On-Demand Compliance<br />Audits Assessments<br />Notifications<br />Automated Workflow & <br />Reporting<br />Whole-of-<b...
Embrace the Enterprise<br />Workflow<br />Management<br />Shared duty of care<br />
Self Service Portal<br /><ul><li>Single point of access
Secure, data-aware login
Decentralised User Administration
Configurable access to portal functions
Users only need to do and see what they need
Designed for inbound and outbound compliance</li></li></ul><li>Set up the Content<br />Interactive Forms and Questionnaire...
Control the Process<br />Secure data management<br />
Report the Results<br />Hands-off automated compliance<br />
Day 2<br />Welcome to theiComply User Forum 2010<br />
Compliance Trends<br />Tony Stephenson Director<br />
Compliance Trends<br />The role of risk management is still a mystery for most businesses. As executives and board members...
The Risky Nature of the <br />Extended Enterprise<br /><ul><li>Organizational complexity
Fuzzy boundaries
The struggle to identify,</li></ul>	manage and control GRC<br /><ul><li>Business relationship life cycle</li></li></ul><li...
Value chain
Vendors
Upcoming SlideShare
Loading in …5
×

Compliance, Risk Management, Licensing

827
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
827
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Welcome to the first Inaugral iComply User Forum, we are very glad you could make, and appreciate the effort you have made to be here.
  • Businesses are engaged in a continuous struggle to grasp the intricacies of risk managementin an interconnected environment.Operational Risk Management: “. . . the risk of loss resulting from inadequateor failed internal processes, people and systems, or from external events.”Properly revised, it would read “the risk of lossresulting from inadequate or failed internal processes, people, systems, and businessrelationships, or from external events.”
  • Businesses are engaged in a continuous struggle to grasp the intricacies of risk managementin an interconnected environment.Operational Risk Management: “. . . the risk of loss resulting from inadequateor failed internal processes, people and systems, or from external events.”Properly revised, it would read “the risk of lossresulting from inadequate or failed internal processes, people, systems, and businessrelationships, or from external events.”
  • ■■ Operational risks: Identify, assess, manage, and monitor operational risks across business relationships and their impacton the organization.■■ Regulatory compliance: Regulated industries impose unique requirements that often extend to business partners.These can vary by geography, such as in the case of state-specific regulations in the insurance industry. Brand ownersmust account for these industry-specific compliance obligations throughout their extended enterprises.■■ Corporate social responsibility: Ensuring the partner communicates and reports similar values on social, environmental,and financial practices (e.g., global reporting initiatives).■■ Environmental: Continually monitor business partners’ commitment to environmental standards and compliancewith laws and regulations that impact environmental responsibility and emissions.■■ Geo-political: Continuously monitor political, economic, environmental disaster, social, and security developmentsaround the world, and forecasting their impact on business relationships and operations.■■ Health and safety: Ensure business partners are committed to safe working environments free from hazards.■■ Import and export: Ensure the organization is doing business with the right partners and are not connected to terrorism,organized crime, or unlawful countries (e.g., the Office of Foreign Assets Control (OFAC), and U.S. exportcontrols).■■ International labor standards: Manage adherence to a complex array of international laws and validate partners haveproper controls to ensure compliance to policies on working hours, forced labor, child labor, wage, discrimination andharassment, and benefits.■■ Quality: Provide ongoing monitoring to ensure quality and service-level agreements are met in adherence to the contractand expectations.■■ Security: Validate that business partners meet obligations to protect the physical and information technology environments.■■ Supply-chain risks: Manage and monitor specific risks, disruptions, sourcing, and dependencies within supply-chainsand their impact on the organization and its products.
  • ■■ Operational risks: Identify, assess, manage, and monitor operational risks across business relationships and their impacton the organization.■■ Regulatory compliance: Regulated industries impose unique requirements that often extend to business partners.These can vary by geography, such as in the case of state-specific regulations in the insurance industry. Brand ownersmust account for these industry-specific compliance obligations throughout their extended enterprises.■■ Corporate social responsibility: Ensuring the partner communicates and reports similar values on social, environmental,and financial practices (e.g., global reporting initiatives).■■ Environmental: Continually monitor business partners’ commitment to environmental standards and compliancewith laws and regulations that impact environmental responsibility and emissions.■■ Geo-political: Continuously monitor political, economic, environmental disaster, social, and security developmentsaround the world, and forecasting their impact on business relationships and operations.■■ Health and safety: Ensure business partners are committed to safe working environments free from hazards.■■ Import and export: Ensure the organization is doing business with the right partners and are not connected to terrorism,organized crime, or unlawful countries (e.g., the Office of Foreign Assets Control (OFAC), and U.S. exportcontrols).■■ International labor standards: Manage adherence to a complex array of international laws and validate partners haveproper controls to ensure compliance to policies on working hours, forced labor, child labor, wage, discrimination andharassment, and benefits.■■ Quality: Provide ongoing monitoring to ensure quality and service-level agreements are met in adherence to the contractand expectations.■■ Security: Validate that business partners meet obligations to protect the physical and information technology environments.■■ Supply-chain risks: Manage and monitor specific risks, disruptions, sourcing, and dependencies within supply-chainsand their impact on the organization and its products.
  • Roadmap to Extended-Enterprise Risk ManagementBuilding the Risk Management Team, incorporating people from:■■ Corporate compliance and ethics: Responsible for validating that the relationship adheres to corporate and suppliercodes of conduct, applicable laws and regulations, and defined policies and procedures.■■ Contracting: Responsible for establishment and execution of mutually beneficial contractual relationship and obligations.■■ Corporate social responsibility: Responsible for monitoring business relationships to see they conform to stated practicesof CSR and sustainability.■■ Environmental: Responsible for making sure business relationships adhere to environmental laws, policies, and procedures.■■ Health and safety: Responsible for ensuring business partners have safe and productive working environments.■■ Information technology: Responsible for ensuring proper security and technology controls are in place to protectsensitive information (e.g., personal information, privacy, and intellectual property).■■ Legal: Responsible for ongoing management and monitoring of legal risks and the legal protection of the organizationacross extended business relationships.■■ Business operations and line-of-business: Responsible for validating that extended business relationships meet businessneeds and the relationship is beneficial to business operations.■■ Quality: Responsible for ongoing management and monitoring of service level agreements and quality control in productionand services, as it pertains to the business relationship.■■ Security: Responsible for the protection of physical and logical assets as it moves beyond or are involved with extendedbusiness relationships.Corporate compliance and ethicsContractingCorporate social responsibilityEnvironmentalHealth and safetyInformation technologyLegalBusiness operations and line-of-businessQualitySecurity
  • ■■ Ensure ownership and accountability are clearly established and understood■■ Manage the on-boarding and the ongoing risk and compliance scoring and assessment processes■■ Conduct initial and ongoing watch-list verifications■■ Actively monitor all business partners for:➢➢ Adherence to code-of-conduct standards and key regulatory policies➢➢ Changes in risk profile based on targeted risk assessments■■ Use built-in question sets to streamline surveys and questionnaires■■ Initiate and mange incident follow-ups and investigations■■ Use verifiable evidence to readily attest to “in compliance” and “in control” status
  • Compliance, Risk Management, Licensing

    1. 1. On-Demand Compliance<br />Audits Assessments<br />Notifications<br />Automated Workflow & <br />Reporting<br />Whole-of-<br />Business<br />Engagement<br />Self Service Portal<br />In control every step of the way<br />
    2. 2. Embrace the Enterprise<br />Workflow<br />Management<br />Shared duty of care<br />
    3. 3. Self Service Portal<br /><ul><li>Single point of access
    4. 4. Secure, data-aware login
    5. 5. Decentralised User Administration
    6. 6. Configurable access to portal functions
    7. 7. Users only need to do and see what they need
    8. 8. Designed for inbound and outbound compliance</li></li></ul><li>Set up the Content<br />Interactive Forms and Questionnaires with Regulatory Intelligence<br />
    9. 9. Control the Process<br />Secure data management<br />
    10. 10. Report the Results<br />Hands-off automated compliance<br />
    11. 11. Day 2<br />Welcome to theiComply User Forum 2010<br />
    12. 12. Compliance Trends<br />Tony Stephenson Director<br />
    13. 13. Compliance Trends<br />The role of risk management is still a mystery for most businesses. As executives and board members weave it into their corporate strategy and practices, they will look for ways it can improve their bottom line as well. <br />Forrester Research<br />Risk management will increasingly consider third parties and industry issues. Recent failures in the financial sector as well as in retail, food and drug, and other industries have demonstrated clearly that an internal view of risk management is woefully incomplete. The growing connection of businesses through supply chain and sourcing relationships will not be ignored in 2010, which means compliance and risk professionals will be expected to have tighter oversight and control over external aspects of the organization. <br />Corporate Integrity<br />
    14. 14. The Risky Nature of the <br />Extended Enterprise<br /><ul><li>Organizational complexity
    15. 15. Fuzzy boundaries
    16. 16. The struggle to identify,</li></ul> manage and control GRC<br /><ul><li>Business relationship life cycle</li></li></ul><li>Extended Business Relationships<br /><ul><li>Supply chain
    17. 17. Value chain
    18. 18. Vendors
    19. 19. Service providers
    20. 20. Outsourcers
    21. 21. Contractors</li></li></ul><li>Risk and Compliance Issues<br /><ul><li>Operational risks
    22. 22. Regulatory compliance
    23. 23. Environmental and emissions
    24. 24. Geo-political
    25. 25. Health and safety
    26. 26. Import and export
    27. 27. International labour standards
    28. 28. Quality
    29. 29. Security
    30. 30. Supply-chain risks</li></ul>Ultimately, Your Reputation and Brand are at Risk<br />
    31. 31. Compliance Issues<br /><ul><li>Regulatory requirements
    32. 32. Corporate and regional cultures
    33. 33. Codes of conduct
    34. 34. Sustainability
    35. 35. Risk management requirements
    36. 36. Business practices</li></ul>Brand owners must actively demonstrate an “in compliance” and “in control” status throughout the extended enterprise.<br />
    37. 37. An Unseen Problem<br /><ul><li>Risk is only considered during relationship acquisition
    38. 38. Life Cycle risks are ignored
    39. 39. Partner performance evaluations neglect risk
    40. 40. Metrics are focused on vendor delivery of products and services</li></ul>So often organizations look at the surface of a relationship and fail to foresee issues that can cascade, causing severe damage<br />to reputation and exposure to legal and operational risks.<br />
    41. 41. Relationship Life-Cycle<br />
    42. 42. Roadmap to Extended Enterprise Risk Management<br /><ul><li>Build the Team
    43. 43. Policies and procedures
    44. 44. Risk criteria
    45. 45. Re-evaluate and re-engage
    46. 46. Ongoing monitoring and reporting across the life-cycle</li></ul>An organization can face reputation and economic disaster by establishing or<br />maintaining the wrong business relationships<br />
    47. 47. Key Success Factors<br /><ul><li>Ownership and accountability
    48. 48. Manage the baseline and ongoing assessment processes
    49. 49. Actively monitor all business partners for:
    50. 50. Adherence to code-of-conduct standards and key regulatory policies
    51. 51. Changes in risk profile based on targeted risk assessments
    52. 52. Streamline the process
    53. 53. Manage the issues
    54. 54. Use verifiable evidence to readily attest to “in compliance” and “in control” status</li></li></ul><li>Licensing Models<br />
    55. 55. iAppraise Risk Management<br /><ul><li>Intro
    56. 56. Flexibility
    57. 57. Road Map
    58. 58. Demo
    59. 59. Group discussion</li>

    ×