There has been more compliance legislation written into law over the past decade than in the previous century and it operates at three distinct levels:
- the type that applies to industry specific sectors;
- the broad national or international laws and regulations that apply to everyone;
- the internally defined policies and practices that organisations need in order to maintain a sense of order over business management.
There is no mystery as to why this should be the case. The Enron, Tyco, WorldCom and Parmalat fraud scandals serve to bring compliance to the forefront of boardroom agendas. In each case, there was a clear connection between what the business did and the accounting of those activities. What is more, the recent wave of regulations affects every aspect of the business. Here I am thinking about both Sarbanes-Oxley and the new International Accounting Standards.
Sarbanes-Oxley is often characterised as a standard that only applies to US companies. However, any company that conducts business or is required to file financial and governance reports in the US will have Sarbanes-Oxley issues. Therefore it is no surprise that CFOs and other financial directors find themselves in the unenviable position of not only being master of the corporate purse strings but also as compliance gatekeepers. This need not be a bad thing.
I believe putting compliance at the heart of the business allows organisations to see corporate governance information as a company asset that should be managed and available to anyone who needs access.
While compliance might be the trigger for considering enterprise content management (ECM), it should be viewed as a natural by-product of a project designed to improve business processes. At a macro level, there are multiple levels of compliance. While many people will associate compliance with Sarbanes-Oxley, the Financial Services Authority or Basel II, these only represent the tip of a very large iceberg.
Unilever is one of the largest international manufacturers of leading brands in foods, home care and personal care brands that are known and trusted by millions of consumers around the world. Best known for carrying brands such as Knorr, Becel and Conimex, Unilever Nederland is organised into business units, sourcing units and a number of corporate departments.
Lyn Williams, VP Corporate Risk Management at Unilever, notes the group has implemented a group-wide methodology for meeting Sarbanes-Oxley compliance. But: 'In 2004, when Unilever performed a dry run of the compliance process, deficiencies were documented on Excel spreadsheets, often in varying formats, there was inconsistency in the application of the central methodology on assessment, and the audit trail was not always adequately maintained. All of this made a group-wide aggregation and assessment of deficiencies extremely time-consuming and challenging.'
It quickly became apparent the group needed an ECM solution. Using an OpenText system has achieved a number of benefits: the process is now paperless and provides the businesses around the world with access to standard templates that they are required to use in documenting deficiencies. The system ensures the application of the required workflow and methodology, providing the central team with immediate visibility of the extent and quality of the assessment process and facilitates both timely and robust reporting of the deficiency data to comply with Sarbanes-Oxley.
Maintenance of robust audit trails is one of the key benefits of using ECM to manage and document a compliance process. It provides clear visibility of user access and activity and facilitates robust version control of the underlying documentation. This is particularly relevant for Sarbanes-Oxley compliance processes, which need to be documented to a very high standard and are subject to rigorous review and audit by management, external auditors and eventually the SEC.
In this article, I have touched upon several examples where ECM makes a positive contribution to the organisation in the context of a compliance-laden environment.
CFOs are at the compliance sharp end because they are best qualified to understand the processes that underpin auditable systems. CFOs have an instinctive appreciation of document life cycle management from acquisition through actions to referencing, and finally disposition. But this is only the tip of the iceberg. Every organisation generates communications and most will have a value. Anything that has a value is of interest to CFOs. But equally, compliance has a cost. The question then is how to make compliance a value enabler.
Williams declares that: 'For example, it gives us the opportunity to identify key weaknesses (and inefficiencies) in our financial processes and therefore focus our resources on driving the required process improvements. In addition, we are working with our colleagues in finance to embed the annual Sarbanes-Oxley compliance process into day-to-day activities. Automation of the process through ECM will significantly help us achieve this objective across the globe.' In effect, Unilever's compliance efforts will be enabled by the automation of best practice processes that become part of the fabric of the business.
Damian Hyland is VP Northern Europe of Open Text UK Ltd.