SMCR The Chicken & The Pig with GRC2020 & SureCloud

1. PRESENTATION Governance, Risk Management & Compliance Insight UK SMCR’s Breakfast on Accountability vs Responsibility The Chicken and the Pig 2019-11

2. 2© GRC 20/20 Research, LLC • www.GRC2020.com Sound along-side If you wish to hear the audio for these slides you can watch the webinar for FREE in the link on the last slide.

3. 3© GRC 20/20 Research, LLC • www.GRC2020.com Navigating Chaos

4. 4© GRC 20/20 Research, LLC • www.GRC2020.com The more we study the major problems of our time, the more we come to realise that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected and interdependent. - Physicist Fritjof Capra

5. 5© GRC 20/20 Research, LLC • www.GRC2020.com The Chaos of Compliance Interconnectedness Realize that everything connects to everything else. Leonardo da Vinci

6. 6© GRC 20/20 Research, LLC • www.GRC2020.com Compliance in Transition: to Greater Accountability

7. 7© GRC 20/20 Research, LLC • www.GRC2020.com One [REGULATION] to rule them all, One [REGULATION] to find them [RISK, COMPLIANCE, CONTROL], One [REGULATION] to bring them all, and in the [ENFORCEMENT] bind them. Accountability Regulations

8. 8© GRC 20/20 Research, LLC • www.GRC2020.com

9. 9© GRC 20/20 Research, LLC • www.GRC2020.com Chicken is Responsible for Your Breakfast, the Pig is Committed & Accountable

10. 10© GRC 20/20 Research, LLC • www.GRC2020.com UK SMCR is About Integrity

11. 11© GRC 20/20 Research, LLC • www.GRC2020.com UK SMCR Having a Global Impact Ireland Australia Singapore Hong Kong United Kingdom

12. 12© GRC 20/20 Research, LLC • www.GRC2020.com Accountability is the Focus Senior Managers Senior Managers can be held accountable for misconduct that falls within their area of responsibility Individuals Indivicuals at all levels can be held to appropriate standards of conduct Focus is to improve ‘genuine’ accountability by removing ambiguity an clarifying individual responsibilities. FCA requires genuine engagement.  Executive Roles  Oversight (non-executive)  GRC/Lines of Defence & Control Roles  Others . . .  Material risk takers  Significant management  Customer facing roles  Line managers of certified people  Others . . .

13. 13© GRC 20/20 Research, LLC • www.GRC2020.com Scope of Accountability Certified Employees  Annual certification as fit and proper by the firm  Certification regime overseen by Senior Manager  Regulatory references  Subject to conduct rules Senior Management  Pre-approved by regulators and subject to fit and proper assessment by the firm (done annually)  Subject to conduct rules  Statements of responsibilities  Criminal records checks  Regulatory references All Other Staff  Subject to conduct rules  Except for ancillary staff

14. 14© GRC 20/20 Research, LLC • www.GRC2020.com Management Responsibilities Statements & Map  Statements of Responsibilities record relevant prescribed responsibilities with a summary of these on Responsibility Maps  Management & governance arrangements  Senior management and their responsibilities  Reporting lines  Allocation of responsibilities  How management and governance arrangements fit within the group

15. 15© GRC 20/20 Research, LLC • www.GRC2020.com Conduct Rules Individual Conduct Rules  You must act with integrity  You must act with due skill, care and diligence  You must be open and cooperative with the FCA, the PRA and other regulaors  You must pay due regard to the interests of customers and treat them fairly  You must observe proper standards of market conduct Senior Management Conduct Rules  You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively  You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system  You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee this effectively  You must disclose approprirately any information of which the FCA or PRA would reasonably expect notice Exposure if . . .  Misconduct was deliberate  Standard of conduct was below that which would be reasonable

16. 16© GRC 20/20 Research, LLC • www.GRC2020.com The Organization Has to be Able to See . . .  The Tree. The individual area of Risk & Compliance  The Forest. The interconnectedness of Risk & Compliance

17. 17© GRC 20/20 Research, LLC • www.GRC2020.com Inevitability of Failure: Too Many Documents & Manual Approaches

18. 18© GRC 20/20 Research, LLC • www.GRC2020.com UK SMCR: a Top Down Approach UK SMCR Management Strategy UK SMCR Management Technology UK SMCR Management Information UK SMCR Management Process

19. 19© GRC 20/20 Research, LLC • www.GRC2020.com UK SMCR Technology Provides Automation and Tracking COLLABORATIONAUDIT TRAIL ENFORCEMENT MANAGEMENT REPORTING WORKFLOW & TASKS

20. 20© GRC 20/20 Research, LLC • www.GRC2020.com Defensible UK SMCR Compliance VERSION (DATE/TIME) ASK & RESOLVE QUESTIONS MANAGE EXCEPTIONS UNDERSTAND CONTEXT PROVIDE AUDITABLE RECORDS DEMONSTRATE SEQUENCE MEET REQUIREMENTS REPEATABLE CYCLE

21. 21© GRC 20/20 Research, LLC • www.GRC2020.com Usability Scalability Analytics Cost of Ownership Adaptability Process Automation Configurability Integration Future Proof Components of Agile UK SMCR Technology Feature/Functionality

22. 22© GRC 20/20 Research, LLC • www.GRC2020.com Benefits of 360° Contextual Awareness of Compliance Agile Compliance 6 1 4 3 25 Aware Aligned ResponsiveAgile Resilient Efficient

23. 23© GRC 20/20 Research, LLC • www.GRC2020.com Two Things to Note . . .  Organizations evaluating or considering GRC solutions are free to ask GRC 20/20 on our understanding and comparison of solutions in the market to meet your GRC requirements.  Inquiries are single focused questions that can be answered in under 30 minutes.  Complimentary inquiry is only available to organizations evaluating or considering GRC solutions for their internal use. Complimentary Inquiry  GRC 20/20 has an extensive library of RFP requirements across a range of GRC capability areas presented in this presentation.  GRC 20/20 can be engaged in RFP development and support projects to streamline your process, gain perspectives learned from other organizations, and to keep solution providers honest in their responses. RFP Development & Support

24. 24© GRC 20/20 Research, LLC • www.GRC2020.com Q&A How would you recommend to approach SMCR? Understand the effect on business, refine requirements/process, look for flexible technology to support requirements, implement SMCR processes and supporting technology What should I do with SMCR, if I haven’t done anything yet? Refine the process, if you require a tool start basic and develop throughout the next 12 months How important is the use of Technology to support SMCR? Given the complexity, it would be difficult to manage the ongoing compliance burden. As there need to be process automation to ensure people are clear and understand their responsibilities

25. Solution Overview Senior Manager & Certification Regime Matthew Davies, Product Marketing Director, SureCloud 11th November 2019

26. Who we are? 26www.surecloud.com © 2019 SureCloud. All rights reserved. • GRC Cloud based Software-as-a- Service provider • 400+ customers across Europe, US & Asia • Listed on Gartner IRM magic quadrant • Offices across UK and US • GRC solutions, Cyber Security Services and Risk Advisory

27. 27 Challenges with SMCR • How do you know what level of SMCR you need to comply with? • How do you document the legal entities and ensure the relevant staff, at all levels, clearly understand where responsibility lies? • How do I ensure that the relevant staff review and attest understand there SMCR obligations?

28. 28 SMCR SureCloud www.surecloud.com © 2019 SureCloud. All rights reserved. Document Legal Entities Document IT Assets • Document the; Information Assets, Infrastructure and Supporting Assets • Create the interdependencies between components Conduct Risk Assessment • Document risks and map to IT Assets • Select the assessment type and Assess the Risk • document treatment and actions Manage Controls • Document/manage controls in the control library • Create local control and map to IT Assets and Functions • Conduct simple control tests Audit Planning and Tracking

33. 33 SMCR SureCloud Demo www.surecloud.com © 2019 SureCloud. All rights reserved. Attest the Conduct Rules Document Roles and Responsibilities Document Legal Entities FIT Assessment Breach Register Track and Report on SMCR

34. 34 Carry on the conversation… Watch our SMCR Video over on our YouTube channel – SureCloud TV • Head over to our SMCR products page • Read our SMCR whitepaper • Download our SMCR datasheet. Get in touch matthew.davies@surecloud.com www.surecloud.com © 2019 SureCloud. All rights reserved.

SMCR The Chicken & The Pig with GRC2020 & SureCloud

You are reading a preview.

Check these out next

SMCR The Chicken & The Pig with GRC2020 & SureCloud

More Related Content

Slideshows for you (20)

Similar to SMCR The Chicken & The Pig with GRC2020 & SureCloud (20)

Recently uploaded (20)