Compliance Management

In many industries, companies must demonstrate compliance with complex, confusing, and overlapping regulations. Managing compliance often means working with an un-integrated set of spread sheets, documents, and personal databases, as well as relaying on individual emails to coordinate activities of many responsible stakeholders across many locations. When it is time for an audit or assessment of controls, all other work stops while staff try to find and assemble copies of the policies, procedures, test results, and other supporting documentation.  And none of this effort actually contributes to fulfilling the real mission of the business.

The ProcessUnity Compliance Management suite offers a better way: end-to-end management and facilitation of the compliance process. Our software lets you capture the provisions of relevant regulations; design, review, approve, and activate controls; automatically notify control owners of exceptions and problems; schedule controls testing and document test results; ensure that policies and procedures are up to date; plan for audits, and automatically assemble and present assessors with the material they need to conduct their audit. Along the way, ProcessUnity lets you map controls to original regulations avoiding duplicate work and redundant controls; manage control evolution though version management; and initiate, respond to, and track issues, incidents, and certification requests.

Internal Controls Management

Today, virtually every business must demonstrate compliance with industry regulations or standards. Before you face an external audit or assessment, you need to satisfy yourself that you are doing what needs to be done—and doing it only once. Tracking and managing the controls, documentation, and test results needed to ensure compliance is complex, time-consuming, and prone to error. ProcessUnity Internal Controls Management provides the tools to bring business operations under control.

Assessment and Audit Management

During the course of a year, the enterprise may be subject to multiple audits or assessments. For example, the organization may be audited by the internal audit group, external auditors, regulatory assessors, and SAS 70 auditors. Each assessment may focus on different sets of controls, but there will also be considerable overlap in assessment targets. Each assessment will involve significant information gathering, documentation review, and testing for the audit team as well as substantial manpower support from the audited organization, and every hour spent will be a direct cost to the audited organization. ProcessUnity Audit & Assessment Manager provides tools to make audits and assessments quicker, less-painful, and cheaper. Four styles of assessment are supported: controls assessments, process assessments, IT systems assessments, and assessments directly against the provisions of a regulation or standard.

Policy and Procedure Management

Clearly articulated policies and procedures are essential to helping businesses meet their ethical, regulatory, and internal governance goals and obligations. However, the best policies and procedures may be ineffective if they aren’t being read and followed. In addition, regulatory requirements that key employees formally attest to their acceptance of the company’s policies and procedures are increasingly commonplace.

ProcessUnity’s certification capability helps provide assurance that the appropriate people are seeing and agreeing to the policies and procedures that govern their activities. In addition, ProcessUnity’s internal controls management enables businesses to define, manage, and test controls that can assure policies and procedures are being followed. And with ProcessUnity’s managed-document capability, businesses can approve, store, and version key policy and procedure documentation.

Financial Statement Close Management

While it’s a challenge for any business, managing the monthly financial statement close process can be particularly daunting for companies spread across multiple entities and geographic regions. Many finance departments currently rely on spreadsheets and email to manage this frequent and often very complex activity. This approach, however, rarely achieves the control and efficiency that sound financial statement close processing demands.

ProcessUnity’s document request and fulfillment capability provides an easy-to-use, highly reliable way to get the financial statement close process under control. ProcessUnity provides:

  • Simple, web-based capability for requesting, posting, reviewing, and approving end-of-cycle financial statements, organized by any period, location, or business entity
  • Easy-to-use, tailored access for both finance departments and statement providers
  • Real-time views of statement close progress
  • A single location for all posted and approved financial documentation.

Risk Inventory, Assessment and Allocation

The Public Company Accounting Oversight Board (PCAOB) and many other bodies have stressed that internal controls should be defined and prioritized in context of the risks they are intended to mitigate. ProcessUnity provides solutions that let you inventory, evaluate, and prioritize risks; associate risks with relevant business processes, systems, and organizations; assign risk owners and automatically notify them of exception conditions or impending deadlines; plan mitigations and track the overall progress of the risk management program.

Regulations and Standards Mapping and Gap Analysis

Public companies must comply with multiple regulations or standards that frequently have significant overlap and redundancy. For example, ISO 27002, PCI DSS, and COBIT require many of the same protections in terms of information security. In healthcare, payers and providers must deal with complex, overlapping rules and regulations. Addressing each regulation separately will mean doing the same compliance work two, three, or more times. Ideally, the enterprise would define and manage the minimum set of controls necessary, and use many of the same controls to satisfy the requirements of multiple regulations and standards. ProcessUnity Regulation Manager provides tools to help the enterprise achieve full regulatory compliance with the least number of controls.

Incident Management

Many compliance programs require that certain types of incidents be captured, reported, and tracked to closure. ProcessUnity Incident Manager provides mechanisms by which users can report incidents of various types, assign ownership for incidents, engage in a dialog about incidents, and finally close incidents.

Certification Management

Compliance programs often require individual managers to certify that certain actions have been taken or that certain conditions are true. The compliance manager is responsible to request such certifications and make sure that all have been received and recorded. When multiple compliance programs and many managers are involved, this task can rapidly become an administrative nightmare. ProcessUnity Certification Manager removes much of the risk and administrative burden of soliciting and tracking certification requests and receiving and recording the certifications themselves.

Specialized Compliance Program Support

The ProcessUnity Compliance Management Suite has a wealth of functions that support a broad array of compliance management programs. Beyond this common functionality, in working with our customers we have developed specialized functions or assembled specialized data content to support specific compliance programs. Here some examples of this specialized support:

Sarbanes-Oxley (SOX)

SOX assessment typically involves describing key processes, evaluating the risks associated with those processes, identifying risk-mitigating controls, and defining and executing assessment testing. In addition, assessment results must be reviewed internally and, when appropriate, presented for validation to external audit partners. ProcessUnity's SOX Assessment solution automates the collaborative assessment process for all those who need to participate: internal control teams, process and control owners, testers, internal assessment reviewers, external assessment auditors, and senior management.

SAS 70

Increasingly, financial services firms, business process outsourcers, managed services providers, and independent software vendors find their service customers demanding proof that their outsourced business processes are in control, and their vital business information is properly safeguarded. Responding to these requests one by one is expensive and burdensome, so service providers are turning to SAS 70 attestations prepared by outside auditors as the means for proving they are in control. But, preparation for their annual (or semi-annual) SAS 70 audit is a high-cost, high-risk, and highly disruptive exercise. It means a frantic search through a combination of paper files, production systems, spreadsheets, and e-mails to gather the documentation that auditors require.

The rich functionality of the ProcessUnity Compliance Management suite gives service providers what they need to define, manage, and test the control inventory needed to support a SAS 70 audit. Additionally, ProcessUnity gives the SAS-70 audit team direct access to the documentation they need so that service provider operations are minimally disrupted. All this translates to easier preparation, quicker and less disruptive audits, and lower personnel costs and audit fees.