Compliance
At DoubleCheck™, we view compliance management as a core management tool. A well implemented compliance management program assures leadership that any targeted function or process, such as ordering, billing, production or financial reporting is well defined, that employees understand their duties and are performing as expected… in other words, “in compliance.”
There are many specific areas that are subjected to externally defined tests of compliance. These requirements are typically a response to past abuses, such as Sarbanes-Oxley for financial reporting, or facilitating consistent, reliable practices across an industry, such as PCI for payment card transaction security or perhaps HIPAA for health care information privacy. Such items share many of the same compliance expectations as company-specific processes with one important incremental requirement: management needs to externally attest, and in some cases formally demonstrate, that their firm is complying with these standards or regulations.
In our view, there are a couple of key points when building a methodology for regulatory and standards compliance:
- First, understand you are working in a dynamic environment not under your control. Regulators will create new rules; new standards will develop; existing ones evolve. Moreover, your business will likely change as well. The methodology and tools you put in place need to adapt to those changes without substantial rework or incremental development or data migration expenses.
- Second, deal with what’s important now. With only a little bit of effort, it will be easy to create a long list of compliance requirements. Some will be internally generated from key business processes or Enterprise Risk Management actions; others from a variety of financial or operational perspectives. Key is to prioritize where to focus the compliance activities and make sure your methodology allows you to divide and conquer without creating islands. In other words, make sure your methodology allow for individual compliance initiatives to be implemented without being gated by other initiatives, but that the tools used and information gathered can be practically and economically used by any future initiatives.
- Finally, make sure your solution is truly scalable. In the world of compliance management, scalability requires more than the ability to add more users and more data; more than the ability to simply become bigger. Scalability means the ability to:
- Add incremental compliance frameworks (e.g., PCI today; COBIT tomorrow).
- Have individual employees or outside staff working with multiple roles (perhaps an assessor in one framework; a tester in another; an audit manager in yet another); and in those roles have access to only the relevant information.
- Share information, with the right protection, across multiple GRC & Audit projects.
- Manage at multiple levels, based on the specifics of the situation. For example, in one case, the manager may want to assign ownership of a test to an individual, in other cases to a workgroup or organization, and in other cases delegate the management of assignments to another person.
|
The DoubleCheck Suite of GRC tools are designed with these points in mind. The compliance software tools offer a rich set of highly adaptable capabilities with structured support to manage compliance in many ways… process driven, account driven, function driven; with flexibility in how to measure performance (commonly by risks and/or controls). The GRC & Audit Suite has a rich set of tools with which to collect data and analyze performance, including powerful, easy to use tools for assessments, tests, issue management and reporting. |
Learn About Compliance Software Solutions For: |
Questions About Our Compliance Management Solutions?
Don’t hesitate, Give us a call and we’d be happy to discuss your compliance needs and how we might help you with a practical and cost effective enterprise or departmental compliance solution. Contact us today at (770) 565-8616.
