Compliance Considerations | Governance Considerations

1. Does your organization have a single or multiple compliance architectures? (For example, E-Records Management)
   • Do you have one or many governance programs in your organization?
   • Are there multiple compliance offices or a single office structure with multiple locations?
   • Does the architecture cross multiple lines of business?
   • Is the architecture supported by both software product(s) and services?
2. Have you been able to create the "right tone at the top"'?
   • What are the elements of your culture and where does governance fit?
     • Are regulatory and policy documents easily accessed by multiple work groups?
     • Have all relevant regulations been translated into corporate policy?
     • Are those policies consistent across:
       • Multiple lines of business?
       • Multiple layers of the corporation?
       • Multiple geographic regions of operations?
   • Do you have an ability to map regulations to policies and policies back to regulations?
   • Are you finding that employees are complaining and resistive? Why?
   • How do authorized employees access the regulations and policy relevant to them?
   • How do employees stay abreast of regulatory changes, trends and best practices?
   • Do employees currently 'attest' to understanding the policy and declare adherence?
   • Where is that information managed and stored? Is it active or passive?
3. How do you monitor employee conduct to ensure compliance with corporate policy?
   • Email surveys and questionnaires
   • Internal Audits
   • External Audits
   • Electronic Monitoring at the activity level (Point-in-time or Persistent)
4. What vendor solutions have you tried?
   • Who was involved from the organization (highest executive)?
   • What group within the organization was involved?
   • What approach was used for the vendor selection, evaluation and implementation?
   • Did you have a 'Pilot' of the product and service?
   • Are you still in the 'Pilot' phase?
   • Were there criteria to be met prior to rolling-out to other operating divisions?
5. What vendor solutions are you using today?
   • Are the solutions meeting your needs?
   • Are they comprehensive, in that they cross organizational boundaries?
   • Do you have multiple tools that require integration?
   • Are you using custom built solutions?
   • Are these solutions adaptable to the constant changes that you are experiencing in managing your compliance program?
6. Has your organization created a single governance/compliance office?
   • Who is responsible for the office?
   • What level of the organization owns this office (Corporate/Division/Business Unit/Geography)?
   • Are the same policies used for all organizational levels?
   • Are the same policies used for across all lines of business?
   • Is this office responsible for policy creation and management?
   • What is the extent of their authority?
   • Are they able to ensure compliance to policy?
   • How do they know that they are in compliance?
7. What is your approach to considering vendor solutions?
   • Do you feel that your organization has a problem to be solved with compliance management?
   • What is that problem and who owns the problem?
   • Do they have a budget to address the problem?
   • What phase of understanding the solution are you in at this time?
   • What are the next steps?
   • Who else understands that this is a problem?
   • Do you have management level interest in solving this problem?
   • What is your timeframe for implementing a solution?
   • Who has the vision of the solution and is it a shared vision?
   • What are your software procurement and contracting policies?