Accent on Axentis: A look at compliance frameworks

• By Jack Vaughan
• May 2, 2004

Accompanying a flock of compliance mandates are multiple frameworks and methodologies for managing risk in a way that can be verified. This can be good or bad depending on your perspective. Either way, these frameworks should not be unfamiliar.

In the quality movement of the 1980s and 1990s, ISO-9000, for example, created useful checklists for industry processes or created a lot of extra paperwork -- views differed. In the new age of corporate and IT compliance, COSO [Committee Of the Sponsoring Organizations of the Treadway Commission] framework components, to date, have been key in Sarbanes-Oxley compliance efforts. But COSO is just a starting point.

Moreover, this is all something of a work in progress. Sarbanes-Oxley compliance is loosely defined. Some suspect that regulators are waiting to see what best practices typical industry players will actually come up with before more specifically defining what companies must achieve.

''The hard thing about these super high-level conceptual methodologies is that it is hard to pick them to know what kind of operational model to use,'' said Ted Frank, CEO at Axentis. We talked with Frank recently by cell phone as he was checking into a hotel in Switzerland. He told us that Axentis has wholly focused on compliance issues since 1999.

Given the difficulties, a flexible path is proposed. ''What we have done is advocated an adaptive operational method,'' said Frank. It is important, he and others say, to think about compliance as a process. ''You have to find the operational approach and adapt it to whatever the requirement is,'' noted Frank. To date, he suggested, people have somewhat mistakenly addressed compliance in terms of isolated processes.

Axentis came to the compliance trade through various medical industry initiatives and related training work. There was a lot of such work to do in the heavily regulated pharmaceutical industry. The company addresses compliance problems by offering managed service software.

Things expanded greatly when the government was forced to deal with financial machinations at MCI, Enron and other corporations -- but especially at Enron.

''Enron fundamentally changed the marketplace. It was the straw that broke the camel's back,'' said Frank.

Frank said IT development managers should focus on elements that are both consistent and unique to the compliance process. Among his tips: Put processes in place that ask people in the country if they have seen events or practices that may be ethically questionable.

Said Frank: ''You'd be surprised what people would tell you if you ask.''