Turning Compliance Projects into Business Processes
In the not-too-distant past, compliance initiatives often were characterized by back-office operations that involved large volumes of records stored in basement filing cabinets. Recently, this situation has changed. Accounting scandals, the growing number of regulatory mandates, and the litigation consequences associated with those regulations have prompted many businesses to bring compliance initiatives out of the back office and into the boardroom.
High-ranking executives, such as chief compliance officers and board members, now actively oversee many compliance activities. As a result, it has become a critical priority for many companies to find technology solutions that quickly increase the efficiency of compliance processes and generate significant return-on-investment (ROI). A key requirement for achieving these objectives is selecting a solution that embraces the successful processes companies have used during compliance “projects” and makes them part of daily business practices.
For example, most companies initially took a tactical, manual approach to Sarbanes-Oxley compliance by creating projects that included dedicated employees, consultants, project plans, ongoing meetings, executive status reports and specialized technology—a standard practice in developing methodologies for new compliance efforts. However, now that companies understand the methodology necessary for 404 compliance, they must create a more efficient, long-term compliance strategy by incorporating their successful Sarbanes-Oxley compliance processes into daily business practices.
When companies concentrate on managing regulated business processes, demonstrable compliance simply becomes a by-product of everyday work activities.
Turning Projects into Processes
Current compliance and records management solutions, such as Stellent’s, allow companies to turn compliance projects into ongoing processes that are conveniently and inherently carried out during the normal course of business. In particular, today’s full Web-based document management solutions effectively manage the massive amounts of content involved in compliance documentation and testing—providing the necessary foundation for storing, managing, processing and tracking content in a central, secure repository.
Your vendor should support multiple compliance initiatives with a single technology architecture that utilizes a common repository and interface. This way, companies can leverage the infrastructure to comply with a variety of government mandates from Sarbanes-Oxley, JCAHO (Joint Commission on Accreditation of Healthcare Organizations) and HIPAA (Health Insurance Portability and Accountability Act), to ISO (International Organization for Standardization) regulations in the manufacturing industry. Customers thus reduce the number of software applications they must purchase for compliance efforts and lower the duplication of documents and data across multiple compliance applications—leading to less complex IT integrations, faster user adoption, lower total cost of ownership and an overall substantial cost savings.
Based on a content management platform, an integrated suite of compliance solutions allows companies to manage the full scope of their compliance responsibilities while reducing operational costs. Stellent’s compliance platform, for example, is based on five key components: document management, records management, workflow, enterprise risk management and vertical applications.
Document management—Enables organizations to effectively and efficiently capture, secure, share and distribute digital and paper-based documents and reports. Retention policies, escalation flows and audit trails are accessed quickly and easily by only those authorized to see them.
Records management—Stellent’s built-in Department of Defense (DoD) 5015.2-certified active and fixed records management solutions help companies control the creation, declaration, classification, retention and destruction of all types of business records—whether they are “active” such as documents and graphics, or “fixed” such as scanned images and e-mail. These records are stored and managed, along with other business content, within one server and accessed using a single interface.
Workflow—Workflow capabilities provide periodic “check-ups” on progress toward compliance goals by automating assessment, audit, remediation, approval and review processes.
Enterprise risk management—An enterprise-wide view of compliance efforts enables leveragability across the organization and diminishes project “silos.” Enterprise risk management prioritizes compliance initiatives based on areas of greatest risk and aligns all strategies with corporate goals.
Vertical applications—Your vendor should also provide vertical applications. The Stellent Sarbanes-Oxley Solution, for example, automates long-term Sarbanes-Oxley compliance methodologies, enabling companies to efficiently manage and approve documentation supporting financial and non-financial disclosures and Section 404 compliance. The best solutions are highly personalized for non-technical business users, allowing auditors, accountants and CFOs to easily create, manage, share, track, approve and archive information with minimal training, using only a Web browser. E-mail management solutions facilitate the intelligent integration of e-mail into customers’ business processes. With rule-based, centralized e-mail archiving, these solutions guarantee seamless records and fulfillment of legal requirements.
The Most Effective Compliance Solution
Because most compliance mandates are primarily a process of massive documentation and testing, comprehensive document management-based solutions—rather than stand-alone compliance systems—are best equipped to effectively support compliance initiatives. Through rapid implementation, integration with existing systems and broad user adoption, customers can promptly transition their resource-intensive compliance projects into ongoing, productive business processes and reap the substantial benefits these evolutions can generate.
Powering Multiple Compliance Initiatives with a Single Solution
Companies across a variety of industries use compliance and records management solutions to comply with a wide range of regulations, including Sarbanes-Oxley, JCAHO, Basel II, HIPAA, FDA approvals and ISO 9001. Examples of successful customer implementations include:
Sarbanes-Oxley Compliance
Reliant Energy, Inc., a provider of electricity and energy services, has streamlined its Sarbanes-Oxley compliance processes by distributing documentation tasks to process owners and smoothing its attestation process. Specifically, their Stellent solution provides Reliant’s core compliance team with an enterprise-wide view of the company’s internal control makeup. This view allows the core team to keep track of and schedule control changes based on company priorities, which helps the company meet its goal of automating as many internal controls as possible.
Additionally, Reliant has centralized process management capabilities and a centralized content repository. The core compliance team easily manages the overall process of Sarbanes-Oxley compliance through an automated workflow system that involves process owners. Reliant has customized specific features within the workflow that monitor contributions from process owners to ensure all work and processes meet the quality standards set by the company. In addition, the centralized repository has eliminated Reliant’s disparate content repositories and disconnected areas of the company carrying out compliance efforts on their own.
Another benefit of Reliant’s compliance solution is the ability to easily share content with multiple audiences, including external auditors