Policy Management Build vs. Buy: Why Policy Management Software Makes Sense



Similar documents
Simple, smart, intuitive policy management

Solution Viewpoint Governance, Risk Management & Compliance Insight ERP MAESTRO. March Automated Security & Access Controls Through the Cloud

April 2014 SAI GLOBAL. Delivering Effective Compliance Solutions & Architecture. Solution Viewpoint Governance, Risk Management & Compliance Insight

Corporate Social Responsibility: Good Corporate Citizens Respect Copyright and the Property of Others

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

Whistleblower Hotlines & Case Management Solutions: Major Challenges and Best Practice Recommendations. Whistleblower Hotlines: Making Headlines

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

2015 Ethics & Compliance Healthcare Policy Management Benchmark Report

Value of a Purpose-Built Third-Party Compliance Solution

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

Using Microsoft SharePoint for Project Management

ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES

Convercent Predictive Analytics

Enterprise Content Management discovering

30 Important Considerations for Effective FCPA Compliance

Now part of Symantec. Sponsored By:

The Future of Investment Compliance for Asset Owners: The Next Great Transformation

Using SharePoint to Manage Project Documentation

IBM Enterprise Content Management: Streamlining operations for environmental compliance

Special report Healthcare

The SEC Whistleblower Program and What You Need to Know

treasury risk management

Driving Your Business Forward with Application Life-cycle Management (ALM)

DOUBLECHECK VENDOR MANAGEMENT

The PNC Financial Services Group, Inc. Business Continuity Program

IT Governance. What is it and how to audit it. 21 April 2009

WHITE PAPER Practical Information Governance: Balancing Cost, Risk, and Productivity

How To Improve Your Business

Thought Leadership White Paper


Technology Solutions. Man a g e th e ch a n g i n g Rec o r d s Ma n a g e m e n t. More than 90% of records created today are electronic

Resource Management. Compliments of. Published by

The Manager s Guide to Avoiding 7 Project Portfolio Pitfalls

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

AccTech's vast experience and understanding of government requirements allows us to assist any government agency in:

Project Management through

2016 GRC Technology Strategy

Best Practices for Hedge Fund Managers

Leveraging a Maturity Model to Achieve Proactive Compliance

IBM Cognos 8 Controller Financial consolidation, reporting and analytics drive performance and compliance

In-House Technology Challenges and Opportunities

THE METIER OF ERP PROJECT MANAGEMENT Successful Projects above all require Business-IT Leadership

Extending SharePoint for Real-time Collaboration: Five Business Use Cases and Enhancement Opportunities

THOMSON REUTERS ACCELUS

The 2-Tier Business Intelligence Imperative

Creative Shorts: The business value of Release Management

Adaptive Case Management - Capabilities for Faster Decisions

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

How To Manage Risk With Sas

Global Headquarters: 5 Speen Street Framingham, MA USA P F

MALAYSIAN TECHNOLOGY DEVELOPMENT CORPORATION SDN. BHD.

Sytorus Information Security Assessment Overview

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

EM-SOS! from Sandhill Consultants

Monitoring & Managing Effective Compliance Programs

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

!!!!! White Paper. Understanding The Role of Data Governance To Support A Self-Service Environment. Sponsored by

2016 The global ABB integrity program.

building a business case for governance, risk and compliance

Managing explicit knowledge using SharePoint in a collaborative environment: ICIMOD s experience

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Social in the Enterprise

Main Page Search August 25, 2010

Delivering Enterprise Value with Oracle Governance, Risk, and Compliance. Executive Summary. Table of Contents

Information Governance in the Cloud

ProjExec Project Management for IBM Collaborative Platforms. Simple and effective project execution with collaboration for all project needs

IBM ediscovery Identification and Collection

Risk Management Framework

WHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER.

Information Governance: CA/Microsoft Solutions for Compliance, Legal and Governance Responsibilities

CIO survey: All s not well at endpoints

Security and Privacy Trends 2014

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

SharePoint and Contract Management. Alan Weintraub Practice Director ECM Consulting (610) (office) (484) (Mobile)

Secure HIPAA Compliant Cloud Computing

Workshop agenda. Data Quality Metrics and IT Governance. Today s purpose. Icebreaker. Audience Contract. Today s Purpose

1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of

Meeting Changing Information Management Needs with Next-Generation Archiving

WMACCA Small Law Department Initiative. Scaling a Compliance Program To Your Organization And Small Law Department

California Information Technology Strategic Plan

WHITE PAPER Leveraging GRC for PCI DSS Compliance. By: Chris Goodwin, Co-founder and CTO, LockPath

Simplifying the user experience and helping organise, sync and share content.

An Introduction to SharePoint Governance

RSA ARCHER OPERATIONAL RISK MANAGEMENT

IT S TIME TO LAUNCH A NEW LEVEL OF IT SERVICE DELIVERY. Presented By:

Improving sales effectiveness in the quote-to-cash process

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

The PNC Financial Services Group, Inc. Business Continuity Program

Privacy by Design Setting a new standard for privacy certification

TD Bank N.A. s Enterprise-Wide PMO Monitors Projects and Maintains Focus on Strategic Goals

WRDC Gets the ITQAN Enterprise Content Management Treatment

AV-20 Best Practices for Effective Document and Knowledge Management

University of New England Compliance Management Framework and Procedures

Outsourcing Corporate Tax Services

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

Chartis RiskTech Quadrant for Model Risk Management Systems 2014

When you have to be right

Key Trends, Issues and Best Practices in Compliance 2014

A Risky Business: The True Costs of Spreadsheets

Transcription:

Prepared By: Michael Rasmussen J.D., OCEG Fellow, GRCP Risk & Compliance Lecturer, Author, & Advisor Policy Management Build vs. Buy: Why Policy Management Software Makes Sense Why Policy Matters Policy management software addresses the challenges of managing the litany of policies within business boundaries enabling employees, giving them the expectations and boundaries, and doing so in a way that protects the organization from harm. Policies articulate corporate culture the values and boundaries of individual and business behavior, and personal conduct. They are a necessary means to clearly define, articulate, and communicate the organization s boundaries, practices, and expectations. The right policy is necessary to define and communicate what the organization is about. Unfortunately, policies that are outdated, miscommunicated, or just plain nonexistent can lead to severe loss in productivity, reduced quality, and possible litigation. Thus, it is necessary to ensure that organizational policies and procedures are fresh and managed correctly. This means that they are readily available to employees and kept current. When one examines the intricacies of policy management, it becomes clear that a paper/binder system is ineffective for performing such management. Policy management done correctly requires a dedicated technology solution. A policy management software platform delivers peace of mind through its distribution, tracking, and reporting functions. However, to their error, many organizations balk at the cost of purchasing policy management software because they feel they can build something in-house (either through an intranet or SharePoint) that will accomplish the task. Build your own approaches why they fail The mismanagement of policies has grown exponentially within organizations with the proliferation of collaboration and document sharing software such as Microsoft SharePoint. These solutions to their credit as well as downfall enable anyone to post a policy. Organizations end up with policies scattered on dozens of different internal Web sites and file shares, with no defined audit trails or accountability for Table of Contents www.corp-integrity.com research@corp-integrity.com +1.888.365.4560 2011 Corporate Integrity, LLC - All Rights Reserved Why Policy Matters... 1 Build your own approaches why they fail... 1 Policy Management Software Returns the Greatest Value... 3 Policy Management Software Delivers Policy Effectiveness... 4 About this Paper..... 5 About Corporate Integrity..... 5 About Michael Rasmussen..... 5 Page 1

them. This produces policies that are written poorly, out of sync, out of date, and with no evidence of how the policy was communicated, read, and understood. Collaboration software such as SharePoint is a great tool for managing and sharing non-sensitive documents in a very general way such as wikis, blogs, Web content, and documents usually shared among a specific group. While collaboration and document-sharing software like SharePoint appears easy and cheap to implement, the reality is that the cost to the organization is significant in the liability and exposure of ineffective policy management. Many organizations have decided to take that path only to find that it is neither intuitive nor appropriate for policy management. There are strict compliance and legal requirements that must be instituted when managing policies requirements that a build-your-own policy management system makes difficult to achieve, and come at a significant cost to the organization. Some organizations feel that they could accomplish at least some of the necessary features, requiring significant development effort to achieve an appropriate and effective policy management environment. The cost actually exceeds the cost of purchasing a policy and procedure management (PPM) software platform. Add ongoing maintenance and support of a build-your-own policy management system, and the costs grow higher. Consider that an organization will have to dedicate IT development resources to this project for several months or years. Is the organization willing to maintain the policy portal project as the priority for that long and will it continue to test it and support it with updates as needed? Most corporate roles struggle to get IT s attention on their initiatives as it is. Another point of consideration is whether the organization wants to live with a home-grown system that will most likely have a fraction of the features contained in a purchased system. Companies can spend as much as 10,000 man hours to build the a policy portal on collaboration technologies and increase that development time every year thereafter trying to enhance it and provide the features an organization learns it needs to manage policies correctly. What are the opportunity costs an organization is losing by focusing on this a custom approach to policy management? Some specific features to consider when building your own policy management solution: The desirability of a consistent platform for the entire enterprise instead of each department implementing their own policy portal. The ability for the platform to manage the lifecycle of policies through creation, communication, assessment/ monitoring, tracking, maintenance/revising, to archiving and record keeping. The ability to restrict who can read what documents, and who has the permission to edit, review, and approve. The training requirements needed to show that individuals understand what is required of them through linkage to learning systems/modules, quizzing, and attestation. The accessibility of the system, with the ability to communicate policies in the language of the reader as well as provide mechanisms of policy communication for those with disabilities. The requirement to be able to gather and track edits and comments to policies as they are developed or revised. The mapping of policies to obligations (e.g., regulatory or contractual requirements), risks, controls, and investigations so there is a holistic view of policies as they relate to other areas of governance, risk management, and compliance (GRC). The ability to provide a robust system of record to track who accessed a policy as well as dates of attestation, certification, and read-and-understood acknowledgments. The ability to provide a user-friendly portal for all policies in the environment that has workflow, content management, and integration requirements necessary for policy management. The need to provide links to hotlines for reporting policy violations. 2011 Corporate Integrity, LLC - All Rights Reserved Page 2

The ability to publish access to additional resources such as helplines and FAQs to get questions answered on policies. The cross-referencing and linking of related and supporting policies and procedures so the user can quickly navigate to what they need to understand. The ability to create categories of metadata to store within policies and to display documents by category so that policies are easily catalogued and accessed. The requirement to restrict access and rights to policy documents so that readers cannot edit/change them and sensitive policy documents are not accessible to those who do not need to see them. The necessity that the organization keep a system of record of the versions and histories of policies to be able to refer back to when there is an incident or issue that arises from the past and the organization must defend itself or provide evidence. The capacity to enforce templates and style on all policies with the ability to guide policy authors and prompt them to maintain the corporate brand as well as associate specific properties, categories, or regulatory obligations with the document. The need for accountable workflow so certain people can approve policy documents and then tasks can be moved to others with full audit trails on who did what to the policy. Deliver comprehensive reporting consider the time it takes in a build-your-own approach, and organization could spend months or years trying to create the depth and breadth of reports included in commercial policy and procedure management software. Although you may be able to implement a few of these features using a build-your own approach such as SharePoint, the cost in training, maintenance, and management time, let alone the legal ramifications due to lack of proof of reader signoff and comprehension makes it a risky venture for policy and procedure management. Policy Management Software Returns the Greatest Value An organization can choose one of two primary models to manage and communicate policies. One approach is a build-yourown, ad hoc and ultimately labor-intensive process that produces significant development and administrative overhead to do it right. An economical approach focuses on commercial policy management software that has been built to meet the complex and diverse needs of policy management. NAVEX Global is a technology provider in the GRC market that Corporate Integrity has researched and evaluated. Through a purpose-built policy management system, NAVEX Global eases the policy management burden by delivering operating effectiveness, human and financial efficiency, and business agility to policy management processes. NAVEX Global enables an organization to have an enterprise policy management portal that delivers: Policy management lifecycle: The ability to manage policies across the lifecycle of creation, approval, communication, enforcement, maintenance, and archiving of the policies. Complete system of record: Within the policy management lifecycle, NAVEX Global provides a comprehensive audit trail so the organization can understand and when necessary prove who read and accessed a policy as well as how policies have changed providing evidence to defend the organization. 2011 Corporate Integrity, LLC - All Rights Reserved Page 3

Policy portal: Employees and business partners do not have to search and navigate dozens of intranet sites to find the policies relevant to their job role and function. With NAVEX Global s software they gain access to a single policy portal that presents the policies that apply to their job role as well as any tasks the employee has to complete (such as read-and-understood documentation). Commercial support: The breadth and depth of capabilities and reporting are maintained by NAVEX Global with experience across a range of clients and industries to bring a policy management solution that is complete the organization does not have to invest in a large IT project to implement the features necessary for a policy management system on top of document collaboration software. Integration with office applications: NAVEX Global s software was designed to integrate with standard Microsoft desktop applications, which are part of the policy portal itself. This delivers complete word processing and editing functions for policies, as well as conformity to defined templates without users having to learn new word processing software. Low cost of ownership: Through a commercial product, NAVEX Global eliminates the development overhead and greatly reduces the administrative overhead of a build-your-own approach. It achieves greater human capital efficiency as employees of the organization have a simple to use portal to read and understand the policies that apply to them. Policy Management Software Delivers Policy Effectiveness Organizations need to consider how they will address the many features and issues surrounding policy management and communication outlined here. The end result must be that corporate policies are no longer in disarray. This is achieved through policy management software that manages the lifecycle, keeping policies current and communicated with clear accountability and audit trails. Oversight of policies is managed by responsible parties with a holistic view of policy and the implications of policy changes and violations. The proper policy management solution will see that policies and policy-driven expectations are pushed out to employees and attestation to understanding of them is validated. In the event that a policy failure occurs, accountability is achieved by using the software to unwind the policy violation in question and determine what went wrong, with feedback on how to improve the policy to improve policy effectiveness. Effective management of policies within a policy management software solution is crucial for the modern organization to function within the bounds of the legions of regulatory obligations. It is also critical for other obligations, such as those among business partners. Policy management software addresses the challenges of managing the litany of policies within business boundaries enabling employees, giving them the expectations and boundaries, and doing so in a way that protects the organization from harm. 2011 Corporate Integrity, LLC - All Rights Reserved Page 4

About this Paper... This white paper is brought to you by NAVEX Global. NAVEX Global is the trusted global ethics and compliance expert for more than 7,500 clients in over 200 countries. A merger of industry leaders ELT, EthicsPoint, Global Compliance Services and PolicyTech, NAVEX Global now provides the world s most comprehensive suite of solutions to manage governance, risk and compliance. NAVEX Global equips clients to protect their organizations from adverse risks, enhance their corporate cultures and employee relations, and safeguard their brand equity and shareholder value. NAVEX Global provides an array of GRC services to capture and respond to business risk, improving the economic and social value of organizations around the world. The company works with clients to manage ethics and compliance programs through a deep portfolio of solutions including case management, whistleblower hotlines, policy management, online training, risk assessment and expert advisory consulting. Their fully- integrated offering provides clients with key learnings and actionable data to inform change management. About Corporate Integrity... Corporate Integrity, LLC is a GRC strategy advisory firm providing leadership in education, research, analysis, and advisory services by monitoring the challenges and trends in business for corporate governance, risk management, and compliance (GRC). Through ongoing research, interactions, and analytics, Corporate Integrity is the authority in understanding how organizations can foster a culture that walks the talk, where integrity is central to GRC practices. Corporate Integrity educates organizations and GRC professionals within those organizations on achieving sustainability, consistency, efficiency, and transparency in their corporate GRC practices to maintain a position of integrity aligned with corporate values and business performance. About Michael Rasmussen... J.D., GRCP, OCEG Fellow: Risk & Compliance Lecturer, Author, & Advisor Michael Rasmussen is an internationally recognized pundit on the topics of business ethics, corporate culture, policy management, and compliance. With more than 18 years of experience, Michael helps organizations understand their culture and improve related governance, risk, and compliance (GRC) strategies, processes, and technologies that deliver business agility, efficiency, and effectiveness. He is a sought-after keynote speaker, author, and advisor on compliance and risk management strategies. He is noted for being one of the earliest advocates for a collaborative and integrated approach to GRC. 2011 Corporate Integrity, LLC - All Rights Reserved Page 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information