Case Management: Benefits of Case Management Software

Over the past several weeks, I have been exploring the challenges and strategic approaches and processes for issue reporting and case management. Previous posts include:

With processes defined and structured the organization can now define the information architecture needed to support issue reporting and case management processes. Issue reporting and case management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a structured and coordinated whole. The issue reporting and case management information architecture involves the structural design, labeling, use, flow, processing, and reporting of information to support issue reporting and case management processes. This architecture supports and enables the process structure and overall issue reporting and case management strategy.

Successful issue reporting and case management information architecture will be able to integrate, manage, and report on issues and cases across the organization. This requires a robust and adaptable information architecture that can model the complexity of information, transactions, interactions, relationship, cause and effect, and analysis of information that integrates and manages with a range of business systems and data.

The issue reporting and case management technology architecture operationalizes information and processes to support the overall strategy. The right technology architecture enables the organization to effectively manage issues and facilitate the ability to document, communicate, report, and monitor the range of investigations, tasks, responsibilities, and action plans.

There can and should be a central core technology platform for issue reporting and case management that connects the fabric of the processes and information together across the organization. Many organizations see issue reporting and case management initiatives fail when they purchase technology before understanding their process and information requirements. The “best” systems are the ones that are highly configurable to a client’s situation and can be adapted to the company’s forms, processes, technical architecture. The system should not run the business, the business should run the system. Organizations have the following technology architecture choices before them:

  • Documents, spreadsheets, and email. Manual spreadsheet and document-centric processes are prone to failure as they bury the organization in mountains of data that is difficult to maintain, aggregate, and report on, consuming valuable resources. The organization ends up spending more time in data management and reconciling as opposed to active risk monitoring. This is where most organizations have focused in managing issues and cases. There is increased inefficiency and ineffectiveness as this document centric and manual approach grows too large and limits the amount of information that can be managed.
  • Custom built databases. Organizations also have built custom internal databases to manage issues and cases. The challenge here is that the organization ends up maintaining a solution that is limited in function and costly to keep current. Many companies go from the document and spreadsheet approach to building a custom database that is limited in features, reporting, and scalability at a cost of internal IT resources and maintenance.
  • Issue reporting and case management platforms. These are solutions deployed for issue reporting and case management and have the broadest array of built-in (versus built-out) features to support the breadth of case management processes. In this context, they take a full-lifecycle view of managing the entire process of issue reporting and case management. These solutions allow an organization to govern incidents and issues throughout the lifecycle and enable enterprise reporting.

Most homegrown systems are the result of starting with tools that are readily available and easy: documents, spreadsheets, emails, and desktop databases. Too many organizations take an ad hoc approach to issue reporting and case management by haphazardly using documents, spreadsheets, desktop databases, and emails, which then dictates and limits what their issue reporting and case management process will be limited to. This approach then grows and expands quickly outgrowing these desktop tools to the point where it grows cumbersome. Organizations suffer when they take a myopic view of issue reporting and case management technology that fails to connect all the dots and provide context to analytics, performance, objectives, and strategy in the real-time business operates in. The right issue reporting and case management technology architecture choice for an organization involves an integrated platform to facilitate the correlation of issue and case information, analytics, and reporting.

GRC 20/20 Resources on Issue Reporting & Case Management:

Value Perspective

On-Demand Webinar

On-Demand Research Briefing

Case Study

Solution Perspective

Challenges in Issue Reporting & Case Management

The Best Laid Plans of Mice and Men . . .

Organizations today are distributed and dynamic. With the globalization of business, organizations find that governance, risk management, and compliance (GRC) has become complex; crossing departments, jurisdictions, geographies, and cultures. The modern organization is a complex web of employees, suppliers, vendors, contractors, consultants, agents, and third parties. At the same time, organizations are constantly changing: business is dynamic. Employees, relationships, regulations, risks, economies, litigation, regulation, and legislation are constantly changing. GRC professionals are challenged to get a big picture point of view of the range of issues being reported across the organization and the management of cases that impact how the organization’s “ability to reliably achieve objectives while addressing uncertainty and acting with integrity.”[1]

Issue reporting and case management has become a moving target which needs a structured approach supported by a strong process, information, and technology architecture. Well run organizations, with GRC processes, still have issues, incidents, cases, and investigations. As the poet Robert Burns states, “The best laid plans of mice and men often go awry.” Whether unintentional issues or acts of the malicious miscreant, organizations need to be prepared and have established processes in place to manage issues as they arise in the organization.

The typical organization has a variety of departments managing a diverse range of issues, cases, incidents, and investigations.[2] These issues and cases are often managed in silos of documents, spreadsheets, and emails or in home-grown databases and applications. Different departments often have diverse approaches and the organization does not have insight into the range of issues that are happening across operations. Organizations often lack a central repository for case management and the use of home grown solutions has limitations that make the issue management processes inefficient, ineffective, and burdensome to the organization. Issue reporting and case management is often a tactical and fragmented approach with highly diverse approaches taxing the business.

Issue management across the organization is often scattered across departments, such as:

  • Corporate security
  • Customer complaints
  • Environmental
  • Ethics and compliance
  • Fraud and corruption
  • Health and safety
  • Human resources
  • Insurance claims
  • IT security
  • Legal
  • Physical security
  • Privacy
  • Quality
  • Third party suppliers and vendors

The breadth of silos to issue reporting and case management results in a maze of disconnected processes, reporting, and information. These are redundant, document-centric, and manual approaches that do not integrate and are highly inefficient. Different functions spend more time managing the volume of emails, documents, and spreadsheets than they actually do managing the issues themselves. The line of business is overwhelmed with inconsistent approaches to issue reporting and case management.

This fragmented approach to issue reporting and case management resembles battling the multi-headed Hydra in mythology. As the Hydra grows more heads of risk, regulation, and ethical challenges, issue reporting and case management professionals find that scattered approaches leave them exhausted and overwhelmed as they lose the battle. This results in a reactive fire-fighting approach to issue reporting and case management, with silos of data that professionals struggle to find the time to coordinate and link together manually. This piecemeal approach is inefficient, increases risk exposure, and leads to serious matters that fall through the cracks. Redundant and inefficient processes lead to overwhelming complexity that slows down the business in an environment that actually requires agility.

The document-centric, scattered, and manual processes of the past have impaled case management functions with inefficiency. Process management and reporting is primarily comprised of emails, documents, shared files, homegrown databases, spreadsheets, and manual processes. Case management professionals are spending a disproportionate amount of time collecting data and reporting on data instead of time spent adding strategic value to the business through analyzing and trending the data collected. This antiquated approach leaves teams with flat metrics that lack context and don’t help professionals identify or address problematic processes, culture, or behavioral issues. GRC professionals often express to GRC 20/20 Research their frustration with the:

  • Inability to gain a clear view of issue reporting and case management interdependencies
  • High cost of consolidating silos of GRC and issue management information
  • Difficulty maintaining accurate GRC and issue management information
  • Failure to trend across issues, departments, and reporting periods
  • Incapability of providing GRC and issue intelligence to support business decisions and strategic planning
  • Redundant approaches that limit correlation, comparison, and integration of information
  • Lack of agility to respond promptly to changing regulations, laws, and business environment

Dynamic & Distributed Business Compounds the Problem

Organizations are seeing increased scrutiny and focus on compliance activities from:

  • Governments worldwide are increasing their scrutiny of organizations and have become more prescriptive in their regulations and standards.
  • Enforcement agencies have grown more sophisticated in assessing “real” versus “paper” ethics and compliance efforts.
  • Stakeholders, including investors, activist groups, consumers, business partners, and employees are demanding transparency and accountability.

These challenges are making organizations rethink their approach to issue reporting and case management. Organizations are looking for greater agility and effectiveness, while achieving greater efficiency with human and financial resources in identifying and resolving issues. The goal is to:

  • Align stakeholder demands for transparency and accountability.
  • Leverage emerging technologies to improve efficiency, effectiveness, and agility.
  • Enable GRC professionals to better target resources where issues identify the greatest exposure.

This trend points in one clear direction: a new issue management architecture that is dynamic, predictive, and information-based through the deployment of an integrated information, intelligence, and analytics architecture to overcome the inefficiencies of the manual and document-centric approaches of the past. This approach to issue reporting and case management delivers demonstrable proof of risk and compliance management, discovery and containment of issues, and shifting the focus of efforts from being reactive and “checking the box” to being proactive and forward-looking. Organizations need greater efficiency in processing and managing issues with structured information and process, greater effectiveness in ensuring corporate integrity, and increased agility in addressing rapidly changing business, regulatory, legal, and reputational risks.

The bottom line: Issue reporting and case management programs have been very tactical and inefficient in the past in collecting issue reports and managing cases. GRC functions across the organization have lacked an overall approach to manage issues, provide reporting and analytics, and the ability to move issue reporting and case management from the tactical approach to an integrated strategic approach that aligns with governance, risk management, and compliance strategy and processes. A centralized issue reporting and case management system saves time and money and creates an environment where the organization can measure the effectiveness and efficiencies of GRC resources.

Case Management Software

Building a Business Case & Articulating Value to the Organization

Organizations often approach issue reporting and case management in manual processes encumbered by documents, spreadsheets, and emails. This taxes and slows down investigation processes, and makes reporting very time consuming and often inaccurate because of scattered information. GRC 20/20 Research has conducted a detailed study of organizations that moved from manual document centric approaches to i-Sight case management. GRC 20/20 found that organizations that utilize purpose built software for case management make their issue reporting and case management processes more efficient, effective, and agile. This results in a quantifiable return on investment.

On October 5th, 2-3pm, join presenter Michael Rasmussen as he outlines how case management software can make issue reporting and case management more efficient and agile.
In this webinar, organizations will learn how to:

  • Avoid the costs of manual document-centric processes in wasted time and resources
  • Identify specifics on how software makes issue reporting and case management more efficient, effective, and agile,
  • Measure and quantify the value in time and dollars saved with case management software
  • Build a business case to justify case management software in your organization

[button link=""]REGISTER[/button]

[1] This is the official definition of GRC as found in the OCEG GRC Capability Model.
[2] For the purpose of this report, the term issues and cases will be used but should be understood to include incidents and investigations.