Investing in the Front End of Compliance
Upcoming SlideShare
Loading in...5
×
 

Investing in the Front End of Compliance

on

  • 250 views

Analyst David Houlihan on why investing in the front end of compliance is the most effective way to see a positive ROI from your governance, risk, and compliance policies.

Analyst David Houlihan on why investing in the front end of compliance is the most effective way to see a positive ROI from your governance, risk, and compliance policies.

Statistics

Views

Total Views
250
Slideshare-icon Views on SlideShare
166
Embed Views
84

Actions

Likes
0
Downloads
6
Comments
0

3 Embeds 84

http://bluehillresearch.com 76
http://staging.bluehillresearch.com 6
http://webcache.googleusercontent.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • .

Investing in the Front End of Compliance Investing in the Front End of Compliance Presentation Transcript

  • Investing in the “Front End” of Compliance: Policy Management & Training David Houlihan Principal Analyst Blue Hill Research ©2014 Blue Hill Research. All Rights Reserved. ©2014 Blue Hill Research. All Rights Reserved.
  • About Me: Research: Ethics & Compliance Management Governance, Risk, and Compliance Legal Technology Background: United States Attorney’s Office Boston University GTC Law Group David Houlihan Principal Analyst ©2014 Blue Hill Research. All Rights Reserved. Aberdeen Group
  • What I Do: How does this help our business? Answer Technology Questions Finance: Information Technology: Line of Business: ©2014 Blue Hill Research. All Rights Reserved. What’s the ROI & TCO? How do I implement & manage this? Does it improve my performance?
  • Compliance & Non-compliance Costs 0% Overall Average Per capita per employee 25% 50% $3,529,570 75% $9,368,351 $222 $820 Compliance 100% $2.65 lost for every $1 spent on compliance $3.69 lost for every $1 spent on compliance Non-compliance Source: The True Cost of Compliance, Ponemon Institute January 2011 ©2014 Blue Hill Research. All Rights Reserved.
  • In other words. . . What you spend on compliance represents only ~21% of what compliance costs you. (. . .per employee) ©2014 Blue Hill Research. All Rights Reserved.
  • Cost Sources Compliance Non-Compliance 27% 60% Direct Direct Indirect Indirect Opportunity 30% 40% 43% ©2014 Blue Hill Research. All Rights Reserved. Source: The True Cost of Compliance, Ponemon Institute January 2011
  • Compliance Cost Map Compliance Operations Staff Implementation Regulatory Action Full time Employees Cost to implement Attorney Costs Services Consultants Compliance Business Operations Function Risks Penalties Attorneys Time lost to implement Lost Opportunities Productivity Loss Auditors Resources Reputation ©2014 Blue Hill Research. All Rights Reserved. To information acquisition Attorney Costs Technology Content Private Legal Action Reduced Revenue Reduced Stock Value To monitoring Damages / Settlements To incident management
  • The Challenge: If you only had $1 to spend on compliance. . . . . . how could you use it to get $4.69 in savings? ©2014 Blue Hill Research. All Rights Reserved.
  • Compliance Management ©2014 Blue Hill Research. All Rights Reserved.
  • Spend on Compliance Activities 13.8% 17.7% Policy management 11.9% 74.3% of what organizations spend on compliance goes to “firefighting.” Communications Program management Compliance monitoring Enforcement 25.5% 31.1% ©2014 Blue Hill Research. All Rights Reserved. Data: The True Cost of Compliance, Ponemon Institute January 2011 Analysis: Blue Hill Research
  • My Recommendation: ©2014 Blue Hill Research. All Rights Reserved.
  • Why Fire Prevention? Employee action creates compliance risk. ©2014 Blue Hill Research. All Rights Reserved.
  • What about the “Bad Apple”? “Good Luck.” ©2014 Blue Hill Research. All Rights Reserved.
  • But the Bigger Problems are. . . ???????????? (1) Confusion regarding requirements. (2) Lack incentive to act differently. ©2014 Blue Hill Research. All Rights Reserved.
  • Policy Management: Policy Management Areas for improvement: Investment Impact: Stakeholders collaboration “Agency/organization” alignment Management of changes Efficiency of stakeholders Removal of outdated policies Clarity of requirements Communication of changed to organization ©2014 Blue Hill Research. All Rights Reserved.
  • Training: Training Areas for improvement: Investment Impact: Employee engagement Efficiency of acknowledge acquisition Information retention Reduce risk of noncompliance Sense of consequence More “red flags” Guidelines of ambiguous situations ©2014 Blue Hill Research. All Rights Reserved.
  • Build Your Business Case Compliance Operations Staff Implementation Regulatory Action Full time Employees Cost to implement Attorney Costs Services Consultants Compliance Business Operations Function Risks Penalties Attorneys Time lost to implement Lost Opportunities Productivity Loss Auditors Resources Reputation Reduced Revenue ©2014 Blue Hill Research. All Rights Reserved. To information acquisition Attorney Costs Technology Content Private Legal Action Reduced Stock Value To monitoring Damages / Settlements To incident management
  • Key Factors to Consider in Solutions Policy Management • Support for content development • Ability to centrally manage and distribute content • Flexibility of content types incorporated • Security of solution • Support for retiring and archiving content Factors to Consider • Ability to link policy to training and insight into compliance operations Training • Expense of communication • Scalability of communication • Time required to obtain mastery • Employee engagement in training • Degree of internalization and retention • How closely supplied content supports objectives Potential integration with enterprise GRC suite to align policies and training with other compliance management and monitoring capabilities. ©2014 Blue Hill Research. All Rights Reserved.
  • Thank you! To join the conversation, contact me: dhoulihan@bluehillresearch.com New research starts by the end of the month . . .or follow us: ©2014 Blue Hill Research. All Rights Reserved. 1