Need of Document Management System (DMS)

Document Management or Enterprise Information Management is perhaps one of the most important of the enterprise solutions that will provide a solution to the various requirements of SOX. Several sections of SOX have a direct bearing on the manner in which the digital documents/records of the enterprise are created, reviewed, approved, stored, retrieved, transferred, and destroyed.

Knowledge Management: Document & Records Management

Estimates have been made calculating that a significantly large proportion (some say, more than 70%) of the documents owned by an enterprise are in digital format and might never be seen in hardcopy.

According to Gartner’s Editor in Chief James Lundy: Records management will become a top 10 issue for many CIOs in the coming year.

In the following, we will discuss the various sections of SOX that a document management solution might help in complying with.

SOX Sections:

Section 302 : According to Section 302, the CEO and CFO have to personally certify the financial statements and disclosures made by the company on authenticity and accuracy. This requires a system in place that will make the CEO and the CFO confident that all the disclosures that the company makes are accurate and authentic. This can be done in two ways:

One is to trickle-down the responsibility of the CEO and the CFO to the lower management levels and in response bubble-up the sign-offs from the lower management levels on all documents that are inputs to the company filings.

Second is to design comprehensive business processes that produce the company filings. The business processes will be designed in a very rigorous manner to comply with all the provisions and proper implementation and training of all the personnel related to the business processes will be carried out and tested on a periodic basis. Further, the business processes themselves will be open to stringent internal audits that will be carried out from time to time. One, or a combination of both these practices will go a long way towards ensuring proper compliance.

For both these options it is clear that a strong enterprise-wide document management system will provide the foundation on which the compliance will actually be carried out. In the first case, the sign-offs can be configured using a workflow module of the document management system. In the second case, the business process itself will be configured in the document management system and all the relevant supporting or input documents too will be part of the DMS and appropriate subordination and linking will be done between the official company filings and all the input documents to it.

As proof of the records supporting the final company financials - as filed or reported - it is important to archive all the emails, excel sheets, instant messages or other communications and documents that were exchanged which led to a final certified filing by the CEO and CFO. This will safeguard the CxO’s claim that all the financial reports are true to their knowledge and due diligence was carried out before certifying the reports.

Section 404 : The CEO and CFO need to provide a report assessing and certifying that the "internal controls" have been assessed and are working fine or that there are weaknesses and appropriate action is being taken. Complying with this requirement is one of the most difficult parts of SOX and requires a whole slew of people, processes and technologies. However, DMS has an important role to play in this.

All the emails and attached documents in the chronological sequence will need to be archived for the purpose of proving that the internal controls are appropriate. Ideally, a workflow module will provide added assurance that the internal controls are implemented.

Section 103 : requires storing the documents for a period of 7 years for audit companies. The company being audited would naturally want to replicate the documentation to guard against any discrepancy or miscommunication or mismanagement. Also another part of the act requires