The Most Important Compliance Best Practices You Need to Know

Internal Audit, a term hated by most in the organization. Audit team will probe into all the activities for conformity. Internal audit team works on behalf of the organization for internal purposes and forms the basis for company’s self declaration of conformity. These audits are scheduled and completed within the specified time to ensure the company’s quality management systems are maintained as per ISO 9001 standard requirements and are maintained as per company’s requirement and audits criteria.

Internal audit report provides the visibility to the top management vis-a-vis the conformance to the established criteria. What are the ISO 9001 Standard requirements for maintaining internal audit system?

Business strategies need to be inline with the vision and goal of the company. It’s ok to derive inspiration from competitors but trying to outsmart competition by aping them is bad news. This illustrative case study brings to the fore how good businesses can go bad by losing focus on one’s core competencies. Even inappropriate plans of business diversification can be a killer. All Management decisions should be inline with stakeholder sentiments and expectations.

GRC is fast becoming key to any enterprise strategy. However, organizations are overlooking the difference between GRC as applied to business and as applied to IT. IT GRC focuses on security & general computer controls and privileged user access.

GRC as applied to business focuses on elements like business processes which include business level controls, application level controls and policies and audit reporting needed for internal and external auditor compliance report filing. It also applies to risk management and executive guidance assistance to provide directional analysis and recommendations.

Understanding these differences helps eliminate common GRC mistakes.

Companies are finding it necessary to translate information into other languages. This arises mainly due to their business interests outside of home or due to the diverse population within. Translation is an art. The emphasis is to maintain the same meaning after translation. Careful review, revision and editing on the part of the translator is the key.

Wall Street off late has been using ending cash balance as a measure of management effectiveness. This can be achieved by efficient and accurate cash flow forecasting. Managing debt and investment in a balanced manner shall reflect on the efficiency of the treasry department. The global economic dowturn has left complanies cash strapped and this might be the right time for them to review their current approach to forecasting. Insight into the best practices for forecasting, will help gear companies to overcome this challenge.

Stringent corporate governance, and accountability reforms, that followed the corporate failures of the past, have dramatically changed today's business environment - placing great responsibility on the management and demanding seamless operations. Organizations across the globe are constantly being challenged to navigate through a proliferation of new standards and expectations in a way that supports performance objectives, sustains value, and protects the organization's brand. Whether we like it or not, all corporations have to comply with regulations and at the same time establish their credibility with investors, other stakeholders, and the broader public. All these factors, brought together, have fuelled the convergence of distinct, yet entwined disciplines of the Governance, Risk, and Compliance (GRC).

Environment, Health and Safety (EH&S) management is emerging as a key challenge for large organizations. Companies have to ensure that appropriate processes and programs for work safety compliance are in place and address environment related issues in their operating environment. Without an environment or a work safety program they run the risk of occupational safety and environmental hazards. Furthermore, companies involved in high technology, construction, mining, energy, oil and gas, and chemicals pose a serious threat to environment through Green House Gas (GHG) emission and waste discharges that requires a greater focus on EH&S.

Information technology has become a core enabler of business processes within the organizations today. As a result, companies are required to audit and validate their relevant IT systems to ensure that their business processes and underlying records comply with regulations such as the Sarbanes-Oxley Act of 2002 or Healthcare Insurance Portability and Accountability Act (HIPAA) or 21 CFR Part 11(FDA). This paper defines an “easy-to-implement” framework for auditing and validating IT systems for regulatory compliance. It also identifies a best practice which calls for IT organizations and software vendors to proactively audit their software development and implementation processes on an ongoing basis to identify and correct any systemic issues to lower the cost of compliance.

Many companies across all industries have decided to focus on their core competencies and have outsourced manufacturing of some components, as well as specialty services to a partner, who may only be a driving distance away. However, ensuring quality of the outsourced components and services is a challenge for most organizations.

There is a widespread call for greater board (BoD) accountability and transparency - the twin key issues that engage boards are - What are the risks? and How are they managed? An Internal Audit function addresses both concerns. Internal Audit supports the BoD and its committees by independently assessing the effectiveness of an organization’s system of internal controls as well as compliance with statutory, legal and regulatory requirements.

Background checks for new recruits into financial institutions is becoming a regular practice. This is being conducted for all levels of employees. It is essential to put in a robust process in order to reap the benefits. Understand - the key trends in background screenings, common pitfalls, decide on outsourcing or not - become important key areas before setting a process.

FAA has made clarification with regards to storing of personal items in the back seat pocket of airlines. Though the airlines have been instructing against such practices, FAA has clarified that any items that does not exceed the specified weight limit can be stowed away in the designated pocket. The airlines were following an earlier guidelines from FAA to refrain from such practices. This clarification has come as a relief to many a passengers who were discomforted by the rule.

Financial Institutions are vested with the responsibility of running a clean and fair business. Factors that drive business continuity are

• Well managed risks
• Better customer relationship
• Accurate and consistent reporting.

Compliance with regulations helps them in achieving this. Though compliance requires time, it will be time well spent. A well defined vision and well concerted effort will give the desired results. The plan should aim at minimizing risk, minimizing costs and maximizing the results. So the implementation should be phased and choreographed well to achieve all intended goals. More on the various options available read on

HR Resource compliance is becoming more and more relevant in today’s business scenario. Stringent regulations like the FLSA, OSHA, sexual harassment and anti-discrimination laws though are in force, companies should be wise enough to understand their responsibilities to be desired employers.

HR compliance entails that one understands the law and has designed policies in tune so that these laws are followed. To make it effective, it requires that these programs are threaded into the business strategies.

Developing an effective HR Compliance Program involves the following considerations:

• Educate yourself
• Get good advice
• Create an HR policy manual and regularly update it
• Train your managers
• Train your employees
• Open your ears
• Give Feedback
• Document your decisions

A cooperative effort from all levels of hierarchy will see the effort through in achieving HR compliance. Read on

Security professionals should view the emergence of SOX as an opportunity to rise as key-enablers of creating a sound business environment. SOX provide this opportunity to companies which are already public or private companies outside the mandate of compliance to build strong business environment. SOX highlight the importance of information security by emphasizing the importance of business critical systems. This gives rise to the need of security monitoring and reporting. How best such an effort can be executed is best described in.

“The right tools and attitude can turn compliance into competitive advantage via process change”.

Overtime organizations are realizing opportunities of not just reducing cost of compliance but also of the overall operations. Experts feel that SOX can act as a catalyst for change that leads to competitive advantage.

More on the approach for realizing the benefits of streamlining processes and the best practices to be adopted read on

Organizations are continually reminded of the need to understand their business processes. Governments demand it. Certification Agencies demand it. Auditors demand it. Competition demands it. People realize value in understanding the processes which will enable them to do a better job. But people are oblivious of the available tools and methods which will augment their need to understand their processes better.

Over time, there have been a larger focus on process improvement and has seen the emergence of re-engineering, BPI and six sigma. There are several government mandates like the SOX and PIPEDA and organizations like ISO which have laid out guidelines for process improvement.

More on the different tools and methods and various benefits of implementing them read on

Corporate Performance Management aligns goals, metrics, people and technology in order to increase performance across the organization. This stems from the fact that organizations are faced with enhancing price performance, customer satisfaction and retention, & improve productivity and efficiency while streamlining processes and driving bottom-line growth.

CPM implementation drives the following benefits:

• Goal Alignment
• Increased business agility
• Comprehensive regulatory compliance
• Improved consolidation process
• Streamlined reporting
• Collaborative management

Six Sigma is a set of concepts and methodologies that aims at achieving perfect business processes wherein the total number of defects never exceeds 3.4 per million opportunities that exists for such defects to occur. Six sigma uses a wide variety of statistical tools and techniques some of them being control charts, defect measurements matrices, pareto diagram, process mapping, SPC, FMEA etc.

Six Sigma relies on two key methodologies viz; DMAIC (Design, Measure, Analyze, Improve and Control) and DMADV (Design, Measure, Analyze, Design and Verify) for making necessary improvements in business processes.

More on Six Sigma and its methodologies read on

Clinical data capture has brought in the use of modern computer front-ends but the back-end processing still lags behind in sophistication. The current processes are very cumbersome, time consuming and non-repeatable.

The solution to warehousing the ever-changing structures of clinical data will require 1) a single, multi-trial repository based upon abstract rather than directly representational data models, and 2) adaptive, meta data-driven ETL programming.

To learn more on the impact of such a transformation by way of simplified validation, elimination of redundant processes and increase revenue by reducing time-to-market read on..