Fourteen Steps for Better Compliance Management System
There is a growing necessity for businesses to implement compliance monitoring systems and many are struggling with the task of migrating from memory, paper and excel- based systems that are now inadequate.
Compliance monitoring (let's call it compliance auditing) is the toughest of all the "GRC" tasks to get right - particularly in a globally extended business - so you need a solution that has a number of key components designed to take over many administrative tasks and make life easier for you.
Here is a summary of the most important components of an effective compliance monitoring system:
1. Questionnaire management
You need complete control over the set up and maintenance of audit checklists for each of the regulatory frameworks with which you work. This allows you to standardise the process and deliver consistent outcomes.
2. Security enabled workflow
Different types of audit may have different workflows and your system must allow you to control which users can view and/or modify an audit at each stage in its life-cycle.
3. Corrective action management
The audit process must identify non compliances or infringements, and your system must be able to identify and track every individual issue until it has been appropriately resolved.
4. Granular security management
To work effectively your system must accommodate a range of internal and external users, and be able to assign rights to view specific data items as well as perform certain functions.
5. Support for multiple auditing bodies
Your system should be able to accommodate multiple auditing bodies and identify their individual audit personnel. It may be tempting to assign all your third party audits to a single provider, but there are benefits to selecting several.
6. Secure dashboard for external parties
Your external parties, set up with appropriate user rights, should be able to access their data via a dashboard. This enables you to reveal charts, reports and other analytical data, as well as scheduled audits, corrective actions and historical data to those who need to know.
7. Self-assessment capability
A good audit management system is also about helping and encouraging suppliers, facilities, etc, to become compliant. The solution must enable users to perform self-assessments on demand in order to maintain a compliant state, or to prepare for an upcoming vendor audit.
8. Risk-aware compliance management
You will never have all the resources you need to audit every facility as often as you would like. A useful way to apportion the auditing effort is to stratify your facilities according to risk and your system must accommodate this.
9. Easy-to-use, online audit conduct
At audit time, your auditors must be able to enter responses in real time via a web browser (see mobility, below). This speeds up the process, reduces audit and reporting time, minimises error, and provides a single point of audit capture. Audit questionnaires must be easy to navigate and must provide automatic scoring, response saving, and corrective action generation where the response is negative, and must allow the auditor to record observations, comments, and notes, and upload evidentiary material for any question.
Insist on a solution that allows you to configure your own email communications system to keep all your stakeholders in the picture and save you the admin overhead of tracking who should get what and when. The solution must provide a wide range of trigger points which initiate emails.
11. Total mobility
Firstly, for your compliance management system to work effectively, it has to be web based, and it must support multiple browser platforms.
Secondly, and especially if your suppliers are in foreign countries where internet access is challenged or intermittent, your system must support mobile audit tools – tablet apps which allow you to perform audits in areas without internet access.
12. Cost sharing
Implementing a globally-accessible system is a significant task, and it does not come free. It is reasonable to consider a fee for participation in your compliance management program, which will offset the cost of setting up and maintaining your system over time. If you want to impress your board, offer them a self-funding solution!
13. Top management support
You need the support of top management to get your system off the ground and to back you up in the future. You need this for several reasons besides getting sign-off on the project.
14. Support services
If this sounds too daunting, be reassured that there are providers out there, like Compliance Experts, who can help you. When looking for a provider, one of the most important considerations is experience in the compliance field. This way you know the technical solution they offer is built on a foundation of practical know-how, and you can be sure that this will be reflected in the features of the system.