-->

Keep up with all of the essential KM news with a FREE subscription to KMWorld magazine. Find out more and subscribe today!

  • August 16, 2010
  • By Erin McCart Director of Product Marketing, ASG Software Solutions
  • Article

What They Don’t Tell You About Governance, Risk and Compliance
Integrating and Auditing Content across the Enterprise

The understanding that an organization’s content is a critical competitive asset is universally accepted. However, the scope of what comprises that content has expanded dramatically. Content is created and resides in a wide variety of sources, including email, transaction records, images, photographs, audio and video files, Web pages, wikis and blogs. Content also includes spreadsheets, documents and presentations generated by individuals at their desktops. For most organizations, statements, bills, checks, invoices and high-volume reports generated by business applications are critical content, too. The risk of not managing this content effectively is high. Think about it: Do you know where all of the content in your organization resides, who authored it, who owns it, who can access it and which version is correct?

To compound the enterprise content management issue, applications dynamically create and produce information. Reports are generated, for example, via Microsoft Excel to access and better understand that information. Microsoft PowerPoint presentations are then created to present the information—both of which create more content. The application continues to dynamically create and produce information, but the spreadsheet does not; it is a static report. Imagine what can happen if your organization makes a public statement (e.g., a quarterly earnings call), addresses the board of directors or presents findings to a regulatory body (SEC, FDA, EPA, FTC,... ) based on information in a report—only to find out that the report was inaccurate because an event occurred that caused the information in your application to change. How can you mitigate your company’s risk and assure compliance with inaccurate content?

The Content Integration Challenge
Governance, risk and compliance (GRC) is not simply an information technology problem. Governance is risk oversight and the business process by which organizations manage, avoid and mitigate risk. Risk management is the concept of evaluating business and regulatory threats and putting in place controls to monitor and mitigate exposure, thereby reducing corporate risk and loss. Compliance is the act of following business processes and adhering to controls to meet requirements imposed by governance rules, whether they are internal policies, industry mandates or government regulations. All three concepts—governance, risk (management) and compliance—are most effective when they work together and not in silos. Ironically, enterprise content also needs to work together (structured and unstructured content) and in tandem with GRC—the two are not mutually exclusive.

Information systems and the explosive growth of enterprise content contribute significantly to corporate exposure and risk. Courts are threatening companies with multi-million dollar fines for not producing content in response to compliance investigations. The threat posed by noncompliance is a powerful impetus for executives to pay attention to what is kept, for how long, where it is kept and who has access to it. Ensuring the integrity, reliability and long-term availability of corporate records and content—including email—is no longer optional. But where is all of this content that is so critical to an organization? The rising tide of enterprise content is scattered across the globe in disparate repositories, on different platforms, and in many different formats. This situation is compounded by mergers and acquisitions, the deployment of departmental solutions, and the development of home-grown applications. Driven by the need to reduce costs and by increasingly demanding requirements for regulatory and legal compliance, the enterprise content management (ECM) landscape is changing, with many organizations seeking integrated solutions for all content, email and traditional corporate records and reports. Integrating all content into a single system significantly reduces IT infrastructure costs by consolidating servers and eliminating software licenses, and also benefits users, who need to learn and log on to only one system to retrieve the content they need. But converting content from legacy content management systems may be time consuming and/or impractical, placing the ultimate objective of consolidated content beyond reach. The alternative is a solution that provides a consolidated view of content from multiple, disparate repositories, utilizing an open architecture based on standard Web services to ensure interoperability, accuracy and consistency across applications, computing platforms and reporting systems.

This approach not only improves productivity by placing all content at users’ fingertips but also dramatically reduces the costs of desktop software by eliminating the need for multiple, proprietary viewers to different content repositories. A robust content integration solution with audit and balance mechanisms seamlessly and efficiently makes content available to users across an organization, provides check and balance controls, and ensures content accuracy with business applications. The resulting benefits are striking: reduced IT integration and maintenance costs; enhanced customer service; accelerated decision-making, time to market and revenue growth; and with governance rules and business process controls in place, compliance to mitigate corporate risk.

Content Integration to the Rescue
There are two fundamental ways to integrate content. The first approach uses a single, integrated content repository. The second provides a federated and consolidated view of content from multiple, disparate repositories. The best method for a given organization depends on the number of repositories currently in use, the willingness to undertake conversions, and the importance of speed in solution deployment.

KMWorld Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues