Compliance Management: Features
Sustain compliance with systematic and repeatable processes
Compliance Environment and Process Design
Using MetricStream Compliance Management Solution, companies can define and maintain a centralized structure of the overall compliance and control hierarchy including processes and assets in scope, risks for the processes and assets, controls to address the risks, and mechanisms to assess the controls. The solution includes associated policies and procedures, reporting requirements, and filing templates and schedules for various regulations.
Assessment plans to evaluate and ensure the effectiveness of the controls can be designed and assigned to owners based on roles and responsibilities. Based on the compliance requirements and associated risk, the assessment plans can be scheduled periodically or triggered when a certain event occurs. Assessment programs and documentation can be shared within and across processes for higher efficiency.
The system implements rigorous change control measures to ensure that processes and their documentation always stay in sync. It also provides integrated audit trails and change history reports.
Assessing Compliance and Controls
Compliance managers and process owners across the organization can efficiently manage compliance assessment programs to ensure the effectiveness of controls and activities designed to meet regulatory requirements. The system supports assessments based on predefined criteria and checklists, and has a mechanism for scoring, tabulating, and reporting results.
For compliance requirements that are supported by IT applications, assessments can be automated by configuring tests that analyze application data for completeness, accuracy, validity, authorization, and access rules (e.g. segregation of duties for SOX compliance).
A centralized repository of all assessments, with an easy search capability, ensures that internal audit groups can support a request by external auditors to provide documentation and evidence to validate that a specific compliance requirement is being met and that controls are in place to ensure ongoing compliance.
Issue Management and Remediation
For issues and exceptions that pose a risk of non-compliance, the compliance management solution enables seamless integration with MetricStream Issue Management and Remediation Management Solution. Once issues are identified and documented, a systematic mechanism of investigation and remediation is triggered by the underlying workflow and collaboration engine.
The solution supports automatic alerts and notifications for investigation and remedial task assignments. The exception cases remain open till the action plan is carried out and results are verified for effectiveness. Managers can track the status of issues as they automatically move from one stage to the next based on the organization’s compliance management procedures.
Executive dashboards provide enterprise-wide visibility into the compliance process, and highlight issues that need to be addressed. The MetricStream solution also has the ability to track compliance statuses, process ownership, assessment plans, etc. on graphical charts that can be accessed globally and display real-time information. The ability to drill down into these charts provides an easy way to access the data at finer levels of detail.
In addition to pre-configured standard compliance reports, the system provides tremendous flexibility by enabling stakeholders to configure ad-hoc or scheduled reports. These reports can be used to view metrics by a variety of parameters such as by process, by business units, orby status. The system also provides quarterly and monthly trending analyses with the ability to drill down into each report and dashboard to see the underlying details. This enables compliance managers and process owners to stay in constant touch with the ground reality and progress on compliance programs. Automated alerts for events such as exceptions and failures eliminate any surprises and make the process predictable.