Centralizing Compliance Documentation

1
Centralizing Compliance Documentation
4th Annual Conference for Effective Compliance
Systems In Higher Education Presented by David
Galloway Deena King Brigham Young University
Office of Compliance and Audit March 30, 2006
2
Agenda

• BYU Who We Are
• BYU Compliance Environment
• Dimensions of Centralized Documentation
• Demonstration of Documentum Enterprise Content
  Management Software
• Questions/Answers/Other Solutions

3
Brigham Young University

• Private, Church-sponsored
• Founded 1875
• Three independent campuses
• Provo, Utah (30,000)
• Rexburg, Idaho (14,000)
• Laie, Hawaii (2,000)

4
Brigham Young University

• 75 students speak language in addition to
  English
• Students come from all 50 states and more than
  120 countries
• 1 Stone-cold Sober University in the nation
  (Princeton Review)

5
Brigham Young University

• 1,600 faculty
• 2,500 administrative staff
• 13,000 part-time student employees
• 25 million in externally funded research grants

6
BYU Compliance Environment

• High reliance on student employees
• Limited Resources to Address Compliance Issues
• No medical school
• Level III Biohazard laboratory
• Very Risk-Averse Culture
• Formal compliance function organized July 2005

7
BYU Compliance Organization
8
(No Transcript)
9
Scope Areas/Programs
10
BYU Institutional Compliance Universe
International
Environmental Health Safety
Human Resources
Information Security
Student Services
Athletics/NCAA
Intellectual Property
Student Financial Aid
Tax
ADA/Access
Financial Controls
Land Use Planning
Investment Charter
Research Administration
Donor Gift Restrictions
Campus Security
Controlled Substances
11
Compliance Universe
Information Security
Compliance Category
FERPA
PCI/CISP
Compliance Class/Program
Gramm-Leach Bliley
HIPPA
12
Deliverable Compliance Program
13
Program Documentation
Evaluation File
Resources
Overview
Implementation Plan
Audit Plan
Policy Statement
Audit Schedule
Compliance Handbook
Audit Program
Compliance Guide
Purpose/ Scope
Audit Reports
Compliance Training
Procedures
Responsibilities
Audit Follow-up
Self-Audit Checklists
Training Requirements
Summary Evaluation
Monitoring Requirements
Website
Monitoring Reports
Compliance Database
14
(No Transcript)
15
Enterprise Content Management
Website

• Central Database
• Accessible
• Controlled Access (General and Content Specific)
• Work-flow Capability
• Accommodate Multiple Users
• Populate Website(s) from Approved and Controlled
  Content

Compliance Database
16
Enterprise Content Management Software
Website
Central Database -Documentation from any
source/format -Centrally managed and
secured -Service to University units
Compliance Database
17
Enterprise Content Management Software
Website
Accessible -General University
Community -Facilitate Ownership -Populate
multiple websites
Compliance Database
18
Enterprise Content Management Software
Website
Controlled Access (General and Content
Specific) -Users/writers/approvers/executives all
can have access to content appropriate to their
needs
Compliance Database
19
Enterprise Content Management Software
Website
Work-flow Capability -Check-in, check-out,
approval routing -E-mail notification -Facilitate
Collaboration -Edit/approval/publish
Compliance Database
20
Enterprise Content Management Software
Accommodate Multiple Users -University
community (policy, procedures, general
information) -Department websites -Executive
review -Compliance/Risk Management/Legal
Website
Compliance Database
21
Enterprise Content Management Software
Website
Populate Website(s) from Approved and
Controlled Content -Compliance/Risk
Management/Legal -Departments (Chemistry Labs,
Physical Facilities)
Compliance Database
22
Enterprise Content Management Software
Website
Other -Version control -Historic
archive -Integration with other University
content (University Policy Manual)
Compliance Database
23
Overview
Policy Statement
Statutes/ Requirements
Purpose/ Scope
Compliance Database
Procedures
Responsibilities
Training Requirements
Monitoring Requirements
Website
Monitoring Reports
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
Demonstration of Documentum
30
Upload a Document
31
Log In Screen
32
Meta-data
33
Meta-data
34
Inbox
35
Edit A Document
36
Web Cabinets
37
File Structure Very Similar to Windows Explorer
38
Compliance Web Cabinet
39
Lockout-Tagout Folder and Contents
40
View versus Check-Out
41
A document must be checked out before it can be
edited.
42
A checked out document is locked.
43
Click on the document title and MSWord is
automatically opened.
44
An edited document must be checked back in.
45
The document now has a new version number.
46
Workflow
47
Clicking the arrow next to the document name will
automatically start a workflow.
48
The change set indicates the document is in the
workflow.
An e-mail is automatically generated and sent to
the next person in workflow notified that a
document is ready for their review.
49
Inbox of Next Person in Workflow
50
Once editor/approver Accepts a task they can
edit and Submit or edit and Reject. If
submitted, it is either sent to next person or
published.
51
Source Gartner (October 2005)
52
Centralizing Compliance Documentation
4th Annual Conference for Effective Compliance
Systems In Higher Education Presented by David
Galloway Deena King Brigham Young University
Office of Compliance and Audit March 30, 2006