Towards compliance

Send to friend

A recent survey by the Yankee Group found that most organisations don't buy document management products to achieve regulatory compliance - they do so to manage large volumes of documents and related data and to quickly search for and retrieve relevant information.

This is understandable but, unfortunately, it's a shortsighted strategy when it comes to achieving necessary compliance in various industries. In the US there are at least six major regulations that have come out or been amended in the last few years that will demand attention in the months to come. For example, by June 2004 companies in all industries had to comply with Section 404 of the Sarbanes-Oxley Act that mandates that CEOs and CFOs sign off on all financial reports.

With a European Sarbanes Oxley being touted by Gartner Group earlier this year, compliance is big on the agenda of many large UK organisations-and therefore should be on the agenda for resellers looking to provide compliant document management solutions.

Not an option

Frankly, not complying is not an option. According to Yankee Group, regulators in the US can "shut you down and throw you in jail if you dont comply." There are also civil penalties such as fines, and they can even sell your business to someone who is willing to comply. Scary stuff.

Given such consequences, finding a means by which to comply quickly and costeffectively is in most companies' interests-and document management products can be a big help. By managing documents electronically, organisations can reduce the amount of data they have to manage for compliance through providing document tracking and audit trails. They can also automate and provide visibility to business processes. And they can offer records management capabilities, such as retention policies. Of course, those are in addition more granular benefits like being able to submit regulated documents with electronic signatures.

Going electronic

But even simply converting documents to electronic form provides crucial benefits for companies in certain industries. Imagine a pharmaceutical company doing a product recall. When using manual means on paper records there is greater risk of the company making mistakes and exacerbating the situation to the point that the company could drive down company stock values. If, by contrast, the records are in electronic form, it could search them faster and more comprehensively so that the recall could be done much more efficiently, affect fewer customers, and be minimally detrimental to the company brand.

All the major document management vendors have developed compliance programs that involve both point applications developed for specific regulations like Sarbanes-Oxley, as well overall compliance programs from which customer's can mix and match products and professional services to address multiple regulations, such as the Basel II Accord that governs how banks manage risk in making loans.

The EGovernment Initiative, spearheaded by the Office of the e-Envoy, is one of the most far-reaching in the UK. The initiative forces both national and local governments to move wherever possible to portalbased delivery of services. Furthermore, it contains criteria for reducing the amount of paper-driven processes in government. The regulation has pan-European influence because there are  equivalent regulations in every European country, all of which are based on the UK model.

Beyond compliance

Many consultants admit that complying with these regulations will be a significant challenge for customers-one that resellers can help them address. The European Union (EU) wants the US to relax some of the Sarbanes-Oxley requirements because compliance costs are so onerous. The EU feels that, because the regulation was passed on the heels of some very large and public scandals like Enron, regulators overreacted and are being too strict.

True maybe, but the general consensus among vendors is that the prospect of supplying compliance applications is a profit opportunity. In their defence, though, because enterprises are under a lot of financial and time pressure to comply, vendors are trying to assemble solutions that are cost-effective.

One problem is that many organisations are naive about what it takes to achieve compliance. Many feel they have met their obligations by simply installing a software application that claims to make them compliant. In most cases, that's just the beginning of a compliance effort. The fact is, you dont become a compliant organisation by just buying a records management solution-you become a compliant organisation by applying financial and business process expertise to the way that you manage your information. What records management solutions help you to do is do that more efficiently. And its here that the opportunity lies for resellers and systems integrators.

Best practice

Organisations need standard operating procedures supporting best practice practices and administrative policies in addition to hardware and software applications to meet compliance requirements.

The important thing is to view compliance not as an enterprise-wide chore but rather as an opportunity to streamline business processes and look for situations where automation can enhance business performance. Building on efficient business processes with common goals will cut costs and simplify compliance for companies down the road.

Barry Monk is Director of Next Communications. Starting as an editor and journalist, he went on to hold senior marketing roles at document and content management software companies, such as Xenos Group and Cypress Corp, before forming Next Communications, a marketing and PR consultancy specialising in the information management sector.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.