Corporations and enforcement agencies alike recognize the growing importance of leveraging technology to achieve an effective compliance program. For those involved in compliance functions who may be hesitant to prioritize or expend valued resources on technology, let me put your mind at ease.
In my experience, embracing the expansion of technology can comfortably be viewed as an investment to elevate your compliance program in the long run. It is true that many technology solutions or tools often have an upfront implementation cost, but savings through efficiencies are recognized almost instantaneously.
Simple yet effective solutions can act as a central repository and approval workflow for key compliance areas. This may include web-based measures, such as tools to track a company’s government interactions, gift giving, or conflicts of interest. To promote the uniformity of data, some companies link these solutions to each other or to its enterprise resource planning (ERP) system. It is a good practice to link to financial systems whenever possible to consistently track data across the company. For example, connecting a conflicts of interest tracking solution to a vendor master table within a company’s accounting records can provide valuable insight into, and controls over, the vendor population by highlighting those with potential conflicts. This knowledge would also be beneficial during the due diligence process as a consideration prior to onboarding new vendors.
Widely regarded as the most critical element of an effective compliance program, third-party management can be significantly improved through technology. This can range from manual or spreadsheet-based processes to full-scale, web-based platforms with built-in scoring methodologies, risk-based workflows, due diligence screening capabilities, and management reporting via dashboards.
Based on firsthand experience assisting a company with the implementation of a due diligence solution to manage its third-party partner population, the benefits of the technology platforms were clearly evident. Prior to the tool, the company had an inconsistently applied manual process, with supporting documentation dispersed throughout numerous business units and jurisdictions. The new platform enabled the compliance team to centrally manage the process, establish a consistent workflow for due diligence, apply risk-based scoring to tier its diligence efforts and dedicate more resources to higher-risk third parties while expending less resources on lower-risk partners. This increased efficiency facilitated risk management for this vital piece of a compliance program.
Another common use of technology to support compliance programs is the implementation of an employee expense reimbursement tool. Many existing solutions can be integrated within various ERP platforms or included as an add-on module. Expense reimbursement tools can be customized to incorporate internal controls, such as approval levels, delegations, expense coding, supporting documentation, and narrative description requirements. It also provides efficiency and consistency in operations as many tools provide for mobile usage, and can be similarly structured across geographies in the relevant local language.
There are also various technological enhancements that do not pertain to financial records. For instance, instead of maintaining policies and procedures in hard copy or even on a shared network drive, companies can use an online central repository to disseminate its compliance policy framework. Solutions are available for policy management that provide access to global employees, change controls, and search capabilities to quickly locate relevant policies. Similarly, the use of a company intranet for messaging employees can be a valuable resource to communicate values and principles and new policies while periodically delivering updates about a compliance program.
Some of the most mature compliance-minded organizations use technology to monitor business activities and continuously improve its compliance program. A noticeable trend in the compliance arena is the use of data analytics as a proactive, ongoing monitoring tool. Analytics can help identify higher-risk transactions and anomalies in near real time, and are increasingly a key aspect of a company’s internal audit and monitoring efforts. Leading companies are using predictive analytics in combination with web-based platform solutions to not only mitigate risk at the detailed transactional level, but also to incorporate what was learned from past analyses.
As mentioned, most solutions can also be supported by mobile applications. With more remote and on-the-go workers, a mobile app provides added convenience and simplicity to compliance processes. It can be particularly useful for sales teams spending the bulk of their time on the road, carrying out higher-risk interactions with customers or third-party partners.
With any technological solution, the importance of human judgment should not be neglected nor lost. In the example of a proactive monitoring solution using data analytics, there may be a reasonable business rationale for flagged transactions. Simply relying on the output of an automated platform can lead to false positives and unwanted results. The value of a risk-based review by compliance team members and employees closest to the business process cannot be overstated.
Technology platforms offer new opportunities to strengthen corporate compliance. Companies should consider the advantages of technology while also ensuring the appropriate level of human oversight. Benefits include the following:
- Efficiency of company resources – Automation lowers strain on employee time and effort, and provides cost savings compared to manual processes.
- Visibility into global operations – Especially for locations with limited interaction with corporate headquarters.
- Consistency of data and messaging – Accounts for complex organization structures and regional differences.
- Quality of information and data – Sanitizes data across disparate sources to allow for more focused analysis.
Benjamin A. Cohen, CPA, CFE, CFF, is a principal for Control Risks in Washington, D.C. He can be reached at email@example.com.