Audit trails & Compliance (Jul 1, 2020)
Listen to compliance experts share their ideas on how you might be able to streamline and enhance compliance and regulatory processes in your organization.
Great.
So excited to see so many people joining our Audit Trails and Compliance User Group.
Before we get started, just do a little housekeeping: No need to take a bunch of notes, we are recording the session, the link will be available to customers after the event. And we’re also going to have some links to just continue the conversation after. So just want to share that with you. And just a introduction, I am Cynthia Boon, I’m a strategic customer success manager here at Workfront. I’ve been with Workfront about six months, but I was a customer for about five years. So just excited to be with the organization. I’m in Fort Worth, Texas, and it’s pretty hot and humid here. So I’m not sure how the weather is everywhere else.
So our housekeeping, for those of you that aren’t on 20 Zoom calls a day, if you’re not familiar with the Zoom functions, we’re actually leaving it open for you so you can have your audio and video and you also have the Chat function enabled. We’d love to have your participation here. We also have a Gallery View and a Speaker View so you can kind of customize your experience. The Gallery View is really nice so that you can see all of everyone’s faces.
And as we get started here, how about we say "Hello’ in chat. If you don’t mind, we can see your name, but we would love to see your company, your role, your location, if you can add that.
And have a little icebreaker question. If you could be any Disney character, which one would you be? I stole that from the LEAP session with Disney. So it was really fun. So if you guys don’t mind popping that into chat.
Anybody? The kid from “Up.” That’s awesome.
While you guys answer the icebreaker question, I just want to note that we have a very special guest today. Our chief financial officer from here at WorkFront, John Pexton is joining. So hello, John.
Hi, Cynthia. Thanks for having me.
I love that you are Luke Skywalker.
I had to come up with that one quickly, and now that the Disney acquired the franchise, that’s a good one. He had certainly an interesting life, and always been a big “Star Wars” fan. Nice. I also, I would love to say that I would be Baby Yoda but I’m probably more Carl, the curmudgeon, from “Up,” but.
Yeah, a Disney Princess. Ooh, “Inside Out.” That’s a great one, Joy, “Inside Out.” Well, that’s fantastic.
Well, thanks for everyone’s responses. We’re just hoping, feel free to chat as we go through this. This is our group, and we want you to ask questions and participate as much as you feel comfortable.
And let’s move on to just our agenda. So I just want to talk a bit about how the session will work if you haven’t already attended some of these. We definitely going to have a fantastic presentation from Brent Rudewick. And then once he’s done with his presentation, we’ll break everyone into smaller groups using those Zoom breakout functionality. So that’s just going to be automatic. No worries there. You’ll go in and have conversation and then we’ll come back together. So just a quick explanation of how this is going to work.
Okay, so I’d like to introduce Brent. So I’ve known Brent for a bit. He is our director of Product Management here at Workfront. And like me, he was also a customer. And this is a great topic. I actually really excited about compliance and audit trails. And Brent also has an extensive background in marketing operations, role within financial services, so that background with financial services, and a thorough understanding of the regulatory environment and requirements by regulating bodies that must be evidence within marketing spaces. So this is going to be a fantastic presentation. We will have some time, after Brent’s presentation, to ask him some questions and then we’ll break into that smaller groups. So with that, I’m going to give this over to you, Brent.
Perfect. Thanks, Cynthia. Well, welcome everyone. When you see the term “audit and compliance,” and you think, exciting, but I will tell you that there’s two ways to view it, right? And many of you probably live this.
You can fight the inevitable or you can embrace it and figure out how to leverage technology to just make it easier for the entire process. And so I wanted to start with a simple graphic that, if any of you are in the financial services space, and I wasn’t able to see all of the chats, but it looks like we’ve got a fair amount that are. There should be a very familiar concept, this idea of ORM, operational risk management.
And the reason that this is important is, as you start to think about what your operational risk management procedures are and how those cascade down inside of an organization, many of you half as a part of this process have what is called an RCSA, right, a risk and control self-assessment. And those can be something that you feel very confident about, or those can be like the daunting quarterly time to provide the evidence that the controls that you have as a part of your RCSA are indeed working the way that you think they are. And so I think it’s important as you think about this, I put some questions at the bottom like, who’s responsible for providing the proof that the controls are being implemented? And they’re actually mitigating the risk. How can you make this process easier? And so I want to set this context at the beginning so that when I go to the next slide, there’s a little bit of an understanding as to how we got to some ways to make the process easier, but I wanted to couch it around ORM.
If you’ll go to the next slide, Cynthia I’m going to spend the majority of my time on this slide. There are three primary areas. And I had to do this when I was at Charles Schwab. I remember when I started there there were some major hurdles, right? And we were in the throes of implementing a new operational risk management, and overall, like discipline, organizational structure. And so some of you might be in that same space or you might be in various stages of that space, but there are some key themes that I’ve found to be incredibly beneficial as we move down this path. The first is this idea of standardizing, automating, and managing approvals. Now some of you might say, “Well, yeah, we are doing that.” But the importance around this is doing it in one system.
The reason that that’s important is because, ultimately, if you’re in this heavily regulated industry, you have to evidence or be able to provide a sample of campaigns, if it’s marketing, for example, that truly show that the content that went out was approved the right way, it had the right people approving it, and that you can actually produce the content that was approved, right? So you’ve got to be able to evidence all that. Well, if you don’t have all of your approvals, A, in a system, and B, you don’t have them all in one place, the process to evidence this information can be cumbersome, very cumbersome. And that’s where we were at Charles Schwab. It was a very cumbersome process for us. And so that was a big part, kind of the first theme that I wanted to hit on, is just this idea of standardization, automation, and the management of approvals. Let’s move over to the next section, and this is this idea of integrating systems for development, distribution, management and archival of content. Now, as you know, just because you have all of your information in one system and you have all of your approvals in one system, if you have not integrated that system with an archival system of record, if you will, it makes it very hard to evidence this information. So a big part of integration, step one is just this idea of integrating your workflow system, that all of your work is being managed in, with an archival system of record so that now you have a summary file that comes out of your workflow system and it goes into your archival platform. So that’s the first piece.
Now, once you get outside of that on an ongoing basis, you have to make sure that not only was the content approved correctly but you also have to prove, is the content current? And for those of you in this space, you know that pricing changes, rates change, right, all these different environments change. So you have to be able to prove that the information or content that you have in market is indeed the most current content. Well, if you have integrated your workflow system or your work management system with a content delivery system, like an AEM, for example, you have the opportunity to take your official work management system of record and your official content system of record, right, and make sure that whatever content’s being displayed, which would be linked back to your content system of record, is indeed what’s actually in market. And if it has to be maybe updated, sometimes some content has to be updated quarterly, sometimes some content has to be updated every six months, sometimes content might be evergreen, right? Sometimes it might be annually. Well, once you’ve linked your content system with your workflow system, you can enable, through a systematic process, that content to be updated. So now when the content system communicates that a a piece has to be reviewed with that integration, it will kick off something in your workflow tool to whoever the content owner is, which all that metadata with that integration is now housed inside of your content management system, you’d be able to kick that off, kick the process off, make sure that it was done, and everything is housed and archived so you can prove that the content that you have today is indeed the most current content. So that’s another piece that I think is important, right, so this idea of standardizing and automating your approvals, then it’s this idea of integrating the systems, right, so that now you can manage that end-to-end process.
So the last piece that I want to make sure that we hit on is audit. So I’m sure all of you are familiar with the process of your quarterly audit process or annual audit, however often it does happen, where somebody comes to you and says, “Okay, I need you to give me a sample of, fill in the blank, all of the campaigns or content that was approved, reviewed and approved and pushed into market in third quarter of 2019.” Well, if you don’t have everything in one system, that process becomes a dumpster fire, if you will, right? Because you’re trying to go through all of these other areas, you’re having to send notes to all the marketers or all the compliance people and say, "Hey, can you give me a record of everything that you’ve approved? If you have everything in one system, you can actually, and we did this at Schwab, you can actually go into your workflow tool and pull everything that was sent in the third quarter of 2019 and give the auditor just view access to a report out of your workflow tool, they can look through that, they can pick the campaigns or projects that they want to review, you can pull those projects out, give the auditor just access to those projects, they can do their entire audit there, then they’re going to ask you for your archival proof, you can use your archival system to pull all of that information together. And the auditor does all of their audit inside of a piece of technology. And I can tell you that when I first pitched this to the audit team, I don’t think they believed that it was possible, but I will tell you that looking back, they not only enjoyed it so much as to do it in a piece of technology, there were several folks inside of audit that actually adopted some of the workflow capabilities for their own audits as they worked with other teams. So my point here, metadata point, is there’s two ways that you can view this process, right? Brings me back to that original point. One, is you can embrace it, find a way to leverage technology to make it easier for you, and bring your stakeholders along in the process, right? Or it can stay, the mad scramble trying to pull it all together, and once you get it all produced, starting to dread the next audit date that’s coming down the path, right? So I have not kept a good track on time, Cynthia, how are we doing on time? We’re actually great. We are perfect on time. So you can… Yeah. So that’s a little bit around audit. And the only other piece that I didn’t have in here as it relates to ORM, for those of you who have an RCSA, a risk and control self-assessment, and you actually have to track your key risks and you have to track your key controls, you can also do all of that inside of a workflow tool, like Workfront. You can put your key risks in as major projects. You can put your key controls, right, as a sub project, if you will, and then you can use the workflow tool to request the supporting documentation that evidences that the control works so that when your ORM team comes once a quarter and wants you to produce the evidence that the controls are effective, you can once again use the workflow tool to do that so that you’re not having to go on a mad scramble to go find that information. So I wanted to add that point as well. So the key metapoint, technology is a beautiful thing if it’s used to truly enable a process, but you have to bring your stakeholders along in that process, they have to understand why it is that you’re doing it the way you’re doing it, and you’ve got to help your frontline folks understand, why is it that you want to capture all of this information? Well, I’m trying to capture it so that when it comes time for an audit, I’m not coming to you and pulling you off of everything you’re working on because now we have to produce something for an audit. So I know I’ve said a lot, and I could probably spend half a day talking through these different topics, but I just thought that I was trying to give you this group just some general high-level guidance and some successes and lessons learned that I had experienced prior to joining Workfront.
So Cynthia, that sums up about what I had. Awesome. Does anyone have any questions for Brett before we move into the next session? I love the idea, also my background’s financial services, so our financial services friends on this session we’re here for you.
The dumpster fire. That’s amazing. That’s exactly what it feels like when auditors show up in the building.
Any questions in chat yet, or anyone want to come off mute.
If you don’t have technology If you don’t. Yeah, that’s right. I have one comment. And I know, not a question. I’m not in financial services. I work at Workfront. I’m a longtime marketer, but I worked earlier in my career at an ad agency. The account I worked on was the United States Air Force. And we would regularly get audits. And it was such a process to have to go through any of those audits. And one of the things I remember learning and it made me think, Brent, when you were talking about, you can give just what you need, when we would do these government audits and they would say, we need one year of statements for something. And I remember one of my colleagues said, “Well, let’s give them two years just because then it’s easier.” It was like, "No, they asked for one year, give them one year. And so when you, Brent, talked about being able to go in and say you can give them exactly what they need and they can pull out that and then you can go one layer deeper, that would’ve made months of my life at that time so much easier, so.
Awesome. So, our next, we’re going to go into the group discussion. -