July 24, 2006
Thank you for giving our company a chance to respond.
Our firm, RuleSphere, is the first firm to formalize the use of "requirements management" for managing the business rules of compliance (specifically policies and Standard Operating Procedures). What we discovered is that company's can save millions of dollars and build a platform for business growth by deploying solid requirements management (RM) disciplines. RM provides a company with a chance to reduce the cost of compliance while guiding the company on deployment of new disciplines such as COSO, COBIT, CMMI, etc. So our recommendation is for the SEC to take a public stance on RM as the cheapest way to manage compliance while building agility and efficiencies. We can help with the research and report writing. Note that we apply RM disciplines to Performance management, Governance, and Compliance (PGC) activities which transforms regulatory mandates and standards into litterally thousands of requirements (both functional and enterprise level requirements). We intend to provide these requirements to companies as an "on demand" software service and we would like to support the PCAOB and the SEC by providing the platform and help desk.
Next, we have found that after RM, the next key discipline is the use of the Control Self-Assessment (CSA's). CSA's help companies continually measure their progress and develop an understanding of how they are progressing in the management of the requirements that the CSA's make explicit. We are the leaders in CSA automation and have just finished a paper on the difference between surveys and CSA's from a business and technical viewpoints. Again, if the SEC and PCAOB could take a public stance on this practice, it would save companies millions of dollars and help to educate companies on continual process improvement.
Overall, the above 2 practices represent the top 2 most important disciplines to reduce the cost of compliance, and meld regulatory safeguards into the every-day business model to help any sized company in any industry to transform how they cope with the excruciating detail that makes up PGC. We look forward to helping the SEC and PCAOB on this thought leadership like we were able to achieve with the IRS in the management of business rules of compliance.