Randy Stephens from NAVEX Global and Chris McClean from Forrester discuss how compliance officers can make a business case for investing in high performing compliance programs.

1. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Building a Compelling Business Case for
Boosting Your GRC Program
Data, insights and tools to help you build or grow your program—and
better protect your organization

2. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
P R E S E N T E D B Y
Vice President, Advisory Services
NAVEX Global
Chris McClean
Vice President, Research Director
Forrester Research
Randy Stephens

3. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Agenda
• Is Your Program Stuck in Neutral?
• A Framework for Demonstrating
the Value of GRC
 Measuring the value of
automation
 Fundamentals
 Next generation metrics
• Engage Senior Executives With
Effective Reporting
• Q&A

4. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
• It’s not in the budget
• It’s not a priority
• We don’t want to grow a cost center
• Our [CEO/CFO/Board] doesn’t see the value
• We don’t need more “people who say no”
• That scenario is unlikely / that’s not
a risk we need to spend
resources mitigating
Use the chat function to share other reasons your
efforts to build, grow or expand your GRC program
get shut down.
Pop Quiz: Which of These Have You Heard About Your
GRC Program…

5. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Until you can make a credible, compelling business case for GRC, your
program could be stuck in neutral.
Today we’ll share tips for creating a persuasive
business case, including:
• Metrics
• Tools
• Best practices
If These Are Your Issues, You Need a Compelling
Business Case for GRC
Source: Ethisphere, 2016

6. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
We’ll help you build a framework you can use to get the support you need
from the senior executives you need to partner with to make your program
effective and successful.
In this presentation, we’ll share:
• Metrics that make the case for technology and automation
• Fundamentals you need to be measuring, tracking and reporting on
• Data and concepts to take your program to the next level—creating
better connections to top business concerns
Talk So Senior Executives Can Hear

7. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
New Ways To Show The Value Of
Compliance
Chris McClean, Vice President & Research Director

8. Can you explain the value of your program?

9. © 2016 Forrester Research, Inc. Reproduction Prohibited 9
Program success metric categories
› User adoption:
• Number of active users by Line of Defense
• Number of times needed to re-instruct users
› User satisfaction:
• User acceptance
• Can our employees perform their basic roles within the program
and find their information?
› Coverage of program
• Number of business areas managing work on the system
• Usage of data for business decisions on everyday basis in all the
units

10. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

11. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

12. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

13. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

14. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

15. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

16. Compliance platform success metrics
CATEGORY BENEFITS METRICS
Efficiency • Reduced costs of risk assessments and aggregation
• Speed of policy development, approval, distribution
• Improved speed/cost of risk reporting
• Improved speed/cost/coverage of audits
• Staff-hours saved per process
• Payroll savings from delay or
avoidance of staff increase
• Reduction in costs for internal
and external audits.
Risk
reduction
• Reduction in incidents, near misses, loss events
• Reduction in regulatory fines, actions, law suits, etc.
• Reduction in time to discover control gaps, violations
• Reduction in audit/assessment findings
• Reduced number and cost of
incidents
• Reduced number/size of fines
• Reduced cost of capital
• Reduced insurance premiums
Enhanced
performance
• Use of risk info in management/exec decisions
• Improved decision making when risk is considered
• Risk intelligence coverage
• Risk management process coverage
• Improved reputation among stakeholders (partners,
regulators, customers, etc.)
• Reduction in reactionary costs
• Frequency of risk data used in
business decisions
• Improvement in financial or
operational metrics

17. What does your company care about?

18. © 2016 Forrester Research, Inc. Reproduction Prohibited 18
Business Leaders Care About Risk

19. © 2016 Forrester Research, Inc. Reproduction Prohibited 19
Customer Experience Changes Priorities

20. © 2016 Forrester Research, Inc. Reproduction Prohibited 20
Customer-focus Increases Risk Concern

21. © 2016 Forrester Research, Inc. Reproduction Prohibited 21
Reputation Factors Raise Risk Criticality

22. © 2016 Forrester Research, Inc. Reproduction Prohibited 22
Resilient Brands Keep Promises

23. © 2016 Forrester Research, Inc. Reproduction Prohibited 23
Other success metrics to consider
› Customer loyalty:
• Word-of-mouth
• Loyalty after risk events
› Customer satisfaction:
• Survey scores
• Alignment to values
› Revenue support:
• New business opportunities
• RFP question coverage

24. Key Takeaways
 Reputational risk is a growing area of concern, which creates opportunities
to connect ethics and compliance to business value.
 Justify compliance efforts with improvements in efficiency, risk reduction,
and improved performance.
 Add program success metrics to track how well your technology and
processes are rolling out.

25. Thank you
forrester.com
Chris McClean
cmcclean@forrester.com

26. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
1) Are we going to wait for a crisis to do something?
Crisis could be a fine, lawsuit, negative press coverage and/or reputation damage that will
take years to recover from. (“Do we want to be the next…Volkswagen, FIFA, etc.”)
2) Are we missing an opportunity to add significant value?
More and more studies show that better GRC practices and a strong organizational culture,
characterized by ethical behavior from top to bottom, creates improved bottom-line
performance.
3) Are we losing a competitive advantage by not investing in GRC?
Ability to attract and retain top talent increases, and turnover decreases in the most ethical
companies.
4) Are we enjoying short-term gains while setting ourselves up for unacceptable levels of
long-term risk?
Profits may look good now. But if regulators came in, would we be able to defend—and
document—our decision-making processes related to compliance?
5) Are we taking the right risks—and enough risks?
Strong GRC helps you take the right risks in the right way, rather than taking blind leaps.
Tool: 5 Disruptive Questions to Tackle Skepticism
About the Value of GRC Head On

27. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Senior execs and board members expect to see customized, high-level data
and information presented thoughtfully.
1) Create a compelling, professional format & structure
2) Deliver reports at the right frequency
3) Include (only!) the most crucial, relevant content
4) Address risk assessment, emerging trends and current events
of interest
5) Elevate senior executive & board engagement
Engage Senior Executives & Avoid Common Mistakes
in Reporting

28. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
• Own it. When something works, celebrate it.
When something doesn’t, be transparent and
make improvements.
• Make it part of who you are. Drive
awareness and participation, showcase
efficiencies and performance improvements
• Commit and follow through. Set targets and
stay focused on your goals.
• Emphasize benefits. Business flexibility,
efficiency gains, improved employee
retention, cost reductions.
• Report and prove. Regular and smart
reporting as you improve & grow will help
you build on your success.
Checklist: Executing on the Business Case

29. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
I’d Like to Talk with a NAVEX Global Solutions Expert
About… [check all that apply]
 Getting additional metrics and benchmarks that help me build the
business case for GRC program development
 Making sure my compliance program meets legal and regulatory
requirements
 Tools that help me automate, measure and report on the value of
critical components of my compliance program
 Partnering with an experienced GRC strategic advisor to help
strengthen my program
 Goal setting, scoping and defining resource
requirements for an effective GRC program at my organization

30. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
NAVEX Global’s Comprehensive Ecosystem
Regardless of your
program’s place on the
ethics and compliance
continuum, we can help.

31. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
NAVEX Global’s Resource Center has free resources you can put to work in your
program today, including:
• Benchmarking Reports. Leverage our data to demonstrate where major components of
your program—hotline, training, policy management, third party risk management and
more—are performing against industry norms. http://bit.ly/1Layo5P
• By the Numbers: Making the Business Case for Employee Compliance Training. Legal
and reputational risks of employee misconduct are massive. Get the data on how
effective compliance training helps. http://bit.ly/1V7Tgvt
• Definitive Guide to Policy Management: Understand how to make all activities related
to policy management more efficient and effective http://bit.ly/1NtzPHn
• NAVEX Global’s Blog, Ethics & Compliance Matters: Our expert authors help you stay
up to date on the latest trends in E&C. www.navexglobal.com/blog
Additional Tools

32. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Questions?

33. © 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Thank You!
Randy Stephens
Vice President, Advisory Services
NAVEX Global
rstephens@navexglobal.com
Chris McClean
Vice President, Research Director
Forrester Research
cmcclean@forrester.com