Managing compliance and ethics has become a complex web of processes and information. The modern organization is constantly changing: new employees, shifting employees and responsibilities, evolving business processes, new and changed regulations/obligations, growing ethical concerns, and greater scrutiny from stakeholders, customers, law enforcement, and regulators.
The challenge of compliance and ethics grows more confusing when you look at the scattered approaches and departments. An organization may have a Chief Ethics and Compliance Officer (CECO), but compliance can be scattered. The CECO may be focused on code of conduct, anti-trust, anti-bribery and corruption, conflicts of interest, and more. But other departments have their compliance concerns and approaches such as human resources, information security, privacy, quality, environmental, health and safety, and more.
At the core there are very similar processes for compliance assessment, issue reporting and hotlines, policy and training management, and case management . . . but each department varies in manual processes and point solutions. Even within one department, such as the corporate compliance and ethics department, you may find multiple point solutions and manual processes. Many solution providers further confound the problem. They market what appears to be an integrated compliance platform, but under the hood is a variety of siloed applications that do not talk to each other and do not share a common application and information architecture—deceiving the organization and causing more silos and time wasted.
Manual processes and point solutions drive up compliance costs and time. I was talking to one organization that was spending 200 hours building a compliance report annually for the board of directors on compliance cases. That is one employee working 40 hours a week for five weeks to produce one report. The employee had to go through a variety of documents, spreadsheets, emails and point solutions to tally and aggregate information to report to the board. That is not managing compliance, that is reacting. All of a sudden, the report surfaces a compliance trend that started eleven months back, and the organization is just seeing how out of control it is months later.
Another organization I talked to told me that 80% of their staff time for compliance was nothing more than document reconcilers trying to manage thousands of documents, spreadsheets, emails, and point solutions/databases. They were only spending 20% of their time actually managing and improving compliance.
It is time organizations turn this around. A common compliance architecture that shares a single application and information architecture makes compliance more efficient, effective, and agile. It drives efficiencies in time of compliance staff, and this in the end means saved money. It drives efficiencies and money savings by finding compliance and ethics issues and containing them before they become big, ugly, and costly violations and the organization faces fines, penalties, and lawsuits.
A compliance architecture sees complex relationships and drives effective and agile compliance processes. When an organization goes to review a policy, they have instant insight into the questions, comments, and cases related to that policy to understand how to improve it or its communication and training program. When there is a case, the organization can instantly see similar cases as well as governing policies and requirements. Compliance dashboards, reporting, and metrics are real-time and not months out of date. This drives efficiency into compliance and ethics processes. Compliance and ethics are managed in an agile fashion in context of changing business processes and employees.
The pressure for organizations to have a compliance architecture is increasing. The recent Department of Justice guidance on the Evaluation of Corporate Compliance Programs has a predominant focus on strong audit trails, complete system of record of compliance activities, and access to real-time operational data of compliance and not just point in time reports. Click here to read Tom Fox’s breakdown of the updates and what is meant by each language change.
However, as I stated, solution providers may market a compliance platform or architecture but under the hood it can be a mess. Organizations need to look to compliance and ethics solutions that have a common application and information architecture to deliver 360° contextual insight and situational awareness of compliance.
From the Convercent team:
Our Solutions Consultants are here to help you streamline your compliance architecture. Get in touch with us via the form below to see how Convercent’s Ethics Cloud Platform can help you connect every aspect of compliance and ethics in one unified suite of applications, as Michael recommends above.