Details

Using Compliance Manager to Run Your Compliance Program

Compliance Manager helps to organize, streamline and automate your Compliance Program through several functions.

• Compliance Framework Management and Reporting
  
• Compliance Task Management
• Control Walkthrough and Readiness Assessment Tools
• Control Testing Tools
• Custom Dashboards
• Automated Reporting and Notifications
• Audit Evidence and Document Repository

Compliance Framework Management

Your Compliance Framework is made up of all of the business, industry, legislative, and management requirements your organization must meet, such as SOX, PCI, FFIEC, GLBA, HIPAA or management directives. The framework first compiles all of the requirements and organizes them in Objectives, which provide the management direction, or 'governance' guidelines. The Objective does not define how an area is addressed, it simply says what must be addressed.

The second aspect of your framework are the actions taken to meet management Objectives. We call these Activities. The Objective may state that systems must be secure. There will be several Activities required to meet this Objective. We use Compliance Manager to structure our Objectives and define the Activities necessary to meet the Objective.

Compliance Manager provides you the ability to generate custom reports on all aspects of your compliance program. You can view your structure or status by compliance requirement, such as SOX key controls, PCI DSS requirements or FFIEC workbooks. Or, you can view the program from the perspective of a particular member of your team by showing only the pieces that apply to them. You can view the program as a calendar of who does what and when through the year. Since all of your compliance information is in one place, the methods to report on it are unlimited. And there is no extra cost for creating new reports, you can even do it yourself.

Compliance Task Management

One of the most challenging aspects of maintaining a successful compliance program is knowing who is supposed to do what and when. Often compliance tasks get lost in the shuffle of daily work keeping the business running, which ends up in an annual, and costly, pre-audit fire drill trying to round up as much information as possible in hopes of being able to pacify the auditors.

Compliance Manager takes the fire drill out of maintaining your compliance program. Activities required to meet compliance objectives are driven out to the individuals who are responsible for performing them through a Compliance Manager function called a Compliance Task.

Compliance Tasks notify a task owner when a task is due, what needs to be done and provides them a simple method to save their work. And by following the process, all the necessary documentation is in one place come audit time.

Control Walkthroughs and Readiness Assessments

Effective management of a successful compliance program is based on knowing where your strengths and weaknesses lie and being able to provide business decision makers the information they need to chart the course of the organization. Performing a Control Walkthrough lets us assess the current state of a control, while documenting the process around the control.

Compliance Manager has a built in tool for performing, documenting, rating and reporting on the current state of your control environment. Assessments are performed following a straighforward process, documented in Compliance Manager. The assessments are rated using the COBIT maturity model, or a scale of your choice. Summary reporting can be sent automatically to the key people in your organization so they can effectively incorporate compliance into strategic planning efforts.

The assessment process has an additional benefit in having fully documented control processes ready for audit time. Significant audit cost savings can be recognized when you are able to present your audit team with a clearly documented process handbook, which will help them get through the audit process in a more timely fashion.

Control Testing

Testing your controls is critical for success. With the release of the AS5 auditing standard in the SOX world, we have the opportunity to further cut our audit costs if our testing is organized and clearly documented to the level where our external auditors can use our work. The testing module of Compliance Manager is designed with this in mind.

Compliance Manager has an integrated workflow that allows you or your audit team to perform control testing. The testing function lets you document your work in a structured form, record and save your testing samples, have tests reviewed and approved by a separate person or group, and report on your testing progress in real time. All of your work is integrated into Compliance Manager workflows so your team can always view the testing results in their area.

At audit time all of your testing work is available and accessible through Compliance Manager. You can even provide a Compliance Manager view to your external auditors, further streamlining the audit process and cutting down on excess printing, binding and running around to find information.

Custom Dashboards

Compliance Manager sets up custom roles for each user. Each role is tailored to show them the information and details related to their job function. A custom dashboard is tied to each role so users can have a simple view of their information. Task assignments, management reporting, summary charts and overdue notices can all be displayed on a user's dashboard.

Automated Notifications

The key to keeping the compliance program on track is making sure it doesn't get lost in the shuffle. Compliance Manager solves this by generating automatic notifications when a task is coming due, when a task is late, or when a status changes. Notifications can be sent when a test is failed or a walkthrough finds a problem. And, management  reporting can be automatically sent on a defined schedule.

Audit Evidence and Document Repository

Successful audits require complete documentation. Compliance Manager provides your team with a central place for organizing and maintaining audit documentation. Instead of a virtual 'dumping ground' where documents and reports are haphazardly saved, every document in Compliance Manager is associated with the function it supports. Task evidence is attached to the task it supports, design documents are attached to process walkthroughs, testing evidence is attached to the test. All of this information is easily grouped and sorted by function, resource, compliance objective or in any other way you need to see it.