This chapter provides orientation on managing compliance through the Compliance module.
Compliance is the result of an organization fulfilling the requirements outlined in laws, standards, organizational norms, and industry codes, as well as good corporate governance principles and social and ethical expectations.
The current business world requires organizations of all sizes and segments to deal with an unprecedented volume of regulations, laws, and demands to be in compliance with regional, industry-specific, and internal authoritative documents.
Managers are responsible for understanding and complying with this set of rules and values, identifying those that will be implemented and providing the necessary means to ensure they are adhered to. Not adopting these sets of rules and values at any level of the organization leads to compliance failures. Often an organization’s commitment to compliance has been taken into consideration by the legal system when applying penalties due to violation of applicable laws. Various incidents at different times and places have served to propel governmental initiatives in the most diverse areas, which aim at enhancing control over corporations in order to preserve market and economic stability.
In addition, the need to operate in an integrated manner in a world that is increasing globalized has led to the proliferation and voluntary adoption of international standards and norms in order to facilitate interactions between organizations.
It so happens that these authoritative documents are often met using manual and fragmented approaches (the “silo” issue), making the compliance process a tasking, uncertain, and inefficient one. The costs of leading with a growing number of spreadsheets and documents in an un-integrated process may be very high, with little or no real benefits to the business. Organizations therefore need tools that ensure consistency to the efforts of managing their compliance needs.
Compliance management in the system effectively supports managers in the challenge of maintaining compliance with multiple authoritative documents, providing resources that enable everything from the efficient performance of compliance analyses to the treatment of the non-compliances identified. The system integrates and automates the compliance process, reducing costs of managing the process, avoiding fines and other penalties.
In this module you can create projects to analyze the level of your organization’s compliance with various authoritative documents, generate the Compliance Analysis Report to view the final results of an analysis, evaluate the results of the analysis by choosing to accept (and justify) or send non-compliances to treatment, and run compliance queries to examine indicators for a certain project and statistics on responses provided to interviews. This module is fully integrated with the Organization, Knowledge, Dashboard, Workflow, and Administration modules:
• The Compliance module analyzes assets, business components, and people registered in the Organization module. Consolidated metrics resulting from compliance projects can later be viewed in the Organization module through the integrated overview.
• The Knowledge module is where authoritative documents and surveys are prepared and stored, which are used in compliance projects.
• Metrics resulting from analyses in the Compliance module are available through charts created in the Dashboard module.
• Events created to treat non-compliances identified through projects are managed through the Workflow module. Project statistics are updated as these events are updated and closed.
• Configurations for compliance projects are managed through the Administration module, including:
o Customization of the scale used for compliance metrics, including the different levels for each metric and the colors and descriptions for each level.
o Customization of message templates used to send e-mail notifications related to compliance projects.
o Customization of project settings – such as whether interviews will be sent manually or automatically to reviewers, the justifications available when accepting non-compliances, and more.
o Customization of default access control settings, determining which system privileges project leaders and analysts will have access to.
This module is divided and documented in three sections:
• Compliance Projects: where you can manage projects that analyze the organization’s compliance with both internal and external requirements and standards.
• Compliance Queries: where you can create and manage compliance queries to the results of analyses and interview statistics.
• Compliance Reports: where you can generate, schedule and customize compliance analysis reports.