Contributory Compliance Technologies
A problem for regulatory compliance document and data management systems can be employee subversion, whereby employees try to find ways around the hurdles in the management system. They might create their own local copies of documents or spread sheets, create unauthorized shares, or print or redistribute private documents. If you put yourself in the shoes of the workers for a moment, you can hardly blame them. Complying with strict document management rules can be inefficient (for such things as editing and approval), cumbersome (because of difficulty locating files across applications and databases), disruptive (with regard to enforcement of check-in and check-out and versioning) and disjointed (due to lack of integration with other systems). Knowledge workers tend to follow easier, less bureaucratic, workflow paths, even if compliance rules are otherwise violated. These issues can be exacerbated when you mix in things such as cross-group collaboration, outsourcing, and international virtual teams. As companies grow larger and more complicated and work teams go beyond company boundaries the challenges to compliance regulation can be daunting.
Of course technologies such as Active Directory, Information Rights Management, Rights Management Services and The Microsoft Office System can be used to lock down documents and prevent many of the employee compliance skirts. With SharePoint (part of the Microsoft Office System), for example, permissions can be easily set by office workers for access to documents by other office workers. Documents can be checked out, edited and checked back in. Security groups can be created in Active Directory and then used to set broad strokes of permissions to those using SharePoint.
Still, the proverbial stick is only part of the answer. Office workers need carrots also. They need to be motivated to work together, and to comply with regulations because they want to do so. Motivation is increased if the regulatory compliant workflow path for workers is a naturally easy one for them to follow. Part of that motivation can be supplied by technologies that, while not strictly speaking are regulatory compliance technologies, can be thought of as “contributory compliance technologies”. SQL Reporting Services and Microsoft Live Meeting are such technologies.
Live Meeting helps employees come together to discuss the use of documents and data and to visually see how another employee or group is using similar documents or overlapping data. It permits divergent teams to collaborate and agree on document usage, enhancing personal trust between employees and groups. Shared goals (and matching metrics) can be agreed upon and memorialized in a document, and then revisited during regular meetings between group representatives. Checkpoint meetings along the path of the usage of documents and data can not only help confirm that the agreed usage is on track, but also provide an outlet for expression of desired changes in usage. The immediate interaction during a short meeting via Live Meeting can expedite negotiated agreement as to the proper usage of documents and data circumvent what might otherwise be a time-consuming process.
SQL Reporting Services helps employees share goals. One of the best ways for a group to collaborate with other portions of a business, or with other businesses, is via shared goals. When a group identifies goals of another group and helps that other group attain their goals, very often the other group reciprocates. What then happens is that the goals of each group partially become the goals of the other. To some extent there is a perceived overlap of goals, or “shared goals”. Reporting Services provides reports that give transparency to the usage of secure data across groups in a scalable but targeted and appropriate manner. This helps eliminate the perceived need of some employees or groups to do things like keep multiple local copies of spread sheets. Reports can be easily created, tailored and provided to an intended audience. Sometimes it is a matter of modifying the nomenclature or taxonomy of one group slightly to more easily align the goals of two groups and compare apples to apples. Common threads in data can be identified by data base administrators, and the appropriate reports derived there from, in a secure and scalable manner, and with the appropriate intended audiences.
In terms of governance, a continuous discussion among employees and groups of shared goals that are given transparency by way of reports is a very beneficial way to manage changes in a dynamic environment. Those who lead or monitor compliance efforts should encourage the use of contributory collaborative technologies, such as Live Meeting and Reporting Services, in order to make the sometimes difficult practical constraints of regulations easier for employees to naturally follow and to keep ever far reaching teams on track.
Joe Scalone