Business risk management requires a top-down approach. Senior management often focuses its efforts on creating competitive advantages and might not see one in spending extra money on compliance. But even companies not immediately affected by regulations like the US Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) of 1996 can benefit from applying some of the principles required for compliance to their business. Efforts to comply with basic data security and risk prevention guidelines can even further reduce the risk of financial loss through administrative mistakes or fraud. The specific steps necessary to ensure compliance with these guidelines will differ from one company or business model to the next, but any company needs to pay attention to such basics as good financial statements, data security, privacy, and housing of key information—and how that information affects things like ensuring accurate financial reporting.
Part of this top-down approach involves identifying what information is key to your business. For a manufacturer, this data might consist of accounting, payroll, and health insurance information, plus things like physical plant assets and inventory. In contrast, a professional services environment is much simpler, with key information consisting of things like customer service and payroll data, with the only other real assets consisting of phones and perhaps leased office space.
Part of this top-down approach involves identifying what information is key to your business. For a manufacturer, this data might consist of accounting, payroll, and health insurance information, plus things like physical plant assets and inventory. In contrast, a professional services environment is much simpler, with key information consisting of things like customer service and payroll data, with the only other real assets consisting of phones and perhaps leased office space.
Subscribe to:
Posts (Atom)