out this message of encouragement: get on the phone and call that contact that you've been meaning to call. It might prove to be a long overdue rewarding experience.

     

    Posted Oct 07 2011, 12:49 PM by stepheniebuehrle with no comments

  • Love what you do...

    “The only way to do great work is to love what you do…don’t settle.”

    ~Steve Jobs

     

    Steve Jobs is the entrepreneurs’ champion of champions. He has certainly inspired our designer and our team.

     

    Thank you, Steve Jobs.

     

    DoSomething.org Tweeted:

    “Heaven is about to get a freakin amazing redesign.”

     

    Apple’s Passionate Pitchman

     
    Posted Oct 06 2011, 09:34 AM by stepheniebuehrle with no comments

  • Sneak peek into upcoming sweepstakes—will you qualify?

    Hello policyIQ community!

    I want to let you in on a little secret…we’re going to announce another policyIQ giveaway coming up in January. All companies with annual contracts on January 31st, 2012 will be entered to win 2 additional advanced users for a full year at no additional charge!

    I am sneaking the news out to you so that those who currently have monthly subscriptions have an opportunity make the switch to an annual subscription.

     

    Don’t switch just because of the sweepstakes!

    Switch to an Annual Subscription because there are all kinds of up-sides for you!

    The annual subscription affords you a discount equivalent to two months free. And unlike most software companies, our agreements include perks that work in your favor. You are welcome to add and remove users throughout the year—we simply look at the highest total number of users for invoicing purposes. Here’s another strange thing that we do: if you add a user part-way into the year, we don’t charge you for the whole year! Crazy, right? We just think it’s honest.

    What hoops to you have to jump through to make the switch?

    It’s easy to change from a monthly to an annual subscription. Just tell us that is what you want to do! Send an email to Support@policyIQ.com and we’ll get you set up.

    Posted Oct 04 2011, 01:38 PM by stepheniebuehrle with no comments
    Filed under: ,
© 2011 Resources Global Professionals