Insights
Understanding, experience and technology for success

Smart Investment Strategies for a Compliance Platform: A Ten Step Guide

Government regulations and mandates are on the rise. Most corporate compliance offices are challenged to find compliance solutions that can scale across the enterprise and also manage regulatory and compliance initiatives within the respective operational and departmental areas. This article highlights the importance of selecting the right compliance platform, which can scale across different regulations (federal and state regulations, 21CFR part11, Sarbanes-Oxley, OSHA, internal governance initiatives etc.) while serving users across the enterprise. Most corporations have diverse systems and processes and the challenge always is on monitoring and reporting compliance events and trends across the enterprise.

A well-designed compliance management platform has abilities to perform the following key functions across the enterprise:

1. Compliance Dashboard: The compliance platform must provide a single enterprise-wide dashboard for all users to track and trend compliance events. All compliance events should be easily viewed interactively through the enterprise compliance dashboard. External auditors, internal auditors, compliance officers can use the dashboards to make decisions on the compliance status of the organization.

2. Policy and Procedure Management: A well-designed document management system forms the basis of managing the entire lifecycle of policies and procedures within an enterprise. Ensuring that these policies and procedures are in agreement with the ever-changing rules and regulations is a critical requirement. The creation, review, approval and release process of the policy documents and SOPs (Standard operating Procedures) should be driven by collaborative tools that provide core document management functionality. The ideal solution typically provides for both sequential processes to review and approve documents and parallel "ad-hoc" review processes enabling a wide range of participation and input to the review cycle. For such purposes, a well-designed document management system with a tightly integrated email collaboration capability becomes a critical necessity to enable both sequential and parallel review processes across wide range of participants. Compliance solutions which do not enable appropriate email collaboration, and merely focus on document management often are not effective in ensuring that their policies and procedures are globally in sync with the rapidly evolving rules and regulations.

3. Event Management: The compliance management system must have ability to capture and track events, cases and incidents across the extended enterprise. Compliance Officers, Call center personnel, IT departments, QA personnel, ethics hotline should be able to log in any adverse events across the enterprise, upon which the necessary corrective and preventive actions (CAPA) are initiated. Creating a single system of record for all compliance events across regulations provides the opportunity for offering an integrated compliance dashboards. Enterprises, which are investing in "point" solutions for each regulation, often miss out on the efficiency gains of creating a single system of record for compliance, be it for Sarbanes-Oxley compliance, FDA compliance, or internal quality or governance initiatives.

4. Rules and Regulations: A well-designed compliance management solution must offer capabilities for organization to be continuously in sync with changing rules and regulations. As soon as there are regulatory changes, appropriate entities, policies and SOP owners should be notified proactively through "email based" collaboration. This process critically enables the organization to dynamically change their policies and procedures in adherence to the rules and regulations. While tracking a single regulation may be manually feasible, it becomes an error-prone task to track all local, state, and federal regulations across the globe for Sarbanes-Oxley, FDA, JCAHO, ISO, EPA, OSHA, Patriot Act. A well-designed Compliance management system offers up-to-date regulatory alerts across the enterprise.

5. Audit Management: Audits have now become part of the enterprise core infrastructure. Internal audits, financial audits, external audits, vendor audits must be facilitated through a real-time system. Audits are no more "A-once-a-quarter" activity, in many instances, FDA/SEC audits are initiated without notice and corporations must be prepared to offer appropriate audit capabilities. Appropriate evidence of internal audits becomes critical in defending compliance to regulations.

6. Quality Management: Most organizations have internal operational, plant-level or departmental quality initiatives to industry mandates like Six-sigma or ISO 9000. A well-designed compliance management program incorporates and supports ongoing quality initiatives. Most quality practitioners would agree that compliance and quality are two sides of the same coin. Therefore, ensuring that your compliance management solution offers support for your enterprise-wide quality initiative is critical.

7. Training Management: Most compliance programs often require evidence of employee training. Regulations like FDA 21CFR Part 11 or SEC Sarbanes-Oxley Act, mandate employee training upon evidence of non-conforming events. Lack of documented training can lead to fines and penalties. Often the compliance office has to work closely with the HR organization to facilitate such employee training initiatives. Well-designed compliance programs require a well-integrated approach to e-learning and training management.

8. Compliance Task Management: Compliance organizations must plan, manage and report status of all compliance related activities from a centralized solution. Automated updates from the various compliance modules should provide up-to-the-minute status reporting that could be viewed by the board of trustees, corporate compliance officer, entity compliance coordinators, quality offices and others as designated.

9. Financial Sarbanes-Oxley Compliance: Sarbanes-Oxley Act of 2002 has become a critical compliance initiative in most CFO offices. It is critical that a well-designed compliance solution must address the needs of the financial office and provide support for COSO, COBIT and Enterprise Risk Management (ERM) frameworks of compliance. Enhancing the quality of financial reporting for publicly traded companies is critical for creating shareholder confidence as well as ensuring compliance to the Securities and Exchange commissions. SOx compliance must address the following compliance phases:

  • Design: Design of compliance environment, control hierarchies, and segregation of duties

  • Assessment: Assessment of control executions, process-flows, effectiveness

  • Improve: Improvement through remediation plans, corrective action plans and business user collaboration.

  • Monitor: Monitor design status, SOx quarterly and monthly trends, assessment and improvement status, SOx views by business units or geographies.

10. Configurable Platform: Last, but not the least, it is critical to build your compliance solution on a scalable and configurable platform, one which can adapt and change to the regulatory environments, today and in the future. Compliance workflows, tasks, audit processes, financial reporting standards, quality management techniques all change with time. Your chosen platform must enable you to rapidly adapt to the changes without intensive re-programming of your systems. Many compliance application vendors attempt to package their application as a platform, yet, discerning buyers look closely at the true power and capabilities of the configurable platform.

Forward thinking corporations who are following this ten step guide to compliance standards are achieving compliance more productively, they are in fact leveraging the compliance requirements into building a higher quality organization with greater corporate performance.