|
Document Control and Management: The Foundation of Regulatory Compliance
In the February issue of Focus Forward, we provided an overview of regulatory compliance, brief histories on two of the most influential regulations issued in the past decade—21 CFR Part 11 and the Sarbanes-Oxley Act (SOA)—and a perspective on the costs and benefits of compliance.
This issue expands on some of these themes by investigating these essential topics:
For New Subscribers
Welcome to Focus Forward, the monthly newsletter of Tim Rosa Associates. If you like what you’re reading, stay with us. You can also forward this newsletter to a colleague by clicking the Forward email link at the bottom of this newsletter. If you don’t like what you see, go to the same location, and click SafeUnSubscribe™.
Each issue of Focus Forward features a viewpoint on a critical customer topic. We’ll focus on what’s happening and what’s coming down the line. These are issues that you’ve told us keep you up at night. Though we work with clients in the technology, healthcare, and financial services industries, we hope the newsletter will be informative to all.
Regulatory Compliance Creates a New Business Landscape
Based on data received from a recent survey conducted by Foley & Lardner, LLP, the average compliance cost for a public company with annual revenue under $1 billion in the wake of corporate governance reform has increased 130%—$1.6 million—since the inception of the Sarbanes-Oxley Act (SOA) through FY2003. This figure represents an increase of $736,000 during FY2003. (1) In addition, 78% of survey respondents indicated that SOA Section 404, Management Assessment of Internal Controls, had the most significant impact on their companies. (2)
Private companies are also feeling the effects of regulatory requirements. In a related Foley & Lardner survey of private companies, 77% of respondents indicated that SOA or other corporate governance reform requirements have had an impact on their private businesses. (3)
Responding to Compliance: Critical to Business Survival
Most companies know that businesses survive by responding quickly and effectively to change. They make decisions to act based on knowledge, experience, instinct, and training. Dynamic organizations that establish and maintain the discipline necessary for meticulously accurate control and management of documents can withstand both the reactive “pull” and proactive “push” regulatory compliance demands.
Regulatory compliance is often divided into two primary areas—process and content. Certain regulations, such as SOA, are concerned almost entirely with the processes that are implemented within an organization. Other pieces of legislation, such as the US Freedom of Information Act, deal mostly with content. In reality, however, process and content cannot be easily divided. At some point, the content stored within an organization will be needed to support a process. For example, a procedure that specifies how to create a quarterly financial statement satisfies the requirement for financial reporting (4), but part of SOA also deals with assessment of the stored content by an auditor. The content becomes part of the process.
As you can imagine, controlling and managing documents can be an overwhelming task. Since even small companies can easily generate tens of thousands of documents in a year, the numbers can be mind-boggling for large companies seeking an enterprise solution. Yet the sheer number of product offerings in the automated content management, document control, and document management areas can be just as overwhelming. A recent Google search of “content management systems” yielded 977,000 hits, “document control” produced 218,000 hits, and “document management systems” produced 105,000 hits. Even the seemingly narrow search “automated content management” generated 2,150 hits (5).
Enterprise solutions for document control and management include those offered by the industry giants:
and smaller vendors such as:
Best Practices for Successful Document Control and Management
So how do you get started or make changes to demonstrate regulatory compliance? When our clients ask for advice in document control and management, we recommend the following best practices:
- Determine the scope of this initiative and define your business objectives. Is your company looking for a document management solution that spans the enterprise or can you focus on the needs of a single department or division? What business drivers are compelling you to get started—Loss of market share? Pressure from competitors? Requests from shareholders? To ensure buy-in and avoid surprises, be sure to involve key stakeholders up front from all the organizations that will be affected by the solution.
- Characterize the types of documents you want to control, as well as their owners. This doesn’t mean you need to conduct a physical inventory of every document. Rather, create a list of the different types of documents that require management—for example, Web pages for the public website, product brochures, customer documentation, online forms used by the Help Desk—and the process each department uses to create, maintain, version, and archive documents.
- Identify categories of new documents that may need to be written or revised based on an interpretation of the regulations, and fixed content—content that doesn’t change once it has been created, like signed contracts or financial statements—that need to be stored. When possible, create a working title and/or a short description of a new document and assign an owner to it—a department name or person.
- Create a department- or company-wide standard document review cycle that identifies the personnel who are responsible for providing input or feedback—Research, Planning, Draft1, Draft2, Final—and standards for critical schedule milestones involved in completing documents on time. Develop a quality culture so subject matter experts understand that their role is critical for producing the best documentation.
Establish a process for versioning, archiving, and controlling documents. Consider automated document control solutions, manual methods, and a combination of the two. Evaluate various products, overall budget, and timeline for conducting pilot tests and full-scale rollout.
Summary
Although regulatory compliance might be the primary and initial driver for a document control and management solution, it is not the only one. Content and process are becoming indistinguishable in terms of regulatory compliance, and it is vital that the two be brought together. In fact, disconnecting content and process can lead to cracks in the overall infrastructure of the organization.
Notes
(1) The Cost of Being Public in the Era of Sarbanes-Oxley, Foley and Lardner LLP, May 19, 2004, p. 2.
(2) Ibid., p. 12.
(3) The Impact of Sarbanes-Oxley on Private Companies, Foley and Lardner LLP, May 19, 2004, pp. 2, 4.
(4) Sarbanes-Oxley Act of 2002, July 24, 2002, Sec. 404(a)(1).
(5) Google search results on September 1, 2004.
Resources
Learn More
For more than 10 years, Tim Rosa Associates has helped clients create thousands of documents that help both public and private companies demonstrate regulatory compliance with regard to content, process, or both. In addition to our traditional document writing, editing and production services, we also provide clients with expert guidance and advise with regard to establishing and maintaining document control and management processes that comply with regulatory guidelines. Contact us if we can help you.
Thanks for reading,
Tim Rosa
Founder and President
Focus Forward Copyright © 2004 Tim Rosa Associates. All rights reserved. |
