Corporate Governance

Corporate issues involving fraudulent accounting, malfeasance and data quality issues frequently dominate news headlines; CEOs and Boards of Directors (BoD) are under public scrutiny and, as a result, regulatory requirements have emerged to address these issues using commonly accepted principals of corporate governance. Enterprise Content Management (ECM) frameworks play a key role in allowing organizations to provide compliance and corporate governance in a cost effective and efficient manner.

OpenText solutions for Corporate Governance deliver this functionality with the following components:

Software:
Livelink ECM - Accreditations Server, Livelink ECM - Eloquent Media Server, Email Archiving for Microsoft Exchange, Email Archiving for Lotus Notes, Internal Controls, Records Management

Supplemented by Business Content (e.g., predefined workflows) to give you a head-start in configuring workstreams and processes, Consulting Services, Training and Support tailored to meet your requirements.

Activities

Activities include Basel II Portfolio Management, Email Monitoring, Employee Accreditations, Records Management and Sarbanes-Oxley.

Basel II Portfolio Management

Banks and insurers face huge challenges in complying with new regulations – and many regulators are reacting to the dawn of digital content as a legal form of information. Regulations include Basel II, International Financial Reporting Standards (in particular, IAS 39), the Sarbanes-Oxley Act (SOX) and anti-money laundering legislation.

Corporations that used to document their internal controls with desktop tools, then moved to databases as the set grew larger, are now using enterprise content management. Tracking and managing this information requires structured data management and content and document tracking – as only OpenText solutions can provide.

The rising tide of regulation is creating operational challenges for all companies, but especially insurers. Both the organization, and the regulator, wants to see documentation of internal processes, risks, and controls. Companies have tended to manage regulatory change in silos in the past, focusing narrowly on compliance and using compartmentalized regulatory controls. The greatest challenge is ensuring that governance integrates into your core operations. Companies that choose to go beyond compliance – and implement best practices through OpenText solutions.

Solution Adaptations: Internal Controls

Back to top

SEC 17a-4 and NASD 400 Compliance

Livelink ECM - Email Monitoring provides a robust solution for archiving and retrieving all email content sent or received by specific accounts within your organization. This ensures that the complete range of electronic communications of specific users and groups is fully archived and auditable (available for Microsoft Exchange and Lotus Notes).

For example, the process of capturing all email communications – known as journaling – helps a financial services institution ensure regulatory compliance. Financial services are an area in which regulations demand all dealer-broker communications be available for immediate audit.

OpenText’s solutions:

• Make compliance a transparent part of communications
• Ensure the security of journaled email
• Support legal and litigation processes
• Address compliance requirements worldwide
• Extend into a complete compliance solution

Solution Adaptations: Email Archiving for Microsoft Exchange, Email Archiving for Lotus Notes

Back to top

Employee Accreditations

Regulatory compliance is a primary concern of global organizations today. Both financial regulations such as Sarbanes-Oxley (SOX) and Basel Capital Accord II – and industry-specific regulations such as New Drug Approvals (NDAs) for the Food and Drug Administration (FDA) – are creating new challenges for companies. Today, it’s more important than ever to ensure that all employees understand regulatory requirements, and that the company can prove their compliance.

Capabilities associated with employee accreditations provide the infrastructure to support employee compliance initiatives by:

• Ensuring that training courses, product information and corporate information are delivered to the right employees at the right time
• Effectively distributing tests, surveys, questionnaires, courseware and other corporate content
• Automatically tracking employee progress, accurately analyzing the effectiveness of courses, and comparing the performance of individuals taking the same courses
• Building a full suite of exams and questionnaires in a variety of formats, including multiple choice, single answer and short essay
• Incorporating standard multimedia types, including HTML, Word, PDF, Flash and more
• Ensuring that these learning initiatives map correctly to employee licensing and certification requirements, as they apply to corporate regulations such as Sarbanes-Oxley, Basel II and the U.S. Patriot Act

Solution Adaptations: Livelink ECM - Accreditations Server, Livelink ECM - Eloquent Media Server

Back to top

Records Management

Maintaining impeccable records throughout the lifecycle of those records can be difficult, especially in globally-dispersed organizations whose files must be stored for decades. Companies are seeking new ways to effectively preserve valuable data and to ensure destruction of obsolete records.

To meet stringent regulatory standards, the tracking of records is an increasingly complex activity, requiring the integration of records management practices and procedures with collaboration and content management.

ECM frameworks provide technology that allows organizations to specify types of information and the retention schedules associated with these types of information. A records management system enables an auditor or interested party to identify underlying reasons for a chosen policy. When policies change, the system keeps track of old policies, allowing interested parties to see the sequence and justifications for all policy changes over time.

Every jurisdiction in the world has legislation on what types of information must be retained by organizations, and for what period of time. The Food and Drug Administration (FDA) specifies that clinical trials data must be retained for 100 years, while Securities and Exchange Commission (SEC) rule 17a specifies that all electronic communication between the client and traders within a brokerage firm must be retained for three years. Many jurisdictions have standards that dictate what functionality records management systems should provide – such as in the case of the Department of Defense’s DoD 5015.2 specification, the Public Records Office (PRO) specification from the UK, and the VERS standard from the government of Victoria, Australia.

Financial records in accounting practices have become a core compliance requirement, ever since recent corporate scandals. Traditionally, organizations relied on the original paper files, invoices, receipts and order forms to validate finance practices and respond to litigation. Paper files increase the possibility of error, inefficiency and corporate expense. In addition to requiring time and resources to find critical documents, storing paper files often creates enormous administrative overhead.

Though organizations generally store financial documents for extended periods, they don’t fulfill many current regulations on long-term storage. Compliance necessitates that companies show requested financial records upon request, demonstrate how each record was used, or show other records that contributed to a designated process.

OpenText solutions help organizations meet transaction-related requirements and satisfy storage requirements by:

• Archiving all documents in a central repository
• Enabling organizations to produce images of original documents
• Linking these scanned records to related financial records

Solution Adaptations: Records Management

Back to top

Sarbanes-Oxley

Livelink ECM – Internal Controls provides the capabilities for a company to track and store the necessary evidence to show that the company’s policies, procedures and processes are being adhered to and that real business risks are truly being mitigated by the company’s implemented system of internal controls.

Unite structures independently, providing a flexible approach that allows your system to grow and change as your business grows and changes:

Designated objects in the Internal Controls system based on the Committee of Sponsoring Organizations (COSO) framework represent Processes and Sub-processes, Risks, Control Objectives, Control Activities, Assessments, Tests, and Accounts

• Set up either a Control Objective centric model or Key Control Activity centric model.
• Define your Organizational Structure and Controls Hierarchy independently, and bring the appropriate parts of each together during the Assessment and Testing processes.
• Align assignable roles with key business activities such as testing, assessments, gap identification, issue remediation and maintenance.
• Store all documents relating to internal controls, such as accounting policies and procedures, in a centralized document library, with full version control, audit history, metadata and more.
• Connect it all with integrated workflow that automates and accelerates the assessment, testing, sign-off and overall compliance processes.

Ensure that sufficient accounts, processes, and controls are properly documented and tested in order to allow for Assessment and Management Assertion:

• For each reporting period, align the Actual Scope of your internal controls system with the Required Scope of your organization
• Associate assessments with specific reporting periods.
• Create Assessment Templates to select subsets of Controls Objectives and Control Activities that may be in-scope for a group of organization units.
• Create Self-Assessments for appropriate in-scope organization units from the Assessment Templates.
• Assign Control Testing tasks for all Control Activities that need testing in the period.
• Validate Test results for Relying Controls from other parts of the Organization and/or Controls Hierarchy.

Ensure that internal controls are actually being executed in accordance with management directives:

Ensure that test plans are clearly documented so that tests can be appropriately created, assigned and documented

• Create tests for Control Activities that can be reused, including: test
• Test description, inherited control type (Ex. Manual, Manual/IT Dependant, and Automated), inherited control frequency, minimum annual sample size based on control type and frequency, and running total of actual samples taken by organizational unit.
• Assign tests to performers and reviewers individually or in sets.
• Associate due dates and reporting periods with each control test.
• Send automated email notifications informing users of pending test assignments, and reviewers of pending review assignments.
• Provide access to assigned tasks from a designated inbox.
• Provide access to detailed testing instructions and sample data directly from each control activity.

Manage the lifecycle of issues, gaps and deficiencies, including creation, assignment and remediation:

Automatically route completed tests to the appropriate reviewer or approval.

• Identify, document and track problems as they pertain to internal controls, from many different sources including internal audits, self-assessments and external auditors.
• Identify and document remediation plans for problems that are designated to be deficiencies. Remediation plans consist of individual action items assigned to various users and stakeholders.
• Schedule, assign and monitor remediation plans, and their associated action items, through completion.
• Enable contextual reporting by using themes to identify similar deficiencies.
• Generate management reports to show the potential impact of deficiencies on financial statements.

Solution Adaptations: Internal Controls

Back to top