Regulatory compliance programs such as Sarbanes Oxley (SOX) and others have been with us for nearly 20 years. When these were first implemented, Chief Financial Officers began to quickly invest in Enterprise Resource Planning (ERP) systems to automate data collection and provide a more robust audit trail. Despite all this investment, the process has not yet been completely automated. Today, the coronavirus has disrupted nearly every facet of our world. Will this be the final straw that ushers in a world of digital regulatory compliance as the industry standard?
Those who work in regulated industries understand the potential shortcomings and challenges of enforcing compliance and reporting requirements when operating in a paper-based environment. While most organizations now have some sort of ERP in place, there are still plenty of issues in effectively maintaining compliance. To start, how well do you effectively orchestrate multiple instances of ERP? Those that have been through a merger and acquisition know exactly what I am talking about.
More importantly, how accurate are your production records, including As-Planned and As-Built specifications? How do you know if every manual or paper-based process has been executed right? If an out-of-compliance event occurs, how quickly could your team respond, even if they were working remotely?
Spreadsheets and desktop applications used to track compliance reporting are growing “long in the tooth.” Now COVID-19 is challenging everyone to think differently and consider new ways to work (e.g. remote working), Those without a plan to remove manual or paper-based processes from their regulatory compliance process face an increased risk of a future non-compliance event.
How it all Started: Two Huge Corporate Scandals
If you look back to how SOX came about two decades ago, it was a direct result of two financial scandals: Enron and WorldCom. Deliberate, fraudulent actions were done to mislead investors. It took a widespread public outcry for the industry to take notice. New legislation was then written that required public companies to strengthen audit committees, test internal controls, and improve disclosures.
There are many similarities to what the world faced 20 years ago with these corporate scandals and what we all face today with COVID-19. In both instances, a sudden “shock” to the status quo occurred, it was quick and widespread, once recognized and acknowledged, and the resulting future will forever be changed.
In the United States, the new legislation that passed was the Sarbanes–Oxley Act of 2002, where top management must individually certify the accuracy of financial information or face prison terms. Other acts were implemented around the world, including (source):
- C-SOX – the Canadian equivalent of Sarbanes–Oxley Act
- German Corporate Governance Code – 2002 German corporate governance code
- Loi sur la Sécurité Financière – 2003 French equivalent of Sarbanes–Oxley Act
- Clause 49 – 2005 Indian corporate governance clause
- Disposizioni per la tutela del risparmio e la disciplina dei mercati finanziari – Italian Law 262/2005
Déjà vu, All Over Again …
Today, the world is facing a massive public health crisis whereby new drugs, vaccines, and medical devices are required in large quantities. Prices are spiking driving new providers to enter the market. With big pressure to get product out, people are taking shortcuts while executives look the other way. Processes might not all get followed as they should. It would appear we have a big potential for an out-of-compliance event to occur. The only question is who will be the poster child we will all learn to hate?
What happens next? A government inquiry would be a good guess, followed by a revamp of how processes are recorded and an industry-wide review of who else has been cutting corners.
If I was a betting guy, my guess is that the risk of the above scenario happening is pretty good. Of course, I certainly hope it never does happen. But, if you are a CEO for a company that is involved in trying to provide or support the recovery effort around today’s global pandemic, what level of risk are you willing to take?
Next Steps
Fortunately, many new enterprise software tools have emerged to better manage regulatory compliance reporting. They can enable greater auditor scrutiny of financial records, faster administration of compliance, and better validation that reports are accurate. At the same time, personnel is freed up from repetitive verification and data gathering tasks. As a result, some companies have experienced a drop in the time spent on these compliance activities of around 20 percent.
Read this related article on doubling down on technology investment in down markets.
Compliance in the Digital Enterprise
The move from spreadsheets to compliance applications is part of a greater movement – the emergence of the digital enterprise. All systems and processes (including those related to regulatory compliance) are now being joined to ensure digital continuity spans the entire enterprise, including all parts of operations, the supply chain, financial controls, and then out to end-users and customers.
This change allows management to transition from monthly or quarterly reporting to operating in near real-time. Artificial Intelligence (AI), machine learning, and analytics can provide the digital enterprise with a whole new level of adaptive capabilities in terms of being able to spot trends, out-of-compliance events, or other business issues much faster than before. And, this technology can then provide options or choices of what the right next step might be to keep you one step ahead of the competition.
Given that an organization is only as strong as its weakest link, the same is true of the digital enterprise. As you venture down your digital transformation program, don’t neglect the importance of incorporating regulatory compliance as part of your digital journey.
