Take the ‘compliance self-diagnosis test’… There is a narrowing window of opportunity in which companies in the UK and the rest of Europe can prepare themselves for major changes in compliance regulation and legislation. The reality is that, even with general policies and some technologies in place, many organisations aren’t doing enough, or enough of the right things to protect themselves for the growing risks associated with managing electronic records. To help the compliance clear-thinkers get the message across to their less forward-thinking colleagues, AXS-One has prepared a compliance self-diagnosis test. The test is based on ten core questions to reveal the organisation’s current state of progress against process, cultural and infrastructure requirements. There is also a bonus question that looks at the ability to translate compliance readiness into commercial advantage… The compliance self-diagnosis test No one’s looking over your shoulder, so be honest. To score the test, award yourself a mark per question on a scale of 1 to 10 points for each answer, with up to 25 points for the bonus question. 1. Do you classify data contained within business systems in such a way that it is easily accessible—for example, by retention periods per data types? 2. Do you have compliant non-destructive media in place? 3. Does your electronic archiving policy include content generated via e-mail, IM, MS Office, financial records? 4. Are the archival policies explicit for individual employees and/or groups of employees? 5. Do you have a supervisory review process for e-mail/IM communications for some/all users? 6. Do you have checks and balances for all of the above? 7. Are you able to suspend normal/scheduled retention cycles/put records on legal/litigation hold and electronically manage your legal case holds? 8. Do you run tests for records recovery, including audit logs? 9. Is all your data that needs to be retained in compliance with specific regulations —for example, relating to financial transactions—readily accessible online for back-office reconciliation and other front-office business functions? 10. Is senior management (CEO, CFO, IT Director, legal counsel) actively involved in your organisation’s compliance and IT alignment strategies and operations? And for the bonus question: Does your organisation have the capability to rapidly develop value-added front office applications (for example, dynamic web publishing, portal integration, decision systems support) from data retained for compliance purposed? Compliance readiness scorecard: * 80+ Congratulations: Your company is a leader in the field * 70 Very good: Your company has an excellent state of readiness * 50 OK: Your company is keeping up * 30 Not good: Your organisation is at high risk for non-compliance * 20 Bad: Your organisation needs to drastically overhaul its compliance practices
•Date: 26th April 2006 • Region: UK/W.Europe • Type: Article •Topic: Op. risk |
