whitepaper_supporting_corporate_governance

NETconsent Whitepaper Supporting Corporate Governance Written by: Robin Saunders Date: June, 2007 NETconsent Whitepaper: Supporting Corporate Governance Table of Contents Foreward ............................................................................................................................... 3 Introduction.......................................................................................................................... 4 Corporate Governance......................................................................................................... 4 Corporate Policies................................................................................................................ 4 Government Guidelines........................................................................................................ 4 Automating Compliance...................................................................................................... 4 Policy Management ............................................................................................................. 5 Compliance Reporting......................................................................................................... 5 Policy Enforcement Points (NETconsent PEPs)................................................................ 6 Incorporating Non PC Users ............................................................................................... 6 Testing Employee Understanding ...................................................................................... 7 Disciplinary Procedures....................................................................................................... 7 Conclusion............................................................................................................................. 8 About NETconsent ............................................................................................................... 8 ©Copyright NETconsent Limited. 2007 Page : 2 of 8 NETconsent Whitepaper: Supporting Corporate Governance Foreward In the last fifteen years a growing emphasis has been placed on the role of the CEO and the Board in maintaining standards of corporate conduct and ensuring adequate controls are in place to fulfill its responsibilities and duties. In the UK this was principally driven by events in the early 1990’s, such as the collapse of the BCCI bank and the Robert Maxwell pension fund scandal in 1991. However subsequent high profile bankruptcies of US companies, in particular Enron and Worldcom, where criminal misconduct went unchecked, has resulted in further regulatory changes. This whitepaper does not review the corporate governance principles and codes established in the UK and US. Rather it offers practical guidance on how automation of the policy management lifecycle eases the administrative burden associated with implementing strong corporate governance controls. Organisations are able to cut cost, reduce risk and improve performance by implementing good internal processes for compliance. ©Copyright NETconsent Limited. 2007 Page : 3 of 8 NETconsent Whitepaper: Supporting Corporate Governance Introduction There is ever increasing pressure today on businesses to clearly demonstrate that they are handling a wide variety of risks associated with their day to day operations in an effective and professional manner. This process can be described as demonstrating ‘compliance’, which is not limited to financial risks alone. Corporate Governance Corporate Policies A key step in the management of operational risks is to ensure staff understand thoroughly what is expected of them and how they are expected to carry out their jobs. Such detail is often communicated through the use of Corporate Policies and therefore it is essential that these are professionally administered and maintained. Corporate policies seek to protect both employees as well as the organisation. Government Guidelines There are clear guidelines laid down by the Government on the use of information technology to support the use of corporate policies:In the recently issued UK Government supplementary guidance to Part 3 of the Employment Practices Data Protection Code, it states:"The capabilities of electronic systems should be used to remind workers of their responsibilities. These can be set so that workers cannot proceed to access the internet or email services without acknowledging the acceptance of certain conditions." The Information Commissioner states in RIPA (Regulation of Investigatory Powers Act 2000) that:“The organisation must be able to demonstrate beyond all reasonable doubt that the individual has had the opportunity to read the policy…” Automating Compliance NETconsent is a fully automated solution that provides a central repository for all types of policy whether they be Mandatory, Non-Mandatory or even Advisory. NETconsent provides routines for both IT users as well as Non-IT users to unequivocally read and accept/decline relevant policies. The adoption of NETconsent provides significant cost savings by automating the process of policy management; demonstrating compliance; avoiding costly legal actions and improving staff productivity. ©Copyright NETconsent Limited. 2007 Page : 4 of 8 NETconsent Whitepaper: Supporting Corporate Governance Policy Management Processes are provided to standardise the generation and ongoing review of policies as well as their distribution to relevant groups of users. This makes the overall policy management process consistent across the organisation and therefore easy to use. This promotes the use of policies and encourages their ongoing review and update. Such an automated approach means that managers no longer see policy management as a time-consuming overhead and the task actually gets done in a simple and timely way! Compliance Reporting NETconsent has a fully encrypted audit trail of all activity within the system, which supports the generation of a comprehensive range of management reports aimed at ensuring that the distribution and communication of corporate policies runs smoothly. This report is designed for senior management to clearly see their organisation’s compliance to its Policy Management process. Such reports are designed for use by operational management to ensure that staff carry out their responsibilities for the review of new policies as well as for use in evidential situations, such as the disciplinary process to show an individual’s Accept/Decline actions for each policy. ©Copyright NETconsent Limited. 2007 Page : 5 of 8 NETconsent Whitepaper: Supporting Corporate Governance Policy Enforcement Points (NETconsent PEPs) Policies can, where necessary, be enforced immediately at the point an IT service is used (WEBconsent & MAILconsent) or made available for deferred review over an agreed period. In addition, policies are made available for staff access on an ‘on-demand’, or advisory, basis where formal acceptance is not required. Incorporating Non PC Users Through the simple integration of NETconsent with an existing database of staff (Payroll or HR) it is possible to maintain a log of all employees in the organisation. In this way NETconsent is able to distribute policies to everyone, thus ensuring all staff have the same opportunity to receive and review corporate policies. In the interests of consistency and fairness the history of Review and Accept/Decline is handled in the same way for all types of users, thus providing a common audit trail and management reports. ©Copyright NETconsent Limited. 2007 Page : 6 of 8 NETconsent Whitepaper: Supporting Corporate Governance Testing Employee Understanding Comprehension testing is considered by some organisations as an important aspect of policy management. In NETconsent there is a full Examiner functionality that helps policy authors to determine if policies are being clearly understood by staff. Such a facility does not assume that staff are not reading policies carefully; experience shows that it is more likely that the way in which the policy has been written may not be clear/simple enough for staff to easily assimilate. The results of questionnaires will help the policy authors to review policies and improve the message they are trying to communicate. Disciplinary Procedures NETconsent has been designed to actively support the overall policy management process through the application of first class functionality:• • • • • • • A single system that is applicable to all staff, thus ensuring everyone has equal opportunity to review corporate policy. Standardised procedures that actively support the ongoing review of policies, ensuring their ongoing integrity and that they are kept up to date. A comprehensive audit trail holding evidence of all activity in the system. Extensive management reporting to support staff’s actions with regards to all their policies that provides clear evidence of Accept/Decline decisions. Company Compliance Report providing management with an ongoing statement of their effective management of the overall process. Questionnaire functionality to monitor staff’s comprehension of corporate policies, thus providing management with feedback where policies need further clarification. Review and Authentication process that can not be by-passed and that shows unequivocally that the individual has carried out the Accept/Decline step personally. ©Copyright NETconsent Limited. 2007 Page : 7 of 8 NETconsent Whitepaper: Supporting Corporate Governance Conclusion In order for a culture of compliance to permeate the organisational culture, compliance needs to be embedded into all business activities rather than just applied as an add-on process. Management should continually be looking for ways to improve compliance by making the process easier to manage and communicate. In this way the importance of good corporate goverance can be better understood by employees and become integral to operational activities. This whitepaper has explored how NETconsent policy management and corporate communications software supports corporate goverance by improving standards of compliance. Establishing the boundaries of acceptable behaviour within which employees should operate using corporate policies and procedures is a strong foundation on which to build a culture of compliance. Strong reporting enables management to detect areas of non compliance and address them to minimise the risks for the organisation. Integrating the principles of good corporate governance, risk management, and compliance into day-to-day business activities does more than keep senior management out of prison. Organisations report that efficiency is improved, performance enhanced and profitablity increased. Disclaimer: This document is provided “as is” without any express or implied warranty. While all information in this document is believed to be correct at the time of writing, this document is for educational purposes only and does not purport to provide legal advice. If you require legal advice, you should consult a lawyer. The information provided here is for reference use only and does not constitute the rendering of legal, financial or other professional advice or recommendations by NETconsent Limited. For more information on this topic please contact: Robin Saunders, NETconsent Ltd Email: robin@netconsent.com Tel: +44 (0)870 013 1600 About NETconsent NETconsent Ltd is a leading vendor of policy management and corporate communications software. By automating policy management, NETconsent reduces risk and audit problems. By ensuring that users have the opportunity to read and agree to all company policies, NETconsent helps organisations comply with legislation directives, industry regulations and avoid costly litigation. NETconsent Ltd is a UK company based in Camberley providing policy compliance across the public and private sectors. For more information about NETconsent, visit www.netconsent.com ©Copyright NETconsent Limited. 2007 Page : 8 of 8