Past compliance processes were bogged down in documents and technology silos, which led to laborious and costly processes to gather information and report on compliance risk. Compliance departments over-relied on spreadsheets, documents, and email that lacked an audit trail, creating a legal disaster since organizations lack a defensible position when it cannot prove compliance with a proper system of record and audit trail. With no auditable system of record, compliance information can also be compromised or tampered with. What may seem like an insignificant risk in one source of information may have a different appearance when other relationships are factored in. Siloed documents and processes create inefficiency, out-of-sync controls, and corporate policies that are inadequate to manage compliance. Organizations are encumbered by unnecessary complexity because they manage compliance within specific issues, without regard for an integrated framework and architecture, wasting time and resources in the process.
Effective compliance requires technology that has a robust system of record that proves a state of compliance and documents any changes made, thus providing a complete audit trail. In order for compliance to be an active and living part of the organization and culture, intelligent organizations are implementing a comprehensive compliance technology architecture.
Value Organizations Needed from Compliance & Ethics Technology
In a recent survey GRC 20/20 did in conjunction with OCEG (Technology Priorities for Compliance & Ethics: Aligning Technology to Changing Requirements), we asked the question, “Which of the following options align MOST with the value you would derive from an integrated ethics and compliance software solution?” The respondents indicated that their five most critical values for a compliance software platform are as follows:
- Regulatory Compliance and Defensibility. Ensure your company satisfies regulatory requirements and demonstrates ethical behavior by clearly documenting policy attestations, training completions, and investigations.
- Align Corporate Goals with Ethics and Values. Update business processes such as policy attestation, training, procurement, and employee communication to operationalize ethics and values. Analyze helpline issues and campaigns to identify and close gaps.
- Manage Your Complete Program with One Platform. One user interface via single-sign on for hotline/case, disclosures, training, policy and third-party risk, and reduced reporting time with pre-built dashboards to visualize and analyze compliance data with HR, procurement and travel data.
- Protect Your Brand. Increase employee engagement through helpline responsiveness and surface risks through centrally managed disclosures. Gaining employee trust mean issues are reported internally and not to external media.
- Frictionless Employee Engagement. Easy-to-use multi-channel intake methods via hotline (phone), web, text (SMS), proxy, and disclosures allows for accessible ways for employees to report workplace issues ensuring the employee voice is heard.
While all of these values were critical, it was having the robust system of record to defend compliance and the ability to align corporate goals with the ethics and values of the organization that was ranked the most critical.
Broad Capabilities Needed from Compliance & Ethics Technology
Next, we focused on the capabilities organizations desired from technology to automate compliance and ethics processes. The top five capabilities that organizations ranked were:
- Compliance Reporting. Standard reporting that shows the number of reported issues by type and region, tracks policy attestations and online training completions, and shows disclosures up for review. The capability to export data for analysis in spreadsheets or business intelligence (BI) software.
- Policy Management. Distribute policies and track attestations with the option of targeting specific employee groups based on HR attributes, archiving older policy versions automatically, and quick search and retrieval of attested policies by employee.
- Learning Management. Distribute online training courses and track course completions, allow use of any standard training content (in-house or externally sourced) without depending on any one vendor.
- Disclosure Management. Distribute conflict of interest and gifts, travel and entertainment disclosure questionnaires for review, approval or conditional approval. Allow employee self-service and disclosure updates, and track all Yes and No answers for proactive risk management.
- Helpline and Case Management. Multilingual, global, and 24/7 incident reporting via anonymous phone, text, web, or proxy that allows investigators to manage simple or complex cases with multiple allegations and parties within the same case.
Upcoming Events . . .
- Managing the Changing Regulatory Compliance Landscape
- March 13th, 10:00am – 11am CDT