Database and Document Management Systems: A Fundamental Compliance Necessity

Of all the laws that come under the “new generation of regulations” bracket, Sarbanes-Oxley is clearly the one getting most, if not all, of the attention due to its sheer scope.

The Sarbanes-Oxley Act or the Public Company Accounting Reform and Investor Protection Act of 2002, is the result of federal legislation sponsored by Senator Paul Sarbanes and Representative Michael Oxley. It was enacted to restore investor confidence in the wake of the high-profile corporate scandals and fraudulent accounting practices and the questions concerning corporate American governance that arose subsequently.

Fundamentally, Sarbanes-Oxley is concerned with transparency and accountability of information, and presents new requirements for how public companies record, track, and disclose financial information. This new attention to the tracking of information relating to day-to-day operations has public companies attuned to new levels of regulatory scrutiny that also extend beyond Sarbanes-Oxley. Failure to adhere to the act can result in devastating consequences; in some cases the damage done can be irrevocable.

Sarbanes-Oxley presents a number of challenges involving processes and documents and the consistency with which they are handled across an organization. SOX requires the companies to

• Establish controls that augment the transparency of communications, highlighting key information that may be material to compliance and illustrating material deficiencies, if any
• Organize the way they process, distribute, retain, and access key financial information and the corresponding documentation in their day-to-day operations
• Institute a compliance program that informs employees of their responsibilities and ensure that the compliance program is followed, with periodic program review
• Maintain all work papers and information related to audit reports.

Business Document Management
Due to the sheer magnitude of the law, a complete “SOX-in-a-box” solution is unthinkable in the near future. However, one distinct aspect demanding priority consideration in SOX compliance related measures is document management. As we all know, Sarbanes Oxley is not only about section 404 but consists of eleven parts and 66 sections and document management permeates through most of them.

In fact, data management is an important factor not only in Sarbanes-Oxley compliance but more than 35,000 global regulations, according to some industry estimates. Firms must comply with these diverse regulations, depending on where, how and with whom they conduct their business. A few examples of U.S. and international regulations along with SOX are listed below.

• SEC Regulation 240.17-a-4
• Health Insurance Portability and Accountability Act (HIPAA)
• U.S.A. Patriot Act
• Gramm-Leach-Bliley Act
• Anti-Terrorism, Crime, and Security Act (U.K.)
• Personal Information Protection and Electronic Documents Act (Canada)
• Basel II

Significance of Data Management in SOX
The very first section of Sarbanes-Oxley makes the importance of document and records management quite crystal clear. Section 103, 104 and 801 mandate proper retention of audit records while section 105 states that the records must also be easily retrievable. Section 408 affirms in explicit terms the SEC’s right to review financial records at their leisure. Electronic Records and Document Management throughout the data lifecycle – from creation to deletion and everything in between – is a strategic approach.

Maintaining a superior data management system has its own advantages. In SEC’s own terms “those firms with good records management systems should have more efficient services and more secure information.”

Spreadsheets?
Spreadsheets are the most commonly used tools in compliance activities in small and medium size businesses. However, spreadsheets are not devoid of drawbacks. The most harmful is that it can make it difficult for an auditor to help you identify weaknesses that need shoring up. In addition, data storage and retrieval becomes a cumbersome process. Erroneous data entry by untrained people mars the essence of compliance activities while multiple user access is restricted in a spreadsheet environment resulting in more waste of time.

Email and other external records that come under compliance have to be either stored separately or the users have to undergo the frustratingly tiresome task of putting them in the spreadsheets, resulting in unnecessary waste of time. Finally, a major concern is that companies spend too much time on the compliance activities, which is adversely affects their business operations.

Compliance software
Compliance software is a considerable substitute. They have a central database and pre-programmed functions that promises reduction of time spent on the compliance activities. The only problem is that sometimes readymade software is not quite compatible with your company operations. Sometimes, you use only a part of the software whereas you pay for the entire package. Either way you tend to lose money buy either paying extra bucks to customize the software to your specifications or shelling out too much money for only the useful part of the software.

Custom Document Management Application
A good bet in such a situation is to go for a custom document management application, fabricated to adapt for your company requirements. The basic model will be the same but the advantage here is that the tailoring of the application is in your hands from the beginning not to mention the fact that you will be paying only for what you are using, neither less nor more.

The centralized database not only facilitates easy creation, management and disposal of data but also adapts seamlessly with your company’s and SEC’s long term goals and mandates, considering that the SOX audits data have to be stored for a minimum of seven years.

Whichever option you choose to adopt one fact is brutally clear: corporate leadership should consider digital data management as a top priority. Electronic document management should not be considered as an annual “cleaning” event but as essential business practice of continually reviewing, update and auditing as federal regulations continue to be developed and implemented.

Stylus Systems has over six years of experience in successfully providing Custom Software Development solutions for over 200 customers, perfecting our processes and skills to cater to your specific business needs in the process. Today our customers, who include small and medium businesses to Fortune 500 companies from all over the world, are completely satisfied with outsourcing their custom software development to us. Our customer quotes are proof.

Understanding our customers’ business goals is our expertise and choosing the most appropriate technology to efficiently design and develop solutions that cater to their business needs is our strong point. We strongly believe that this increases business value much more than the mere development of the software application.

Click Here to read how Stylus Systems develops a custom compliance software for document management for a publicly listed company.

If what you've read matches with your requirements, please contact us and share your ideas. Or if you'd like to read more about our services and see if what we offer interests you, please click here.