In response to increased compliance pressures and decreased resources, some contractors have found significant success and competitive advantages by implementing entire culture shifts to proactively address potential compliance issues with the government. Although the change may be perceived as difficult, this new proactive paradigm can ultimately create a true collaborative government and contractor relationship.
2. 1
Changing the compliance
paradigm by creating a
proactive culture
Breakout B04
Sajeev Malaveetil, Partner, Ernst & Young LLP
Andy Artz, Principal, Ernst & Young LLP
Karl Fultz, Manager, Ernst & Young LLP
December 4, 2017
1:30 pm – 2:45 pm
1
3. 2
Disclaimer
This presentation is for informational purposes
only and does not constitute legal advice. For
legal advice on any issue, you should consult
with an attorney.
The views expressed by the presenters are not
necessarily those of Ernst & Young LLP (EY) or
other members of the global EY organization.
6. 5
Classifying proactive traits
Reactive
Action by exception
External oversight
Legacy methods
Compliance as a cost
Proactive
Exception seeking
Self-governance
Ongoing improvement
Compliance as value
7. 6
Path to proactive
• Start small
• Change at the team or department level is often
easier
• Starting with less intrusive actions creates more
buy-in
• Integrating areas of overlapping controls and
monitoring
8. 7
Path to proactive
• Incentivize disclosure
• Recurring self-assessments
• Data analytics
• Third parties can re-enforce known risks
9. 8
Path to proactive –
integrating controls
• Example: government contract controls
• Both the Federal Acquisition Regulation (FAR)
and “normal” financial controls attempt to
achieve a strong control environment with
active controls and monitoring in place
• Many risks and controls from government
contract requirements have overlapping traits
and objectives with existing control
frameworks
10. 9
Path to proactive
Other areas of
common
controls
Estimates at
completion
Export controls
Service
Contract Act
Cybersecurity
Labor
qualifications
Small business
subcontracting
Labor laws
11. 10
Path to proactive –
incentivize disclosure
• Common monitoring activities may apply risk
ratings, metrics, re-audits, or mandatory
remediation when errors are found
• Alternative approaches
• Pre-tests to identify risks or errors prior to full
assessment
• Provide period for self-correction
• Incorporate operational and compliance components
• Selective use of metrics may be useful.
• Reward transparency and promote
accountability
12. 11
Path to proactive –
self assessments
• Allow early identification of potential risks
• Decrease internal audit and consulting costs
• Increased internal audit efficiencies
• Provide baseline for external consultants
• Integrate operations and compliance
• May reduce external oversight activity
(e.g., government)
13. 12
Path to proactive –
data analytics
• Enables real-time, continuous monitoring and
risk assessment
• Cost effective, customizable and adaptable
• Improves enterprise-wide knowledge sharing
14. 13
Path to proactive –
third parties
• Some key risks are often known by process
owners
• Improvement may require capital investments,
additional resources, or other significant
changes
• Using third party input (e.g., internal audit,
quality assurance, consultants, etc.) may
re-enforce importance of change
• Independent confirmation of potential issues
• Objective solutions to remediation
15. 14
Potential traps
Ineffective training
Overuse of metrics
Revised templates and forms as single solution
Adding controls at the expense of operations
Meetings do not always equal results
Waiting for too much buy-in / seeking consensus
STOP
STOP
STOP
STOP
STOP
STOP
16. 15
Defining success
• Embedding compliance requirements into control framework
• Inter-organizational knowledge sharing
• Improved understanding of internal and external practices and
performance
• Vendor improvement and optimization
• Singular internal control repository
• Enterprise-wide risk profile
• Appropriate metrics or dashboards
17. 16
Contact information
Sajeev Malaveetil, Partner
sajeev.malaveetil@ey.com
+1 703 747 1248
Andy Artz, Principal
andrew.artz@ey.com
+1 703 747 1480
Karl Fultz, Manager
karl.fultz@ey.com
+1 214 969 8121