Compliance
Financial Compliance
Effective contract management is driven the ability to compare financial transactions against negotiated contractual terms. Enforce negotiated discounts and rebates and effectively manage on time supplier delivery prior to releasing milestone service fee payments. Through the Novatus open architecture and utilizing web services technology and open API’s, Novatus deploys tight integration to ERP, financial and procurement systems allowing clients to automate the comparisons against contractual payments resulting in reporting that compares actual spend data with negotiated contract terms.
Get real-time access to financial data, develop custom or ad-hoc reports against all financial terms across the enterprise. Provide executives with critical views into the organization’s financial risks, obligations and revenues.
Best Practices in Financial Compliance -- Enforcing Payment Terms & Discounts
Prevent the loss of negotiated savings by managing financial terms via Novatus Contracts "Payment Stream" management.
Include Net x % discount payment terms in your standard contract templates in the Novatus Contracts system and manage active contracts with those payment terms through reporting, notices and integration.
Push negotiated payment terms discounts into automated reports or notices and through to the financial system via integration to stop out of compliance payments.
Automated Reporting compares negotiated terms to actual payments. Users can then act on out of compliance payments by sending system messages via “Messaging” to your suppliers and accounts payable recipients.
Best Practices in Financial Compliance – Identify and Achieve Direct and Indirect Cost Savings
Identify high impact financial cost savings opportunities by implementing and analyzing your supplier contracts.
Migrating your enterprise into an intelligent fully automated system can lead to significant areas of cost savings and contractual cost avoidance opportunities such as; elimination of duplicate technology license agreements, enforcing previously negotiated rate cards for contingent labor or other professional and consulting related services and pinpointing network consolidation or outsourcing opportunities.
Consolidate supplier agreements and leverage your spend to achieve optimal pricing terms while eliminating high risk or higher priced suppliers.
Whether your data is in disparate systems, excel files or in an existing CM system, the Novatus team provides contract and supplier management best practices software and services experts to implement Novatus Contracts and help our clients mine for savings.
Get real-time access to financial data, develop custom or ad-hoc reports report on all financial terms across the enterprise, and provide executives with critical views into the organization’s financial risks and obligations.
Sarbanes Oxley
The Sarbanes-Oxley Act, also known as the Public Company Accounting Reform and Investor Protection Act commonly called Sarbanes-Oxley or SOX, is a US based law enacted in 2002 in response to a number of major corporate and accounting scandals.
The Sarbanes-Oxley act forces publicly held companies to maintain and promptly make available all meaningful business related information in order to protect the investing public. Section 404 is an important component to Sarbanes-Oxley compliance and all public companies must demonstrate full compliance for the current fiscal year. Access to this the information is a primary control requirement for Sarbanes-Oxley compliance.
SOX reinforces the reality that electronic data management should garner top priority for corporate leadership, corporate counsel and accounting/auditing.
The Novatus Contracts system is a critical component of the corporate data-retention policy providing a automated system to house and report on corporate trading relationships and transaction resulting in a proven and documented contract and document controls process. Our system configuration and implementation process include SOX reporting and audit compliance processes to ensure successful compliance with SOX regulatory requirements.
|
Sarbanes Oxley Requirements |
Novatus Compliance Solution |
|
Implement internal contracting controls and promptly make available all meaningful business related information |
Provides a system and a documented contract and document controls process including reporting and audit trails to ensure enforcement across all business units. |
|
Make electronic-data management a business initiative, supported by corporate leadership. |
Efficient, secure and easy to use electronic contract management data repository to manage electronic contract company data. |
|
Create a document-review, retention and destruction policy, which includes consideration of backup and archival procedures, any online storage repositories, record custodians and a “destroyed documents report”. |
Secure online storage repository with backup and archival functions. Records that are permanently deleted are tracked in the system for reporting and audit functions. |
|
Clearly document all company data-retention policies. |
Your CM system is a critical component of the corporate data-retention policy. |
|
Document all approved methods in which data can be transferred to or from the company. |
Initiate, capture and store critical internal and external company and contract related communications in a secure repository. |
HIPAA
The Health Insurance Portability and Accountability Act (“HIPAA”) created to protect the privacy of patient information. One of the provisions requires Healthcare providers to ensure that any suppliers who have access to private healthcare information sign a Business Associate Contract that contain very specific provisions.
Novatus Contracts provides a secure template repository that provides access, maintenance and distribution of your approved Business Associate contract template. Enter, track and report on all Business Associate contractual relationships. Store and retrieve Business Associate Contract document images.
The Novatus HIPAA compliance solution provides a documented contract and document controls process including reporting and audit trails to ensure enforcement across all business units.
|
HIPAA Requirements |
Novatus Compliance Solution |
|
Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that your suppliers create, receive, maintain, or transmit on behalf of the covered entity. |
Novatus Contracts provides a secure template repository which provides access and maintenance of your approved Business Associate contract template. Send out “Messages” from the system to designated email recipients informing them of any updates to the Business Associate Agreement. |
|
Identify, classify and report on Business Associate contract and company information. |
Enter, track and report on all Business Associate contractual relationships. Store and retrieve Business Associate Contract document images. |
|
Authorize termination of the contract by the covered entity, if the covered entity determines that the business associate has violated a material term of the contract. |
Send violation and termination notice via system Messaging maintaining a secure storage of the communication. Update contract and business associate status as terminated and/or restricted. |
|
Make its internal practices, books, and records relating to the use and disclosure of protected health information available for purposes of determining compliance. |
Provides a system and a documented contract and document controls process including reporting and audit trails to ensure enforcement across all business units. |
Gramm Leach Bliley
Are Your Service Provider Contracts Ready for Data Security Examiners?
Designated financial institutions are required to comply with the Gramm-Leach-Bliley act. Section 501 of GLB requires financial institutions to ensure the security and confidentiality of customer records and information; to protect against any anticipated threats or hazards to the security or integrity of such records; and to protect against unauthorized access to or use of such records or information that result in substantial harm or inconvenience to any consumer.
In addition to developing their own safeguards; financial institutions are responsible for taking steps to ensure that their Affiliates and their Service providers that receive, maintain, process or access customer information, safeguard the customer information in their care. They must also implement a mandatory requirement and process that includes the incorporation of specific contractual language in service provider contracts.
Financial institutions must use appropriate due diligence in selecting service providers, requiring them to implement appropriate measures to meet GLB guidelines. Depending on the financial institutions risk assessment they may also be required to monitor their service providers. Financial Institutions are examined for compliance with the GLB data security requirements. Designated contracts are expected to include required data security provisions.
Store, access and include contractual terms that must be included in your service provider contracts via Novatus Contracts. Access contracts and/or report on contractual terms that document your policies and provisions for potential breaches to validate compliance with auditors.
|
GLB Requirement |
Novatus Compliance Solution |
|
How does the bank assess risk to its customer information systems? The examiners will review contractual requirements with outside parties. |
Provides a system and a documented contract and document controls process including reporting and audit trails to ensure enforcement across all business units. |
|
Do supplier risk assessments include vendor oversight requirements? |
Store, access and retrieve supplier risk assessment documents against your Supplier Profiles. Generate “Messages” and store linked communications sent to internal and external recipients to investigate, warn and enforce compliance. |
|
What is the service provider’s response when it suspects unauthorized access — Are procedures in place to appropriately report unauthorized access to the bank? |
Access contracts and/or report on contractual terms which document your policies and provisions for potential breaches to validate compliance with auditors. |
|
Does the service provider contract provide for sufficient reporting from the service provider to allow the bank to appropriately evaluate the service provider’s performance and security, both in ongoing operations and when malicious activity is suspected or known? |
Access contracts use event tracking and/or reporting on supplier contractual terms to document your policies and provisions and manage the frequency of designated supplier evaluations. |
|
In addition to the data security requirements, do the banks’ service provider contracts contain appropriate contractual confidentiality requirements? |
Store, access and include contractual confidentially terms which must be included in your service provider contracts via Novatus Contracts. |
Watch an Online Presentation of Novatus Contracts
Register for a live web-based software demonstration of Novatus Contracts. Demos are held Monday, Wednesday and Friday at 9:00am or 2:00pm Eastern.
