Compliance has never been a word to gladden the heart, unless you are an auditor – and today the compliance burden, both for business and the public sector, is greater than ever before.
In the US, chief executives frightened by Enron’s experience have spent large sums on complying with Sarbanes-Oxley (Sox) regulations, while in Europe businesses have been cowed by a series of directives such as Basel II, the Markets in Financial Instruments Directive (Mifid), and the Data Protection Act. The public sector, too, has been affected by the Freedom of Information Act and requirements to put local government services online.
The regulations differ in their precise requirements, but at heart they are all about transparency. There are three areas, says John Bronjewski, director of client services at professional services firm Resources Global, where regulations will affect the way organisations manage unstructured content.
First is the need to store data accurately and securely for data protection purposes. Second is the need to prove what has happened for legal reasons – this will affect organisations covered by legislation on child protection, for example. The third comes with regulations such as Sox – which applies to UK businesses listed on the US stock exchange – and Mifid.
‘It is going to be increasingly important to have the context side of the transactions, and also the ability to prove that you have done what you have done and to be inspected at any point in time,’ says Bronjewski.
In practice, organisations have to keep on top of the vast amount of contextual information they possess – and where once data was stored in paper filing systems, it is now generally scattered in emails, Word documents, instant messages and PowerPoint slides, often residing on local hard disks.
Even worse, that information often gets deleted when an employee leaves the firm. According to analyst Butler Group, some 85 per cent of data in an organisation is unstructured, so retaining that information, organising it in a meaningful way and keeping an audit trail of who has viewed and edited it is not a trivial task.
Charlie Tomkiss, IT systems manager at construction firm Whitbybird, agrees. At a time when the firm was expanding, he says, keeping track of legally binding documents is difficult.
‘You potentially have the situation where you have multiple copies of the same file going out the door and being issued, and you do not know which one is the contractual document,’ he says.
The solution that organisations are turning to is enterprise content management (ECM). An ECM system stores unstructured content centrally, but also manages the process of producing it, publishing it (to the web, for example) and filing it in a meaningful way that makes it easy to retrieve.
Some systems include embedded workflow, to ensure electronic forms are handled by the right people in the right order before filing. Generally, installation of an ECM system will require staff to adopt new processes so that when, for example, they save a Word document centrally, they also make a note of the people to whom they have emailed the document, and choose from a handful of pre-defined terms for indexing purposes.
Most systems make it possible to create an audit trail so it will be immediately possible to see that person X has written a document, person Y has approved it, and person Z has then edited it at a later stage.
Any implementation must be preceded by an agreement about what information needs to be stored, where it is to be stored and how long it is to be stored for.
The mistake many organisations make, says Peter Fawcett, IT partner at Atos Consulting, is to implement an ECM system without thinking intelligently about what the regulations require.
‘What auditors want is a documented audit trail of anything related to controls, he says. ‘So, for example, something the auditors are interested in is: is there good segregation of duties? Is there control over access to the system to reduce fraud? Is the information produced on profit and loss really reflecting the true value of the company? Are people putting in fraudulent transactions?
‘You need an audit trail for that, but if you start with that in mind, then you design the processes to support that, and you need to keep all the documentation to support that.'
Have your say on this article
Newsletters
Latest stories from Management
You may also like
Management jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
