Understanding Compliance and Audits: A Winning Combination

When a company decides to outsource customer communications to a print service provider, that doesn’t mean the work is done. The vendor must be monitored and managed to ensure that they’re meeting the standards negotiated in the contract. Savvy customers take managing their vendors to the next step – by conducting periodic audits for quality control, best practices, and compliance with postal and industry regulations.

U.S. Postal Service (USPS) regulations for print service providers are similar to those for an in-plant operation. The correct class of mail must be used and reflected in the Service Type Identifier in the Intelligent Mail Barcode. If the mail is presented at discounted rates, the addresses must meet the Coding Accuracy Support System (CASS) and Move Update standards. Consistent preparation and submission practices must be followed. These standards are all measured and reported in the Mailer Scorecard.

Not covered in the Scorecard is compliance with the “By/For” requirements of the USPS. This means that the documentation submitted to the USPS must identify the Mailing Agent (By) and Mail Owner (For) for all Full‐Service mailings. This can be difficult for service providers who use a third party to presort their mail.

The USPS defines the Mail Owner as the person/company that:

• Makes business decisions regarding the mailpiece content
• Directly benefits from the mailing
• Pays for postage on the mailpiece directly or by way of a Mailing Agent

The Mailing agent or Mail Service Provider:

• Acts on behalf of one or more Mail Owners
• Provides mailing service for which the Mail Owners compensate the Mailing Agent

Mail Owner and Mailing Agent data may be provided through a Mailer ID (MID), Customer Registration ID (CRID), Permit Number, or Publication Number. The USPS recommends providing only one of the fields for any Mail Owner in the mailing. If multiple fields are provided for a single Mail Owner or Mail Preparer, the USPS will follow an order of precedence: highest priority is given to MID, second priority to CRID, and third priority to Permit/Publication Number.

For many industries – including financial services, insurance, and health care – compliance is based around protecting the privacy of the customer. Additionally, letters, statements, or bills must be delivered within a certain timeframe. Many companies have a compliance office that establishes policies that include a higher standard than the state or federal regulation.

With so much to cover, it’s best to have a team involved with the audit. While not everyone may be able to be onsite, they can contribute to developing the standards to be reviewed. A good team will include compliance, information technology, purchasing, postal experts, and the auditors (internal or external). The team will develop a list of factors to be validated or measured.

An audit is more than a site visit or quarterly performance review. An audit usually requires a multi-day site visit to monitor operations at times with significant volumes of print, mail, and fulfillment. During the visit, the auditors examine technology, review software and workflow, inspect security controls, and interview select employees and management. If possible, the auditor will follow a production file from receipt, to print, to insert and presort.

The agenda should be defined in advance. Based on the concerns of the audit team, the customer should tell the vendor which policies, procedures, and workflows will be reviewed. While factors may differ by industry and contract, the list could include:

• Explanation of how data files are received and confirmed
• Address cleansing
• Document composition
• Job tracking, including alerts for delays
• Piece tracking
• Reprints
• Postal data and documentation

While watching the work being produced, validate that the operators are following the procedures. Pay specific attention to the start and completion of jobs. Observe how any jams or reprints are handled. Follow the job until it’s handed off to the USPS or the presort vendor.

Following the site visit, a report should be created that identifies all deficiencies, risks, and remedies. Review the report internally, to ensure that everyone on the audit team agrees with the issues presented. Make sure that there’s consistency on rating the severity of a deficiency and the associated risks.

For example, most vendors have their operators follow a “touch and toss” standard for all work processed on the automated inserters. That means if a piece is damaged or jammed, the operator doesn’t manually fix the mailpiece. Instead, the original is destroyed, and a reprint is requested.

However, the auditor may note that the shred bin and the recycle bin are so close, that they are touching each other at the work station. While a job is being processed, they observe an operator accidentally toss a damaged piece into the recycle bin, instead of the shred bin. This is a serious breach of security.

However, the remedy is simple – move the recycle bin away from the shred bin. Additionally, the vendor may want to hold reinforcement training on security, and the importance of using the shred bins for any material with personal information. The same issue can be a recurring topic for their daily huddles.

The report should be reviewed with the vendor, allowing them the opportunity to respond. For example, they may want to provide essential information that the auditor didn’t receive during their visit. The original report can be updated with the vendor’s comments and become a working document for future discussions.

One of those future discussions should take place at the vendor’s facility. The operations manager can show how the recommended changes from the audit have been implemented on the production floor. The account manager can use the opportunity to explain any additional improvements they’ve made to improve compliance. Good vendors see audits not as a “gotcha”, but as an opportunity to improve their operation.

Outsourcing is an important strategy in the customer communication process. Clients are still responsible that mail pieces are processed in a manner that meets the ever changing postal and industry regulations. Well planned, executed, and shared audits improve compliance, service, and expectations – for clients and their service providers.

Input for this piece was provided by Lois Ritarossi, CMC®, President of High Rock Strategies:

Lois Ritarossi, CMC®, is the President of High Rock Strategies, a consulting firm focused on sales and marketing strategies, and business growth for firms in the print, mail and communication sectors. Lois brings her clients a cross functional skill set and strategic thinking with disciplines in business strategy, sales process, sales training, marketing, software implementation, inkjet transformation and workflow optimization. Lois has enabled clients to successfully launch new products and services with integrated sales and marketing strategies, and enabled sales teams to effectively win new business. You can reach Lois at highrockstrategies.com.