From Compliance Chaos to Universal Governance Management
In the 1990s, the standards set out by the federal Clean Air Act were widely bemoaned by the auto industry; compliancy was sure to raise the retail cost of vehicles to unacceptable levels and make cars less safe on the road. Customers would be lost. Manufacturers would go out of business.
As of this date, none has closed its doors. Car sales continue to grow, even in California, the state with arguably the most stringent vehicle emissions laws. And, now, many believe that the new technologies the auto industry has been forced to develop are actually improving overall customer satisfaction, bolstering their corporate image and giving them a kick start in creating the next generation of products.
There's a lesson that can be learned from this. Compliance doesn't have to be a tremendous burden. Compliance can even bring about new and surprising profitability and customer satisfaction. And it can be a catalyst for positive changes across your organization.
Shifting How You Think About Compliance
In just the past five years, it is estimated that nearly 10,000 regulations have been created by federal and industry entities; all mandating the capture and control of electronically stored documents (which now make up 80% of all business information).
To service this sudden and growing need, a plethora of companies have sprung up offering products to solve every regulatory directive imaginable. But these point solutions are quickly becoming a liability for companies with many silos of information spread across many departments. For example, the out-of-the-box document archiving system used in Finance may be working for them, but what about e-mails created in Sales? Another product has to be purchased to cover that. And then what about archiving instant messaging generated by Customer Service? Yet another product to be installed. By acquiring these band-aids, the company is simply incurring a cost to comply rather than making an investment in creating new efficiencies.
AMR Research recently predicted that in 2005 alone $15.5 billion will be spent on a wide range of compliance programs and $80 billion over the next five years. Bear with the auto industry analogy for a bit longer: with that kind of money in the balance, companies must start seeing the need to comply as an opportunity to fine-tune and improve the entire engine under the hood. As AMR Research concludes in the same report, "...leading companies are connecting the dots between overall compliance requirements and their own enterprise performance management activities." (John Hagerty, Fenella Scott, "Regulatory Compliance: An $80B Opportunity," AMR Research, January 2005)
Driving a Lower Total Cost of Governance
Notice that it is not called "total cost of compliance." Fine tuning the entire engine means we look at how compliance technologies—from documents and records management to e-mail and Web page capture—can drive greater efficiencies and greater ROI across all areas of a company where electronic information is created, stored or exchanged. We'll label this "universal governance management." It crosses typical departmental boundaries, combining strong compliance initiatives with overall strategic planning and goal setting. It creates better visibility into the state of the entire company, not just for risk mitigation, but to drive efficiency improvements department by department. It empowers not just the compliance team but every manager, putting them in the driver's seat to be more successful.
A Turbocharged Return on Investment
There's no doubt that your organization will be contributing a portion of the $80 billion companies will spend on compliance over the next five years. The return on that investment when creating universal governance management can be augmented by considering several steps:
1. Look to the next generation of compliance solutions. Today's compliance applications tend to be implemented as standalone point solutions. This presents several limitations, such as the lack of robust integration capabilities, weak portal resources and the inability to manage data as an electronic record. A more forward-thinking approach is to look to a solution where all information, from a wide array of sources and in many formats, can be stored in a single secure repository, and then pulled together and personalized for the end user. Then the information can be tapped for far more than simply compliance needs.
2. Make it sustainable compliance. Compliance is an ongoing process, not a single event. To be more than just a quick fix, compliance solutions must also enhance business processes and readily adapt to change. This "sustainable compliance" solution must use a single infrastructure to satisfy multiple and converging compliance requirements (SOX, SEC, Basel II, HIPAA, etc.) to bring efficiency to the compliance problem and provide a single source of the truth for compliance information.
3. Consider the human side. One of the best ways to ensure success of any compliance initiative is to see that it is as user-friendly as possible. Any solution chosen should create a common user experience around risk and compliance, so that it can be extended quickly as the need arises. It should also provide enterprise-wide interfaces/portals for management to easily access.
4. Consider the technology side. First and foremost, find a provider who sees the same big picture potential. They should be presenting a group of solutions and technology partnerships which put all the puzzle pieces together, yet are flexible enough to meet your unique industry needs. This provider should offer:
- An open compliance architecture. Compliance efforts will typically demand the integration of information from multiple enterprise systems. To do this most cost effectively, it is best to use a common architecture designed with interoperability in mind. For example, the J2EE architecture has been adopted by many vendors to achieve this goal. It eases integration efforts and enables application interoperability via Web services, which is essential to functioning within the service-oriented architecture (SOA) environments that customers are rapidly adopting.
- A single source of the truth. Many efforts to provide accountability in compliance suffer from a major flaw: the enterprise never establishes a single source of truth. The most fundamental way of achieving a clean audit trail for compliance information is to implement a records and document management layer as the foundation of the architecture. The benefits include detailed security at a document or object level. Time stamping, versioning and other basic library services establish who touched what document when, creating an unalterable audit trail. DOD standard 5015.2 sets a model that many enterprises have relied on in building their records management strategy.
- Vast integration potential. Think leveragability. Once the single records management system is implemented, the enterprise has a secure repository on which to build. Next, planners should examine the core systems that contain data that will need to be secured to provide a complete compliance snapshot. For example, a manufacturing company may find that its work-in-progress inventory levels will have a significant effect on the quarterly financials. They might integrate their ERP system into their records management repository so that relevant data is "locked down," creating a single source of the truth for that point in time. As companies look to make their records management system the hub of their compliance architecture, they may have to integrate with many key applications.
- Far-reaching visibility. Another essential element of an effective compliance architecture is the insight and accessibility to information gained through portals and dashboards. A portal view into compliance information should be tailored to the needs of the individual knowledge worker and should be limited to the information they are allowed access to by the security dictates. A CFO dashboard might focus on high-level indicators of the status and risks associated with the financial close process. An internal auditor might have views into site-audit status. Finally, a worker might log in to see the list of tasks that they must complete and attest to in their daily work, plus e-learning modules available or required for their professional development.
5. Keep your eyes on the road ahead. Where do you want your company to be next year, in five years, 10 years? Make sure your compliance solution can handle whatever change/growth comes your way. Remember that many of the regulations we must now meet are five years old or less. They are likely to evolve and grow, and the infrastructure you put into place must be adaptable. Find a solutions provider that can help you extend your investment beyond just compliance, to one that takes advantage of being able to lock down and manage data across disciplines, and can deliver that data in the very best way possible—from e-learning to employee and customer portal, to collaboration capabilities and expanded customer relationship management.
The Keys are in Your Hands
Federal and industry regulations are here to stay. How you approach complying with these mandates can mean the difference between simply meeting the bare minimum and taking your organization to new levels of efficiency and productivity. You must shift your compliance viewpoint to one of universal governance management, where solutions reach across departmental boundaries, combining strong compliance initiatives with overall strategic planning and goal setting.
Your compliance partners should hold the same vision. And they should have already assembled best-of-breed solutions and services from many sources to enable greater automation and tracking of all communications as well as delivery of individualized and prioritized information to the right people at the right time.
In other words, don't depend on a quick fix at the end of the tailpipe. Work on the entire engine to increase the overall performance, and while you're at it, improve the dashboard to let you see how far you've come.
Driving more efficiencies through compliance
EDS chose not to simply install a records and documents control software application for compliance. Instead, they looked for a wider-reaching multi-product solution that not only helped them meet regulations, but actually improved internal communications and operational efficiencies.
- Combined the power of more than 4,000 internal Web sites into one, easy-to-use employee information portal;
- Empowered employees with critical operational and governance information delivered through personalized dashboards; and
- Launched a new reorganization-focused internal portal from concept to launch in less than 90 days.
Vignette's Compliance and Governance Solutions Unit delivers focused expertise to help their clients solve regulatory compliance business issues. The unit is comprised of five individuals representing core areas of expertise. Vice President and General Manager Mark Gilbert, drives the group's strategic vision and go-to-market leadership. Prior to joining Vignette, Gilbert spent 10 years as a highly respected analyst with Gartner. Senior Account Executive Scott Reed is the primary conduit of information between clients and the team. His broad knowledge in enterprise solutions, business development, and global business strategies give him deep insight into how to best grow successful customer relationships. Tapping years in the field as technical lead for a range of enterprise document management and workflow system implementations, Phil Ayres serves as principle solutions architect. Business Analyst Robert Hill is responsible for product development, sales, and partner relations. Prior to this, he oversaw the development and execution of Vignette's Sarbanes-Oxley compliance initiative. Senior Field Marketing Manager Gay Thompson provides worldwide marketing support to the team. She brings experience in program management, new product introduction, product marketing and customer support. For more information about Vignette's Compliance and Governance Solutions Unit, e-mail Scott.Reed@Vignette.com.