|
|
|
Features
< Back
Sarbanes Oxley : Technology : Content Management
Enterprise Content Management: Building a Foundation for a Compliance Program
The Compliance Officer and the Executives are typically the only people who have involvement in the entire compliance program.
By
Therese Harris
|
|
Therese Harris
Solutions Marketing Manager
Hummingbird Ltd
|
The regulatory environment has undergone significant changes in the past five years with respect to legislative and regulatory compliance. Organizations are faced with an increasing number of local, national and international compliance requirements that demand a formalized process for managing and auditing business critical information.
Comprehensive information and knowledge management technology is necessary to help organizations meet compliance requirements. The consequences of non-compliance are heavy fines, reputation risk and other punitive penalties.
The technology industry is littered with point solutions that address a specific aspect of a particular piece of legislation. The majority of these solutions are structured content solutions, which accommodate documents as a secondary requirement. Today, organizations are looking for the ?glue? that will pull all of the compliance pieces together. Not only are organizations looking to put the pieces of a compliance area like Sarbanes-Oxley or OSHA together, but they are also looking to combine processes and content where possible. Because documentation and records retention are key components of compliance, enterprise content management provides the infrastructure upon which compliance programs can be built.
Organizations in highly regulated industries such as financial services, pharmaceuticals, and energy and utilities identify corporate compliance as one of their top challenges.
Enterprise content management addresses corporate compliance by delivering a foundation for organizations to build and execute their compliance programs. Compliance professionals recognize the need for content-centric solutions to aid in the capture, sharing and storage of compliance related information.
Organizations in the financial services industry face a diverse set of compliance regulations, including; responsible corporate governance, the protection of customer information, and the prevention of illegal activities. Energy and utilities organizations are faced with tough human safety and environmental protection legislation; and pharmaceutical companies face regulatory requirements that focus on the protection of consumer health and safety.
Minimizing Risks with an End-to-End Compliance Program
Meeting compliance requirements has become a top-priority for business executives in every industry. Executives who historically focused on improving efficiency and reducing costs have turned their focus to reducing the risks associated with non-compliance. Forced by the onslaught of new and increasingly demanding legislation and regulations, organizations are making corporate compliance an enterprise-wide initiative.
By using content management as a foundation, organizations can:
• Create, manage, share and consolidate all compliance program documents;
• Capture, store and secure critical information for each compliance initiative;
• Route information throughout the organization using predefined processes;
• Produce documents and reports for regulators;
• Provide an overview of compliance related information both for each area of compliance, as well as in a consolidated compliance dashboard view.
Compliance teams can create and manage program documents as is required by the compliance regulations. Documents such as policies and procedures, audit processes, and training materials can then be shared with the staff involved in the compliance process. For regulations pertaining to materials handling and safety procedures, safety teams must document changes in the process immediately, and share these changes with the affected personnel. Using workflow, the documented procedural changes can be routed to the appropriate teams for approval. The safety team can use history tracking on the procedural change document to ensure that affected personnel have viewed the information.
Critical content, that may be required to satisfy a particular piece of a compliance regulation, can be captured at the point it is obtained, and saved to the compliance content repository. For example, an image of a driver?s license for opening a new account can be capture at the bank branch; it is profiled and saved directly to the repository. At a later date, if that driver?s license is required for an investigation, it can be easily retrieved using a number of search criteria including account number or account holder name. Documents, images, emails and other information related to a specific account or customer can be saved to the content repository using the same key identifiers for easy retrieval.
The Compliance Officer and the Executives are typically the only people who have involvement in the entire compliance program. Creating an end-to-end compliance program requires organizations to share information between the lines-of-business, and create a smooth transition between the various steps in the compliance process. Using ECM as a foundation for corporate compliance allows organizations to bring together information and process even if the workers never actually work together. Documents, and data associated with those documents provide the foundation. By adding workflow and reporting organizations can create an end-to-end solution for compliance. Other compliance applications need to be integrated into the process also, so that all information can be available to meet compliance requirements, and illustrate that requirements are being met.
Formalizing Records Policies
Enterprise content management with records management capability will provide a secure, standards-compliant records retention solution that works in tandem with the rest of your compliance architecture. When combined with records management methodologies and best practices, the compliance team can establish comprehensive lifecycle management of both paper and electronic records. In addition, and ECM foundation provides a fluid process for the protection of content assets against risks such as litigation or disaster, while satisfying complex regulatory requirements.
Energy and utilities organizations can rely on content management tools to capture activity reports associated with regulatory requirements. As an example; organizations are required to document and report on ventilation activities for environmental protection purposes. Reports containing information on how much was ventilated and for how long must be compiled and submitted to regulators on a periodic basis. Content management can ensure all documentation is collected and reviewed, and can track when the information is sent to the regulating body.
Another example of how document and records management can be applied to industry specific regulations is in the pharmaceutical industry. Organizations must collect thousands of documents associated with the development and testing of a drug or medical device. Enterprise content management ensures documents are collected and stored in a single, secure environment. Because some documents contain personal data, pharmaceutical companies can also rely on the security and privacy protection that is built-into a robust document management system. Records management ensures that the documentation is held for the appropriate retention period to meet with food and drug industry regulations.
Defining and Managing Workflows throughout all Stages of the Content Lifecycle
Organizations can leverage workflow technology to automate the processes required to meet compliance criteria. For example, the Sarbanes-Oxley Act requires financial documents be reviewed by the Chief Executive Officer and the Chief Financial Officer. Once the documents are ?Final?, a workflow process will be launched to route the documents to various corporate officers for approval before the documents are sent to the Security and Exchange Commission. The entire approval process is tracked and auditable.
Triggers from external compliance applications can launch a content-centric workflow activity. For example, a suspicious transaction is identified by an anti-money laundering transaction monitoring system. The data about that transaction creates a report in the content server and send a work-list item to an administrator regarding account number 123456. All the information that the organization has about the account holder of account number 123456 is consolidated using an ad-hoc query from the compliance content repository as well as other database information systems in the organization. Then the work-list item is routed to an investigator for investigation and resolution.
Robust, in-depth search capabilities ensure documents can be retrieved and available when required. Full history and audit capabilities must also built-in to every component of the content management platform so information about the history of a document can be made available to auditors and investigators. Similarly, business intelligence and reporting tools must be fully integrated with the platform to provide an additional tool for transforming the organization?s information into intelligence.
Executives and Compliance Officers need to insure that the compliance requirements facing the organization are being meet. In the case of Basel II for banks, there needs to be supervisory review of the financial institution?s internal assessment of their overall risks. Using an executive dashboard, critical compliance content, augmented with line-of-business data, can be revealed through a single interface.
Enterprise content management provides the storage, security and retention of documents and records; the execution of compliance procedures and processes using workflow technology; information reporting using business intelligence tools and alerts; and executive dashboards to monitor compliance activity.
Assuring Compliance While Streamlining Organizational Efficiencies
Content assets are the foundation upon which many organizations build new business opportunities and competitive advantage. Leveraging the business value of content while simultaneously protecting that content with applied records management strategy is not a new concept; however, the conventional means of addressing these tandem needs is changing.
In the past, many organizations chose to manage each stage of the content lifecycle independently, with disparate processes, systems, repositories, and technologies. Today, with directives to increase efficiencies while simultaneously improve accountability; an integrated system for the management of the entire content lifecycle is crucial to meet these goals.
Organization in highly regulated industries are today being driven by an increasing number of legislation and regulations that require a formalized process for managing content or information that is core to their business operations. These compliance requirements have created unique situations within organizations that require them to implement new business practices and technologies that they may not have previously budgeted or planned. Organizations should view this not just as a requirement, but as an opportunity to improve their business processes. By implementing core content management capabilities, organizations will see the benefits of efficiencies in the business processes while enabling their organization to meet the new compliance requirements.
Therese Harris
Solutions Marketing Manager
Hummingbird Ltd
Therese Harris is a Solutions Marketing Manager with Hummingbird Ltd. Her area of expertise is in the Financial Services industry with a particular focus on such issues as deal management, compliance, corporate governance, and records retention.
Ms. Harris has more than ten years experience in the software industry having lectured and written extensively on communication, content, and collaboration technologies. Her diverse experiences include international sales, research and strategy, and global alliance relations.
|
|
|
|
|
