Business Process Management Improves Governance Risk & Compliance

From full financial disclosure to individual privacy issues, Governance Risk and Compliance (GRC) require organizations of all sizes to safeguard the integrity and confidentiality of information to ensure the public trust. Sarbanes-Oxley (SOX), Health Insurance Portability & Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), Federal Information Security Act (FISMA) & CA SB1386 all requre financial services organizations, healthcare providers, federal government agencies and other affected entities to safeguard the integrity and confidentiality of personal information.

It’s no surprise companies, customers and shareholders are fearful of the potential disasters as a high risk remains with uncontrolled data. Breaches of private information are regular headlines and companies are finding themselves on the defensive. The California State law SB1386 requires that any business or agency that uses a computer to store certain types of unencrypted personal information about a California resident, must immediately notify that individual, upon discovering any breach to the computer system on which this information is stored. To see the latest breaches go to http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP

Process automation technologies with effective policy governance and enforcement can go a long way in mitigating risk for organizations. It is critical for organizations to safeguard their data both internally and publicly as most breaches of information occur internally either through human negligence or fraudulent activities.

Key Risk Indicators (KRI) gather and track information across internal and external sources looking at compliance, performance, risk, and operations factors and then map these against benchmark values like targets, tolerance and or variance. Analyzing and monitoring key risk indicators allows executive management to proactively manage risks and mitigate incidents before they occur. As organizational culture can trump process and can lead to mishandling of information, effective policy and business process automation can alleviate risk exposure and ensure a commitment of trust and integrity to employees, customers and shareholders.