Accent on Axentis: A look at compliance frameworks
- By Jack Vaughan
Accompanying a flock of compliance mandates are multiple frameworks and
methodologies for managing risk in a way that can be verified. This can be good
or bad depending on your perspective. Either way, these frameworks should not be
In the quality movement of the 1980s and 1990s, ISO-9000, for example,
created useful checklists for industry processes or created a lot of extra
paperwork -- views differed. In the new age of corporate and IT compliance, COSO
[Committee Of the Sponsoring Organizations of the Treadway Commission] framework
components, to date, have been key in Sarbanes-Oxley compliance efforts. But
COSO is just a starting point.
Moreover, this is all something of a work in progress. Sarbanes-Oxley
compliance is loosely defined. Some suspect that regulators are waiting to see
what best practices typical industry players will actually come up with before
more specifically defining what companies must achieve.
''The hard thing about these super high-level conceptual methodologies is that
it is hard to pick them to know what kind of operational model to use,'' said Ted
Frank, CEO at Axentis. We talked with Frank recently by cell phone as he was
checking into a hotel in Switzerland. He told us that Axentis has wholly focused
on compliance issues since 1999.
Given the difficulties, a flexible path is proposed. ''What we have done is
advocated an adaptive operational method,'' said Frank. It is important, he and
others say, to think about compliance as a process. ''You have to find the
operational approach and adapt it to whatever the requirement is,'' noted Frank.
To date, he suggested, people have somewhat mistakenly addressed compliance in
terms of isolated processes.
Axentis came to the compliance trade through various medical industry
initiatives and related training work. There was a lot of such work to do in the
heavily regulated pharmaceutical industry. The company addresses compliance
problems by offering managed service software.
Things expanded greatly when the government was forced to deal with financial
machinations at MCI, Enron and other corporations -- but especially at
''Enron fundamentally changed the marketplace. It was the straw that broke the
camel's back,'' said Frank.
Frank said IT development managers should focus on elements that are both
consistent and unique to the compliance process. Among his tips: Put processes
in place that ask people in the country if they have seen events or practices
that may be ethically questionable.
Said Frank: ''You'd be surprised what people would tell you if you
Jack Vaughan is former Editor-at-Large at Application Development Trends magazine.