Upping The Ante On Compliance-- And Improving Your Business Performance

Roughly 20 years ago, businesses had an easier time knowing which information to keep on hand for compliance purposes. Important documents were typically stored in clearly labeled files and large boxes, and that was that.

Then, two things started happening that changed everything. First, the volume of data companies produce and store to run their businesses exploded, spurred by such technology advances as the Web and e-mail, which double in volume every year. Second, the rules that govern what companies need to keep and can throw out started changing dramatically-- witness the recent Sarbanes-Oxley Act, new rules from the SEC and NASD, privacy requirements based on the Health Insurance Portability and Accountability Act (HIPAA), and increased oversight from federal, state and local agencies.

So, businesses face a virtual alphabet soup of new compliance requirements, and the stakes are higher than ever for executives in charge of meeting these new standards. Nobody wants to be on the evening news for discarding critical information, or just as bad, be unable to find whatever is needed.

Up until now, records management has been a fairly quiet, even routine part of doing business. The difference today is that records management applies not just to legal and Information Technology issues, but to management of all the information that flows across the enterprise, along with its relations with customers, suppliers and partners. This information is as vital to meeting compliance needs as it is to running the business effectively.

But most businesses aren't there yet. In fact, 80 percent of business information today is typically in unstructured formats such as e-mail, graphics, audio and video - buried deep inside the organization, where it cannot be managed. To meet today's compliance needs, and run the business more effectively, all this buried treasure needs to be scanned and digitized, stored securely and be readily available for internal and external tracking, which could even include producing original documents.

As daunting as this may be, there is a powerful upside: companies now have an added incentive to improve their business performance as they meet tighter compliance requirements. Fortunately, the technology is available to do this. Up-to-date records management policies and systems can help companies comply with complex regulation, but can also spur productivity, enhance customer service and boost the return on technology investment.

For example, Acuity Insurance found that by integrating its internal and external business processes, it was able to adjust much more quickly to global changes in law-- as well as increase its business with independent insurance agents by 35 percent, drive customer satisfaction to 97 percent, and cut costs. Credit Lyonnais found that by enhancing transaction processing to be in regulatory compliance, it was able to increase customer satisfaction by 30 percent and reduce administrative costs by 30 percent.

Here's how to get started on this kind of transformation:

--First and foremost, businesses need to put in place up-to-date records management policies and systems that capture all the information that companies produce and store - without exception. That means every e-mail, document and instant message, in whatever format is pertinent - text, video, audio and graphics.

--Second, as information is created, it is stored with records management in a non-erasable format, which can be validated as genuine. In certain cases, the original document must be held for compliance purposes, but a digital version must also be available on demand to the end-user. Records management must not deprive employees of the information they need to do their jobs, which affects their productivity.

--Third, you need to be able to enforce retention periods, based on appropriate compliance rules. Security also needs to be airtight so critical data cannot be tampered with or destroyed.

--Fourth, you need to make it easy for regulatory authorities to search and retrieve anything they need quickly from the mountain of data stored inside the enterprise. This is where "data" become "information assets," enabling you to capitalize on the raw material stored inside the enterprise -- no matter where it is or what form it is in. Such a capability has enormous implications for your ability to run your business, as well as meet compliance standards.

Along with these records management policies, companies need to pay particular attention to two additional technology issues. Bringing data together across the enterprise is a daunting task, given the complexity and heterogeneity of systems, applications and vendors most companies deal with today. That kind of information technology diversity is not going away -- it's getting more pronounced.

For example, enterprise technology today typically encompasses eight different operating systems, none of which work together. Moreover, this doesn't include customer and partner systems and applications, which play an increasingly prominent role in Web-based business processes and transactions.

But this kind of complexity doesn't have to be a fatal roadblock. The way to integrate across and beyond the enterprise is to build on standards-based technology, rather than replacing existing technology assets or putting one's faith in a single proprietary architecture. Standards-based middleware and content management can help companies integrate and automate their business processes, without starting over again.

Finally, choosing an open, standards-based technology will give you the flexibility and agility to evolve your compliance policies and systems as the regulatory environment changes-- which is a certainty. And by the way, this on-demand flexibility will also help you manage your business more effectively. The only certainty in this life is change, and your business needs to move just as quickly.

Related Webinar:
Using BPM To Limit Exposure Under Sarbanes-Oxley

About the Author

Brett MacIntyre is Vice President, Content Management and Information Integration of the IBM Software Group.Brett has worldwide responsibilities for product development, marketing, sales and customer support. Previously, Brett was director of database technology, IBM Canada Laboratory, Toronto, where he was responsible for product management, development and customer support for IBM's market-leading DB2 database software. Brett began his career with IBM in 1985 as a DB2 product developer. Brett holds a Master of Business Administration degree from York University in Toronto, Ontario and a Bachelor's degree in Computer Science from University of Manitoba.

More by Brett MacIntyre

About IBM

IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key IBM Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of on demand business. For more information about IBM, visit http://www.ibm.com.