Compliance Tools: Local software companies helping ease the burden of corporate governance
In the byzantine world of corporate governance, hundreds of software firms have sprouted to streamline and automate various aspects of the process. Three such software firms call Utah home: LANDESK, MasterControl and RizePoint. Each of the three serves a core function distinct from the others. Naturally, they also share considerable overlap.
A caveat: these are complex software systems, each of which offers multiple modules that address discrete corporate governance challenges. In this article, we won’t be able to give the comprehensive treatment. At the risk of oversimplification, we will examine three broad domains among many: security management, regulatory compliance and social responsibility.
LANDESK: Security, visibility, automation, control
Headquartered in South Jordan, LANDESK offers a diverse set of corporate governance services. Matt Hooper, LANDESK product evangelist, summarizes the offerings as a “backbone of operations” that allows a chief information officer to “manage assets and IT staff in an automated, scalable fashion.” Put more simply, the software allows the person in charge to have a handle on a company’s systems.
First, LANDESK allows a company to set its control objectives and have total visibility over the degree to which those objectives are being met. Any data changes are traceable to their source. Workflows are tracked. Through a system of automatic auditing, validating, timestamping and checking, the software compares existing processes against standards and flags any vulnerability or deviation from established procedure.
Second, LANDESK analyzes and prioritizes impact. “Not all vulnerabilities are critical,” Hooper explains, adding that a CIO could spend all of her time addressing inconsequential issues at the expense of the truly consequential ones. “It’s like looking in a pile of needles for a needle,” he adds. “You’ve got to find the one that has the poison.”
Finally, the software provides solutions for patching vulnerabilities. The LANDESK Patch Manager evaluates, tests and applies patches automatically. “Remediate thousands of systems with one task,” the LANDESK site proclaims. A prominent financial services company vouches for the remediation component. “It saves hundreds of hours of IT time,” a spokesperson for the company said in a phone conversation. “The system scans and patches, and our risk team can track it all and evaluate.”
MasterControl: Revenue enhancement through compliance management
MasterControl sits in an office park nestled in the foothills of the Wasatch Mountains. The company specializes in the life sciences sector. Specifically, helping pharma, medical device and other healthcare companies comply with the labyrinth of regulations that control their processes. However, according to Matt Lowe, executive vice president of the company, compliance should not be viewed as a burden.
“There’s quality and then there’s compliance,” Lowe explains. He uses an analogous relationship between law and ethics. “You might not be breaking the law, but that doesn’t mean you’re doing the right thing.” Doing the “right thing” often entails going above and beyond mere legality.
“It’s a higher standard,” Lowe says. Accordingly, a company with a steadfast commitment to quality will go above and beyond mere compliance. “If a life sciences firm is merely checking the compliance boxes, they’re doing it wrong and their quality will suffer.”
Lowe sees MasterControl as a sort of guidebook. To be sure, its products ensure that a company is “checking the compliance boxes.” Beyond that, it empowers an organization to develop and maintain its own quality standard.
“It’s the things that you should do that nobody’s making you do,” explains Lowe. “Or, the things that are strictly legal, but that you shouldn’t be doing.” And, in an even more revolutionary twist, Lowe claims that “quality must be viewed as a vehicle of increased production and revenue.” Whereas compliance for compliance’s sake can hurt revenue and production, a higher standard of quality will ensure that a company avoids costly callbacks, product liability lawsuits and other nightmares. Such a commitment will also foster a culture and collective mindset that looks for ways to “do it right the first time” in ever more efficient ways.
In other words, quality for quality’s sake empowers an organization to optimize and innovate, while compliance for compliance’s sake can lead to corner-cutting, rigid thinking and stagnation.
Haven McCall can vouch for the efficacy of the MasterControl approach. As vice president of regulatory affairs and quality for Megadyne, he oversees compliance for 70 international markets. Megadyne, a maker of electrosurgical products, has undergone tremendous growth in a short time span, and MasterControl has helped it maintain its quality standards while it has scaled.
In fact, as McCall has discovered, MasterControl’s reputation precedes Megadyne’s international expansions. “When I go to register a product in another country and I tell them that we use MasterControl, they respect that,” he says.
Using MasterControl smoothes the way by reassuring overseas regulators that Megadyne’s quality management system is even more robust than is needed—which translates to a faster registration process and shorter time to market.
RizePoint: Corporate social responsibility
Corporate social responsibility (CSR) has become something of a buzzword. All too frequently, a corporation will launch some CSR initiative almost as an afterthought. According to Frank Maylett, president and CEO of RizePoint, such transparently self-serving corporate social responsibility is usually anything but. According to a white paper available on the company’s website, “weaving CSR into the fabric of a company’s operations is much more complex than just creating and funding philanthropic programs.” And having such an integrated CSR program can “create differentiated value for the entire organization.”
Echoing MasterControl’s Matt Lowe, Maylett describes CSR as a “set of ethical practices” and a “higher law.” The impacts of good CSR, or the lack of it, can be far-reaching. Maylett points to the 2013 collapse of a Bangladeshi garment factory as an example. More than a thousand workers were killed when the crowded building fell down. A number of prominent clothing brands had their supply chains traced to the tragedy, and their brand image—and their bottom line—paid the price.
RizePoint’s CSR solutions involve a set of auditing, reporting and transparency tools for tracking and managing a company’s processes and its supply chain. The software has a regulatory compliance component; however, its main emphasis is on ensuring that company representatives and suppliers are making “responsible sourcing decisions.”
Software and corporate governance
Effective corporate governance has a number of prerequisites. Foremost, as per the MasterControl philosophy, a company foundation of ethics supports the rest of the corporate governance structure. Following from a company’s core ethics, a high degree of visibility is imperative. Executives and directors need data and other feedback that keeps them informed about the state-of-play regarding company practices. They need systems and tools that help them track, audit, prioritize and act.
A corporate governance product typically contains its function as the very architecture of its software, keeping corporate personnel on point. MasterControl, for example, guides users through the compliance process; LANDESK is structured around security and IT management; and Rizepoint outlines the key aspects of corporate social responsibility while allowing each organization to construct its own CSR particulars.
Although today’s software solutions make governance processes easier, smoother and more efficient than ever before, it bears emphasizing that they are tools only. They do not create guiding principles nor ethical governance. However, the fact that they are mere tools is no small matter. Where mountains of forms, redundant paperwork and hundreds of spreadsheets once dominated, a single program can now shave off thousands of hours.
In a human-software collaboration, both sides play a crucial role. Humans—organizational leaders, directors and other decision-makers—set policy and establish a culture of ethics. Software facilitates deployment. Humans are good at guiding corporate governance in the right general direction. Software handles the particulars. Where humans are notoriously error-prone, software is virtually error-free. When software does have a glitch, however, it tends to be obvious; humans can detect it and take action to restore the system. Today, with innovative software solutions, business executives have the tools to implement corporate governance protocols with far more ease and accuracy than ever before.