Ensuring compliance through ECM."Large and midsize enterprises will spend $2 billion through 2005 to become compliant with Sarbanes-Oxley legislation. Smart enterprises will use that money to build the beginnings of a compliance platform." --Gartner, Inc.-- There is a new competitive mountain to climb--compliance. As a result of a number of high-profile cases involving corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. and accountability, companies are dealing with a host of new regulations and enforcement initiatives, including the Sarbanes-Oxley Act See SOX. (SOX), the Securities and Exchange Commission Rule 17-a, the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The purpose of Basel II is to create an international standard that banking regulators can use when creating regulations , and the USA Patriot Act USA PATRIOT Act [Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorists], 2001, U.S. , as well as a multitude of environmental and governmental anti-trust regulations. The Call for Compliance Leading organizations across a wide range of industries must take swift action to: * Comply with increasingly stringent state, federal, and local regulations * Meet the dictates of a growing list of laws and mandates that require increased accountability * Manage the growing number of complex litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. matters, claims, and cases To accomplish these objectives, organizations require a solution that enables them to efficiently review all corporate information, including claims, policies, rules, etc., discover what is important, and take the right action to resolve matters. Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. firms must work to comply with document retention and accessibility laws, healthcare organizations must be able to guarantee the security and privacy of patient records, and government organizations must implement measures to securely archive sensitive documents, while making them readily available to the public. Anything less than strict attention to these priorities can potentially lead to stiff legal penalties. A host of emerging laws and regulations are at the root of this heightened focus on better management of records and enterprise content. For example, the Sarbanes-Oxley Act of 2002 provides penalties of up to 20 years imprisonment Imprisonment See also Isolation. Alcatraz Island former federal maximum security penitentiary, near San Francisco; “escapeproof.” [Am. Hist.: Flexner, 218] Altmark, the German prison ship in World War II. [Br. Hist. for corporate executives found guilty of destroying, altering, or fabricating records in federal investigations or schemes to defraud To make a Misrepresentation of an existing material fact, knowing it to be false or making it recklessly without regard to whether it is true or false, intending for someone to rely on the misrepresentation and under circumstances in which such person does rely on it to his or investors; or for filing false financial statements with the SEC. Some of the questions executives must ask in the post Sarbanes-Oxley era include: * How can CEOs and CFOs be sure that the SEC reports they are certifying are "fair and accurate"? * How can corporate legal departments proactively identify the myriad of other corporate information that might conflict with SEC reports or represent future litigation risks? * What changes should be made to processes across the enterprise to help identify potential compliance and litigation risks? Similarly, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition (GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve ) of 1999, may hold public companies accountable for controlling the security of and access to a wide range of personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. . Furthermore, the Patriot Act Patriot Act: see USA PATRIOT Act. of 2001 broadly expands the powers of federal law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). investigating cases involving foreign intelligence and international terrorism Noun 1. international terrorism - terrorism practiced in a foreign country by terrorists who are not native to that country act of terrorism, terrorism, terrorist act - the calculated use of violence (or the threat of violence) against civilians in order to attain , particularly their latitude for access to business records. These emerging regulatory compliance developments, combined with the increasing value placed on corporate records and other intellectual property and the huge costs associated with growing litigation matters, are forcing companies to take a new look at how they protect their content assets and assure their accuracy. Organizations have massive amounts of paper-based and electronically stored data within their organizations, including email, printed documents, images, reports, voice messages, and Web logs, and all must be organized, reviewed, produced, and managed. Collecting, assessing, and taking protective measures with this information--created by employees, business partners, and vendors--requires a vast number of events, people, and time. This process is not only time-consuming, but it is also very difficult to assess risks and understand the true importance of the data. While this may seem purely a compliance issue, it is not. Companies must manage organizational content in a secure, centralized environment, while also streamlining the vital processes that drive that content in order to realize improved efficiencies, lowered operating costs operating costs npl → gastos mpl operacionales , decreased litigation risks, as well as an increased ability to meet the stringent compliance demands. The Solution to the Compliance Dilemma By implementing a compliance framework that consists of integrated Enterprise Content Management (ECM (1) (Enterprise Change Management) See version control and configuration management. (2) (Error Correcting Mode) A Group 3 fax capability that can test for errors within a row of pixels and request retransmission. ) and Business Process Management (BPM), companies can administer the lifecycle of critical documents, enforcing processes for compliance, and responding to audits and inquiries. The framework helps companies address a wide range of current and future legislation and industry requirements while reducing the total cost of compliance and corporate governance initiatives. Business Process Management (BPM) is the ideal enterprise foundation for corporations looking to address their immediate compliance needs while ensuring that they will have the flexibility to deal with new regulations and changing requirements as they arise. Process description, automation, and monitoring are the heart of any compliance solution, but complex regulatory legislation rarely offers companies a formula or list of ingredients that will ensure compliance. To accommodate probable changes in best practices, solutions must be as flexible as possible. There is a strong case for buying a general-purpose business process management (BPM) tool. BPM is not a simple point solution for regulatory compliance; it is an enterprise process management platform that is capable of effectively automating, enforcing, and monitoring a virtually limitless number of compliance processes. As a result, as new regulatory requirements are introduced or as existing requirements change, organizations can rapidly modify these processes within BPM to effectively respond to legislation and, at the same time, gain greater ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). from their existing compliance platform. It is also critical to note that Business Process Management plays a crucial role in increasing organizational transparency, a consistent aspect across most existing and proposed regulatory legislation. Again referring to the Gartner Research piece, "BPM tools can help enforce compliance policies in real time, by creating business rules that describe suspected problems. All interactions are tracked and likely problems can then be automatically escalated to higher levels of authority." Immediate and effective communication is critical to compliance efforts and corporate transparency For other definitions of transparency, see . Corporate transparency is a form of radical transparency : The construct removing all barriers to - and facilitating of - free and easy public access to corporate, political and personal information and the laws, rules, social . Through BPM, corporations can immediately identify "at risk" activities and move accordingly to correct them before they evolve into material issues. This ability to actively monitor compliance activities and corresponding business processes across the enterprise is the essence of corporate transparency and compliance. ECM on the other hand enables organizations to seamlessly and securely capture, review, discover, and assess critical information. Organizations can identify problem areas, produce any and all necessary corporate information, drive correct mitigation action, resolve matters, and create workflow for risk areas to avoid future follow-up action and litigation claims. The event-driven ECM architecture integrates content and processes to immediately identify and initiate response to material events. This reduces response time, ensures efficiency and process control, and helps companies address emerging legislative requirements such as Sarbanes-Oxley, Basel II, USA Patriot Act and others. An integrated solution provides the necessary tools for organizations, both large and small, to proactively manage all information, both paper based and electronically stored, to ensure compliance, avoid risks, and proactively avoid litigation. Companies can: * Help reduce and manage risk to avoid potential shutdowns, penalties and legal action * Drive proactive and immediate response to material events * Provide greater visibility and control of business processes and related information * Improve the security and privacy of information * Provide monitoring and reporting capabilities key to establishing controls and audit trails to account for how and why decisions were made * Deliver maximum flexibility and agility to better respond to the changing regulatory environment. Chris Preston is director of product marketing at FileNet Corporation (Costa Mesa Costa Mesa (kŏs`tə mā`sə), city (1990 pop. 96,357), Orange co., S Calif., on the Pacific south of Santa Ana; inc. 1953. It is a transportation, residential, and light industrial center. , CA) www.filenet.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion