Turning Compliance into Opportunity - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

Turning Compliance into Opportunity

Description:

Combine right infrastructure with 'stick' (vs. carrot) ... What is the tone at the top? It takes a village to create content. Work smart use technology ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 32
Provided by: karenkr
Category:

less

Transcript and Presenter's Notes

Title: Turning Compliance into Opportunity


1
Turning Compliance into Opportunity
  • How to Leverage Regulatory Requirements to Create
    Other Efficiencies

Karen Kronauge CIA, MBA Director of
policyIQ Resources Global Professionals
2
Some Numbers to Ponder
  • 20 New laws enacted throughout the world in the
    2 years following 9/11 that impact how
    organizations gather and disseminate information
  • 5.8 US in Billions that are estimated to be
    spent in 2005 alone on compliance with the
    Sarbanes-Oxley Act of 2002
  • 2 Primary reasons to address governance
    mitigation of risk an optimization of
    operations
  • 1 The number of additional years (maximum) that
    non- accelerated filers recently received to
    comply with the Sarbanes-Oxley Act of 2002
  • Estimate by AMR Research

3
Global ImpactGlobal regulations regulatory
bodies
Industry USA Canada Europe AsiaPac
Telecom CRTC CCITT, OFTEL
Financial Services CFTC, FDICIA, FRB, NAIC, NASD, OSFI, SEC CCA, FSA, GCIS, IMF, Basel
Pharmaceuticals FDA, TPD CPMP, EMEA
Engineering APQP, QS ISO9000, ISO14000
Government DoD, PIPEDA, RDIMS PRO, VERS
Healthcare Insurance HIPAA
Cross-Industry COCO, OSHA, SEC, SOX, Bill 198 (Canada) King II, KonTraG, Legge 321, LSF, Turnbull
4
Common Threads
  • Identification of business risks
  • Documentation of business processes
  • Systems to house the information centrally
    knowledge management

5
1. Enterprise Risk Management (ERM)
Risk1
Risk2
Risk3
Risk4
Risk5
Control1
Control3
Control5
Control7
Control2
Control4
Control6
6
Melcalfes Law for Enterprise Content Management
Value
Value of network Connections2
People Connections
7
2. Documentation of Business Processes (incl.
policy)3. Knowledge / Content Management System
  • Increases productivity and accuracy
  • Automates business processes
  • Replaces paper
  • Reduces liability

8
Problems occur when one or more of the following
are present
  • Failure to plan for multi-regulatory environment
  • Little rationalization of various regulations
    (e.g., SOX w/ EU Data Protection Directive, GLB,
    HIPAA, New Exchange rules, etc )
  • Focus on IT policies and procedures, without
    detailed understanding of whether the systems are
    in compliance with the policies
  • Leads to regulatory non-compliance and charges of
    deceptive practices
  • Failure to adequately inventory the key
    information systems and extended entity IT
    sharing relationships
  • collecting and documenting all key application
    and general computer controls how information
    is shared with affiliates, subsidiaries, and
    joint ventures.
  • Focus is only concentrated on financial line item
    mapping to the control activities without
    consideration of IT Infrastructure and COSO
    entity level controls.

16
9
Content Management Infrastructure Alternatives
  • High-Tech
  • Policy Management Software
  • Knowledge Management Platforms
  • Mid-Tech
  • Intranet Site
  • E-mail
  • Low-Tech
  • Binders and Manuals
  • Hard-copy documentation

Which does your company use?
How easy is it for you to communicate changes in
policy or procedure?
10
Knowledge Management Infrastructure Alternatives
  • Low-Tech
  • Binders and Manuals
  • Hard-copy documentation

11
Knowledge Management Infrastructure Alternatives
  • Mid-Tech
  • Intranet Site
  • E-mail

12
Knowledge Management Infrastructure Alternatives
  • High-Tech
  • Policy Management Software
  • Knowledge Management Platforms

13
Defining Content Management
The content management process is a continuous
cycle similar to the sales, expenditure, and
payroll cycles.
Review
?
Publication
Authoring
?
?
Content Management Process
?
?
Revision
Communication
?
Compliance
14
Effective Content Management
The Effective Content Management best practice
consists of 10 steps positioned throughout the
policy management process.
? Control Issuing Authority
? Delegate Responsibility
? Organize Logically
? Be Clear and Concise
Review
?
Publication
Authoring
?
?
Content Management Process
? Provide Central Access
? Communicate Updates Timely
? Document Changes
?
?
Communication
Revision
?
Compliance
? Document Test Compliance
? Force Periodic Review
? Encourage Feedback
15
Make the content easy to read and understand
  • Define
  • Benefits
  • Challenges
  • Shorter is better
  • Separate policy from procedure
  • Easier to update
  • Easier to share between activities and
    departments
  • Faster to find information
  • Sharing content requires mgmt process
  • Building a puzzle
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

16
Delegate responsibilities and empower employees
to develop content
  • Define
  • Benefits
  • Challenges
  • Notes
  • Remove bottleneck
  • Reserve publishing control
  • Faster completion
  • Different perspectives
  • Personal development
  • Motivate contributors
  • Different writing styles
  • Similar to writing your own evaluation
  • Good project in down-time
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

17
Control who has the authority to issue certain
content types
  • Define
  • Benefits
  • Challenges
  • Restrict publishing authority to management
  • Balance empowerment with control
  • Improve efficiency while maintaining control
  • Documentation of review provides audit trail
  • Empowerment requires periodic audit
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

18
Organize content in a logical way
  • Define
  • Benefits
  • Challenges
  • Organize by context
  • Avoid organizing alphabetically, by issue date,
    or by document number
  • Improves employee understanding
  • Better able to lead employees to related content
  • Easier to identify gaps
  • More difficult than other methods
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

19
Provide a central place to access all content
  • Define
  • Benefits
  • Challenges
  • Notes
  • One central place online or manual
  • Reduces risk of employees reading old content
  • Without technology, maintaining a central
    location can be time consuming
  • Significant risk can exist
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

20
Communicate new content and updates as they occur
  • Define
  • Benefits
  • Challenges
  • Timely communication of each change or addition
  • Right infrastructure provides faster
    implementation of business decisions
  • Reduces repetitive questions
  • Requires communication diligence
  • Requires communication infrastructure
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updates timely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

21
Document and test employees review and
compliance with policies
  • Define
  • Benefits
  • Challenges
  • Require employee signoff on policies and
    procedures
  • Use documentation as audit trail
  • Improve control structure
  • Address Sarbanes-Oxley
  • Improve external audit efficiency
  • Determine cost-effective balance between
    self-audit and internal audit
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

22
Provide feedback mechanism for employee questions
and comments
  • Define
  • Benefits
  • Challenges
  • Notes
  • Provide method for asking questions
  • Continuous policy improvement
  • Improved employee morale
  • Managing the feedback process
  • Encouraging employee comments
  • Best source of improvements / innovation
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

23
Force periodic review and update of all content
by their respective managers
  • Define
  • Benefits
  • Challenges
  • Notes
  • Treat content review like cycle counting
    inventory
  • Address biggest risk that policies become
    outdated
  • Right way to force periodic review by managers
  • Infrastructure to manage revisions
  • Combine right infrastructure with stick (vs.
    carrot)
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

24
Track all content changes when, why, and who
  • Define
  • Benefits
  • Challenges
  • Comprehensive documentation of changes
  • Control over prior revisions
  • Audit trail eliminates confusion
  • Powerful control when combined with right
    culture
  • Requires diligence in documentation
  • Basic infrastructure needed
  1. Be clear and concise
  2. Delegate responsibility
  3. Control issuing authority
  4. Organize logically
  5. Provide central access
  6. Communicate updatestimely
  7. Document and test compliance
  8. Encourage feedback
  9. Force periodic review
  10. Document changes

25
Knowledge Management Obstacles
  • Not sure how to tackle such a big project
  • Missing the necessary infrastructure to
    effectively manage the policies and procedures
  • The business has succeeded to date in spite of
    its internal controls in spite of a lack of
    documented policies and procedures
  • High employee turnover results in a project with
    no champion
  • Other priorities and lack of time or resources
  • Negative Content Cycle
  • Management doesnt update policies because
    nobody reads them
  • Nobody reads policies because they are outdated
    and irrelevant

26
Lessons Learned from the Past 2 Years
  • Content management is more than a smart idea
  • Business knowledge is related to all regulations
    (current and future)
  • Advertise! What is the tone at the top?
  • It takes a village to create content
  • Work smart use technology
  • Use the right tool for the job

27
Lessons Learned from the Past 2 Years
Indicators that internal communication has
improved
  • Building relationships
  • Sense of community
  • Opportunities created for networking and sharing
    of best practices
  • Trust fostered
  • Participation encouraged from all staff
  • Immediate feedback provided
  • Everyone gets the same message at the same time
  • Common understanding facilitated
  • Team building encouraged
  • Informed decisions enhanced through information
    sharing
  • Achievements and contributions are celebrated and
    recognized
  • Performance improved
  • Improvements in efficiency and effectiveness of
    operations
  • Face-to-face and two-way communications are
    emphasized
  • Staff are empowered
  • Learning and development opportunities created

28
How to Build Momentumby Bob Frelinger, Sun
Microsystems
  • Get the word out in a meaningful way
  • Demonstrate linkage between CobiT and process
    refinement methodologies adopted
  • Consult with process owners to map their efforts
    to CobiT so that a common language is used
  • IT Infrastructure Library used to deliver the
    how

29
Conclusions and Wrap-Up
  • Content management is a verb, not a noun
  • Enterprise content management is a strategy, not
    a product
  • Always evaluate risk
  • Change in culture is often necessary from We
    to I
  • Involve everyone in the process
  • Self-assessment approach for long-term (and for
    cost savings)
  • Management commitment at all levels is critical
  • Standardize, when possible
  • Technology facilitates more widespread and
    effective communication
  • E-mail is not enough

30
Questions?
31
Thank you kindlyfor your time today!
Write a Comment
User Comments (0)
About PowerShow.com