Posted by Mark Brousseau
Pre-paid cards are primed for explosive growth in the coming year, according to a survey conducted by Firstsource Solutions.
Fifty percent of payment industry professionals surveyed expect wider adoption of pre-paid cards as more consumers move away from credit cards and cash. Nearly 30 percent of respondents said that more consumers would become “loaders” (i.e. depositing more money to their pre-paid accounts).
“We’re seeing a growing interest in pre-paid cards in consumer segments that weren’t originally drawn to using such a form of payment,” says Tim Smith, senior vice president, Banking Financial Services & Insurance, Firstsource. “Our findings support recent research about the upward trend in the pre-paid market which shows that an estimated $37 billion was loaded onto prepaid cards last year, compared to $18 billion in 2009 and $9 billion in 2008.”
Survey respondents indicated that there is a huge opportunity for the pre-paid market to expand its customer base beyond the most likely consumer targets. More than 40 percent indicated that increased scrutiny from regulators regarding loading and set-up fees will pose the greatest risk to the industry. Additionally, 47 percent said educating card holders on the nuances of a pre-paid will be critical to successful adoption and overall growth in the market.
Firstsource’s survey also examined sentiment on the current regulatory climate in the payments industry. While Dodd-Frank was top-of-mind for 45 percent of payments professionals, the Consumer Financial Protection Act has fallen off the radar for most industry executives (only 9 percent of respondents indicated it was currently a priority issue).
What do you think?
Showing posts with label Dodd-Frank legislation. Show all posts
Showing posts with label Dodd-Frank legislation. Show all posts
Thursday, June 2, 2011
Friday, November 12, 2010
The Top 5 Compliance Issues That Smolder Beneath The Surface
By Dan Wilhelms
When firefighters arrive at a burning building, their first priority (of course) is to knock down the visible flames. Yet experienced firefighters know that when those flames are extinguished, the job isn’t done yet. That’s the time they go in and start looking for the hidden flames – the smoldering materials in a ceiling or behind a wall that could suddenly erupt and engulf them when they’re not expecting it. They know those hidden fires can be the most dangerous of all simply because they can’t be seen until it’s too late.
For the past few years, IT and compliance managers have been like those firefighters first arriving on the scene. You’ve been putting out the compliance fires – the big issues that have been burning brightly since SOX legislation was passed in the early part of the millennium. You’ve done a good job too, creating a new compliance structure where roles are defined, segregation of duties (SOD) is the standard and transactions are well-documented.
Yet just like those firefighters, the job isn’t finished yet. There are still all kinds of compliance issues that, while not as visible as the first ones you tackled, can still create a back-draft that will burn your organization if you’re not careful. Following are five of the most pressing (and potentially dangerous).
Excessive access – With the complexity of the security architecture that is part of modern ERP systems, it’s easier than you might think to accidentally give some users access to potentially sensitive transactions that might be far outside their job descriptions. Access is usually assigned by the help desk, and in the heat of battle, with many pressing issues, they may not be as careful about assigning or double-checking authorizations as they should be. When that occurs, it can lead to all types of dangers.
Imagine a parts picker in the warehouse being given access to every SAP transaction in the organization (which has happened, by the way). In that instance, the warehouse worker started running and looking at transactions (including financial transactions) just out of curiosity. But what if he’d had a different agenda? He could have changed the data, either accidentally or maliciously, or executed a fraudulent transaction, creating a serious compliance breech.
Even if he didn’t change anything, there’s still a productivity issue. After all, if he’s busy running a myriad of SAP transactions, he’s not busy picking orders.
Excessive access is not the type of issue that will show up in a SOD report. The best way to address it is by installing governance, risk and compliance (GRC) software that makes managing security and authorization easier. The software should also provide you with tools that help you measure and monitor actual system usage so you can see whether the things users are doing and the places they’re going within the system are appropriate to their job requirements. Having automated systems in place is particularly important in smaller enterprises that usually do not have the resources for a lot of manual inspection.
Access to sensitive data – Users don’t necessarily need access to a broad variety of data to pose a risk; they just need access to particular data. For example who can open and close posting periods. Who can view HR salary and benefits information? Again, this is nothing that is likely to show up on a SOD report, yet it’s a very real risk.
We’ve all heard the stories about how a certain soft drink manufacturer’s formula is better-guarded than the launch codes for nuclear weapons. Imagine if the formula was sitting on the ERP system and the wrong person was given access to it – or given access to payroll, HIPAA or other sensitive information.
One key to controlling access to sensitive data, of course, is to exercise more care when assigning authorizations. This is called preventative controls. It’s also important to use reverse business engineering tools to see who does have access to sensitive transactions, whether that access is appropriate, and what they did with the information once they had it. This is called detective controls. It’s like following the smoke to discover where the hidden fire is.
Poor segregation of duties – Although SOD has already been mentioned, some organizations are not familiar with what it is and its purpose. Let’s look at the nuclear missiles analogy again. In order to launch, there are two keys controlled by two different people. Two keys are used to assure that no one person has control of the missiles in case someone decides to “go rogue.”
It’s the same with financial transactions in an enterprise. You don’t want one person to be able to create a vendor in your SAP system and then initiate payment of that same vendor; you’re just asking people to steal from you.
That’s why it’s important to have value-added tools that analyze user access against the enterprise’s SOD rulebook and flag any conflicting functions. An ongoing analysis will point out any areas of risk so they can be remediated, and keep you informed should the situation change.
Of course, in a smaller organization, conflicting duties may not be avoidable. Everyone is expected to wear multiple hats, and sometimes those hats do not allow for proper segregation. In those instances, you need to have tools that can monitor actual transactions and report against them so you can see if a compliance violation is occurring. In other words, if someone has to carry both keys, you know when they’ve inserted them both into the control panel through mitigating controls.
Even with the proper tools, it’s unlikely you’ll ever bring SOD conflicts down to zero. But you can get awfully darned close, and keep an eye on what happens from there.
Introduction of malicious programs into production systems – The modern reality is that ERP systems are rarely steady state. Often enterprises have multiple initiatives going on that introduce new data, configuration and programs into the production systems.
With lean staffing and urgent deadlines, often changes are not properly tested or audited. In other words, they don’t use proper change management. A developer who has the means to do it, the motive to do it and knows whether he/she can get away with it can wreak all kinds of havoc by including malicious code along with legitimate code when new applications are moved into production. Malicious code can download sensitive data, create fraudulent transactions, delete data or crash the systems.
It is critical to have a second person reviewing any changes at every step of the way. What that means is the person who requests the change can’t be the person who develops it; the developer can’t be the person who tests it; the person who tests it can’t be the same person who migrates it into production. In other words, transport development and approvals cannot be given by a single person – instead, an independent approver or even a committee must be controlling the entire process.
Change management duties need to be segregated and managed throughout the entire process. Even if not malicious, poorly coded, untested programs can result in a catastrophic outage. Given that in a large enterprise an hour of downtime can cost $1 million, it’s easy to see why proper change management is worth the investment.
Emergency access – In large ERP environments, there’s always the chance that emergency maintenance of production systems will need to be performed. When it does, and the enterprise is dialing 9-1-1, someone needs to be given emergency “super user” access to everything in the system. Such emergency maintenance is often by outside parties (e.g. the software vender or 3rd party consultants).
The problem is these emergency all-access passes aren’t always tracked very well. Everyone is so fixed on putting out the fire – for example unlocking a sales order that has frozen the entire system – that they never think about documenting what transactions were performed or what data was changed. The risk is increased by the widespread use of generic “firefighter” user IDs whereby the individual performing the actions isn’t definitively known.
You’d like to think that the person you give super user access to can be trusted. But blind trust is what has gotten other enterprises into trouble in the past. The person with full access may make other changes while he/she is in there – either accidentally or on purpose. You need to be able to monitor who has all-access and what they do while they have it.
It is critical to have tools that allow you to track what these super-users do while they’re in the system. Not just for the day-to-day operation of the business, but for the auditors as well. When auditors see someone has been given this additional emergency access, their job is to immediately assume the person did something nefarious. It will be your job to prove they didn’t. You’ll need to show why access was granted, what was done while the person was in there, when/how long the person was in the system, what changes were made and when the person exited.
While it’s important to put out the big compliance blazes, keep in mind those are the ones that are also easy to see. Once they’re under control, take a tip from the professional firefighters and be sure to check for the smaller, smoldering flashpoints. It’s your best insurance against getting burned.
Dan Wilhelms is President and CEO of SymSoft Corporation (www.controlpanelGRC.com, the makers of ControlPanelGRC, professional solutions for compliance automation. He can be reached at dwilhelms@sym-corp.com.
When firefighters arrive at a burning building, their first priority (of course) is to knock down the visible flames. Yet experienced firefighters know that when those flames are extinguished, the job isn’t done yet. That’s the time they go in and start looking for the hidden flames – the smoldering materials in a ceiling or behind a wall that could suddenly erupt and engulf them when they’re not expecting it. They know those hidden fires can be the most dangerous of all simply because they can’t be seen until it’s too late.
For the past few years, IT and compliance managers have been like those firefighters first arriving on the scene. You’ve been putting out the compliance fires – the big issues that have been burning brightly since SOX legislation was passed in the early part of the millennium. You’ve done a good job too, creating a new compliance structure where roles are defined, segregation of duties (SOD) is the standard and transactions are well-documented.
Yet just like those firefighters, the job isn’t finished yet. There are still all kinds of compliance issues that, while not as visible as the first ones you tackled, can still create a back-draft that will burn your organization if you’re not careful. Following are five of the most pressing (and potentially dangerous).
Excessive access – With the complexity of the security architecture that is part of modern ERP systems, it’s easier than you might think to accidentally give some users access to potentially sensitive transactions that might be far outside their job descriptions. Access is usually assigned by the help desk, and in the heat of battle, with many pressing issues, they may not be as careful about assigning or double-checking authorizations as they should be. When that occurs, it can lead to all types of dangers.
Imagine a parts picker in the warehouse being given access to every SAP transaction in the organization (which has happened, by the way). In that instance, the warehouse worker started running and looking at transactions (including financial transactions) just out of curiosity. But what if he’d had a different agenda? He could have changed the data, either accidentally or maliciously, or executed a fraudulent transaction, creating a serious compliance breech.
Even if he didn’t change anything, there’s still a productivity issue. After all, if he’s busy running a myriad of SAP transactions, he’s not busy picking orders.
Excessive access is not the type of issue that will show up in a SOD report. The best way to address it is by installing governance, risk and compliance (GRC) software that makes managing security and authorization easier. The software should also provide you with tools that help you measure and monitor actual system usage so you can see whether the things users are doing and the places they’re going within the system are appropriate to their job requirements. Having automated systems in place is particularly important in smaller enterprises that usually do not have the resources for a lot of manual inspection.
Access to sensitive data – Users don’t necessarily need access to a broad variety of data to pose a risk; they just need access to particular data. For example who can open and close posting periods. Who can view HR salary and benefits information? Again, this is nothing that is likely to show up on a SOD report, yet it’s a very real risk.
We’ve all heard the stories about how a certain soft drink manufacturer’s formula is better-guarded than the launch codes for nuclear weapons. Imagine if the formula was sitting on the ERP system and the wrong person was given access to it – or given access to payroll, HIPAA or other sensitive information.
One key to controlling access to sensitive data, of course, is to exercise more care when assigning authorizations. This is called preventative controls. It’s also important to use reverse business engineering tools to see who does have access to sensitive transactions, whether that access is appropriate, and what they did with the information once they had it. This is called detective controls. It’s like following the smoke to discover where the hidden fire is.
Poor segregation of duties – Although SOD has already been mentioned, some organizations are not familiar with what it is and its purpose. Let’s look at the nuclear missiles analogy again. In order to launch, there are two keys controlled by two different people. Two keys are used to assure that no one person has control of the missiles in case someone decides to “go rogue.”
It’s the same with financial transactions in an enterprise. You don’t want one person to be able to create a vendor in your SAP system and then initiate payment of that same vendor; you’re just asking people to steal from you.
That’s why it’s important to have value-added tools that analyze user access against the enterprise’s SOD rulebook and flag any conflicting functions. An ongoing analysis will point out any areas of risk so they can be remediated, and keep you informed should the situation change.
Of course, in a smaller organization, conflicting duties may not be avoidable. Everyone is expected to wear multiple hats, and sometimes those hats do not allow for proper segregation. In those instances, you need to have tools that can monitor actual transactions and report against them so you can see if a compliance violation is occurring. In other words, if someone has to carry both keys, you know when they’ve inserted them both into the control panel through mitigating controls.
Even with the proper tools, it’s unlikely you’ll ever bring SOD conflicts down to zero. But you can get awfully darned close, and keep an eye on what happens from there.
Introduction of malicious programs into production systems – The modern reality is that ERP systems are rarely steady state. Often enterprises have multiple initiatives going on that introduce new data, configuration and programs into the production systems.
With lean staffing and urgent deadlines, often changes are not properly tested or audited. In other words, they don’t use proper change management. A developer who has the means to do it, the motive to do it and knows whether he/she can get away with it can wreak all kinds of havoc by including malicious code along with legitimate code when new applications are moved into production. Malicious code can download sensitive data, create fraudulent transactions, delete data or crash the systems.
It is critical to have a second person reviewing any changes at every step of the way. What that means is the person who requests the change can’t be the person who develops it; the developer can’t be the person who tests it; the person who tests it can’t be the same person who migrates it into production. In other words, transport development and approvals cannot be given by a single person – instead, an independent approver or even a committee must be controlling the entire process.
Change management duties need to be segregated and managed throughout the entire process. Even if not malicious, poorly coded, untested programs can result in a catastrophic outage. Given that in a large enterprise an hour of downtime can cost $1 million, it’s easy to see why proper change management is worth the investment.
Emergency access – In large ERP environments, there’s always the chance that emergency maintenance of production systems will need to be performed. When it does, and the enterprise is dialing 9-1-1, someone needs to be given emergency “super user” access to everything in the system. Such emergency maintenance is often by outside parties (e.g. the software vender or 3rd party consultants).
The problem is these emergency all-access passes aren’t always tracked very well. Everyone is so fixed on putting out the fire – for example unlocking a sales order that has frozen the entire system – that they never think about documenting what transactions were performed or what data was changed. The risk is increased by the widespread use of generic “firefighter” user IDs whereby the individual performing the actions isn’t definitively known.
You’d like to think that the person you give super user access to can be trusted. But blind trust is what has gotten other enterprises into trouble in the past. The person with full access may make other changes while he/she is in there – either accidentally or on purpose. You need to be able to monitor who has all-access and what they do while they have it.
It is critical to have tools that allow you to track what these super-users do while they’re in the system. Not just for the day-to-day operation of the business, but for the auditors as well. When auditors see someone has been given this additional emergency access, their job is to immediately assume the person did something nefarious. It will be your job to prove they didn’t. You’ll need to show why access was granted, what was done while the person was in there, when/how long the person was in the system, what changes were made and when the person exited.
While it’s important to put out the big compliance blazes, keep in mind those are the ones that are also easy to see. Once they’re under control, take a tip from the professional firefighters and be sure to check for the smaller, smoldering flashpoints. It’s your best insurance against getting burned.
Dan Wilhelms is President and CEO of SymSoft Corporation (www.controlpanelGRC.com, the makers of ControlPanelGRC, professional solutions for compliance automation. He can be reached at dwilhelms@sym-corp.com.
Monday, October 18, 2010
Dodd-Frank to Usher in 'Decade of the Whistleblower?"
Posted by Mark Brousseau
When President Obama signed the Wall Street reform bill into law on July 21, two prominent attorneys say he likely ushered in what might be called "the decade of the whistleblower"—an era marked by a flood of federal investigations sparked by bounty-hunting employees looking to cash in on rewards that, in some cases, could turn them into instant millionaires.
Indeed, the Dodd-Frank bill became law just three months ago, but plaintiff's firms already report an astronomical jump in calls from would-be whistleblowers, note LeClairRyan attorneys James P. Anelli, a veteran labor and employment attorney with decades of experience representing management, and Carlos F. Ortiz, a seasoned white-collar defense attorney who served as a federal prosecutor for more than 15 years. Both attorneys are shareholders in LeClairRyan, based in the firm's Newark, N.J., office.
While the Dodd-Frank Act has been widely discussed, it's extremely significant whistleblower provisions have gone nearly unnoticed, the attorneys say. And yet, under those provisions, whistleblowers that provide information that exposes SEC violations will get up to 30 percent of fines exceeding $1 million. "Bear in mind that recent fines involving violations of the Foreign Corrupt Practices Act (FCPA) have reached up to $100 million," Ortiz notes. "The fallout from these whistleblower provisions will be huge. This is an incredible incentive for employees who are looking to get rich to do all they can to gather information on, and report, potential violations by their employers. Why would they go through existing compliance hotlines when they can contact a plaintiff's attorney and pursue such potentially lucrative payouts?"
Generally speaking, the scope of previous SEC whistleblower laws was limited to cases of insider trading. Dodd-Frank, which will be administered by the newly created Bureau of Consumer and Financial Protection, applies to all potential SEC and commodities-trading violations. For a variety of reasons, it will affect a broad swath of both private and public entities, Anelli notes. "In the old days, whistleblower laws applied to Wall Street traders using insider knowledge to swap 'hot stock tips' with each other, but the new framework is quite broad," he explains. "It applies to virtually any company that deals with consumer credit, loans or property in any capacity, including mortgage brokers, financial advisors and credit-counseling services."
Ortiz says public companies that do business overseas could be forced to deal with an upsurge in employee-generated complaints under FCPA (the conduct of foreign intermediaries, for example, is already under close federal scrutiny.) But public companies are not the only ones that will be affected by the bounty-hunting provisions, Ortiz warns: their subsidiaries and privately-held competitors might also come under closer federal scrutiny.
"Let's assume your company is privately owned and does business in Malaysia," Ortiz says. "If your chief competitor in the market is a publicly-traded American company that, thanks to a whistleblower complaint, becomes the target of a federal investigation, the Department of Justice might launch a broader 'industry probe.' DOJ might say, in effect, 'Now that we know Company X was bribing officials in Malaysia to get work, let's investigate all of its competitors.'"
Moreover, Anelli says the new whistleblower provisions apply to all of the subsidiaries of any public company. "A large public company might have 100 subsidiaries, and as long as the financial information of those subsidiaries is used in its consolidated financial statement, those entities are covered under this law," he says. "The 'Wall Street reforms' actually have a reach that is far beyond the publicly-traded realm."
The potential stakes, the attorneys note, are high: Federal enforcement actions have been increasingly aggressive in recent years, with approximately 150 companies already under investigation for FCPA violations and a growing number of individual executives being singled out for prosecution. "The reforms included a burden-shifting framework that is favorable to employees," Anelli concludes. "Under this framework, employees in many instances will now be able to show that they meet the burden of proof that is required to recover their cut of the eventual fine. Because of the amounts involved, whistleblower cases are going to turn into big business for plaintiff's law firms. As more whistleblowers start making big bounties—and headlines—the number of investigations will only grow. Careful preparation clearly is in order."
What do you think?
When President Obama signed the Wall Street reform bill into law on July 21, two prominent attorneys say he likely ushered in what might be called "the decade of the whistleblower"—an era marked by a flood of federal investigations sparked by bounty-hunting employees looking to cash in on rewards that, in some cases, could turn them into instant millionaires.
Indeed, the Dodd-Frank bill became law just three months ago, but plaintiff's firms already report an astronomical jump in calls from would-be whistleblowers, note LeClairRyan attorneys James P. Anelli, a veteran labor and employment attorney with decades of experience representing management, and Carlos F. Ortiz, a seasoned white-collar defense attorney who served as a federal prosecutor for more than 15 years. Both attorneys are shareholders in LeClairRyan, based in the firm's Newark, N.J., office.
While the Dodd-Frank Act has been widely discussed, it's extremely significant whistleblower provisions have gone nearly unnoticed, the attorneys say. And yet, under those provisions, whistleblowers that provide information that exposes SEC violations will get up to 30 percent of fines exceeding $1 million. "Bear in mind that recent fines involving violations of the Foreign Corrupt Practices Act (FCPA) have reached up to $100 million," Ortiz notes. "The fallout from these whistleblower provisions will be huge. This is an incredible incentive for employees who are looking to get rich to do all they can to gather information on, and report, potential violations by their employers. Why would they go through existing compliance hotlines when they can contact a plaintiff's attorney and pursue such potentially lucrative payouts?"
Generally speaking, the scope of previous SEC whistleblower laws was limited to cases of insider trading. Dodd-Frank, which will be administered by the newly created Bureau of Consumer and Financial Protection, applies to all potential SEC and commodities-trading violations. For a variety of reasons, it will affect a broad swath of both private and public entities, Anelli notes. "In the old days, whistleblower laws applied to Wall Street traders using insider knowledge to swap 'hot stock tips' with each other, but the new framework is quite broad," he explains. "It applies to virtually any company that deals with consumer credit, loans or property in any capacity, including mortgage brokers, financial advisors and credit-counseling services."
Ortiz says public companies that do business overseas could be forced to deal with an upsurge in employee-generated complaints under FCPA (the conduct of foreign intermediaries, for example, is already under close federal scrutiny.) But public companies are not the only ones that will be affected by the bounty-hunting provisions, Ortiz warns: their subsidiaries and privately-held competitors might also come under closer federal scrutiny.
"Let's assume your company is privately owned and does business in Malaysia," Ortiz says. "If your chief competitor in the market is a publicly-traded American company that, thanks to a whistleblower complaint, becomes the target of a federal investigation, the Department of Justice might launch a broader 'industry probe.' DOJ might say, in effect, 'Now that we know Company X was bribing officials in Malaysia to get work, let's investigate all of its competitors.'"
Moreover, Anelli says the new whistleblower provisions apply to all of the subsidiaries of any public company. "A large public company might have 100 subsidiaries, and as long as the financial information of those subsidiaries is used in its consolidated financial statement, those entities are covered under this law," he says. "The 'Wall Street reforms' actually have a reach that is far beyond the publicly-traded realm."
The potential stakes, the attorneys note, are high: Federal enforcement actions have been increasingly aggressive in recent years, with approximately 150 companies already under investigation for FCPA violations and a growing number of individual executives being singled out for prosecution. "The reforms included a burden-shifting framework that is favorable to employees," Anelli concludes. "Under this framework, employees in many instances will now be able to show that they meet the burden of proof that is required to recover their cut of the eventual fine. Because of the amounts involved, whistleblower cases are going to turn into big business for plaintiff's law firms. As more whistleblowers start making big bounties—and headlines—the number of investigations will only grow. Careful preparation clearly is in order."
What do you think?
Tuesday, September 7, 2010
Make More of Your Data-rich Systems to Meet Dodd-Frank Requirements
By Laurel Sanders, Optical Image Technology (lsanders@docfinity.com)
Remember Aesop’s fable, The Miser and His Gold? A miser buries his cache of gold coins under a tree, periodically unearthing them and marveling at his lustrous collection before hiding them again. One day, an onlooker notices. Shortly afterward, the fortune disappears. The miser’s opportunity to use his treasure is gone. The moral: “Wealth unused might as well not exist.”
The lesson applies to the valuable information systems you own, too. If they aren’t integrated to enable efficient sharing of your content everywhere it has value, their potential is wasted. Idle information might as well not exist.
Dodd-Frank: implications for the enterprise
If you’ve followed the latest financial publications, you’re aware of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Like other current legislation, the new laws are designed to:
· Reduce fragmentation and complexity in data management;
· Demand data consistency enterprise-wide; and
· Increase organizational transparency.
Similar to recent healthcare regulations, Dodd-Frank has significant implications for data management across the enterprise. The good news: if you already have quality information systems, you may be able to meet numerous challenges without starting over—by giving your systems a common foundation.
Building on what you have
When your institution chose its core financial systems, line-of-business applications, email application and other software, significant deliberation probably preceded each purchase. Unless your systems are ancient (or worthless), we’ll assume good quality capture of data, and solutions that achieve what they were designed to do.
Challenges in meeting recent regulatory requirements arise from demands that exceed what your systems were designed to accomplish. Many solutions were intended to address departmental needs without a vision to enterprise-wide communication. Now, legislation is demanding an enterprise approach that:
· Unifies data classification practices;
· Certifies information accuracy and consistency;
· Standardizes reporting; and
· Creates uniform data governance frameworks.
Enterprise content management (ECM) software, when integrated with business systems, provides centralized, uniform access to diverse digital information -- no matter how it’s captured or where it resides. Think of it like a credit card. If you’ve traveled internationally, you know it’s challenging to manage purchases amid constantly changing currency. A credit card alleviates the aggravation, allowing diverse systems to communicate seamlessly. Instead of converting currencies, just swipe your card. The exchange is automatic; the transfer is understood. You get what you need, within moments, wherever you are.
The role of browser-based ECM
If your workers value their separate information systems – which they probably do – ECM doesn’t demand change. Instead, it enables secure 24/7 access to a centralized repository that connects authorized persons with all of the systems and information they’re allowed to see, and to use the latter according to their permissions. ECM lets you dictate things like:
· Who can list or view specific document types;
· Who can edit, annotate, sign, or email them; and
· Who may purge or delete files.
Information becomes standardized, accessible via a single repository and a consistent interface. The system knows where all of your content resides, and which information belongs together, just as your credit card recognizes purchases you make and the countries, currencies, and US equivalencies each represents.
1.Unifies data classification practices
Uniform classification requires a strategic file plan alongside carefully conceived taxonomies that meet diverse needs. ECM provides the tools to execute that plan faithfully. Scans, bar codes, and online forms consistently follow your prescribed indexing rules, easing search.
Together, your indexing plan and ECM ensure:
· Metadata criteria are complete upon document capture (file type, lifespan, format, source, etc.);
· Data captured meets criteria for length, format, type, etc. (i.e., ID numbers requiring a pre-set sequence of digits/dashes);
· Data pertinent to search is complete and compliant, ensuring success;
· Document types are segmented to ensure searches return relevant information.
2.Encourages information accuracy and consistency
When ECM includes process automation, meaningful data is captured and re-used intelligently. Business process management (BPM) software throws your documents and information against your rules, ensuring speed and uniformity in routine decision making and exception handling.
Together, they let you:
· Associate, package, and flow related files for action;
· Pre-fill forms and documents with stored information, eliminating keying errors;
· Extract and push data from one source to another at specific points in recurrent processes.
3.Enables standardized reporting
Just as your credit card bill summarizes your purchases--regardless of where and how they were made--ECM extracts data from multiple systems with which it is integrated so you can create holistic, complete reports. Instead of separate audits detailing customer transactions from various applications, everything is centralized, providing better insight. Automatic conversion to PDF and other formats ensures universal access while guarding against tampering.
4.Creates uniform data governance frameworks
Good governance--a central thrust of Dodd-Frank legislation--requires an IT infrastructure that supports fairness and uniformity in decision-making and implementation. For informed decision-making, data used to reach decisions must be accurate, timely, and appropriately accessible at the exact moment individuals need it. Information no longer required to be kept (and could put you at risk) can be migrated, purged, deleted, or destroyed according to the law.
Wide-ranging document types, diverse users, ever-changing retention laws, and the challenges of overseeing them make quality governance one of the greatest enterprise challenges. ECM levels the playing field, ensuring organizational practices are upheld. Rather than subjecting your documents, information and policies to the preferences and personalities of departmental managers, they are subject to your rules. No favoritism. No oversights. No mistakes…and a thorough, digital audit trail of transactional activity verifies compliance.
Use what you have—better
Managing your content effectively is like managing your credit card: it requires forethought, planning, and procedural adherence. Don’t be miserly with your data; ECM ensures you use it while it’s timely and relevant.
ECM can’t do your planning, but it ensures policies and rules are honored faithfully without exception, enterprise-wide. I can’t speak for you, but when someone invents a credit card that knows every resource at my disposal and flawlessly honors my intent, I want one!
Remember Aesop’s fable, The Miser and His Gold? A miser buries his cache of gold coins under a tree, periodically unearthing them and marveling at his lustrous collection before hiding them again. One day, an onlooker notices. Shortly afterward, the fortune disappears. The miser’s opportunity to use his treasure is gone. The moral: “Wealth unused might as well not exist.”
The lesson applies to the valuable information systems you own, too. If they aren’t integrated to enable efficient sharing of your content everywhere it has value, their potential is wasted. Idle information might as well not exist.
Dodd-Frank: implications for the enterprise
If you’ve followed the latest financial publications, you’re aware of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Like other current legislation, the new laws are designed to:
· Reduce fragmentation and complexity in data management;
· Demand data consistency enterprise-wide; and
· Increase organizational transparency.
Similar to recent healthcare regulations, Dodd-Frank has significant implications for data management across the enterprise. The good news: if you already have quality information systems, you may be able to meet numerous challenges without starting over—by giving your systems a common foundation.
Building on what you have
When your institution chose its core financial systems, line-of-business applications, email application and other software, significant deliberation probably preceded each purchase. Unless your systems are ancient (or worthless), we’ll assume good quality capture of data, and solutions that achieve what they were designed to do.
Challenges in meeting recent regulatory requirements arise from demands that exceed what your systems were designed to accomplish. Many solutions were intended to address departmental needs without a vision to enterprise-wide communication. Now, legislation is demanding an enterprise approach that:
· Unifies data classification practices;
· Certifies information accuracy and consistency;
· Standardizes reporting; and
· Creates uniform data governance frameworks.
Enterprise content management (ECM) software, when integrated with business systems, provides centralized, uniform access to diverse digital information -- no matter how it’s captured or where it resides. Think of it like a credit card. If you’ve traveled internationally, you know it’s challenging to manage purchases amid constantly changing currency. A credit card alleviates the aggravation, allowing diverse systems to communicate seamlessly. Instead of converting currencies, just swipe your card. The exchange is automatic; the transfer is understood. You get what you need, within moments, wherever you are.
The role of browser-based ECM
If your workers value their separate information systems – which they probably do – ECM doesn’t demand change. Instead, it enables secure 24/7 access to a centralized repository that connects authorized persons with all of the systems and information they’re allowed to see, and to use the latter according to their permissions. ECM lets you dictate things like:
· Who can list or view specific document types;
· Who can edit, annotate, sign, or email them; and
· Who may purge or delete files.
Information becomes standardized, accessible via a single repository and a consistent interface. The system knows where all of your content resides, and which information belongs together, just as your credit card recognizes purchases you make and the countries, currencies, and US equivalencies each represents.
1.Unifies data classification practices
Uniform classification requires a strategic file plan alongside carefully conceived taxonomies that meet diverse needs. ECM provides the tools to execute that plan faithfully. Scans, bar codes, and online forms consistently follow your prescribed indexing rules, easing search.
Together, your indexing plan and ECM ensure:
· Metadata criteria are complete upon document capture (file type, lifespan, format, source, etc.);
· Data captured meets criteria for length, format, type, etc. (i.e., ID numbers requiring a pre-set sequence of digits/dashes);
· Data pertinent to search is complete and compliant, ensuring success;
· Document types are segmented to ensure searches return relevant information.
2.Encourages information accuracy and consistency
When ECM includes process automation, meaningful data is captured and re-used intelligently. Business process management (BPM) software throws your documents and information against your rules, ensuring speed and uniformity in routine decision making and exception handling.
Together, they let you:
· Associate, package, and flow related files for action;
· Pre-fill forms and documents with stored information, eliminating keying errors;
· Extract and push data from one source to another at specific points in recurrent processes.
3.Enables standardized reporting
Just as your credit card bill summarizes your purchases--regardless of where and how they were made--ECM extracts data from multiple systems with which it is integrated so you can create holistic, complete reports. Instead of separate audits detailing customer transactions from various applications, everything is centralized, providing better insight. Automatic conversion to PDF and other formats ensures universal access while guarding against tampering.
4.Creates uniform data governance frameworks
Good governance--a central thrust of Dodd-Frank legislation--requires an IT infrastructure that supports fairness and uniformity in decision-making and implementation. For informed decision-making, data used to reach decisions must be accurate, timely, and appropriately accessible at the exact moment individuals need it. Information no longer required to be kept (and could put you at risk) can be migrated, purged, deleted, or destroyed according to the law.
Wide-ranging document types, diverse users, ever-changing retention laws, and the challenges of overseeing them make quality governance one of the greatest enterprise challenges. ECM levels the playing field, ensuring organizational practices are upheld. Rather than subjecting your documents, information and policies to the preferences and personalities of departmental managers, they are subject to your rules. No favoritism. No oversights. No mistakes…and a thorough, digital audit trail of transactional activity verifies compliance.
Use what you have—better
Managing your content effectively is like managing your credit card: it requires forethought, planning, and procedural adherence. Don’t be miserly with your data; ECM ensures you use it while it’s timely and relevant.
ECM can’t do your planning, but it ensures policies and rules are honored faithfully without exception, enterprise-wide. I can’t speak for you, but when someone invents a credit card that knows every resource at my disposal and flawlessly honors my intent, I want one!
Subscribe to:
Posts (Atom)
