Home
>
Software
>
Need of Document Management System (DMS)

Need of Document Management System (DMS)

Document Management or Enterprise Information Management is perhaps one of the most important of the enterprise solutions that will provide a solution to the various requirements of SOX. Several sections of SOX have a direct bearing on the manner in which the digital documents/records of the enterprise are created, reviewed, approved, stored, retrieved, transferred, and destroyed.

Knowledge Management: Document & Records Management

Estimates have been made calculating that a significantly large proportion (some say, more than 70%) of the documents owned by an enterprise are in digital format and might never be seen in hardcopy.

According to Gartner's Editor in Chief James Lundy: Records management will become a top 10 issue for many CIOs in the coming year.

In the following, we will discuss the various sections of SOX that a document management solution might help in complying with.

SOX Sections:

Section 302: According to Section 302, the CEO and CFO have to personally certify the financial statements and disclosures made by the company on authenticity and accuracy. This requires a system in place that will make the CEO and the CFO confident that all the disclosures that the company makes are accurate and authentic. This can be done in two ways:

One is to trickle-down the responsibility of the CEO and the CFO to the lower management levels and in response bubble-up the sign-offs from the lower management levels on all documents that are inputs to the company filings.

Second is to design comprehensive business processes that produce the company filings. The business processes will be designed in a very rigorous manner to comply with all the provisions and proper implementation and training of all the personnel related to the business processes will be carried out and tested on a periodic basis. Further, the business processes themselves will be open to stringent internal audits that will be carried out from time to time.

One, or a combination of both these practices will go a long way towards ensuring proper compliance.

For both these options it is clear that a strong enterprise-wide document management system will provide the foundation on which the compliance will actually be carried out. In the first case, the sign-offs can be configured using a workflow module of the document management system. In the second case, the business process itself will be configured in the document management system and all the relevant supporting or input documents too will be part of the DMS and appropriate subordination and linking will be done between the official company filings and all the input documents to it.

As proof of the records supporting the final company financials-as filed or reported-it is important to archive all the emails, excel sheets, instant messages or other communications and documents that were exchanged which led to a final certified filing by the CEO and CFO. This will safeguard the CxO's claim that all the financial reports are true to their knowledge and due diligence was carried out before certifying the reports.

Section 404: The CEO and CFO need to provide a report assessing and certifying that the "internal controls" have been assessed and are working fine or that there are weaknesses and appropriate action is being taken. Complying with this requirement is one of the most difficult parts of SOX and requires a whole slew of people, processes and technologies. However, DMS has an important role to play in this.

All the emails and attached documents in the chronological sequence will need to be archived for the purpose of proving that the internal controls are appropriate. Ideally, a workflow module will provide added assurance that the internal controls are implemented.

Section 103: requires storing the documents for a period of 7 years for audit companies. The company being audited would naturally want to replicate the documentation to guard against any discrepancy or miscommunication or mismanagement. Also another part of the act requires

Section 409: requires near-real-time reporting of all material events-whether internal or external to the investors and the regulatory bodies. This can be accomplished by using a single enterprise-wide document management system with appropriate "alerts" and notifications and workflow configured according to the design of the compliance-based business processes. This system would make sure that all relevant information is immediately relayed to the top management (CEO and CFO) and the compliance committee and advisors with minimum delays and latency. DMS provides appropriate capabilities to the compliance advisors to provide a recommendation (within the stipulated time frame) linked to each alert and escalate the reports to the CxOs with the appropriate recommendations. The CxOs can then decide whether it merits disclosure under the compliance act based on recommendations of their Compliance Committee or Advisors.

Section 802: provides for criminal penlties for knowingly altering, destroying, concealing and other activities, such as introducing false records, related to impeding or influencing an ongoing or potentially upcoming investigation by a federal agency. This would call for holding all documents in a secure system where absolutely no one in the company can alter them once they are finalized. Also this calls for a formal document retention and destruction policy which is strictly adhered to (in fact, can be proven to be adhered to) and which involves making sure that no document which any investigating agency would require is being destroyed or deleted. Furhter, the act requires that as soon as the company comes to know about a potential investigation all documents pertaining or somehow germane to that investigation are immediately ordered indestructible to or unalterable by anyone-including the CxOs of the company. This makes it important to have a feature related to creat!

ing and accepting "alerts" from the legal department of the company about any ongoing or upcoming potential investigations and as a consequence immediate information "vaulting" of all related documents. This feature will ensure compliance with this particular section and save a potential prison term and a large monetary fine and of course loss of credibility.

This section has a strong bearing on a records or document management policy of a company. The company should develop a proper document management policy and adhere to it in a timely and rigorous manner. If this is not done, the company is exposed to severe costs and damage in terms of providing documents to hostile parties in "pre-trial discovery"-the legal process of providing all relevant documents to the opposing party in a legal suit. It also exposes the company to accusations of hiding or destroying relevant documents-if done at a later stage-even before any legal proceedings are begun against the company-a la Arthur Andersen's Enron-related documents.

Document Management systems provide several benefits to the company. Since an IT system is a business process frozen in a particular software and hardware implementation, it proves that the particular business process is being consciously and diligently adhered to. In the worst case, this proves that the compliance is being followed in spirit. Now whether the compliance is being followed in form can be found out from the results of the particular system and also from the audits of it at various stages of the business process. The capability to follow an audit trail on all documents created or processed through it is extremely useful in executing compliance activities and also in proving compliance at a later stage. The capability to create workflows automatically creates auditable process paths.

The DMS also makes possible to access any documents at any point of time with relative ease. It also acts as a centralized repository of documents (both structured and unstructured). All publicly disclosed documents can be locked in the final form as images and can not be tampered with later on. These can be stored and deleted according to the schedules of various regulatory and compliance Acts of the Government. Document and information which is supposed to be for limited consumption at the top management level can also be strictly screened and internal controls on these can be enforced rigorously. At the appropriate time the documents can be "published".

Whistleblower: For this section of the act, it is important that a document management system is provided to log all whistleblower communication-absolutely securely where no unauthorized personnel may be able to access it-and store all communications.

An indirect requirement for Document Management Systems in the enterprise is for the purpose of storing the documents related to enterprise compliance policies, their updates, amendments, the internal control policies of the company and other documents of a similar nature that help in proving the compliance process at the enterprise.

The company needs to make policies about the following aspects of documents:

Creation
Approvals
Publishing
Retention
Access
Distribution
Lifecycle

This policy will help in implementing the contradictory requirements of document retention for compliance purposes and document deletion for reducing the cost of document retention and improving operational efficiency.

Initial step is to define the document retention policy. The second step is to survey the existing document management systems in place in the enterprise and the third step is to create a proper document management system.

Have a centralized repository of documents.

Have a structured and hierarchical architecture

Have security & access control

*A Report Distribution System or Document Management & Workflow System will disburse this to the CEO and the CFO within the prescribed time-frame and allow them enough time to make their own final judgments about the situation.

Finally, a Public Information Distribution System should exist to quickly disburse this information-if judged important by the CEO & the CFO-to the investors & other stakeholders or relevant authorities prescribed by SOX.

Author: Dr. Vikas V. Gupta.

Email: ceo@inkorus.com

ceo@inkorus.com

www.istrat.co.in
www.gemolap.com
www.internetsrus.com
www.real-estate-web-software.com

About The Author

Dr. Gupta is the Founder & President of Istrat. He is a B.Tech. from IIT, Bombay & did his M.S.(Engineering) & Doctorate in Engineering Science (Ph.D.) from Columbia Univ., New York. Following his doctorate he has worked at University of California, Irvine as a Research Scientist and as an Asst. Prof. at IIT Kharagpur.

He is responsible for setting the strategy and direction of the company and looks after the strategy and execution of the strategy. He provides a global perspective to the company and provides a bridge between Indian IT resources, including talent and products, and global clients with IT requirements. He provides the Indian IT talent with an understanding of the parameters important to the global client (namely, quality, reliability and delivery, besides cost). Similarly he provides the global clients with an understanding of the breadth & depth of expertise of the Indian IT workforce (namely, Architecture & Design expertise, product development & project management expertise and functional expertise of business processes of various industry sectors, besides low cost programming talent).

housekeepers near Park Ridge ..

In The News:

The A.I. industry seems set for growing pains as Big Tech companies scramble for solutions to the medium's unprecedented strain on the power grid.

Fourth of July fireworks cause a 60% spike in lost pets, but GPS trackers and AI photo-matching services like Love Lost can help reunite missing dogs with their families.

Protect yourself from jugging, the rising crime by which thieves monitor ATM users and follow them to steal cash, with six practical safety tips to stay alert and secure.

U.S. airlines like Delta, American and United are selling your domestic flight records to government agencies through the little-known Travel Intelligence Program.

Autonomous robots from Uber Eats are rolling out across U.S. cities, featuring LIDAR sensors, secure compartments and all-weather operation for food and grocery delivery.

Costco has expanded into EV infrastructure with new ultra-fast charging stations that can charge most electric vehicles to 80% in 20-60 minutes while shoppers browse the warehouse.

The new Gemini Robotics On-Device AI allows robots to perform complex tasks without internet, offering enhanced privacy, reliability and adaptability for real-world use.

Protect yourself from Amazon phishing scams by spotting red flags like suspicious sender addresses and spelling errors while using Amazon's Message Center to verify communications.

GAC Group's new Govy AirCab flying car combines lightweight design with advanced safety systems and smart cabin technology to revolutionize city travel with an 18.6-mile range.

The Berkeley Humanoid Light (BHL) is a lightweight, open source humanoid robot that anyone can build using 3D-printed parts and off-the-shelf components.

Meta’s new AI chatbot is getting personal, and it might be sharing more than you realize.

A new threat targets both Android and iPhone users: SparkKitty, a powerful mobile malware strain that scans private photos to steal cryptocurrency recovery phrases and other sensitive data.

Thanks to a team at the University of California, Davis, there's a new brain-computer interface (BCI) system that's opening up real-time, natural conversation for people who can't speak.

Privacy risks are hiding in plain sight, as your personal data is likely being collected, tracked, and sold without your knowledge.

VenHub, a fully autonomous, AI-powered smart store just opened at the LAX/Metro Transit Center in Los Angeles.

A woman's Facebook account takeover reveals dangerous social engineering tactics and provides lessons on recovery, avoiding scams and enacting stronger security measures.

Shanghai engineers are using 432 walking robots to relocate a complex, preserving Shikumen architecture while creating space for a modern underground hub and cultural center.

Major healthcare data analytics firm Episource had a cybersecurity incident exposing 5 million patients' medical records and personal information in recent breach.

A new sophisticated PayPal scam sends legitimate-looking emails from official PayPal addresses, using phone numbers instead of links to convince victims to download remote access tools.

Fox News' AI Newsletter brings you the latest on this rapidly evolving technology.

The innovative Kara Pod device extracts moisture from air to create mineral-rich water and brew coffee, featuring UV sterilization and compatibility with Nespresso pods.

Gov. Hochul unveiled New York's nuclear power plant project to power a million homes, which faces permit challenges while promising jobs and a cleaner energy future.

SAFE introduces Aerie, an underground luxury bunker combining high-end living with advanced security, wellness amenities and interactive walls simulating panoramic views.

A Facebook scammer posing as Elon Musk tricked a victim with promises of a Tesla and $250,000, requesting gift cards that become untraceable once the codes are shared.

Experience hands-free golfing with the Robera Neo smart caddie that uses AI to follow you, navigate obstacles and carry your clubs with GPS course mapping.

Need of Document Management System (DMS)

Software