Compliance 2020The Future of Ethics & ComplianceJanuary 2013Michael Rasmussen, J.D.,GRCP, OCEG Fellow, CCEPChief GRC Pundit
Compliance in the Midst of Transformation
Compliance in the pastPastPresent2020 -Future
Most organizations rely onmanual ad hoc processes tomanage risk and compliancechange.This involves individuals that areove...
Excessive emails, documents,and paper trailsLack of an audit trailLimited reportingFiles and documents out of syncWasted r...
PAST: Too many formats and approaches areinefficient, ineffective, and lack agility
The Winchester Mystery House• 160 rooms• 47 fireplaces• 6 kitchens• 10,000 windows• 65 doors to blank walls• 13 staircases...
NotAgileNotEfficientPAST: Silos lead to greater riskA non-integrated approach to compliance impacts businessperformance an...
PastPresent2020 -FutureCompliance Today
OECDNACDSECNYSErulesSOXNASDAQrulesALIEmployment& LaborAS 3806FSGThompsonMemoTIAACREFFPCAOBCalPERSISO90006 SigmaERMCOSOERMA...
Present: Are youfocused only on thecompliance risksyou see?“Never in all history have weharnessed such formidabletechnolog...
Present: Pressures Upon ComplianceCompliance& EthicsGovernmentsEnforcementAgenciesStakeholdersYoungerGenerationGlobalizati...
Inability to gain a clear viewof compliance dependencies;High cost of consolidatingsilos of complianceinformation;Difficul...
Incapable to providecompliance intelligence tosupport business decisionsand strategic planning;Redundant approaches limitc...
PastPresent2020 -FutureThe Future of Compliance:Year 2020
Future: Focus on Corporate Integrity
ComplianceConsistencyEfficiencyEffectivenessAgilityTransparencyAccountabilityFuture: Needs of Compliance
GRC technology delivers actionable and reliable information
Future: Technology Benefits
10 Shifts to Compliance StrategyCompliance202012345678910Risk Management Compliance will have an activeseat at the table ...
10 Shifts to Compliance StrategyCompliance202012345678910Code(s) of Conduct Employees with have aninteractive code enviro...
10 Shifts to Compliance StrategyCompliance202012345678910Policy & Procedure Management Similar to the code, policies will...
10 Shifts to Compliance StrategyCompliance202012345678910Training As a result of the interactivepolicy management portal,...
10 Shifts to Compliance StrategyCompliance202012345678910Monitoring & Assessment The compliance department willhave remov...
10 Shifts to Compliance StrategyCompliance202012345678910Investigations The organization will have a singlesystem to reco...
10 Shifts to Compliance StrategyCompliance202012345678910Change Management Compliance will be able to integrateprocess an...
10 Shifts to Compliance StrategyCompliance202012345678910Mobility There’s an app for compliance! Compliance will embrace...
10 Shifts to Compliance StrategyCompliance2020123456789103rd Party Management Compliance will more effectivelymanage and ...
10 Shifts to Compliance StrategyCompliance202012345678910Metrics & Benchmarking Integrated informationarchitecture extern...
Future: Compliance ValueEFFECTIVE• Design Effectiveness – Is the system islogically designed to meet legal and otherdefine...
Questions?Michael Rasmussen, J.D, GRCP,OCEG Fellow, CCEPMkras@grc2020.com+1.888.365.4560GRC 20/20 NewsletterLinkedIn: GRC ...
Upcoming SlideShare
Loading in...5
×

Compliance 2020- The Future of GRC Compliance

2,346

Published on

Ethics & compliance programs would certainly be stronger if organizations had 20/20 hindsight to view issues across their scope, but here is another thought: can you use what you know today to frame what your compliance organization will look like in the year 2020?

Both of these concepts - 20/20 hindsight and compliance in the year 2020 - build upon each other. Join Michael Rasmussen, principal analyst with GRC 20/20, who will explore the history of compliance within organizations and how that information can guide future industry growth and importance.

Where it has been,
Where it is now, and
What it will look like in the year 2020.
Particularly, he will explore the ways that compliance processes, information and technology will be commonly used in 2020 and how organizations will have greater contextual and situational 20/20 awareness of compliance across the organization. We will tackle how the present can begin taking advantage of what we believe will be best practices in 2020 and improve their compliance operations and intelligence today.

Presented by:
Michael Rasmussen
Principal Analyst, GRC 2020

Ed Petry, Ph.D, Vice President,
The Ethical Leadership Group

Published in: Business, Economy & Finance

Compliance 2020- The Future of GRC Compliance

  1. 1. Compliance 2020The Future of Ethics & ComplianceJanuary 2013Michael Rasmussen, J.D.,GRCP, OCEG Fellow, CCEPChief GRC Pundit
  2. 2. Compliance in the Midst of Transformation
  3. 3. Compliance in the pastPastPresent2020 -Future
  4. 4. Most organizations rely onmanual ad hoc processes tomanage risk and compliancechange.This involves individuals that areoverwhelmed with informationwho fire off an emails andmanage documents — leading to,in varying degrees…Past: The Hydra of compliance inefficiency
  5. 5. Excessive emails, documents,and paper trailsLack of an audit trailLimited reportingFiles and documents out of syncWasted resources and spendingPoor visibility across the enterpriseOverwhelming complexityLack of business agilityGreater exposure and vulnerabilityNo accountabilityPast: The Hydra of compliance inefficiency
  6. 6. PAST: Too many formats and approaches areinefficient, ineffective, and lack agility
  7. 7. The Winchester Mystery House• 160 rooms• 47 fireplaces• 6 kitchens• 10,000 windows• 65 doors to blank walls• 13 staircases abandoned• 25 skylights – in floors• 147 builders/no architects• Built without a blueprint• $5.5 million over 38 yearsPast: The state of compliance in many organizations
  8. 8. NotAgileNotEfficientPAST: Silos lead to greater riskA non-integrated approach to compliance impacts businessperformance and how it is managed and executed, resulting in:o Poor visibility across the enterprise. A reactive approach to GRC leadsto siloed initiatives that never see the big picture.o Redundant and inefficient processes. Silos of GRC lead to redundancy,gaps, and wasted resources.o Overwhelming complexity. Varying GRC approaches introduce greatercomplexity to the business environment.o Lack of business agility. Complexity drives inflexibility - the organizationis not agile to the dynamic business environment it operates in.o Greater exposure and vulnerability. A reactive approach leads togreater exposure and vulnerability.NotEffective
  9. 9. PastPresent2020 -FutureCompliance Today
  10. 10. OECDNACDSECNYSErulesSOXNASDAQrulesALIEmployment& LaborAS 3806FSGThompsonMemoTIAACREFFPCAOBCalPERSISO90006 SigmaERMCOSOERMAS 4360BISBaldrigeEuropeanQualityCSRGRIAA 1000SA 8000ISO: CSRISO14000TIAACREFFQualityLegalComplianceProsecutorialGuidanceWage &HourWorkplaceViolenceFDACIIAS 4269GovernmentContractsAnti-DiscriminationAnti-HarassmentContingentWorkforceHiring &RetentionHIPAAInformationManagementEmployeeInformationGLBAISO 17709CCA &FISCAMGAO XBRLCOBITNISTGlobalMobilityWhistle-BlowingTurnbullAFL-CIOKing II21(a)SeaboardCaremarkISO: CSRILOConventionsAICPASAS 99 & 70FFIECWebTrustSysTrustCOSOInternal ControlOCCCOCOCMMFCPAOFEHOFederalReserveHumanCapital CMMCISAHHSGuidanceAbbotDecisionDoDIIAGuidanceEPAAnti-Money LaunderingAnti-Trust Anti-FruadUSAPATRIOTDIIIRS & TaxCompetitivePracticesCCGGSAS 94Present: Volume & ComplexityGlobal Markets &JurisdictionsOutsourcing &Extended EnterpriseM&ANational, State/Provincial &Local Jurisdictions
  11. 11. Present: Are youfocused only on thecompliance risksyou see?“Never in all history have weharnessed such formidabletechnology. Every scientificadvancement known to man hasbeen incorporated into its design.The operational controls aresound and foolproof!”E.J. Smith, Captain of the Titanic
  12. 12. Present: Pressures Upon ComplianceCompliance& EthicsGovernmentsEnforcementAgenciesStakeholdersYoungerGenerationGlobalizationSocial MediaInformationTechnologyCommonPractices
  13. 13. Inability to gain a clear viewof compliance dependencies;High cost of consolidatingsilos of complianceinformation;Difficulty maintainingaccurate complianceinformation;Failure to trend acrosscompliance assessment/reporting periods;Present: The pain organizations have expressed
  14. 14. Incapable to providecompliance intelligence tosupport business decisionsand strategic planning;Redundant approaches limitcorrelation, comparison andintegration of information;andLack of agility to respondtimely to changingregulations, laws, andsituations.Present: The pain organizations have expressed
  15. 15. PastPresent2020 -FutureThe Future of Compliance:Year 2020
  16. 16. Future: Focus on Corporate Integrity
  17. 17. ComplianceConsistencyEfficiencyEffectivenessAgilityTransparencyAccountabilityFuture: Needs of Compliance
  18. 18. GRC technology delivers actionable and reliable information
  19. 19. Future: Technology Benefits
  20. 20. 10 Shifts to Compliance StrategyCompliance202012345678910Risk Management Compliance will have an activeseat at the table of riskmanagement. There will be improvedmethodologies andimplementations for modelingcompliance risk across theorganization based on informationthat is readily accessible to targetareas of risk exposure forcompliance and integrity to theorganization.
  21. 21. 10 Shifts to Compliance StrategyCompliance202012345678910Code(s) of Conduct Employees with have aninteractive code environment. They will get be educated on thecode through a portal of written,interactive content, and resourcesthat includes:o Trainingo Videoo Ability to get answers to questionso Reporting on the organizationsperformance against the code.
  22. 22. 10 Shifts to Compliance StrategyCompliance202012345678910Policy & Procedure Management Similar to the code, policies willbe accessed in user-friendlyenvironment through a portalaligned with the organizationbrand. Employees will easily be able tofind the current policy and readthe policy with interactive tools toexplain the policy to them. Policy resources and related formswill be part of the portal.
  23. 23. 10 Shifts to Compliance StrategyCompliance202012345678910Training As a result of the interactivepolicy management portal,learning management anddelivery of training will be anintegrated part of the portal itselfand not require disconnectedplatforms to be integrated.
  24. 24. 10 Shifts to Compliance StrategyCompliance202012345678910Monitoring & Assessment The compliance department willhave removed the shackles ofspreadsheets and documents Core platform for complianceassessments with a single surveyand assessment engine. This relieves the burden on thebusiness by having a commoninterface while allowing complianceto easily report on compliance. Freeing up time spent onreconciling documents to improvingcorporate integrity
  25. 25. 10 Shifts to Compliance StrategyCompliance202012345678910Investigations The organization will have a singlesystem to record and capture issues,incidents, and events that integrate withhotlines. Management can readily capturereports made at all levels of theorganization. Investigators will have a core system tomanage and record investigations. As there is one system for managingincidents and investigations, lossinformation from incidents is easily fedinto risk models to improve riskmanagement.
  26. 26. 10 Shifts to Compliance StrategyCompliance202012345678910Change Management Compliance will be able to integrateprocess and technology with informationfrom content providers to rapidly assesschanging:o Risks,o Regulations,o Developments around the world, ando Understand how they impact policy and theintegrity of the organization. When the business changes, such asthrough mergers and acquisitions,compliance will be able assess andharmonize policies, controls, andprocesses driving efficiency andeffectiveness into business change.
  27. 27. 10 Shifts to Compliance StrategyCompliance202012345678910Mobility There’s an app for compliance! Compliance will embrace mobiletechnology on tablets and other devices.o Issue reporting will be readily done throughmobile devices.o Tablets will be used to deliver policies, training,and other interactive content to employees –particularly those without desktop workstationaccess.o Mobile devices will be used in conductinginvestigations, audits, and complianceassessments.o The ability to record pictures and video right intocompliance applications will make these processesmore efficient and effective.
  28. 28. 10 Shifts to Compliance StrategyCompliance2020123456789103rd Party Management Compliance will more effectivelymanage and communicate integrityacross its business relationships with:o Vendors,o Suppliers,o Outsourcers,o Contractors,o Consultants,o Service providers, ando Temporary workers. This enables corporate integrity to bemanaged throughout the businessecosystem.
  29. 29. 10 Shifts to Compliance StrategyCompliance202012345678910Metrics & Benchmarking Integrated informationarchitecture external content thecompliance organization will havean optimized infrastructure:o Report on metrics,o Trends,o Benchmarking of compliance toidentify how compliance isperforming, ando Alignment with businessperformance, strategy, and execution
  30. 30. Future: Compliance ValueEFFECTIVE• Design Effectiveness – Is the system islogically designed to meet legal and otherdefined requirements?• Operating Effectiveness – Does the systemoperate as designed?EFFICIENT• Financial Efficiency – How much financialcapital is required?• Human Capital Efficiency – What type andlevel of individual(s) are required?RESPONSIVE• Cycle Time – How much time does it take?• Adaptability – Can the system adapt to thechanging environment including newrequirements/business units?
  31. 31. Questions?Michael Rasmussen, J.D, GRCP,OCEG Fellow, CCEPMkras@grc2020.com+1.888.365.4560GRC 20/20 NewsletterLinkedIn: GRC 20/20Blog: GRC PunditTwitter: GRCPunditEvents: GRC 20/20LinkedIn: Michael Rasmussen
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×