Published on 09 June 2010

It’s nearly eight years since the Sarbanes-Oxley bill was enacted in the US on the back of the Enron scandal, and six since the second Basel Accord. But transparency is still just as important as it ever was.

The accounting fraud that did for Enron was one of the main reasons Sarbanes-Oxley came about. And the type of complexity associated with the recent recession - debts, securitised on multiple levels - was widely viewed as its main cause. In both cases, there were figures in audited reports that the organisations involved weren’t able to justify. In the case of the fraud, they made it up, and with the complex deals, the information that would have shown them up as being one big terrible idea just wasn’t there.

If there had been systems in place that substantiated every figure that made it into those reports, those organisations would have been achieving transparency, and this would have helped avert one problem while making the other extremely difficult - and that is, of course, the goal of the legislation.

The (still relatively new) concept of transparency could be said to have two audiences. Firstly, the partners: they say, “Run your business properly, make your activity truly visible, and we’ll have confidence in you.” And of course we have a responsibility to them. But it’s the auditors who enforce transparency. They say you should be doing it for the partners anyway, but the more cynical among us would say we’re only doing any of this to satisfy the auditors.

By now we should all have moved on from risky low-level practices like off-system spreadsheets and databases, hardcoded or undocumented workflow, inconsistent asset descriptions and so on. And people aren’t allowed to perform SQL queries directly on production databases anymore. We’re past all that. (We are, aren’t we?) Nowadays, our reporting is more robust, we have fuller and more reliable workflow and our business rules are rock-solid. But are we doing enough?

Transparency is not just about being able to view a company’s results. It’s also about how they were reached. If you can count on the right levels of governance, consistency and auditability in your organisation, you’ll be able to satisfy every question asked of you by your auditors.

Using these approaches, approved rules and processes are no longer just words in a document somewhere - they are configured directly into everyday business. Sophisticated workflow features in your software platform let you exercise governance in that you can ensure your staff will follow a process, rather than just hoping they will. It means you can interpret what you see with more reliability. Output is predictable, so any anomalies are easier to spot. Workflow provides consistency, too: if users are made to go through certain steps rather than being given the option to skip them altogether, it adds to the predictability of results. And by assigning ownership, workflow leads to rich audit trails - when someone did something, at what time, how long it took, and what it was prompted by - to provide exhaustive auditability.

It’s important to distinguish between workflow and business rules, since on the surface they both represent ways of enforcing approved business processes on day-to-day activity. The essence of workflow deployment is a matter of staff, helping manage their time effectively; giving them work worth doing, that they provide value in undertaking and can realistically achieve. Meanwhile, business rules are about taking work away from your staff, and making repeatable decisions that are best for the business as a whole (assuming in both cases, of course, that the right information and rules are in place).

The application of governance can be seen as a smaller challenge when considered in the context of business rules engines. Because they’re system-driven, something like a credit decision will have been subject to a rule - not to a person interpreting that rule the way he or she sees fit (on that particular day, before or after coffee, etc.). While on the one hand you might feel as if you are limiting your users’ free will, on the other you’re giving them the freedom to apply their skills where they’re really needed. As a result, consistency levels are heightened: actions and results are guaranteed, scalable and repeatable - so if an outcome is reached once, it’s reached a thousand times. For added auditability, good BREs record the entire path for a decision, not just its outcome.

The standard reporting used at most organisations will give you the answers that the auditors are looking for. However, business-intelligent reporting provides the full analysis of information, including the detail behind the summary - from a number of perspectives, and in a number of contexts. Reports are verified and tested, then produced by a controlled and tested solution. And because everything has been captured at a granular level all along, it is then aggregated and consolidated so if a report is run again in future, it will be exactly the same as it was the first time.

What this all adds up to is that you can only achieve true transparency by holding detailed information on all that you do. If all your workflow steps and BRE decisions are recorded in explicit detail, they can be reported clearly, and business decisions will be made on correct information. Not only that, you’ll satisfy your auditors. And your partners.

Click here to view the published article in Leasing World.