Using an Intranet for Internal Audits
In my second blog post in a series on solving business problems with intranets, I’m writing about how a custom intranet can help with internal audit needs.
As the business world gets more complex, organizations are more concerned than ever in making sure their staff and the organization as a whole is compliant with laws, regulations, and contracts. The explosion of technology has introduced new concerns alongside traditional concerns, such as human resources, proper office code of conduct, and financial risk management. A recent survey highlighted new internal audit concerns that are top of many minds, including:
- Social media. Ensuring that social media is being appropriately used.
- Cyber security. Ensuring information is being managed in ways that do not unduly expose your organization to hacking and data theft.
- Mobile usage. Ensuring appropriate usage of mobile devices. Who owns the devices, what can they be used for, what happens when they get lost or stolen, and so on.
- Cloud computing.What information can live in the cloud, how it needs to be controlled, how it fits into overall policies, and so on.
With such an ever changing landscape, it is more important than ever for organizations to have a full understanding of policies and procedures and how to comply with them. This is no doubt the reason why I have seen so many of our clients interested in policy and procedure maintenance, and dissemination during the early stages of their intranet deployments. Common needs include:
- Ability to manage the creation of policy and procedures, often in a distributed manner based on type of policy and department responsible, but typically with a centralized review prior to publishing.
- Collaboration spaces and workflows related to creation of policies and procedures.
- Ability to easily search and find policies and procedures.
- Distribution of training materials related to policies and procedures and compliance.
- Ability to determine if users have read and understood published policies and procedures.
In order to be effective at addressing these needs, organizations need to plan effectively up front. Examples of typical items that most organizations need to understand up front are:
- What is the authoring process for each policy/procedure? Who is involved, who must sign off, and what audit controls are required.
- How do you want to present this information to your users? Many organizations want policies and procedures accessible in multiple different ways. For example, the accounting department may want all expense reporting policies easily accessible from its home page, but so may the HR department (it’s a typical need during on-boarding and regular updates), as well as accessibility from a central repository. Importantly, you want to satisfy all those needs while only maintaining one master copy of the document.
- How to communicate updates to policies/procedures to your employees.
- Will you publish training material related to your policies/procedures? If so, in what format? How do you want to make it accessible and do you want to track who has completed it?
- Who will track who has read each policy and procedure? Which policies/procedures are mandatory or optional for each type of employee, and how frequently must they be read?
Need help sorting through these needs or other needs related to internal audit? Please contact me for more information.
– Software Delivered as Promised. No Surprises.