the
Risks of Regulatory Non-Compliance in light of SOX
--N. Miller
The cost and magnitude of regulatory mandates associated with corporate
compliance, particularly records management, have increased significantly
in recent years. As a result, many more companies, not just those in traditionally
regulated environments such as pharmaceuticals and aerospace are finding
that they need to change from a departmental plan or ad hoc approach to
an enterprise-wide compliance strategy. Is your organization prepared to
meet the regulatory requirements of the Department of Defense 5015.2
Standard, the Sarbanes-Oxley Act of 2002, or the Security and Exchange Commission's
Rule 17a? How will your company balance the cost of compliance with
the risks of non-compliance? What are you doing to build investor confidence
and trust - and can you do it without diluting shareholder value? And, last,
but certainly not least, how much will it cost you to comply?
To reduce
risks as well as costs, companies are turning to enterprise content
management (ECM) - of which enterprise records management (ERM)
is a significant part. Because ECM provides a robust environment for
managing all types of unstructured content (documents, Web pages,
images, rich media, etc.) across the full lifecycle (creation, management,
delivery, and archive), companies can solve not only their compliance
challenges, but leverage this investment for on going competitive advantage
and operational efficiency. This article explains the challenge of new
corporate regulations and outlines how your company can meet that challenge
through an effective ERM strategy tightly integrated with ECM.
Understanding
the Regulations
Many organizations
throughout American government and business have adopted Department of
Defense (DoD) Directive 5015.2, issued in 1997, as a de facto records
management standard. It provides detailed implementation and procedural
guidance on the management of records in the DoD and its departments and
offices.
In 2002,
Congress enacted the Sarbanes-Oxley (SOX) Act in response to Enron,
Worldcom, and other accounting scandals. SOX affects all publicly traded
companies, private companies that may go public or be acquired by a public
company, and public accounting firms. Among other things, it makes it
a federal crime to obstruct justice by destroying or tampering with corporate
accounting records. Section 404 of SOX specifically outlines the requirements
for public companies regarding records retention. Everything must be documented
in a way that can be reviewed by auditors, including policies and procedures,
approvals, authorizations, verifications, recommendations, and performance
reviews, in addition to financial data. This includes the widely publicized
mandate that CEOs and CFOs must personally certify all financial statements.
In addition
to responding to the Sarbanes-Oxley mandates, companies must comply with
an expanded SEC Rule 17a and related regulations. SEC Rules 17a-3
and 17a-4 spell out new requirements for securities brokers, dealers,
investment companies, financial advisers, and transfer agents regarding
records of electronic interoffice communications and communications with
customers. Other regulations relevant to records management include NASD
Rules 2210, 3010, and 3110, NYSE Rules 342 and 440, ISO 15489, and MOREQ.
Together, these rules impose strict ERM requirements on regulated organizations.
In responding
to these new regulations and the events that led to their adoption, executives
face many challenges. They must manage compliance issues inside and outside
the enterprise, balance the organizational costs of compliance with the
risks of non-compliance, increase visibility and transparency for corporate
practices, and take other steps to maintain or restore investor confidence.
» To learn how enterprise records management helps organizations
meet the challenges of broad challenges of compliance, go
here.
»To
learn more about records management solutions that enable compliance,
contact Image Data for a no-hassle Document Management
Assessment.
|
