What They Don’t Tell You About Governance, Risk and Compliance
Integrating and Auditing Content across the Enterprise
An integrated repository must be scalable, secure and searchable—but most importantly, it must process a wide variety of content types, including:
- Mission- and operations-critical documents produced by enterprise applications, including accounting systems, billing systems, inventory and materials management applications and more. These come in many formats, including text, XML, HTML, Postscript, PCL, IBM AFP, Xerox DJDE/Metacode and PDF;
- Corporate records in any form, both electronic and physical; business-critical documents produced using desktop software, such as word processing; spreadsheets; email presentation tools; and internal, application-specific programs;
- Images of scanned documents, such as checks, photos and other images captured as part of business processes or workflow applications;
- Rich media, such as digital audio and video;
- High-volume transaction data from enterprise systems; and
- Business objects necessary for business process management.
Integrating Multiple Repositories
This method provides fast, easy and secure access to all content stored anywhere in an organization. It gives authorized users a single, consistent interface and delivers content to business critical applications. In selecting a solution, there are several key attributes that maximize value and ensure rapid, cost-effective implementation:
- An open architecture based on standard Web services ensures interoperability across applications and computing platforms and makes content available to customers, partners and other applications outside the firewall;
- Out-of-the-box adapters to various content management systems and other sources eliminate the need for custom coding. These adapters understand how repositories are structured and translate the user’s search criteria for each one; and
- A software development kit (SDK) to build new adapters to special or custom content sources and repositories for which adapters are not provided out of the box. An easy-to-use mapping facility resolves indexes and formats across disparate repositories and content sources. This is crucial for normalizing the names of data items.
Other important features include: automatic transformation of content to browser-friendly formats; multiple presentment options; flexible security options with single-sign on capabilities; and interfaces into databases, collaboration, search and email archiving applications, as well as popular enterprise resource planning (ERP)/customer relationship management (CRM) systems. Just as critical as the ability to access content is the ability to work with it and its properties and check for information accuracy while moving it from one repository to another, archiving new content, or updating or adding to its metadata.
Auditing and Balancing Content
Having a single view of all your enterprise content (structured and unstructured) is important and necessary to help assure corporate compliance, mitigate risk and prevent loss. But that is only part of the equation. You also need the ability to verify that your content is accurate, e.g., accounting data, sales figures, scientific findings and inventory counts by having the means to audit and balance information across applications and platforms. Without this ability, how can you have 100% confidence in the data that supports your decisions and assures compliance with regulations, such as the Sarbanes-Oxley Act, 21 CFR Part 11 and Consumer Product Safety Improvement Act?
Balancing information is a process of controlling data to assure accuracy and consistency across applications and platforms. It is based on control rules that judge whether key data elements are in compliance or not. When a document is checked in to an integrated repository, the repository triggers the balancing process. When an out-of-balance condition is detected, e.g., an inventory audit spreadsheet is checked in and the data does not match the inventory data in the system, an out-of-balance condition is identified. The repository then locates the item that is in error and performs the appropriate action; actions may include sending an e-mail to the appropriate person, raising an exception to an inventory process, logging the anomaly or initiating a workflow process. Based on this automatic data validation process, you ensure that both system data and reporting content is in balance and accurate. The ability to catch information inconsistencies, pinpoint erroneous entries and take corrective action without interrupting processing improves organizational productivity, minimizes risks, helps to assure compliance and reduces costs associated with lost and inaccurate information.
Governance, compliance and risk has a variety of different meanings, depending on your point of view. It is up to you and your organization to determine how best to implement a GRC framework. But when you do, remember that the management of your enterprise content needs to work in conjunction with the GRC framework. The best way to do this is to ensure you have a single view of all your enterprise content, business processes in place to manage that content according to governance rules and an information audit and balance system to automatically catch data errors.
ASG provides a full range of practical software solutions that help organizations lower costs, save time and make proactive decisions that drive business success. Well known for its broad portfolio of best-value, results-driven technologies, ASG partners with 85% of the world’s largest companies to optimize information management and IT service delivery in both mainframe and distributed environments. Founded in 1986, ASG is a privately held global company based in Naples, FL, with more than 70 offices worldwide.
For more information, visit http://www.asg.com or call 800-932-5536.