Metadata vital to ensure proper compliance

The regulatory environment is becoming increasingly complex, and requirements from businesses in this sphere are mounting. The ECT Act impacts document, records and content management, detailing what companies should be doing. The Financial Intelligence Centre Act (FICA) requires accountable organisations to demonstrate what they know, including information such as clients` full names and identity numbers.

Aimed at preventing fraud, this impacts the technology systems that underpin the business because they need to be able to capture, store and retrieve this information, and manage it, in most cases, for the duration of the client`s life or the organisation`s existence.

Further regulation comes in the form of the Financial Advisory and Intermediary Services Act (FAIS), which lays down requirements for qualification and certification of people providing these services, and provides redress for clients who have suffered from poor advice.

Basel II requires banks to address operational, credit and market risks and retain a specified amount of capital to cover these.

Basel II has exposed the enormity of the task banks face in trying to gain a single view of the customer, the ECT Act and FICA have highlighted the need for effective document, content and records retention, storage, retrieval and management, while FAIS requires organisations, in terms of technology, to be able to track and record conversations and documents exchanged with clients.

Companies therefore need to continually monitor and keep on top of the ongoing changes to the controls and governance processes now in place. And their ability to track these changes will hinge on how well they can harness, manage and leverage comprehensive data about their data - that is, metadata.

Companies need to continually monitor and keep on top of the ongoing changes to the controls and governance processes now in place.

Charl Barnard, GM

Metadata is a critical component of data integration, data movement and data synchronisation. It encapsulates a given piece of data`s lineage, meaning and purpose: where it`s been over time, what if anything has changed, and when and why. When applied to compliance, this is a powerful capability. Metadata is about confidence in the data, systems and processes behind the numbers.

Companies need granular controls and processes defined such that they can certify their systems. For example, if changes need to be made to the rules governing the approval of purchase orders, the rule changes will have to be validated, all necessary documentation must be modified, the test plan being used to validate compliance will have to be changed, before going through the appropriate remediation phases. In order to find, flag and fix exceptions, find a way to tie business processes to controls to remediation steps - right down to the individual data elements and the validation of the rules. Metadata can provide the power to do this.

When gathering granular metadata elements, leverage them to link business processes to:

* The controls and rules used to regulate them.
* The tests used to validate those controls.
* The remediation done to fix any problems.
* The final audit process.

That`s because metadata can accurately, and inescapably, describe all the deltas relating to business process changes as the company proceeds quarter to quarter.

Metadata should be captured from all systems and applications - even spreadsheets - and consolidated into a central repository for leveraging via visualisation tools.

An increasing number of companies are launching centres of integration excellence to promote unified data integration standards, processes and practices and the continual leveraging of metadata knowledge across numerous integration projects.

These centres can play an important role in implementing compliance management architecture and ensuring the success of compliance initiatives.

Metadata should be captured automatically from all pertinent systems and applications - even spreadsheets - and consolidated into a central repository. There it can be tracked at the line item level and leveraged via visualisation tools.

It is important to be inclusive because metadata resides in a multitude of places, from transaction and ERP systems to department databases and spreadsheets. In fact, spreadsheets are where many of the final calculations affecting financial reporting take place. It is imperative to keep those calculations and their history from being overwritten and lost. Automatically capture what`s going on in the spreadsheet, or any other end-user tool, to validate not just the inputs, but also the calculations and outputs.

It is equally important to be automatic in collecting the metadata because there is no way to stitch it together by hand across all its residing places - and along all the different data streams that have to come together to deliver a single number for compliance reporting.

Even when inclusive and automated, it is important to remember that the idea is not to merely catalogue metadata, but rather to set it up for easy access and in-depth analysis. In other words, visibility is needed into the entire data-gathering and integration process in order to:

* Ensure the consistency, accuracy and integrity of compliance-related data.
* Drive accountability by tying data back to its owners.
* Understand how information assets and processes are derived.
* Identify the fundamental relationships between data assets -and know how they are being used.

Companies that fall out of compliance in some future quarter will be penalised through their share price. The JSE Securities Exchange does not like surprises. Hence companies need to pull out all the stops in order to sustain compliance.

This requires repeatable and cost-effective IT processes. Rather than resorting to expensive and risk-laden quarterly finance department and IT fire drills, then comprehensively collected, integrated, visualised and leveraged metadata is the only sustainable foundation for ongoing regulatory compliance.