Generic filters
Exact matches only


Helping organizations comply with regulatory obligations through internal audit and corrective action support.

The cost of doing business includes the time and expense of managing information.

Organizations in regulated industries recognize that the cost of doing business includes the time and expense of managing information.  At their best, organizations successfully meet the needs of regulators while keeping their operations online and functioning efficiently.

It’s a lofty challenge. Many companies approach this by hiring extra staff to deal with the regulatory burden.  These are often specialized positions that require audit support skills, ideally people who’ve been through the process before.  It’s hard enough to find qualified resources, but then the business faces an additional challenge: determining what to do with this skilled workforce after their obligations have been met, and before the next round of audits occurs.

We recognize that the best way for a business to meet regulatory requirements is to have a well-designed, properly governed information management program in place.  Auditors make very specific requests that need clear, unambiguous responses. If a company can’t demonstrate that their record keeping is reliable and authentic, it can face steep penalties and fines, or even a production shutdown.

Skilled Resources are required

To handle the high urgency, short-term demands of an imminent audit, to update, formalize, or enforce existing information management practices.

Internal Audit / Corrective Action Support

Our teams provide support for information-centric audits and expert guidance when designing and executing corrective actions.

Program Assessment and Roadmap

We assess existing information-centric practices and develop program roadmaps to address gaps.

Policy and Process Development

We develop relevant, actionable information management and governance policies and processes.

Data Map Development

Our professionals develop data maps to support internal and external audit requirements.

Regulations change every year

Sometimes significantly, as in the case of the EU’s General Data Protection Regulation (GDPR) and U.S. DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA). We help our clients stay out in front of compliance requirements, so that disruptive and costly fire drills can become a thing of the past.


I’ve received negative audit findings about the way we manage our information. What do we do next?


The first step after receiving a negative audit finding is to perform root cause analysis. Why did this occur? This analysis can be done internally or through an external third party. In order to create a plan for remediation, it’s important to identify the true causes as well as to review the IM program holistically. Possible causes could be related to people, process, or technology.

You will also want to engage business stakeholders to demonstrate how this audit finding can have impacts on the business in terms of reputation, costs, and most importantly, safe operations. Transparency and accountability are important during this process.

Once a plan for remediation has been set, don’t forget a framework to demonstrate progress to internal and external stakeholders.

Success Story:

Automated Response Eliminates Snap Audit Penalties

This highly-regulated financial services company owns and operates more than 700 retail locations in North America and the United Kingdom.  In recent years, changes to laws in many states have enabled regulators to enter a retail location, initiate an unscheduled (i.e., snap) audit, and then assess a fine when the location manager is unable to communicate and coordinate with company headquarters to respond to the audit within the statutory response time limit (typically 2-3 hours).

Success Story:

Achieving GDPR Compliance In Record Time

A global retailer with operations in multiple countries faced challenges preparing to meet data privacy rules under GDPR.  With just over two months to spare and 600 applications with potentially relevant PII (personally identifiable information), they knew they needed help. Organizations in breach could be subject to costly fines – up to 20 million euros or 4 percent of annual global turnover.

Success Story:

Rapid Assessment Inspires Long-Term

For companies in regulated industries, information management is critical. It doesn’t matter how good your products or processes are: if you can’t produce the required documentation to demonstrate compliance, then you risk penalties or even closure.


Our team of experts:


Since joining Access Sciences in 2006, Lisa has worked with clients to shape information management programs via assessments, strategic plans and roadmaps, change management strategies, policy and process development, data maps, and taxonomies. She specializes in information and data governance. Lisa is a degreed industrial engineer from Texas A&M University and a current MBA student at Rice University.


Each organization has unique challenges and opportunities. Let’s talk about yours.