Keeping pace with compliance
compliance and ethics program. The USSC guidelines are used because they provide a clear and defensible roadmap for compliance performance.
One of the important functions we provide is a solution for managing and overseeing company practices," says Brett Curran, director of governance, risk and compliance practices at Axentis. "If a company has 40 policies and 10 business units, HR may need to read eight of them, and those in customer service, only three. Tracking who has read what policy can be administratively cumbersome and error-prone across a distributed work force."
Cutting costsCustomers have reported cost savings as a result of using Axentis Enterprise. For example, Kennametal, a manufacturer of tools for the mining and construction industries, implemented Axentis Enterprise to replace a set of Excel spreadsheets used for compliance with Sarbanes-Oxley. In just a little more than a month, the system was operational, and the company reported a reduction in compliance costs from $6 million annually to $2 million with Axentis.
Highly regulated industries such as pharmaceuticals and insurance have long experience with complex compliance requirements. They can achieve substantial savings from automating their processes, on top of avoiding the adverse consequences of failing to meet important requirements. A major pharmaceutical firm chose Axentis to manage its compliance activities for requirements of Sarbanes Oxley, HIPAA, Medicaid, and the Food and Drug Administration, as well as its internal policies.
"By automating the workflow to obtain the required signatures electronically, the company was able to save $2 million annually in printing and overnight mailing costs alone," reports Curran.
The risk and control management function allows an organization to organize its controls around corporate practices and distribute assessments into areas that have significant responsibility. Through those assessments, the organization can gain insight into issues that might require revision. "The organization can then develop action items," adds Curran, "which can be monitored to be sure they are completed." Incident management can also be tracked through investigation and remediation.
Information linked to policy
With new regulations being issued and old ones being modified, keeping up with the latest information can be a major challenge. Complinet provides a service, Regulatory Insight, that tracks regulatory information, categorizes it and delivers it to customers. A second part of the Complinet service, Policy Manager, is a content management system that links a company’s policies with rule changes. In addition, Global Screening alerts customers to issues related to Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements. If an individual or entity is newly classified as a terrorist, for example, the customer gets that information promptly and can adjust operations accordingly.
To ensure that policy manuals can be related to the rule changes, subject matter experts at Complinet work with the customers to tag content in their policy manuals so that it relates to the appropriate external rules. If a rule changes, an alert is sent out that maps to the policy.
"The compliance department would be notified of the change, and two side-by-side screens would show the discrepancy," says Paul Johns, CMO of Complinet. "The compliance manager could then make the change to bring the policy into line with the new requirement."
Having a method to keep policies up to date in near real time helps ensure not only that the policies are correct, but also that employees will read the manuals. "Often, employees resist reading policy manuals because they do not believe the material is current, and the manuals are long," says Johns. "With our system, employees know it’s up to date, and they can easily focus on the new information."
Complinet has spent considerable time developing its taxonomy, categorizing regulations by type and theme. The service is delivered as a SaaS product, but is customized to link the incoming information to each customer’s content and internal workflow.
"Our products help overcome the disconnect that often exists between the IT staff and the policy makers," Johns says. "If IT is in charge of the content, there can be problems because they do not know the audit procedures, for example." Complinet provides a structure and process for storing and updating content related to compliance that integrates the IT functions and the policy requirements.