In September, Allergan, the $4.5 billion pharmaceutical company that makes items ranging from medical devices to pharmaceutical products, resolved federal charges that it marketed its blockbuster product\u2014Botox\u2014for unapproved conditions.\n \n Allergan denied some of the allegations, such as those suggesting that its actions resulted in healthcare providers submitting fraudulent claims to Medicare and Medicaid. The company pleaded guilty to one charge and agreed to pay $600 million in fines, fees and profit forfeitures.\n \n Writing a check, even one for $600 million, is simple compared to meeting the company\u2019s new compliance burdens. But Allergan CIO Sue-Jean Lin says they\u2019re ready for the challenge, because in 2008 Allergan began to revamp its compliance systems, bringing in business process management software from Metastorm.\nBefore the revamp, Allergan used a mix of homegrown and packaged systems to monitor compliance in different areas of the company. Its new system, which Allergan calls Beacon, went live last spring. IT worked with individual functional groups\u2014sales, marketing and others\u2014to map out the business processes they used and the regulations and laws the company must follow. Building these policies into the workflow also makes compliance easier for employees, Lin says.\nThe Botox settlement led Allergan to agree to a long list of behavior reforms and new self-monitoring requirements, on top of the hundreds of federal and state rules pharmaceutical firms must follow normally. Its compliance mandate will grow for five years under a so-called corporate integrity agreement.\n \n In addition, the company must now prove its compliance by disclosing more reports, such as documents showing it has trained all relevant employees in how to market products within guidelines. Its senior executives must also certify that the company has met federal requirements, much like CEOs and CFOs must vouch personally for their companies\u2019 Sarbanes-Oxley compliance.\n \n Beacon tracks the common activities that all pharmaceutical companies keep track of, as well as the requirements specific to Allergan\u2019s settlement. But the company is adding capabilities to generate additional reports proving compliance, says Karah Herdman, deputy compliance officer at Allergan. For example, Beacon already had the ability to monitor expenditures related to physicians, but now IT has to create a report from that data to put on the Web.\n \n \u201cNothing has to change in Beacon,\u201d Herdman says. \u201cThe change for us is to take all the data in Beacon and start to analyze and understand it.\u201d\n Compliance Is a CIO\u2019s JobSetting up IT systems for compliance can be done with forethought or in reaction to some new regulation or serious legal situation, says Chris McClean, an analyst at Forrester Research. Either way, he says, CIOs must work with compliance executives to make sure the right technology is in place.\n \n \n \n Technology can limit behaviors, such as not allowing a contract to proceed through an electronic workflow until it has the required sign-offs. Or it can prove that a company does comply with pertinent regulations by generating reports documenting that specific steps were taken.\n \n \u201cIf you don\u2019t have a documentation system as part of your compliance systems, maybe you\u2019ve complied with requirements in your industry, maybe you haven\u2019t,\u201d McClean says. \u201cYou just don\u2019t know.\u201d\n Follow Senior Editor Kim S. Nash on Twitter: @knash99.