Karl Hindle is Director of Marketing for HighGear, and a former auditor with Arthur Andersen & Co. and Pannell Kerr Forster (UK).
No matter which compliance regime you are operating under, you must establish visibility into the business processes operating at the heart of your compliance and risk management efforts. If you are unable to gain visibility into who does what and when (and by when), then you are running blind and will be unable to effectively establish appropriate controls and procedures, nor be able to establish adequate audit procedures.
There is also the major issue of operating under multiple compliance and regulatory regimes, compounded by the lack of a centralized repository of business processes. This means that different compliance regimes are tackled using a multitude of processes and platforms, leading to the creation of silos for both compliance regimes and operational risk.
Under such circumstances, there is no single source of truth which can be relied upon.
Additionally, process improvement is slowed down, and cross-fertilization of ideas and best practice is hindered because of the creation of compliance silos.
Using BPM to Gain Visibility & Control
HighGear is an ideal tool for compliance and risk management because it provides full visibility into business processes and workflows, in real-time if required too. By creating and managing end-to-end business processes within a unified work platform, you are able to “bake in” compliance and risk management controls no matter what the compliance regime you are governed by, and irrespective of the multitude of compliance requirements you must comply with (Sox, ISO90001, ISO27001, EHAS, SAS 70,ITIL, NIST 800-53, etc.)
Embedding compliance rules and controls into the everyday workflows used by your employees ensures required behavior and actions are quickly communicated and understood by responsible staff. Your approach to compliance becomes much more agile and responsive, both to changing business conditions, customer demands and the changing requirements of regulators and compliance regimes. There are also significant cost savings to be gained, while reporting and auditing are streamlined and much more effective.
Providing a unified work platform which is totally flexible and can support any compliance and risk management process, including multiple compliance and regulatory regimes, and any business and risk controls you wish to impose and enforce. This also provides a common core of business processes across all parts of the organization and to all staff and stakeholders, molded around how you do business.
HighGear provides full visibility into business processes and workflows, and this delivers total transparency required for effective compliance and risk management.
A centralized repository for process and compliance communication, ensuring all stakeholders, managers and staff are aware of compliance requirements and policies, and documenting receipt of such communications.
HighGear provides proactive alerts and notifications, set by operations and/or compliance staff, automatically delivering notifications personalized to the appropriate recipients, and either triggered by workflow rules where an exception occurs, or scheduled at whatever recurring interval is desired.
Audit and reporting functionality which is fully customizable by compliance and risk management staff, and again, capable of being automatically distributed to appropriate individuals nominated to handle a particular compliance or risk management issue.
Role based permissions ensure that each user, or class of users (e.g. a team or a department) only get to see what they are supposed to see in order to perform their job, this includes the ability to restrict what they can actually change within HighGear. Different access privileges can be provided depending on the particular task, project or file being worked on.
Record level access ensures that users or teams gain access to information they need at that time – this provides simplified management of tasks flowing through business processes and the users and teams working on them.
HighGear also provides user security and integrated authentication with all contact records, (staff, vendors and customers) being organized and stored hierarchically in a central repository, with access strictly controlled and logged. HighGear uses your Active Directory server, making it simple and easy to define password policies and provide automatic Windows authentication.
A non-repudiable audit trail is also provided delivering a single, unified record of truth with a complete recording system, which includes a complete archive of all changes made to any aspect of the platform (whether underlying data, files, tasks, projects, workflows – anything!)
Closely related to the audit trail functionality is the system-wide configuration change log – this ensures that all changes to the platform, whether made by a user or an administrator, or themselves logged within HighGear, including a date and time stamp.
Application of HighGear as a Compliance and Risk Management Solution
Some instances of HighGear being used to manage compliance and risk management for a number of our customers, including:
- Managing fund management compliance and reporting, including scheduling of recurring tasks and deadlines for regulator and customer reporting and notifications.
- Providing an underwriting platform for an insurance company, including providing the ability to track and manage requests and tasks as they move through the underwriting process.
- Managing oil and gas pipeline compliance subjected to multiple international, federal, state, county and municipal jurisdictions with tens of thousands of separate legal agreements and covenants.
- Managing HR onboarding procedures for a national bank, including reporting compliance with E-Verify for immigration purposes.
- Managing compliance and legal documentation for an environmental services company processing grants on behalf of customers, including streamlining and speeding up compliance auditing.