Ensuring compliance through ECM.
There is a new competitive mountain to climb--compliance. As a result of a number of high-profile cases involving corporate governance and accountability, companies are dealing with a host of new regulations and enforcement initiatives, including the Sarbanes-Oxley Act (SOX), the Securities and Exchange Commission Rule 17-a, the Health Insurance Portability and Accountability Act (HIPAA), Basel II, and the USA Patriot Act, as well as a multitude of environmental and governmental anti-trust regulations.
The Call for Compliance
Leading organizations across a wide range of industries must take swift action to:
* Comply with increasingly stringent state, federal, and local regulations
* Meet the dictates of a growing list of laws and mandates that require increased accountability
* Manage the growing number of complex litigation matters, claims, and cases
To accomplish these objectives, organizations require a solution that enables them to efficiently review all corporate information, including claims, policies, rules, etc., discover what is important, and take the right action to resolve matters.
Financial Services firms must work to comply with document retention and accessibility laws, healthcare organizations must be able to guarantee the security and privacy of patient records, and government organizations must implement measures to securely archive sensitive documents, while making them readily available to the public. Anything less than strict attention to these priorities can potentially lead to stiff legal penalties.
A host of emerging laws and regulations are at the root of this heightened focus on better management of records and enterprise content. For example, the Sarbanes-Oxley Act of 2002 provides penalties of up to 20 years imprisonment for corporate executives found guilty of destroying, altering, or fabricating records in federal investigations or schemes to defraud investors; or for filing false financial statements with the SEC.
Some of the questions executives must ask in the post Sarbanes-Oxley era include:
* How can CEOs and CFOs be sure that the SEC reports they are certifying are "fair and accurate"?
* How can corporate legal departments proactively identify the myriad of other corporate information that might conflict with SEC reports or represent future litigation risks?
* What changes should be made to processes across the enterprise to help identify potential compliance and litigation risks?
Similarly, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Gramm-Leach-Bliley Act (GLBA) of 1999, may hold public companies accountable for controlling the security of and access to a wide range of personally identifiable information. Furthermore, the Patriot Act of 2001 broadly expands the powers of federal law enforcement agencies investigating cases involving foreign intelligence and international terrorism, particularly their latitude for access to business records.
These emerging regulatory compliance developments, combined with the increasing value placed on corporate records and other intellectual property and the huge costs associated with growing litigation matters, are forcing companies to take a new look at how they protect their content assets and assure their accuracy. Organizations have massive amounts of paper-based and electronically stored data within their organizations, including email, printed documents, images, reports, voice messages, and Web logs, and all must be organized, reviewed, produced, and managed.
Collecting, assessing, and taking protective measures with this information--created by employees, business partners, and vendors--requires a vast number of events, people, and time. This process is not only time-consuming, but it is also very difficult to assess risks and understand the true importance of the data.
While this may seem purely a compliance issue, it is not. Companies must manage organizational content in a secure, centralized environment, while also streamlining the vital processes that drive that content in order to realize improved efficiencies, lowered operating costs, decreased litigation risks, as well as an increased ability to meet the stringent compliance demands.
The Solution to the Compliance Dilemma
By implementing a compliance framework that consists of integrated Enterprise Content Management (ECM) and Business Process Management (BPM), companies can administer the lifecycle of critical documents, enforcing processes for compliance, and responding to audits and inquiries. The framework helps companies address a wide range of current and future legislation and industry requirements while reducing the total cost of compliance and corporate governance initiatives.
Business Process Management (BPM) is the ideal enterprise foundation for corporations looking to address their immediate compliance needs while ensuring that they will have the flexibility to deal with new regulations and changing requirements as they arise. Process description, automation, and monitoring are the heart of any compliance solution, but complex regulatory legislation rarely offers companies a formula or list of ingredients that will ensure compliance. To accommodate probable changes in best practices, solutions must be as flexible as possible. There is a strong case for buying a general-purpose business process management (BPM) tool. BPM is not a simple point solution for regulatory compliance; it is an enterprise process management platform that is capable of effectively automating, enforcing, and monitoring a virtually limitless number of compliance processes. As a result, as new regulatory requirements are introduced or as existing requirements change, organizations can rapidly modify these processes within BPM to effectively respond to legislation and, at the same time, gain greater ROI from their existing compliance platform.
It is also critical to note that Business Process Management plays a crucial role in increasing organizational transparency, a consistent aspect across most existing and proposed regulatory legislation. Again referring to the Gartner Research piece, "BPM tools can help enforce compliance policies in real time, by creating business rules that describe suspected problems. All interactions are tracked and likely problems can then be automatically escalated to higher levels of authority." Immediate and effective communication is critical to compliance efforts and corporate transparency. Through BPM, corporations can immediately identify "at risk" activities and move accordingly to correct them before they evolve into material issues. This ability to actively monitor compliance activities and corresponding business processes across the enterprise is the essence of corporate transparency and compliance.
ECM on the other hand enables organizations to seamlessly and securely capture, review, discover, and assess critical information. Organizations can identify problem areas, produce any and all necessary corporate information, drive correct mitigation action, resolve matters, and create workflow for risk areas to avoid future follow-up action and litigation claims. The event-driven ECM architecture integrates content and processes to immediately identify and initiate response to material events. This reduces response time, ensures efficiency and process control, and helps companies address emerging legislative requirements such as Sarbanes-Oxley, Basel II, USA Patriot Act and others.
An integrated solution provides the necessary tools for organizations, both large and small, to proactively manage all information, both paper based and electronically stored, to ensure compliance, avoid risks, and proactively avoid litigation.
* Help reduce and manage risk to avoid potential shutdowns, penalties and legal action
* Drive proactive and immediate response to material events
* Provide greater visibility and control of business processes and related information
* Improve the security and privacy of information
* Provide monitoring and reporting capabilities key to establishing controls and audit trails to account for how and why decisions were made
* Deliver maximum flexibility and agility to better respond to the changing regulatory environment.
Chris Preston is director of product marketing at FileNet Corporation (Costa Mesa, CA)
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Regulatory Compliance; Enterprise Content Management; Business Process Management|
|Publication:||Computer Technology Review|
|Date:||May 1, 2004|
|Previous Article:||Assessing your storage and backup for regulatory compliance.|
|Next Article:||The state of e-mail compliance: a technology perspective.|