Compliance Management: Features

Compliance Environment and Process Design
Using MetricStream Compliance Management, companies can define and maintain a centralized structure of the overall compliance and control hierarchy including processes and assets in scope, risks for the processes and assets, controls to address the risks and mechanism to assess the controls. It includes associated policies and procedures, reporting requirements and filing templates and schedules for various regulations.

Assessment plans to evaluate and ensure the effectiveness of the controls can be designed and assigned to owners based on roles and responsibilities. Based on the compliance requirements and associated risk, the assessment plans can be scheduled periodically or triggered based occurrence of certain events. Assessment programs and documentation can be shared within and across processes for higher efficiency.

The system implements rigorous change control to ensure processes and their documentation always stays in sync and also provides integrated audit trails and change history reports.

Assessing Compliance and Controls
Compliance managers and process owners across the organization can manage compliance assessment programs to ensure the effectiveness of controls and activities designed to meet regulatory requirements. The system supports assessments based on predefined criteria and checklists and has a mechanism for scoring, tabulating and reporting results.

For compliance requirements being supported IT applications, assessment can be automated by configuring tests that analyze application data for completeness, accuracy, validity, authorization and access rules (for example, segregation of duties for SOx compliance).

The centralized repository of all assessments, with an easy search capability, ensures that the internal audit groups can support a request by external auditors to provide documentation and evidence to validate that a specific compliance requirement is being met and control are in place to ensure ongoing compliance.

Issue Management and Remediation
For issue and exceptions that pose a risk of non-compliance, the Compliance Management system provides seamless integration with Issue Management and Remediation Management modules. Once issues are identified and documented, a systematic mechanism of investigation and remediation is triggered by the underlying workflow and collaboration engine.

The solution supports triggering automatic alerts and notifications to appropriate personnel for task assignments for investigation and remedial action. The exception cases remains open till the action plan is carried out and results verified for effectiveness. Managers can track the status of issues as they automatically moves from one stage to the next based on organizations compliance management procedures.

Monitoring Compliance
Executive dashboards provide enterprise wide visibility into the compliance process and highlight issues that need to be addressed. The solution has the ability to track compliance status, process ownership, assessment plans, etc. on graphical charts that can be accessed globally and display real-time information. Ability to drill-down provides an easy way to access the data at finer levels of detail.

In addition to pre-configured standard compliance reports, the system provides tremendous flexibility by enabling stakeholders to configure ad-hoc or scheduled reports to view metrics by a variety of parameters such as by process, by business units, by status, etc. Quarterly and monthly trending analysis along with the ability to drill-down into each report and dashboard to see the underlying details enables compliance managers and process owners to stay in constant touch with the ground reality and progress on compliance programs. Automated alerts for events such as exceptions and failures eliminate any surprises and make the process predictable.