Alex Holloman III (alex.holloman@infosys.com) is the Compliance Officer for Infosys McCamish in Atlanta, Georgia, USA.
We’ve all been there. You are involved with an audit (internal, external, regulatory), and the examiner asks for someone to explain how a process is supposed to work—and then you discover the actual process doesn’t match your documented procedures. Or better yet, the last time the procedures were updated, they referenced saving all information to a floppy disc at the end of the day.
At the onset, procedures are developed to document how a task or activity should be performed. It is the central document that associates refer to in times of confusion, and it is incorporated within the onboarding process. Over time, our attention shifts to other pressing matters, and the documentation becomes outdated. It’s an unfortunate situation, but very common within the realm of our daily work activities. Reviewing your business procedures is not done frequently enough, and usually happens the week prior to the audit. Compliance should implement a governance program, in partnership with the appropriate internal stakeholders, to ensure a review is happening on a recurring basis.
Standard operating procedures
As a compliance officer of a third-party administrator that provides policy administration for insurance and financial services companies, I make it a priority to partner with our clients to review and make updates to our standard operating procedures (SOPs). The SOPs are a set of step-by-step instructions developed to educate and train our associates on the specific steps they must follow to perform their routine business activities.
SOPs aim to achieve efficiency, quality output, and uniformity of performance, as well as reduce miscommunication to enhance your ability to comply with industry regulations. The updates to the SOPs are usually driven by regulatory change, recommendations from a risk assessment, fraudulent activity, budget allocations, associated vendor solutions, and staffing changes. Updating your procedures allows you the opportunity to align your documented process to mirror the actual steps your associates use.
A pillar of our compliance program involves performing an assessment of a process or procedure to see if what we “say we do” actually matches the documented SOP for our business operations. Annually, we conduct business process assessments to review a common SOP across all of our administrative clients, looking for opportunities to improve and standardize our procedures.
The assessment begins by requesting the most current version of the SOP and comparing it with the process our associates are executing. This comparison allows us to identify any deviations from the procedures that should be recalibrated through training, or it exposes the areas of the SOP that need to be updated. Our next step involves developing subjective questions, based on the comprehensive information, that would allow us to compile and compare the responses. After this is completed, we interview the department managers responsible for the process to confirm the responses and address any outstanding concerns. The final step involves comparing our responses to industry best practices, drafting a summary of our recommendations, and then sharing it with the corresponding department managers. The assessment is designed to validate a process and offer areas for improvement.
