Requirements for compliance management software
Compliance in companies has many facets. These range from well-known topics such as invitations, gifts, corruption in general, money laundering, tax compliance and antitrust to illegal employment, pseudo self-employment, data privacy and the General Equal Treatment Act.
Risk analysis lays the foundation for an efficient compliance management system by determining:
- Which business departments harbor risks?
- Which external rules (e.g. laws and provisions) or internal rules (e.g. code of conduct) must be upheld?
Generally speaking, compliance management software covers all finance, procurement and sales processes as well as human resources and other processes that involve a direct or indirect flow of money.
The goal of a compliance management system is to:
- Avoid incidents before they happen
- Safeguard the company’s reputation
- Secure business success
Compliance management software should be able to support all critical processes and clearly show any risks and process deviations that can lead to incidents. This is essential to enable timely reactions. When a risk or incident is reported, the user must be notified immediately. It should also be possible to categorize risks on different levels. Once a risk reaches a set level, the software should intensify how it is displayed based on the company’s own risk appetite. Tracking any actions that are to be taken and documenting them so they are permissible in a court of law are also of the essence. If no actions are defined in advance or taken within a predefined time frame, the software must again escalate the situation automatically. Yet even in the ideal case, meaning all actions in the respective processes are running in compliance, there are many demands on the software.
The software should be easy to use, simplify the process as a whole, and, ideally, save the user time and money. This increases the acceptance among employees while reducing workarounds. A clear dashboard is imperative as well. In this regard, however, users with a business or legal background often have a different view than software developers. The user should immediately recognize when an incident occurs and receive notification what actions need to be taken. Incidents are not usually commonplace. Providing assistance to users in these cases increases the efficiency of the compliance management system. Should an incident occur, the user should be able to access a clear overview of the different actions taken with a mere click of a mouse.
In short, the software must offer a
- user-friendly solution to
- monitor and manage these processes.
Monitoring, for example, also includes verification if the defined actions for reducing risks are being implemented and are effective. This provides an opportunity for making optimizations or defining new steps. The software must also provide this information and show if the identified risks cannot be mitigated.
The first episode of avedos GRC Podcasts was broadcasted in February 2019. This series focuses on all aspects of integrated GRC, enterprise risk management, internal control systems and information security management. 8 episodes are now available and can be streamed on leading platforms such as Soundcloud, Spotify and Apple Podcast.