Compliance was an important topic last year for many companies. In particular, compliance with the Sarbanes-Oxley Act (SOX) drove unprecedented investment in the documentation, auditing and monitoring of key business processes. However, compliance has been frequently treated as a one-time investment and the focus often was ensuring basic compliance: get the documentation done, establish the controls, and provide a basic approach for monitoring.

Companies are now recognizing that compliance is not only an ongoing investment, but a continuous process. Faced with the challenge of implementing repeatable and compliant processes, many companies are turning to BPM.

BPM Opportunity

Companies using BPM to better ensure compliance are applying the technology to many processes — from vendor management to computer access. The common thread is that they expect to gain both efficiency as well as compliance by using BPM. The specific benefits they are realizing include:

• Executable process diagrams. Process models that actually run the process deliver consistency, adherence to guidelines and compliance with regulations and mandates.
• Accurate process visibility. Real-time visibility to actual process execution — providing managers with an accurate picture of process performance and potential risks.
• Standardize best practices. Interactive user interfaces help users complete process tasks more efficiently and ensure that all steps are followed.
• Automatic, accurate documentation. Implementing a functional BPM solution automatically fulfills one of the chief requirements of SOX — detailed process documentation.
• Faster deployment. Compared with alternatives, BPM's focused process management functionality makes it the fastest way to implement process centric solutions that ensure compliance.

Lombardi In Action

A major toy manufacturer uses BPM to manage the process for approving and removing employee access to key financial and operational systems. While using BPM has dramatically streamlined the process, the most important project driver was improving the ability to track and document access privileges to critical systems — a key concern for SOX compliance. With BPM in place, the company can now track the history of requests as well as the history of access privileges for all members of the organization. Generating audit reports is a simple process of running a report in the BPM solution — instead of having to collect information from diverse systems.