Update

Handling business information: it’s well worth a rethink!


The digital revolution is affecting our daily lives and unleashing a torrent of information. By taking a strategic approach to handling documents and data of all types you can make sure information is managed, used, stored and deleted appropriately. An approach like this is an effective tool that will enable you to find, process and use information in digital, electronic or physical form rapidly and efficiently. But let us be honest: who can claim that is what really happens in their organisation?

Raphael Hasler

Raphael Hasler

Manager, Information Governance

Business documentation, data and information are crucial to the success – and even the survival – of your organisation. They are the means by which you manage and control your business, develop products and services, identify risks and opportunities, and meet accounting and reporting requirements and other legal requirements relating to things like product warranties. With authentic, unimpaired information at your fingertips you can assert your position even in difficult situations such as legal proceedings. Last but not least, proper information can help you boost productivity, efficiency and flexibility. These days it is not just about archiving, but the way you handle information in general. You need to classify information. Information is a precious asset and the key driver of your success, so you have to safeguard and use it correctly, bundling the entire knowledge from across your value chain, including research, development and production activities, services, partners and customers.

Meeting more stringent requirements

The way the legal requirements with regard to handling information are put into practice still varies a great deal – and it is not always in compliance with the law. With increasing calls for transparency and a growing number of laws, your stakeholders are getting more and more demanding. Customers want to be able to buy tailor-made products and services while at the same time reaping the fruits of innovation. The authorities expect proof that you are complying with the relevant rules and regulations and society demands sustainable, trustworthy behaviour. For your part you want to improve the efficiency and effectiveness of your organisation, focus on the essentials, and create competitive advantage.

Identifying the things that bring success

As a decision-maker and the person who ultimately bears responsibility, you have to take the business view: to move forward you have to make things quicker, more efficient and straightforward. With your business locations spread around sites in different geographic locations it becomes harder to collaborate efficiently, especially if your processes are time-consuming and paper-based. To make sure information is available in real time, you need to automate these processes and replace them with electronic processing, filing and storage systems – which also means digitising relevant information in paper form. That is the only way of remaining agile in the marketplace. To do this you have to see the handling of business information as an integral part of your business processes and define clearly how you deal with relevant information both inside and outside your organisation. If you can take a 360 degree view and establish it within your organisation, taking control of your documents and data, you will gain a key edge in the marketplace by way of greater efficiency, transparency and trust.

Complex challenge

Successfully handling business information involves an interplay of technologies, front and back office business processes, and compliance (see Figure 1). Your business faces a whole series of challenges in these three areas. What they all have in common is that they require you to rethink the way you view and deal with information.

Figure 1: The three foundations for consistent handling of business information
Business processes Technologies Compliance Integratedbusiness datamanagement
View figure

Technologies: keeping up with the digital revolution

In recent years it is not only information that has been digitised; entire business processes, communications channels and the (automatic) exchange of information with external stakeholders have moved into the digital realm. For example you may now require suppliers to send invoices and receipts electronically (e-invoicing), and these days official documents (even notarised documents) are often delivered electronically.

Proof of compliance with regulatory and financial reporting requirements now also has to be provided in electronic form. The challenge for you is to validate, process, archive and delete this information. Since the validity of this proof can only be verified electronically, you can no longer store it in physical form. For example, electronic bills lose their validity once you print them out.

The pace of digitisation is reflected in the way new technologies, systems and services are developed and refined. At the same time there has been a radical change in the way information is used, meaning that technology now has to keep up with growing mobility and ensure perfect continuity between different media. At the same time you need to make sure all this is in compliance with the relevant legal requirements, for example the data privacy rules.

The information life cycle is not just determined by your core business; it is also influenced by associated processing and decision-making processes. For this reason you need to evaluate new technologies and systems such as the cloud and deploy them systematically. Often you will find your entire business and IT architecture is up for discussion. You have to replace old systems, applications and functions, and introduce new ones in line with the requirements of your business and the law.

Safeguarding integrity

The Swiss Accounts Ordinance (Verordnung über die Führung und Aufbewahrung der Geschäftsbücher, GeBüV) stipulates that you must be able to demonstrate the integrity, legibility and traceability of records and data that are subject to compulsory retention. You must make sure that your information remains in its original state, i.e. complete and accurate, for the entire statutory retention period. This is just one of the tasks facing your compliance department.

Business processes: redesigning workflows and information cycles

The digital revolution forces you to rethink the way you handle information. You have to ask yourself what information should be digitised and what business processes automated. This way you can free up your staff to focus on the essentials and prevent a disproportionate rise in the costs of administration, storage and searching. To an increasing extent, transactions are being settled electronically. This means that you must record the conclusion of the contract and the conditions applicable at the time electronically so that they can be reconstructed. To get on top of these challenges you should manage the information life cycle and recognise the interdependencies (see Figure 2). It is therefore imperative to formulate and implement a document management and archiving strategy for your organisation. This is the only way of making sure you can find relevant information and capitalise on it. Modern and efficient document and data management starts at the moment information is generated or captured.

Figure 2: Simplified information life cycle
ShareUseManageAnalyseDecide Generation/Capture 1 Authorisation/Finalisation/Closure 3 Storage/Conservation of Value 4 Handling/Processing 2 Deletion/Destruction 5
View figure

Compliance: keeping to rules and regulations

One of the main challenges is to comply with the numerous rules and regulations and keep up with the changes – especially if you operate in countries with different legal requirements.
If information is relevant in legal or regulatory terms (accounting, VAT, customs, data privacy, etc.) you also have to make sure it is complete, intact, readable and trackable throughout the entire life cycle. Here there are often special procedures in place such as electronic signatures and encryption technology, especially if information is transmitted across borders.

Beware of risks and the unintended consequences of non-compliance

If you fail to comply with legal or regulatory requirements you risk the following:

  • Fines and prosecution
  • Forfeit of the right to deduct input tax (VAT) on supplier bills
  • Revocation of reduced VAT rates on customer invoices
  • Damage to your reputation
  • Lack of proof (to your detriment) in legal proceedings
  • Loss of licences and market access

By managing your business documents and data in compliance with the relevant laws and regulations you will avoid the cost of having to implement requirements or conduct searches in response to official enquiries. In our experience, a failure to consistently store documents and data can result in heavy costs – for both internal and external personnel – in the event of enquiries from the authorities or internal reviews (e-discovery).

Complex solution

These days an appropriate approach to handling business information means actively managing documents and records with the help of systems, exploiting sources of data, and maintaining the relevant IT systems and processes to manage and bring together this information compliantly – from data capture and storage to deletion. Smart information management involves more than mere archiving, but is a lot more valuable as well.

More than just one law

You will find an overview of the relevant legal texts here. In Switzerland the management and archiving of business information is governed primarily by the provisions of the Swiss Code of Obligations on commercial accounting (Art. 957-963 CO) and the accounts ordinance (Verordnung über die Führung und Aufbewahrung der Geschäftsbücher, GeBüV). In addition to this basic framework there are diverse special provisions in other areas of the law. The Ordinance of the FDF on Electronic Data and Information (OElDI), for example, regulates the transmission of electronic invoices. The Federal Act on Data Protection (FADP) is particularly relevant when it comes to archiving data on servers outside Switzerland and working with outsourcing services. The Tax Act also contains rules on the retention of data. The Anti-Money Laundering Act and Gambling Act contain special rules governing the retention of industry-specific documents by financial intermediaries and casinos. Banks also have to take account of SwissBanking’s Guidelines on Dormant Assets.

Proceed in steps

Many organisations are put off by the expense and effort involved in implementing a coherent information governance system. But you do not necessarily need to implement a completely new model at all your sites and in all areas of your business. Merely by redesigning or streamlining individual processes or phases you can gradually create clear advantages. Figure 3 shows one possible approach.

Figure 3: Seeing information governance as a way of adding value rather than just as extra work and expense
1. Gap analysisYou define the goal you want in terms of handling business information, taking account of all the relevant stakeholders and finding out their requirements. This analysis enables you to find gaps between the current situation and your goal. 2. Strategy and approach to a solution You formulate a coherent strategy for managing business information on the basis of the gap analysis and a survey of internal and external factors such as your business and organisation structure, information flows and life cycles, security, IT and stakeholders. You follow these approaches to gradually close the gaps and optimise your business processes. 3. Compliance requirementsYou identify the legal and regulatory requirements relevant for you. These requirements will have a decisive influence on the way you handle information and its quality, for example in terms of integrity and readability, protection from harmful influences, traceability and authenticity, usability and availability.It pays to be cautious, especially when interpreting these requirements and their implications for your organisation. Here it can make sense to seek outside support. 4. Concept Before you start executing strategies and solutions you need a basic and detailed concept. Your concept revolves around defining responsibilities and the planning of gradual implementation to ensure your project achieves the defined goals. At this point you should look at cultural change and train your staff. 5. RealisationTo successfully implement your detailed plan you should reduce the complexity with the help of interim goals and milestones, and proceed with implementation step by step. This phase revolves around making structural adaptations to systems and optimising processes. To keep track of all the complexity, it makes sense to continually refer to the gap analysis, your strategy and the relevant internal and external requirements. You might have to repeat phases 1 to 4.
View figure

Changing your way of thinking

It is true that implementing the technology and processes necessary for modern information governance is a complex and challenging undertaking. The desire to involve all areas of the business and tick all the boxes makes it even more complex. However, the most difficult task you will face is establishing a new cultural outlook within your organisation – a culture that views information governance as a rich opportunity rather than an onerous chore.

We’re at your service!

Raphael Hasler

Raphael Hasler

Manager, Information Governance

+41 58 792 17 33

Summary

Handling information relevant to your business means taking a holistic view of information encompassing the entire value chain, all the relevant legal and regulatory requirements, and the various areas of your business. So it is much more than merely archiving documents and data. These documents and data are primarily digital and involve the entire information life cycle from data capture and generation to timely provision and storage and deletion. If you have the relevant business information in hand you will find yourself with more efficient and effective processes and IT systems, optimum compliance and risk management, lower costs, and a lasting advantage over your competitors.