 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Compliance and corporate oversight have become a priority for all companies. Companies must treat their oversight and compliance management as they would any other mission-critical initiative. However, a unique application approach is required to manage governance, risk and compliance (GRC) programs because they involve behavioral business processes – fundamentally different than the more transactional and structured processes frequently found within organizations.
As determined by the United States Sentencing Commission and the Office of Inspector General, the seven elements are the critical components of an effective governance and compliance management program.
1. Define Policies, Procedures & Controls
Develop policies, and procedures to institutionalize and encourage appropriate behavior and standards of conduct that adhere to all statutes, regulations or program requirements.- AXENTIS solutions provide compliance managers the flexibility to choose how they wish to create and manage the content needed for their unique governance and compliance initiatives.
- AXENTIS solutions provide tools to create and maintain policy, procedures and training content based on existing policies and procedures that already reside in a company's legacy system or third-party applications which can link to new governance and compliance processes.
- Organize and associate individual policies and procedures to larger issues or topics (such as code of conduct, Sarbanes-Oxley, anti-money laundering, HIPAA, IT security, etc.) so that end-to-end governance and compliance can be achieved.
- AXENTIS solutions help you to create and manage and inventory of controls.
2. Designate High-level Oversight
Create role specifically responsible for compliance management and performance accountability.
- Responsible individuals may not directly manage every governance and compliance initiative day-to-day; however, they have ultimate responsibility to set guidelines and manage the effectiveness of these programs throughout the organization.
3. Implement and Communicate Policies, Procedures & Controls
Disseminate and distribute defined terms of policies, procedures and controls to affected employees based on their roles, responsibilities, departments, locations, etc. (responsibilities matrix).
- AXENTIS solutions allow companies to define their governance and compliance authority hierarchy and training plans, allowing more effective management and oversight of the various day-to-day roles and processes on a decentralized basis.
- AXENTIS solutions provide the ability to define governance and compliance management responsibility to individual business unit, product, or regional compliance managers.
- Responsibilities are clearly communicated to managers of all governance and compliance functions, and are given the tool to ensure desired timeframes, content guidelines, exception detection standards, and investigation standards are met.
4. Develop Accessible Lines of Communication
Provide effective communication between all levels of employees.- AXENTIS solutions allow compliance professionals to group all stakeholders (including staff, managers, partners, vendors, etc.) by any company-dictated criteria (including job, role, project, business unit, geographic area, etc.) This allows governance and compliance efforts to be targeted to the relevant groups.
- Communications from compliance managers can require an electronic acknowledgement from the recipient attesting that they have received the information, understand it, and agree to abide by it.
- Since all communication and creation of requirements occurs within the AXENTIS application, managers have a defensible audit trail.
5. Audit, Monitor and Report
Monitor compliance efforts to capture or flag data/issues automatically, as they occur. Audit all controls based on pre-defined audit plans and manage remediation efforts.
- AXENTIS provides capabilities to monitor, report, and audit governance and compliance to all defined requirements and processes managed within the AXENTIS solution or other applications.
- AXENTIS solutions provide a robust dashboard enabling managers to seek real-time information regarding any governance and compliance issue or requirement. Data can be viewed by multiple criteria, including specific groups, requirements, exceptions, investigations, departments, timeframes, programs, etc.
- Detect exceptions to policies through controls imbedded in third-party applications. Managers can automatically and constantly monitor any data residing in any application that could indicate a potential problem.
- AXENTIS solutions provide a compliance dashboard that reports whether employees have met their specific governance and compliance requirements. Reports clearly illustrate performance and identify areas in need of attention so that violations and exceptions can be promptly identified and investigated.
- Compliance managers have access to a complete audit trail ensuring performance measurement that meets the needs of the board of directors or any outside party.
6. Ensure Uniform Enforcement
Enforce policies and procedures and apply consistent and corrective action when exceptions are discovered.- Uniformly investigate and remediate problem issues:
AXENTIS solutions employ state-of-the-art case management functionality that can be launched whenever issues or problem areas are detected by a person or in a database. - Define approved and consistent investigation standards and procedures; including timeframes, relevant contributors, and investigation processes. These investigations are then automatically launched and managed through the AXENTIS solution.
- Define responsibility to conduct specific types of investigations, based on pre-defined criteria relating to exceptions, like dollar value, topic or location.
7. Prevent Further Offenses and Achieve Continuous Improvement
Use performance information to prevent further similar offenses once a violation has been detected.- To be truly effective, governance and compliance efforts must have a feedback and correction mechanism so that appropriate behavior can be guided and improved on an ongoing basis.
- Proper procedures can be re-communicated automatically to the appropriate personnel to re-enforce correct behavior.
- Failure points, whether systemic or people-driven, can be measured, allowing for changes to an authorized and approved process. The ability to evolve processes based on previous successes and/or failures reduces the likelihood of repeat failures in the future.
