SlideShare a Scribd company logo
1 of 30
Download to read offline
Regulatory Change Management
Ed Sattar, CEO,
Page 2Regulatory Change Management
Speaker: Ed Sattar
Ed Sattar is the CEO of 360factors For more than a decade, Ed has made
significant professional contributions to the regulatory compliance space across
multiple industries. His experiences include extensive research and consulting to
regulatory compliance consulting firms, training providers as well as state and federal
regulatory agencies. During his tenure in the regulatory compliance workflow
automation and eTraining space, he has identified key criteria and compliance
standards that are currently being published and implemented.
Ed Sattar has been nominated for the Ernst & Young Entrepreneur of the Year award
three times and was among the top seven finalists in 2009. 360training.com, the
parent company of 360factors, has appeared on the Deloitte Fast 50 as the 6th
fastest growing company in Texas. It has also been listed in Inc 5000 several times as
one of the fastest growing companies.
Ed studied Electrical Engineering and Finance at the University of Texas at Austin.
Page 3Regulatory Change Management
Profit
PeoplePlanet
Effective Operational Risk
Management & Three P’s
Page 4Regulatory Change Management
Outline
 Regulatory & Operational Risk Trends
 Why Implement an Enterprise Risk and Regulatory
Change Management System
 Enterprise Risk and Compliance Management
Methodology
 How to Implement an Enterprise Risk and Compliance
Management System
 Can Automation and Software can Increase Operational
Excellence and Reduce Risk
Regulatory Change Management
Regulatory & Operational
Risk Trends
Page 6Regulatory Change Management
Rising Regulations and Cost
Page 7Regulatory Change Management
Source: Davis, Polk Dodd-Frank Infographics
Regulatory change is significantly impacting
organizations and their policies
Regulatory Change Management
More Complexity, More Projects, and More
Risks to Manage
Managing Your Operations
Seamlessly While Reducing
Risk
Regulatory Change Management
Why Implement an Enterprise &
Regulatory Change Management
System
Regulatory Change Management
1. Understanding Regulations- Either Over Complying or Under
Complying-
2. Regulatory Applicability and Managing Regulatory Changes.
3. Automating And Streamlining Day To Day Compliance, Event And
Incident Management With Respect To Regulatory Change
Management
4. Cost Efficiency By Automating TrackingandMonitoringaNonCompliance
Items Such as Events, Incidents, Audits & Investigations
Four Reasons Why Implement
Regulatory Change Management
Page 11Regulatory Change Management
Four Reasons Why Implement
Regulatory Change Management
 Understanding Regulations
 Regulatory Change
Management
 Regulatory Applicability
 Day to Day Compliance
Tasking
 Event-Driven Compliance
Tasking
 Incident Management and Root
Cause Analysis
 Predictive Risk Analysis
 Corrective and Preventive Actions
 Policy and Procedure
Management
 Audit Management
 Sustainability
 Training Management
 Multiple Tools to address Reg
Compliance
Other Industry Pain Points
Regulatory Change Management
Enterprise Risk and Compliance
Management Model
Regulatory Change Management
1. WHY = Regulatory change management
2. WHAT = Risk and internal controls
3. HOW = Operational excellence and workflow
4. WHERE = Location / Assets
5. WHO = Defining &, Mapping Roles / Key Management Functions
to Metrics & P&L
Enterprise Risk and Compliance
Management Model – Five Steps
Regulatory Change Management
REGULATORY CHANGE MANAGEMENT MODEL
Regulatory
Change
Management
Operational
Excellence
and Workflow
Risks &
Internal
Controls
Organization
– Roles and
Key
Management
Functions
Location/
Assets
HOW
WHY
WHAT
WHO
WHERE
Regulatory Change Management
How to Implement an Enterprise
Risk and Compliance
Management System
Page 16Regulatory Change Management
Requirements
Knowledge Based &
Taxonomy
Business
Process
Risk and Internal
Controls
Roles and
Responsibilities
Locations and
Assets
COMPONENTS OF REQUIREMENTS KNOWLEDGE BASE
1. Regulatory, Standards, Requirements
and Objectives library management
2. Translate regulatory requirements into
action, evidence, subject, frequency
3. Monitor regulatory change
4. Regulations in effect to proposed
5. Mapping- regulatory requirements
mapped to CAPA , policy procedures and
evidence
6. Regulation Applicability
Step 1- Requirements Knowledge
Base & Taxonomy
WHY
Page 17Regulatory Change Management
Step 2- Risk & Internal Controls
1. What is impacted?
 Environmental Risk
 Financial Risk
 Legal Risk
 Reputational Risk
 Operational Risk
2. Define internal controls
 Process
 Procedures
 Risk Assessments
 tasks
 training
3. Define risk levels
 Which details impacting
factors
 Is based on a systematic
process allowing the
organization to prioritize more
efficiently
 Effectively assesses issues
requiring immediate action.
Requirements
Knowledge Based &
Taxonomy
Operational
Excellence and
Workflow
Risk and
Internal
Controls
Reporting –
Roles and Key
management
Functions
Location/ Assets
WHAT
Page 18Regulatory Change Management
Step 2- Risk & Internal Controls
Requirements
Knowledge Based &
Taxonomy
Roles and
Responsibility
Risk and
Internal
Controls
Reporting
Regulatory
Compliance
Software
Small Workforce Large Workforce
HighRiskLowRisk
Page 19Regulatory Change Management
Weak Technology
• Documents&
spreadsheets
• Email for workflow &
tasks
• No audit trail or
accountability
Moderate
Technology
• Basic workflow &
task management
• No regulatory
content feeds
• Audit trail for
accountability
Strong
Technology
• Enterprise workflow
• Integrated and
actionable regulatory
content with policy
management
• Closed loop process
– everything
integrated into one
platform
• Indexing of
regulations to other
policies
Small Workforce Large Workforce
HighComplexityLowComplexity
Step 2 - Risk & Internal Controls
Page 20Regulatory Change Management
1. How
2. Compliance process around
sites, assets, events
3. Process automation and cost
4. Manual VS automation
Step 3- Business Processes
Requirements
Knowledge Based &
Taxonomy
Operational
Excellence
and Business
Processes
Risk and Internal
Controls
Reporting
Regulatory
Compliance
Software
HOW
Page 21Regulatory Change Management
Automate Corrective Action to Increase
Speed, Eliminate Waste and Cut Costs
Automate Scheduling, Tasking and
Tracking
Embed Transparency and Accountability
Automate Management of Change
PROCESSESS THAT CAN BE AUTOMATED
PROCESSESS THAT CAN’T BE AUTOMATED
Translation of Requirements
Subject Matter Expertise
Step 3- Business Process
Requirements
Knowledge Based &
Taxonomy
Business
Process
Risk and Internal
Controls
Reporting
Regulatory
Compliance
Software
HOW
Page 22Regulatory Change Management
1. Where is compliance
done.
2.Compliance done at the
site and asset level
Step 4. Location & Assets
Requirements Knowledge
Based &
Taxonomy
Business Process
Risk and Internal
Controls
Roles &
Responsibility
Location /
Assets
WHERE
Page 23Regulatory Change Management
1. It is important to define the
roles and responsibilities
before you create an EHS
Regulatory Compliance
Framework?
2. So what are the barriers to
creating a Regulatory
Compliance Framework?
3. Is there a specific role and
responsibility structure or
can it vary from organization
and industries?
Step 5. Roles & Responsibility
Requirements
Knowledge Based &
Taxonomy
Business Process
Risk and Internal
Controls
Roles &
Responsibility
Location / Assets
WHO
Page 24Regulatory Change Management
1. Key Roles and Structure
2. Key Functions
3. Key Actions
4. Outcome / Results
COMPONENTS OF ROLES AND RESPONSIBILITES
Step 5. Roles & Responsibility
Requirements Knowledge
Based &
Taxonomy
Business Process
Risk and Internal
Controls
Roles &
Responsibility
Location / Assets
Regulatory Change Management
Can Automation and Software
Increase Operational Excellence
and Reduce Risks?
Page 26Regulatory Change Management
1. Is Technology perceived
as a catalyst for growth and
performance?
2. Are people or technology
barriers to Regulatory
Compliance Automation?
Automate Regulatory
Compliance Through Software
Requiremen
ts
Regulations
Standards
Business
Requirements
Business
Process
Risks &
Controls
Organizatio
n
Location/
Assets
Page 27Regulatory Change Management
Source: Global survey by KPMG, Inc
BENEFITS OF AN INTEGRATED MANAGEMENT SYSTEM
Automate Regulatory
Compliance Through Software
Regulatory Change Management
Predict360 REGULATORY COMPLIANCE ARCHITECTURE
Page 29Regulatory Change Management
People, Planet and Profit
Page 30Regulatory Change Management

More Related Content

What's hot

Compliance framework
Compliance frameworkCompliance framework
Compliance frameworkManoj Agarwal
 
Qpr 8 Integrated Management System
Qpr 8 Integrated Management SystemQpr 8 Integrated Management System
Qpr 8 Integrated Management SystemIycon India
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsNimonik
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Nimonik
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliancesalamali
 
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...Ed Sattar
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
Qdms Integrated Management System
Qdms Integrated Management SystemQdms Integrated Management System
Qdms Integrated Management SystemRefik Tuncer
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 

What's hot (20)

Compliance framework
Compliance frameworkCompliance framework
Compliance framework
 
Qpr 8 Integrated Management System
Qpr 8 Integrated Management SystemQpr 8 Integrated Management System
Qpr 8 Integrated Management System
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your Obligations
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliance
 
it grc
it grc it grc
it grc
 
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
Qdms Integrated Management System
Qdms Integrated Management SystemQdms Integrated Management System
Qdms Integrated Management System
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Managing Regulatory Compliance
Managing Regulatory ComplianceManaging Regulatory Compliance
Managing Regulatory Compliance
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
Ethics in Audit
Ethics in AuditEthics in Audit
Ethics in Audit
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
Audit of Ethics, ALSAI – Supreme Audit Institution of Albania
Audit of Ethics, ALSAI – Supreme Audit Institution of AlbaniaAudit of Ethics, ALSAI – Supreme Audit Institution of Albania
Audit of Ethics, ALSAI – Supreme Audit Institution of Albania
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 

Viewers also liked

Emerging Companies & Regulatory Risk
Emerging Companies & Regulatory RiskEmerging Companies & Regulatory Risk
Emerging Companies & Regulatory Riskjoe.vladeck
 
Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...
Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...
Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...Graham Jones
 
Dfs business model
Dfs business modelDfs business model
Dfs business modelSridhar Goud
 
Risk management committee and disclosure of hedging activities information am...
Risk management committee and disclosure of hedging activities information am...Risk management committee and disclosure of hedging activities information am...
Risk management committee and disclosure of hedging activities information am...Azrul Abdullah
 
International Regulatory Practices for Digital Financial Services
International Regulatory Practices for Digital Financial ServicesInternational Regulatory Practices for Digital Financial Services
International Regulatory Practices for Digital Financial ServicesJohn Owens
 
Financial Stability Review 1/2013
Financial Stability Review 1/2013Financial Stability Review 1/2013
Financial Stability Review 1/2013Eesti Pank
 
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...Ed Sattar
 
Spiral Model in Software Engineering with Case Study
Spiral Model in Software Engineering with Case StudySpiral Model in Software Engineering with Case Study
Spiral Model in Software Engineering with Case StudySahil Bansal
 
Introduction to Digital Financial Services
Introduction to Digital Financial ServicesIntroduction to Digital Financial Services
Introduction to Digital Financial ServicesCGAP
 
Financial Risk Management Framwork & Basel Ii Icmap
Financial Risk Management Framwork & Basel Ii IcmapFinancial Risk Management Framwork & Basel Ii Icmap
Financial Risk Management Framwork & Basel Ii Icmapjhsiddiqi2003
 
The Global Landscape of Digital Finance Innovations
The Global Landscape of Digital Finance InnovationsThe Global Landscape of Digital Finance Innovations
The Global Landscape of Digital Finance InnovationsCGAP
 
Spiral model explanation
Spiral model  explanationSpiral model  explanation
Spiral model explanationUmar Farooq
 
An Overview of the Basel Norms
An Overview of the Basel NormsAn Overview of the Basel Norms
An Overview of the Basel NormsArunav Nayak
 
Regulatory aspect of pharmaceutical change control system
Regulatory aspect of pharmaceutical  change control systemRegulatory aspect of pharmaceutical  change control system
Regulatory aspect of pharmaceutical change control systemDeveshDRA
 
Debunking the myths of organizational change management
Debunking the myths of organizational change managementDebunking the myths of organizational change management
Debunking the myths of organizational change managementaccenture
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Meghna Verma
 
25 Disruptive Technology Trends 2015 - 2016
25 Disruptive Technology Trends 2015 - 201625 Disruptive Technology Trends 2015 - 2016
25 Disruptive Technology Trends 2015 - 2016Brian Solis
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 

Viewers also liked (20)

Emerging Companies & Regulatory Risk
Emerging Companies & Regulatory RiskEmerging Companies & Regulatory Risk
Emerging Companies & Regulatory Risk
 
Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...
Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...
Insurance and Regulatory Risk A U.S. G-SII Perspective: Stanley J. Talbi, Exe...
 
Dfs business model
Dfs business modelDfs business model
Dfs business model
 
Risk management committee and disclosure of hedging activities information am...
Risk management committee and disclosure of hedging activities information am...Risk management committee and disclosure of hedging activities information am...
Risk management committee and disclosure of hedging activities information am...
 
International Regulatory Practices for Digital Financial Services
International Regulatory Practices for Digital Financial ServicesInternational Regulatory Practices for Digital Financial Services
International Regulatory Practices for Digital Financial Services
 
Financial Stability Review 1/2013
Financial Stability Review 1/2013Financial Stability Review 1/2013
Financial Stability Review 1/2013
 
Financial stability
Financial stabilityFinancial stability
Financial stability
 
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
 
Basel ii
Basel iiBasel ii
Basel ii
 
Spiral Model in Software Engineering with Case Study
Spiral Model in Software Engineering with Case StudySpiral Model in Software Engineering with Case Study
Spiral Model in Software Engineering with Case Study
 
Introduction to Digital Financial Services
Introduction to Digital Financial ServicesIntroduction to Digital Financial Services
Introduction to Digital Financial Services
 
Financial Risk Management Framwork & Basel Ii Icmap
Financial Risk Management Framwork & Basel Ii IcmapFinancial Risk Management Framwork & Basel Ii Icmap
Financial Risk Management Framwork & Basel Ii Icmap
 
The Global Landscape of Digital Finance Innovations
The Global Landscape of Digital Finance InnovationsThe Global Landscape of Digital Finance Innovations
The Global Landscape of Digital Finance Innovations
 
Spiral model explanation
Spiral model  explanationSpiral model  explanation
Spiral model explanation
 
An Overview of the Basel Norms
An Overview of the Basel NormsAn Overview of the Basel Norms
An Overview of the Basel Norms
 
Regulatory aspect of pharmaceutical change control system
Regulatory aspect of pharmaceutical  change control systemRegulatory aspect of pharmaceutical  change control system
Regulatory aspect of pharmaceutical change control system
 
Debunking the myths of organizational change management
Debunking the myths of organizational change managementDebunking the myths of organizational change management
Debunking the myths of organizational change management
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
25 Disruptive Technology Trends 2015 - 2016
25 Disruptive Technology Trends 2015 - 201625 Disruptive Technology Trends 2015 - 2016
25 Disruptive Technology Trends 2015 - 2016
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Similar to Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation

Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2Perficient, Inc.
 
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation:  A Lawyer, a Salesperson and the Operations Guy Walk ...DGIQ 2018 Presentation:  A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DATUM LLC
 
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .jadams6
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011IBM Sverige
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013Nidhi Gupta
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013Nidhi Gupta
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
Toward a holistic method for regulatory change management
Toward a holistic method for regulatory change managementToward a holistic method for regulatory change management
Toward a holistic method for regulatory change managementDr.-Ing. Sagar Sunkle
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC SolutionsMantala
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
Covering Your Bases McDonald
Covering Your Bases McDonaldCovering Your Bases McDonald
Covering Your Bases McDonaldEDR
 

Similar to Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation (20)

Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2
 
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation:  A Lawyer, a Salesperson and the Operations Guy Walk ...DGIQ 2018 Presentation:  A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
 
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
Toward a holistic method for regulatory change management
Toward a holistic method for regulatory change managementToward a holistic method for regulatory change management
Toward a holistic method for regulatory change management
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Covering Your Bases McDonald
Covering Your Bases McDonaldCovering Your Bases McDonald
Covering Your Bases McDonald
 

More from 360factors

What Key Factors Should Risk Officers Consider When Using Generative AI
What Key Factors Should Risk Officers Consider When Using Generative AIWhat Key Factors Should Risk Officers Consider When Using Generative AI
What Key Factors Should Risk Officers Consider When Using Generative AI360factors
 
6 Major Elements to Focus on for Building an Excellent Compliance Management ...
6 Major Elements to Focus on for Building an Excellent Compliance Management ...6 Major Elements to Focus on for Building an Excellent Compliance Management ...
6 Major Elements to Focus on for Building an Excellent Compliance Management ...360factors
 
How AI in the Insurance Industry is Influencing Regulatory Changes in 2024
How AI in the Insurance Industry is Influencing Regulatory Changes in 2024How AI in the Insurance Industry is Influencing Regulatory Changes in 2024
How AI in the Insurance Industry is Influencing Regulatory Changes in 2024360factors
 
Generative AI Risks in IT and Cybersecurity for Financial Organizations
Generative AI Risks in IT and Cybersecurity for Financial OrganizationsGenerative AI Risks in IT and Cybersecurity for Financial Organizations
Generative AI Risks in IT and Cybersecurity for Financial Organizations360factors
 
Exploring Risk Management and Recent Trends to Impact the Insurance Sector
Exploring Risk Management and Recent Trends to Impact the Insurance SectorExploring Risk Management and Recent Trends to Impact the Insurance Sector
Exploring Risk Management and Recent Trends to Impact the Insurance Sector360factors
 
Roles and Responsibilities of Board Members in IT Risk Assessment
Roles and Responsibilities of Board Members in IT Risk AssessmentRoles and Responsibilities of Board Members in IT Risk Assessment
Roles and Responsibilities of Board Members in IT Risk Assessment360factors
 
Steps to Consider When Conducting IT Risk Assessment
Steps to Consider When Conducting IT Risk AssessmentSteps to Consider When Conducting IT Risk Assessment
Steps to Consider When Conducting IT Risk Assessment360factors
 
Navigating the Future: Key Trends in GRC for 2024
Navigating the Future: Key Trends in GRC for 2024Navigating the Future: Key Trends in GRC for 2024
Navigating the Future: Key Trends in GRC for 2024360factors
 
Top 10 Risk Management Trends for 2024 #riskmanagement
Top 10 Risk Management Trends for 2024 #riskmanagementTop 10 Risk Management Trends for 2024 #riskmanagement
Top 10 Risk Management Trends for 2024 #riskmanagement360factors
 
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk AssessmentHow Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment360factors
 
Six Crucial Steps for Insurance Companies to Excel in Risk Management
Six Crucial Steps for Insurance Companies to Excel in Risk ManagementSix Crucial Steps for Insurance Companies to Excel in Risk Management
Six Crucial Steps for Insurance Companies to Excel in Risk Management360factors
 
Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...
Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...
Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...360factors
 
The Evolution of Compliance Management in the Digital Age
The Evolution of Compliance Management in the Digital AgeThe Evolution of Compliance Management in the Digital Age
The Evolution of Compliance Management in the Digital Age360factors
 
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...360factors
 
Third-Party Risk Management Best Practices for Financial Enterprises
Third-Party Risk Management Best Practices for Financial EnterprisesThird-Party Risk Management Best Practices for Financial Enterprises
Third-Party Risk Management Best Practices for Financial Enterprises360factors
 
Predict360 IT Risk Assessment Application
Predict360 IT Risk Assessment ApplicationPredict360 IT Risk Assessment Application
Predict360 IT Risk Assessment Application360factors
 
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...360factors
 
The Need to Implementing AI-Based Risk Insights Software in Financial Firms
The Need to Implementing AI-Based Risk Insights Software in Financial FirmsThe Need to Implementing AI-Based Risk Insights Software in Financial Firms
The Need to Implementing AI-Based Risk Insights Software in Financial Firms360factors
 
How an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance StandardsHow an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance Standards360factors
 
How Does Compliance Management Software Help Compliance Managers
How Does Compliance Management Software Help Compliance ManagersHow Does Compliance Management Software Help Compliance Managers
How Does Compliance Management Software Help Compliance Managers360factors
 

More from 360factors (20)

What Key Factors Should Risk Officers Consider When Using Generative AI
What Key Factors Should Risk Officers Consider When Using Generative AIWhat Key Factors Should Risk Officers Consider When Using Generative AI
What Key Factors Should Risk Officers Consider When Using Generative AI
 
6 Major Elements to Focus on for Building an Excellent Compliance Management ...
6 Major Elements to Focus on for Building an Excellent Compliance Management ...6 Major Elements to Focus on for Building an Excellent Compliance Management ...
6 Major Elements to Focus on for Building an Excellent Compliance Management ...
 
How AI in the Insurance Industry is Influencing Regulatory Changes in 2024
How AI in the Insurance Industry is Influencing Regulatory Changes in 2024How AI in the Insurance Industry is Influencing Regulatory Changes in 2024
How AI in the Insurance Industry is Influencing Regulatory Changes in 2024
 
Generative AI Risks in IT and Cybersecurity for Financial Organizations
Generative AI Risks in IT and Cybersecurity for Financial OrganizationsGenerative AI Risks in IT and Cybersecurity for Financial Organizations
Generative AI Risks in IT and Cybersecurity for Financial Organizations
 
Exploring Risk Management and Recent Trends to Impact the Insurance Sector
Exploring Risk Management and Recent Trends to Impact the Insurance SectorExploring Risk Management and Recent Trends to Impact the Insurance Sector
Exploring Risk Management and Recent Trends to Impact the Insurance Sector
 
Roles and Responsibilities of Board Members in IT Risk Assessment
Roles and Responsibilities of Board Members in IT Risk AssessmentRoles and Responsibilities of Board Members in IT Risk Assessment
Roles and Responsibilities of Board Members in IT Risk Assessment
 
Steps to Consider When Conducting IT Risk Assessment
Steps to Consider When Conducting IT Risk AssessmentSteps to Consider When Conducting IT Risk Assessment
Steps to Consider When Conducting IT Risk Assessment
 
Navigating the Future: Key Trends in GRC for 2024
Navigating the Future: Key Trends in GRC for 2024Navigating the Future: Key Trends in GRC for 2024
Navigating the Future: Key Trends in GRC for 2024
 
Top 10 Risk Management Trends for 2024 #riskmanagement
Top 10 Risk Management Trends for 2024 #riskmanagementTop 10 Risk Management Trends for 2024 #riskmanagement
Top 10 Risk Management Trends for 2024 #riskmanagement
 
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk AssessmentHow Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
 
Six Crucial Steps for Insurance Companies to Excel in Risk Management
Six Crucial Steps for Insurance Companies to Excel in Risk ManagementSix Crucial Steps for Insurance Companies to Excel in Risk Management
Six Crucial Steps for Insurance Companies to Excel in Risk Management
 
Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...
Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...
Track, Manage, and Report on Vendor Risk with Predict360 Vendor Risk Manageme...
 
The Evolution of Compliance Management in the Digital Age
The Evolution of Compliance Management in the Digital AgeThe Evolution of Compliance Management in the Digital Age
The Evolution of Compliance Management in the Digital Age
 
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
 
Third-Party Risk Management Best Practices for Financial Enterprises
Third-Party Risk Management Best Practices for Financial EnterprisesThird-Party Risk Management Best Practices for Financial Enterprises
Third-Party Risk Management Best Practices for Financial Enterprises
 
Predict360 IT Risk Assessment Application
Predict360 IT Risk Assessment ApplicationPredict360 IT Risk Assessment Application
Predict360 IT Risk Assessment Application
 
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
How Enterprise Risk Management Software Mitigates Risks and Creates Value for...
 
The Need to Implementing AI-Based Risk Insights Software in Financial Firms
The Need to Implementing AI-Based Risk Insights Software in Financial FirmsThe Need to Implementing AI-Based Risk Insights Software in Financial Firms
The Need to Implementing AI-Based Risk Insights Software in Financial Firms
 
How an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance StandardsHow an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance Standards
 
How Does Compliance Management Software Help Compliance Managers
How Does Compliance Management Software Help Compliance ManagersHow Does Compliance Management Software Help Compliance Managers
How Does Compliance Management Software Help Compliance Managers
 

Recently uploaded

Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
 
About .NET 8 and a first glimpse into .NET9
About .NET 8 and a first glimpse into .NET9About .NET 8 and a first glimpse into .NET9
About .NET 8 and a first glimpse into .NET9Jürgen Gutsch
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmonyelliciumsolutionspun
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 

Recently uploaded (20)

Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
 
About .NET 8 and a first glimpse into .NET9
About .NET 8 and a first glimpse into .NET9About .NET 8 and a first glimpse into .NET9
About .NET 8 and a first glimpse into .NET9
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
Sustainable Web Design - Claire Thornewill
Sustainable Web Design - Claire ThornewillSustainable Web Design - Claire Thornewill
Sustainable Web Design - Claire Thornewill
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
Program with GUTs
Program with GUTsProgram with GUTs
Program with GUTs
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 

Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation

  • 2. Page 2Regulatory Change Management Speaker: Ed Sattar Ed Sattar is the CEO of 360factors For more than a decade, Ed has made significant professional contributions to the regulatory compliance space across multiple industries. His experiences include extensive research and consulting to regulatory compliance consulting firms, training providers as well as state and federal regulatory agencies. During his tenure in the regulatory compliance workflow automation and eTraining space, he has identified key criteria and compliance standards that are currently being published and implemented. Ed Sattar has been nominated for the Ernst & Young Entrepreneur of the Year award three times and was among the top seven finalists in 2009. 360training.com, the parent company of 360factors, has appeared on the Deloitte Fast 50 as the 6th fastest growing company in Texas. It has also been listed in Inc 5000 several times as one of the fastest growing companies. Ed studied Electrical Engineering and Finance at the University of Texas at Austin.
  • 3. Page 3Regulatory Change Management Profit PeoplePlanet Effective Operational Risk Management & Three P’s
  • 4. Page 4Regulatory Change Management Outline  Regulatory & Operational Risk Trends  Why Implement an Enterprise Risk and Regulatory Change Management System  Enterprise Risk and Compliance Management Methodology  How to Implement an Enterprise Risk and Compliance Management System  Can Automation and Software can Increase Operational Excellence and Reduce Risk
  • 5. Regulatory Change Management Regulatory & Operational Risk Trends
  • 6. Page 6Regulatory Change Management Rising Regulations and Cost
  • 7. Page 7Regulatory Change Management Source: Davis, Polk Dodd-Frank Infographics Regulatory change is significantly impacting organizations and their policies
  • 8. Regulatory Change Management More Complexity, More Projects, and More Risks to Manage Managing Your Operations Seamlessly While Reducing Risk
  • 9. Regulatory Change Management Why Implement an Enterprise & Regulatory Change Management System
  • 10. Regulatory Change Management 1. Understanding Regulations- Either Over Complying or Under Complying- 2. Regulatory Applicability and Managing Regulatory Changes. 3. Automating And Streamlining Day To Day Compliance, Event And Incident Management With Respect To Regulatory Change Management 4. Cost Efficiency By Automating TrackingandMonitoringaNonCompliance Items Such as Events, Incidents, Audits & Investigations Four Reasons Why Implement Regulatory Change Management
  • 11. Page 11Regulatory Change Management Four Reasons Why Implement Regulatory Change Management  Understanding Regulations  Regulatory Change Management  Regulatory Applicability  Day to Day Compliance Tasking  Event-Driven Compliance Tasking  Incident Management and Root Cause Analysis  Predictive Risk Analysis  Corrective and Preventive Actions  Policy and Procedure Management  Audit Management  Sustainability  Training Management  Multiple Tools to address Reg Compliance Other Industry Pain Points
  • 12. Regulatory Change Management Enterprise Risk and Compliance Management Model
  • 13. Regulatory Change Management 1. WHY = Regulatory change management 2. WHAT = Risk and internal controls 3. HOW = Operational excellence and workflow 4. WHERE = Location / Assets 5. WHO = Defining &, Mapping Roles / Key Management Functions to Metrics & P&L Enterprise Risk and Compliance Management Model – Five Steps
  • 14. Regulatory Change Management REGULATORY CHANGE MANAGEMENT MODEL Regulatory Change Management Operational Excellence and Workflow Risks & Internal Controls Organization – Roles and Key Management Functions Location/ Assets HOW WHY WHAT WHO WHERE
  • 15. Regulatory Change Management How to Implement an Enterprise Risk and Compliance Management System
  • 16. Page 16Regulatory Change Management Requirements Knowledge Based & Taxonomy Business Process Risk and Internal Controls Roles and Responsibilities Locations and Assets COMPONENTS OF REQUIREMENTS KNOWLEDGE BASE 1. Regulatory, Standards, Requirements and Objectives library management 2. Translate regulatory requirements into action, evidence, subject, frequency 3. Monitor regulatory change 4. Regulations in effect to proposed 5. Mapping- regulatory requirements mapped to CAPA , policy procedures and evidence 6. Regulation Applicability Step 1- Requirements Knowledge Base & Taxonomy WHY
  • 17. Page 17Regulatory Change Management Step 2- Risk & Internal Controls 1. What is impacted?  Environmental Risk  Financial Risk  Legal Risk  Reputational Risk  Operational Risk 2. Define internal controls  Process  Procedures  Risk Assessments  tasks  training 3. Define risk levels  Which details impacting factors  Is based on a systematic process allowing the organization to prioritize more efficiently  Effectively assesses issues requiring immediate action. Requirements Knowledge Based & Taxonomy Operational Excellence and Workflow Risk and Internal Controls Reporting – Roles and Key management Functions Location/ Assets WHAT
  • 18. Page 18Regulatory Change Management Step 2- Risk & Internal Controls Requirements Knowledge Based & Taxonomy Roles and Responsibility Risk and Internal Controls Reporting Regulatory Compliance Software Small Workforce Large Workforce HighRiskLowRisk
  • 19. Page 19Regulatory Change Management Weak Technology • Documents& spreadsheets • Email for workflow & tasks • No audit trail or accountability Moderate Technology • Basic workflow & task management • No regulatory content feeds • Audit trail for accountability Strong Technology • Enterprise workflow • Integrated and actionable regulatory content with policy management • Closed loop process – everything integrated into one platform • Indexing of regulations to other policies Small Workforce Large Workforce HighComplexityLowComplexity Step 2 - Risk & Internal Controls
  • 20. Page 20Regulatory Change Management 1. How 2. Compliance process around sites, assets, events 3. Process automation and cost 4. Manual VS automation Step 3- Business Processes Requirements Knowledge Based & Taxonomy Operational Excellence and Business Processes Risk and Internal Controls Reporting Regulatory Compliance Software HOW
  • 21. Page 21Regulatory Change Management Automate Corrective Action to Increase Speed, Eliminate Waste and Cut Costs Automate Scheduling, Tasking and Tracking Embed Transparency and Accountability Automate Management of Change PROCESSESS THAT CAN BE AUTOMATED PROCESSESS THAT CAN’T BE AUTOMATED Translation of Requirements Subject Matter Expertise Step 3- Business Process Requirements Knowledge Based & Taxonomy Business Process Risk and Internal Controls Reporting Regulatory Compliance Software HOW
  • 22. Page 22Regulatory Change Management 1. Where is compliance done. 2.Compliance done at the site and asset level Step 4. Location & Assets Requirements Knowledge Based & Taxonomy Business Process Risk and Internal Controls Roles & Responsibility Location / Assets WHERE
  • 23. Page 23Regulatory Change Management 1. It is important to define the roles and responsibilities before you create an EHS Regulatory Compliance Framework? 2. So what are the barriers to creating a Regulatory Compliance Framework? 3. Is there a specific role and responsibility structure or can it vary from organization and industries? Step 5. Roles & Responsibility Requirements Knowledge Based & Taxonomy Business Process Risk and Internal Controls Roles & Responsibility Location / Assets WHO
  • 24. Page 24Regulatory Change Management 1. Key Roles and Structure 2. Key Functions 3. Key Actions 4. Outcome / Results COMPONENTS OF ROLES AND RESPONSIBILITES Step 5. Roles & Responsibility Requirements Knowledge Based & Taxonomy Business Process Risk and Internal Controls Roles & Responsibility Location / Assets
  • 25. Regulatory Change Management Can Automation and Software Increase Operational Excellence and Reduce Risks?
  • 26. Page 26Regulatory Change Management 1. Is Technology perceived as a catalyst for growth and performance? 2. Are people or technology barriers to Regulatory Compliance Automation? Automate Regulatory Compliance Through Software Requiremen ts Regulations Standards Business Requirements Business Process Risks & Controls Organizatio n Location/ Assets
  • 27. Page 27Regulatory Change Management Source: Global survey by KPMG, Inc BENEFITS OF AN INTEGRATED MANAGEMENT SYSTEM Automate Regulatory Compliance Through Software
  • 28. Regulatory Change Management Predict360 REGULATORY COMPLIANCE ARCHITECTURE
  • 29. Page 29Regulatory Change Management People, Planet and Profit

Editor's Notes

  1. Welcome everyone- In an environment where the demise of major institutions, impact of GHG, impact on the environment through events such as mocondo and utilities blow outs and how its effects the lives of human beings has led to stricter regulations in major industries and countries around the world, the word “ Risk & Regulatory Change Management” has become an all-important language in the world of EHS & utilities that can make or break the organization, its officers, its people, its customers and the communities we live in The purpose of this presentation is to share with you how to build an enterprise risk and regulatory change management methodology, best practices, and insightful experiences that can help you build out a successful enterprise risk and regulatory change management system, irrespective of the regulation type, standards and corporate objectives that you may be subjected to
  2. My name is Ed Sattar and I am with 360factors, which is Enterprise Risk and Compliance Solutions company. I’ve spent the past 15 years in the Regulatory Compliance policy making and workflow automation space, which essentially is involved in building regulatory intelligence models, change management methodology and developing Software to automate , scale and stream line compliance for corporations, agencies, consulting firms and regulators.
  3. Managing and creating a balance between the three P”s as not an easy task. Human, environment safety and health protection remains the number 1 priority for all those that are stakeholders in the energy and utility companies and that is a given. As stakeholder representing these companies, you all understand the burden relates to the complexities and stringent EHS regulations across the entire span of their effect. These regulations are not only stringent but also constantly revised and evolving which we have to take into consideration. With recent major accidents — such as the Deepwater Horizon drilling rig in the Gulf of Mexico in 2010, the Californian San Bruno gas pipeline explosion in 2010 where PG & E was fined $1.4 B, the Pemex pipeline explosion in 2012, refinery fires and shutdowns like the ones at BP Cherry Point,, and Amuay in Venezuela in 2012 . In 2011 $25 M fine on three utilities companies for poor performance to their response due the storm leaving house holds without utilities …All these are examples of local and international regulators trying to influence our balance between the three P’s Profit , Your People/ Staff and Planet- your customers So by the end of the presentation, I expect that you will walk away performing some mental assessment of your regulatory compliance maturity model and hopefully identifying those activities that you will stop, start and continue doing. This will in turn contribute towards helping you balance your three P’s ---------------------------------------------------------------------- CASE STUDY: The state Department of Environmental Protection has fined Cabot Oil & Gas $120,000 for a storage tank explosion and spill. The incident occurred January 11 at the Reynolds well pad in Jessup Township, Susquehanna County. “This was a serious incident that injured an employee and resulted in a spill of approximately 2,835 gallons of production fluid from a 21,000-gallon storage tank,” DEP Director of District Oil and Gas Operations John Ryder said in a statement. “Some of this fluid escaped containment and impacted soil off the well pad.” The DEP cited the company for violations of the Oil and Gas Act and regulations, Solid Waste Management Act, and Clean Streams Law. Cabot has since remediated the spill. “Fortunately, the injured contractor returned to work shortly after this incident,” said Cabot spokesman George Stark in an email. “We undertook a detailed investigation. We have implemented additional safeguards into our design and construction practices across our operations, and we continue to work toward our goal of zero incidents.” The company ranks fifth among operators in overall wells drilled, but it’s second in the state in DEP violations.
  4. This is step by process in how I will address my discussion
  5. Here we will discuss the leading effects of regulatory change which is in the forefront of regulatory reform
  6. Lets look at how the regulatory landscape is changing …… The heritage Foundation has researched that massive amount of regulations have been added since 2009, and that regulatory burdens on American business has increased by nearly $70 billion during just during President Obama’s first term in office.
  7. What this data is trying to communicate it that the pace of rule making and pages written is consistently increasing over the last three years 1 word of law has resulted in 42 words of rules and rule making For example in the United States, We are only 39% completion in implementing dodd frank act..…..and Dodd Frank does not just impact financial services….it impacts every organization For instance, new offshore drilling safety requirements have been increasing, New US Pipeline Safety Act regulations being introduced for pipeline integrity. Reinforcement of greenhouse gas (GHG) emission caps is also impacting organizations and refineries are all example of evolving regulations and they are impacting us as an organization
  8. Operational Complexity As the regulations and standards are increasing and as your company continues to grow , your organization becomes more complex……Risk management SPECIFIC TO MANAGING CHANGES AROUND REGULATION AND COMPLIANCE can become costly and cumbersome. So you not only have to worry about risks and costs related to asset damage, business interruption, pollution, injuries to people, damage to properties and cost overruns for large projects …..ON TOP OF ALL THIS: there are the additional risks and costs of non-compliance in today's industry. So if you merge the complexity of operational risks and regulatory risk….the exposure can be high and costly......So the question becomes how can mitigate these risks and keep the cost down? If the goal is to produce as efficiently and cost effectively as possible, with minimizing your operation and regulatory risk. The only strategy for achieving this is through an "integrated operations“ management system to optimize efficiency, productivity, reduce economic, environment, health, and safety risks. WAIT: LET ME CORRECT MYSELF: > I would insert the word “ AUTOMATED” in front of integrated operations management system”
  9. 1. The first pain point comes from most organizations don’t know if they are over complying or under complying …..in either, case it is expensive whether you are over or under complying, it can be highly costly in terms of safety, product, brand, reputation. The impact and probability of the risks that the regulations represent depends on how well you understand the Three I’s – the intent of the law, how well you interpret the law , how you implement the law and how well regulatory change management is institutionalized within your firm. It is therefore critical that a firm implements a regulatory change management system to effectively manage and monitor the compliance process to ensure that these are institutionalized in a way that compliance becomes part of the “culture”. 2. The second step towards compliance is to get a clear understanding of which regulations are applicable to the organization and their various business units and sites, In ability to determine which rules apply or don’t apply may result in under or over complying. Again, in both cases, it can drive unnecessary costs. 3. Firms have no structured approach to managing regulatory change and are often caught “ Working in Compliance” VS “Working on Compliance” . Working in compliance involves being caught off guard , being reactive and putting out fires. Working on compliance involves in doing proper analysis, being proactive and putting in regulatory change management structure in place. 4- Hence automating and streamlining…………..to Regulatory Change Management will give you quality key performance indicators so that you can react quickly to issues and even predict issues….. ------------------------------------------------------------------------------------------------ If the there not tighter systems or a methodology around the First Three Steps, your risks that may stem from non-compliance with key regulatory requirements can be very costly and damaging to a firm and the custodians of governance within the firm. We all know that consequences of non-compliance range from penalties and fines, to imprisonment, withdrawal of licenses, lawsuits and reputational risk which may individually and or collectively have a fundamental impact on the firm’s sustainability as a going concern- That cost is substantially more than a putting in a system that automates your tracking and monitoring of non-compliance day to day compliance tasks, events, incidents and investigation Example- Haliburton fine in PA ..fined about a $ 1 MIL and a system would be a fraction of the cost.
  10. The items in gray are something you have been addressing some fashion either through manual or automated processes, the items on the right are now hot as a result of how the regulatory environment is changing and becoming from stringent or if you are growing as a company…….and what is a major concern of the executives is how can all of the above pain points for various functional departments can be done through a single management system reducing cost and increasing efficncy ?
  11. Regulatory change management model is comprised of five simple components
  12. Here is an illustration of the Risk and Regulatory Change Management Model
  13. Once you have your model down, let’s talk about you how you convert the model into a management system
  14. 1. It is necessary to be adequately prepared by creating a regulatory knowledge base and develop a regulatory taxonomy mapped to your organizations enterprise risk framework. Components of Requirements knowledge base should include: Regulatory library – should enable a firm to maintain regulations and standards along with their translations ii) Map reference documents, notes, templates of various kinds, checklists at the standard and requirement level iii) Search engine that allows compliance professionals to search for standards and requirements 2. Translate Regulatory Requirements in Practices – this links the three I’s I talked about earlier and the comment about over complying and under complying. This makes the translation of the regulations or standards a very critical factor in the compliance change management process. 3. Monitor Regulatory Change- is about conducting a business impact analysis to understand regulatory change impact on your business by implementing a workflow within a regulatory change management system that enables you to send alerts to specific works groups when the regulations change 4. Regulations in effect to Proposed- is having a system in place that enables you to track regulations that are approved but not in effect and also do side by side comparison or redline between the old to new regulations 5. Mapping of the Regulations- a sophisticated RCM would allow you to map Regulatory requirements to CAPA , Policy Procedures and Evidence this way you know which regulations are triggering most of your actions and which policies or procedures to update when a regulations change. 6. Regulation Applicability –compliance is usually done at the site or asset level so it important to get a clear understanding of which regulations are applicable to the organization and their various business units, sites and assets
  15. 1. Risk and Controls – In order for the organization to manage their risk and regulatory compliance, they should define their Internal Controls and Risks. Risk Analysis tells what is impacted and based on a systematic process allows us to prioritize and therefore tells us what to address first. 2. Define Internal Controls- There are various internal control models. Internal controls are the activities that are put in place to help achieve the objectives or specific regulatory requirements that may include various processes, policies, procedures, risk assessments, communication process, training, etc….you can define very specific set of environmental health and safety corrective and preventive actions as your internal controls 3. Risk analysis You can make a simple risk analysis at your enterprise by asking three simple questions: i) What can go wrong? ii) What can we do to prevent it? iii) What can we do to reduce the consequences if some- thing does go wrong?   Q2. Ed’s Response - The business processes are at the core of the organization and the holistic model. These processes should have strong controls and reporting capabilities. Surrounding the business processes is the GRC operational model, the layer at which the governance, risk management, and compliance management is put into practice to drive enterprise assurance.
  16. With low risk and a small workforce, Health and Safety activities or internal controls and risk are simple and straight-forward with high risk, e.g. if you have employees in multiple countries under multiple regulations, to avoid or mitigate your hazards, your EHS activities are going to be more extensive…….when the organization is complex and risk is high, then consultants and organization should consider software automation to reduce complexity So risk levels for various hazards and internal controls should be defined based on the what environmental health safety managers are concerned with based on the industry and complexity of your organization
  17. Here is a simple Risk and Regulatory Compliance maturity model. So you grow and become more complex, you need from week to strong technology to improve decision making across the entire enterprise.
  18. Once the organizations has identified their EHS internal controls and identified their risks or hazards from high to low, the management would be required to further develop and streamline compliance routines, process and and procedures into a coherent system. This system should allow you to pull reports so that you are able to understand regulatory change impact and make informed and timely decisions. These days when regulators do their audit they are not necessarily only interested in knowing if you achieved compliance, but interested in knowing “ the how” - compliance process around personnel, product, equipment, policies, procedures, materials, assets, sites, events, assets and operating conditions…etc What processes can be automated and what processes will continue to be manual Ed’s Response 1: The short answer is Automation is Highly Cost Effective. KPMG recently did research that most of the regulatory compliance is done in silos- various functional departments are managing compliance through multiple tools ( some external and some internal) in some cases most of these tools don’t talk to each other and then each department has additional head count to manage compliance- if regulatory compliance across all divisions is automated through one platform then not only it will be cost effective, it will really increase the performance of the company by being able to make better and timely decisions compare to its competitors. Ed’s – Vertically integration of all the regulatory departments through one platform should lead to better reporting up the hierarchy and hence a more complete view of critical risks facing the organization. A lack of such oversight was arguably a major cause of the current financial crisis. gathering of the regulations is still going to be a manual process, translations of the regulations and standards is still going to be a manual process.
  19. Skip
  20. While you are creating a EPA, OSHA , NERC or FERC regulatory compliance workflow and defining processes, it is critical to define it at the site, asset and people level to get a clear understanding of which regulations are applicable to the organization and their various business units, sites, people and assets since compliance is done at site, people and asset level- A management system should enable you to do that. For example, if hazard analysis, contamination assessments are done, they are typically done at the site level and even on specific assets and even some assets have permits and compliance activities that have to be tracked even when those assets are moved or removed ------------------------------------ Another example is in offshore drilling, contractors and sub contractors are constantly moving from one platform to another and one company to another, tracking those people can be a daunting task…this is where automation can create some efficiency.
  21. 1. For Good, safe work practices, creating an EHS regulatory compliance governance structure is very critical. It involves clarifying roles, responsibilities and resource capabilities and escalation procedures, as well as the information and reporting systems that govern business processes. It also entails the use of tools and systems to enable analysis, efficient monitoring, and reporting. Basically, this last and 5th step ties into all of the 4 steps we talked about ----------------------------- 2. Commitment from the top and 2. People’s resistance to change. Q3. It can vary from industry to industry and even from company to company. However, in some countries like UK , the regulators require certain functions to be done specific level of management. For example internal controls should be set by organization’s mgmt team. Nonetheless, persons with responsibility must have the knowledge and authority to take action when circumstances require
  22. There is no single recipe as to how structure your org, but there are some best practice of defining who is responsible and accountable for key roles and functions Key Roles and Structure- For example, the board, Owners, executive team, management, EHS Managers, Safety Coordinators, Field Management/operators, auditors Key Functions – EHS, OSHA, Regulatory, legal, compliance, audit, risk , NERC, FERC Key Actions - Compliance, Reliability, Quality and Sustainability, health and Safety, Training Outcome / Results and KPI’s
  23. For something as having two simple objectives – 1, prevent accidents / incidents and 2. preventing from releasing harmful substances into the environment, it could get pretty complex if the organization has lots of employees, multiple sites, multiple countries and multiple regulations….the more you stack on, the more complex Putting these internal controls managing risks that through a manual process can be cumbersome and a daunting task especially if it is done manually. Complex Organizations should leverage technology to enable an organization to stream line their compliance business process management to improve quality, efficiency, productivity and make proactive timely decisions. Once perceived has high cost for software solutions, these days cost of technology is less than a half a head count and fraction of the fines that can be imposed by the regulators such as EPA , OSHA, NERC and FERC ------------------------------------------------ In conclusion, I would will also like to share a quote by Dr. Weterman MIT’s Sloan School of Management “ If something is more complex, it is just more risky. “But when companies go beyond that, to actively manage unnecessary complexity out of their business processes and technologies, they benefi­t not only from lower risk but also higher efficiency and agility.” Optional information to share Once predominantly seen as an expense, technology is now viewed by more business leaders as a worthwhile investment and a source of strategic advantage. Additionally, the advent of cloudbased technology offers more affordable alternatives for mid-market companies as they work to drive growth in their organizations.” Further, It is not simply a technology tool; it is a way to rationalize risk management and controls, giving management the information they need to improve business performance and achieve compliance Ed’s Response: People – not technology – present the greatest barrier to successful convergence. Integration is likely to involve a major transformation program so perhaps, unsurprisingly, resistance to change is considered the single biggest obstacle (44 percent), followed by complex convergence processes (39 percent) and a lack of available experts (36 percent). Less than one in ten mentioned inadequate technology as a hurdle to overcome.
  24. In a survey done by KPMG in 2010, 64 percent of respondents prefer to have a vertically integrated GRC platform as priority for their organization and in this survey “the ability to identify and manage risks more quickly is singled out by 59 percent of respondents” as one of the key benefits of an integrated platform 39 percent believe it can improve corporate performance and only 26 percent feel it will help reduce the costs of duplication it is more critical for the Regulatory Compliance Management across all departments to be integrated through one platform to see the whole picture with respect to risk. More and more, companies are looking at reducing risk, cutting costs and improving performance by adopting a more integrated approach to managing their EHS governance, risk and compliance. ----------------------------------------------------------------------- I believe vertically integrating your regulatory compliance management will bring in rewards and drive enterprise excellence …when you get in there and start implementing controls in various areas, you then realize you’ve got a bad process. Instead of sinking money into protecting a bad process, you can rework it and get all kinds of savings and may have partially paid for the integrated platform by identifying new business process efficiencies
  25. Skip 360factors has built a a unique, incomparable solution based on experience working with energy companies and specialist systems integrators on a diverse set of projects. Globally. As a seamless cloud application where collaboration between operations, service companies, suppliers, and regulators \: this is your solution to critical success Consider infrastructure protection for assets such coupled with the intractable challenge for the energy industry, including all factors such as :engineering, design, and construction to maintenance and operations of a large and complex capital project. Compliance, managing regulatory changes and associated workflows, asset-connected documentation can serve as a bridge between brand protection OR an unexpected failure!. The general approach to EHS management as per international standards ISO 14001 and OHSAS 18001 is based on the methodology called "Plan-Do-Check-Act" (PDCA), made popular by W. Edwards Deming……3PREDICT360 is platform that build it’s platform based on the ISO14001 and OHSAS 18001 framework
  26. So if you achieved an increase in operational excellence, sustainability and margins and balance between the three P’s ….that means your people ( board of directors protected and happy, you provided your people the right tools to achieve success and increased employee retention and satisfaction, you increased your profit margins and subsequently was able to protect your consumers which is made the planet …….so a lot of happy people and the feeling at levels could be some thing like this….. Video Link: https://www.youtube.com/watch?v=y6Sxv-sUYtM