SlideShare a Scribd company logo

Optimizing Compliance Programs in Organizations: A Top Down Approach

Ethisphere
Ethisphere

This document provides a summary of a presentation on optimizing compliance programs in organizations using a top-down approach. The presentation discusses challenges with siloed compliance programs and the benefits of an integrated, enterprise-wide approach. It emphasizes taking a risk-based approach with board oversight and continuous monitoring. The presentation also compares external, internal, and regulatory audits and argues for differentiating their roles while increasing integration among compliance functions.

1 of 42
Download to read offline
GOOD. SMART. BUSINESS. PROFIT. TM
Optimizing Compliance Programs in Organizations: A Top-Down Approach March 19, 2015
Kevin McCormack Managing Director, Content & Programming kevin.mccormack@ethisphere.com 303.819.9817 We welcome you to submit any questions for the presenters through the chat function you see on your screen. HOST QUESTIONS RECORDING The event recording and PowerPoint will be provided post event. 3
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │4 Danny Goldberg Founder GOLD SRD Terence Lee Regional VP GRC Solutions MetricStream, Inc. SPEAKING TODAY
INTRODUCTION
Danny M. Goldberg • Founder, GOLDSRD (www.goldsrd.com) • Former Director of Corporate Audit/SOX at Dr Pepper Snapple Group • Former CAE - Tyler Technologies • Published Author (Book/Articles) • Texas A&M University – 97/98 • Chairman of the Leadership Council of the American Lung Association - North Texas – Calendar Year 2012 • Served on the Audit Committee of the Dallas Independent School District (CY 2008) • Current Dallas and Fort Worth IIA Programs Co-Chair • Fort Worth IIA Board Member • IIA North America Learning Committee Member Certifications: • CPA – Since 2000 • CIA – Since 2008 • CISA – Since 2008 • CGEIT - Since 2009 • CRISC - Since 2011 • CRMA – Since 2011 • CCSA – Since 2007 • CGMA – Since 2012 LAUGH
Danny M. Goldberg (cont.) • Highly-Rated, Internationally Recognized Speaker – One of the Top Rated Speakers, 2014 IIA All-Star Conference – 7th Rated Speaker, 2014 ISACA ISRM Conference – One of the Top Rated Speakers, 2014 IIA Mid-Atlantic Conference – One of the Top Rated Speakers, 2014 IIA Gaming Conference – 6th Highest Rated Speaker (out of 116), 2013 IIA International Conference – 3rd and 5th Rated Sessions, 2013 IIA Central Regional Conference – 8th Rated Speaker (out of 120), 2012 IIA International Conference
Danny M. Goldberg (cont.) • Published Author – HFTP Journal: Practice Ethics (November 2014) – Bureau of National Affairs - Internal Audit: Fundamental Principles and Best Practices (Professional Commentator) – College & University Auditor (March 2014 Cover) – Project Management – Audit Report Articles (June 2013 Cover, March 2012, March 2011, June 2010 Cover) – “Critical Thoughts on Critical Thinking” – ISACA Journal (May 2012, August 2012) – Internal Auditor Articles (August 2007, December 2007, October 2010) – Dallas Business Journal (January 2011) – “The Yes Man Phenomenon”
Agenda • Overview of Compliance and Integration Challenges • Top-Down Risk Based Approach (Centralized Oversight) • Compliance as a key enterprise risk • Key Aspects for Integrated Auditing • Differentiation between External, Internal and Regulatory • Differences (Sample Sizes, Substantive versus Controls) 9
Compliance Today • Business is NOT being deregulated; standards are increasing and becoming more stringent • Silo approach to compliance in many large organizations – Little to no integration (competing priorities) – Compliance is not viewed as value-add (“we have to do it”) 10
Implications of Lack of Integration • Who owns compliance? Which line of defense? • Limited compliance knowledge in the business/process owners • Advanced preparation becomes a necessity • Lack of separation between auditors (“We get audited all the time”) 11
Top-Down Approach • Board Oversight and Support (Compliance Program) • Management Messaging (Continuous) – Focus on Value of Compliance • Continuous Monitoring/Auditing • Incentive Plans tied to Compliance 12
Compliance Program • Compliance is Part of Management • Considered at the Strategic/Enterprise Level • Addressed as Part of ERM Program • Address Root Causes when Non- Compliance is uncovered • Consider/Identify business process interdependencies 13
Definition of Internal Audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 14
Key Enterprise Risks • Focus on Value of Compliance • Top Five risk in most/many industries • Compliance is not optional • Lack of Compliance – Do Not Focus on Fines – Unable to do Business? – Not aligned with Company’s Strategic Objectives? 15
Messaging How Do You Get People to Do What They Do Not Want to Do? • Socialize Importance of Compliance • Continuous Communication • Training • Embed in the Business 16
Integrated Audit – Natural Similarities Integrated Audit 17
Integrated Auditing • Starts at the Top • Umbrella Approach to GRC? – All functions reporting through same authority line • Must start at the Risk Assessment Level – Combine Audit Risks with Compliance Risks (if possible) • Integrate Pool of Auditors 18
Types of Continuous GRC • Data Analytics – Continuous Monitoring – Continuous Auditing • Continuous Risk Assessment • Continuous Controls Monitoring • Data Warehousing • Data Mining • Fraud Detection Tool 19
Continuous Controls Monitoring • Process performed by management to determine whether policies are operating effectively • Uses automated tests to identify activities and transactions that fail to comply with controls • Allows management to fix control problems timely • Similar to continuous risk assessment – find the key controls, understand how they can be monitored through the system, etc. 20
“Who is Auditing Me Now?” • Confusion with Auditees as to who does what • Perception is that audits happen “all the time” – there is no end • Integration will assist perception • Important to delineate between internal and external 21
Differences Between Compliance and Internal Audit • Controls testing versus Substantive testing • Non-statistical Sampling versus Statistical Sampling • Concluding on initial sample versus extending sample sizes 22
Benefits of Compliance Optimization • Efficiency and Effectiveness of Compliance Process = Money • Real-Time Information (KPI’s) – pushes understanding and acceptance • Increased Readiness to Respond to Third- Parties 23
Summary • Compliance must be viewed as a key risk (ERM) • Integration is key to efficiency and effectiveness • Automation (CA/CM) is key to effective response • Can generate new revenue, etc. = Business Opportunity 24
© 2015 MetricStream, Inc. All Rights Reserved. Optimizing Compliance Programs in Organizations: A Top-Down Approach Terence Lee Regional Vice President | GRC Solutions MetricStream tlee@metricstream.com
© 2015 MetricStream, Inc. All Rights Reserved. Agenda • Challenges faced by the Business today • Facing the Compliance Challenge • Compliance as a Management Function • Benefits of an Effective Compliance Program • Q & A
© 2015 MetricStream, Inc. All Rights Reserved. Challenges faced by the Business today
© 2015 MetricStream, Inc. All Rights Reserved. Challenges • Addressing changing regulations and mandates. • Management of Regulatory Changes in silos. • Management of policies related to Governance, risk, compliance, ethics, and business conduct. • Lack of systematized operational testing. • Disconnect with BPM and Issue Tracking tools.
© 2015 MetricStream, Inc. All Rights Reserved. Facing the Compliance Challenge Managing the Compliances
© 2015 MetricStream, Inc. All Rights Reserved. Facing The Compliance Challenge • Standardize Internal Controls – Create a central repository for all types of company’s control systems, including those for operational efficiency, regulatory compliance, and financial reporting. – Have control linkages to related GRC content (regulations, processes, risks etc.) to get a bigger picture . • Use Business Process Management tools – Provide a framework for managing complex processes, ensuring that changes can be made in line with regulations. • Implement Standard Documentation – Have an integrated document repository to store documents pertaining to processes and controls across all subsidiaries. • Simplify Change Management – Enable sharing of documented risks and controls across processes. – Rationalize and reduce documented controls
© 2015 MetricStream, Inc. All Rights Reserved. Facing The Compliance Challenge (contd..) • Enable Operational Testing – Test internal controls in a consistent manner across all operations within the company and over time. – Export report data into spreadsheets to simplify the overall operational testing process. • Automate Issue Management – Provide complete visibility into the entire lifecycle of issues – from identification through root cause analysis to remediation. • Enhance Reporting Capabilities – Build executive dashboards which provide enterprise- wide visibility into the internal controls and processes. – Build reports and scorecards for status tracking. – Provide statistics and data by a variety of parameters such as business units, processes, and divisions.
© 2015 MetricStream, Inc. All Rights Reserved. Compliance Management Approach
© 2015 MetricStream, Inc. All Rights Reserved. Compliance Management Approach Document Mgmt. Translate Rules Into Policies & Procedures Policies & Procedures Rules & Regulations Construct Compliance Strategies Risk / Cost of Compliance Compliance Reporting & Dashboards  G&A  T&E  HR  FCPA, OFAC, AML  Corporate Ethics  Financial Processes  Adherence to Rules & Laws  SEC Rules & Regs.  Financial Controls  Independence  Non-Key Controls  Code of Conduct  OFAC FERC/NERC Controls Self- Testing 3rd Party Testing Training & Certification Notifications & Alerts Attestation Examples Build a control structure that matches company risks
© 2015 MetricStream, Inc. All Rights Reserved. A Typical Compliance Management Workflow Planning Organizing Operating Controlling
© 2015 MetricStream, Inc. All Rights Reserved. • Risk 1 • Risk 2 • Risk 3 … … … Risks • Control 1 • Control 2 • Control 3 … … … Controls • IT • Function 1 … … … Functions/ Standards • Process 1 • Process 2 • Process 3 … … … Processes • Control Test 1 • Control Test 2 • Control Test 3 … … … Control Tests • Risk-Based • Requirement-Based • Business Unit-Based Risk Assessments • Action Plan • Implement • Monitor Issues • SEC • NASD • PCI • ISO • SOX … Area of Compliance • Regulation 1 • Regulation 2 • Standard 1 • Standard 2 … … References • Policy 1 • Procedure 1 • Work Instruction 1 … … … Policies/Documents Single Platform for Multiple Compliance Programs
© 2015 MetricStream, Inc. All Rights Reserved. Benefits of an Effective Compliance Program
© 2015 MetricStream, Inc. All Rights Reserved. Benefits • Reduced Cost, Time, and Effort – Automated information flows, assessments and testing, and remediation assignments will reduce over all compliance costs. • Increased Efficiency and Collaboration – Groups will be able to carry out team activities in a productive manner within the collaborative environment. – Business will understand, control and manage business processes within strict tolerances. • Streamlined Change Control – Integrated document management with change control capabilities will keep documentation and processes in sync. This will significantly reduced the amount of redo of documentation for ongoing compliance. • Enhanced Transparency and Visibility – Risk of non-compliance will reduce, assuring the executives of higher customer and investor confidence. • Improved Reporting Capabilities – Enterprise-wide visibility into the financial controls management and compliance process will improve and also highlight issues that need to be addressed.
© 2015 MetricStream, Inc. All Rights Reserved. • Over 1,700 employees • Headquarters in Palo Alto, California with offices worldwide • Over 350 enterprise customers • Privately held – backed by leading global VCs, including Goldman Sachs About MetricStream Integrated Governance, Risk and Compliance for Better Business PerformanceVision Solutions • Enterprise Risk Management • Operational Risk Management • Vendor Risk Management • Audit Management • Third Party Management Partners Differentiators • Technology - GRC Platform – 9 Patents • Breadth of Solutions – Single Vendor for all GRC needs • Cross-industry Best Practices and Domain Knowledge • ComplianceOnline.com - Largest Compliance Portal on the Web •GRCIntelligence.com- One stop solution for curated intelligence Organization • EHS & Sustainability • Compliance Management • SOX Compliance • IT-GRC • Quality Management
Q&A
This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world. For more information on BELA contact: Laara van Loben Sels Senior Director, Engagement Services laara.vanlobensels@ethisphere.com 480.397.2663 Business Ethics Leadership Alliance (BELA)
THANK YOU

Recommended

Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance Programs
Ethisphere
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Ethisphere
 
Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
Ethisphere
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013
FixNix Inc.,
 
The Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureThe Changing Role of Compliance | Accenture
The Changing Role of Compliance | Accenture
Accenture Operations
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and Compliance
Effacts
 
Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?
Ellie Ahmadi
 

Recommended

Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance Programs
Ethisphere
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Ethisphere
 
Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
Ethisphere
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013
FixNix Inc.,
 
The Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureThe Changing Role of Compliance | Accenture
The Changing Role of Compliance | Accenture
Accenture Operations
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and Compliance
Effacts
 
Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?Protiviti's Tips - Will you be ready for an IPO when the market is?
Protiviti's Tips - Will you be ready for an IPO when the market is?
Ellie Ahmadi
 
The New Competitive Advantage – How a robust compliance program can both prot...
The New Competitive Advantage – How a robust compliance program can both prot...The New Competitive Advantage – How a robust compliance program can both prot...
The New Competitive Advantage – How a robust compliance program can both prot...
PECB
 
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Alex Todd
 
SEC & FINRA 2017 Priorities: A Midyear Update
SEC & FINRA 2017 Priorities: A Midyear UpdateSEC & FINRA 2017 Priorities: A Midyear Update
SEC & FINRA 2017 Priorities: A Midyear Update
MyComplianceOffice
 
ISO Standards support for Anti-Bribery investigations and audits in the cyber...
ISO Standards support for Anti-Bribery investigations and audits in the cyber...ISO Standards support for Anti-Bribery investigations and audits in the cyber...
ISO Standards support for Anti-Bribery investigations and audits in the cyber...
PECB
 
Pfm reform webinar master slides
Pfm reform webinar master slidesPfm reform webinar master slides
Pfm reform webinar master slides
VanessaMcGinley1
 
Whistleblowers – A key but misunderstood tool in the fight against corruption
Whistleblowers – A key but misunderstood tool in the fight against corruptionWhistleblowers – A key but misunderstood tool in the fight against corruption
Whistleblowers – A key but misunderstood tool in the fight against corruption
PECB
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your Obligations
Nimonik
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
Eversheds Sutherland
 
RIA in the context of regulatory policy and governance: UK
RIA in the context of regulatory policy and governance: UKRIA in the context of regulatory policy and governance: UK
RIA in the context of regulatory policy and governance: UK
OECD Governance
 
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
Winston & Strawn LLP
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
Compliance Consultant
 
Competition Assessment: UK
Competition Assessment: UKCompetition Assessment: UK
Competition Assessment: UK
OECD Governance
 
Defining the problem: UK
Defining the problem: UKDefining the problem: UK
Defining the problem: UK
OECD Governance
 
Investigating Corruption: First responses to signs of trouble
Investigating Corruption: First responses to signs of troubleInvestigating Corruption: First responses to signs of trouble
Investigating Corruption: First responses to signs of trouble
PECB
 
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATIONCORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATIONIgor
 
Regulatory & Compliance Account Opening
Regulatory & Compliance Account OpeningRegulatory & Compliance Account Opening
Regulatory & Compliance Account OpeningAxis Technology, LLC
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
Resolver Inc.
 
DAH15 : Bray Goverance - Not Dirty Words
DAH15 : Bray Goverance - Not Dirty WordsDAH15 : Bray Goverance - Not Dirty Words
DAH15 : Bray Goverance - Not Dirty Words
oGuild .
 
Create a Winning BPI Playbook
Create a Winning BPI PlaybookCreate a Winning BPI Playbook
Create a Winning BPI Playbook
Info-Tech Research Group
 
Stop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data GovernanceStop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data Governance
Mary Levins, PMP
 
2016 Akili Business Process Management Service Offering
2016 Akili Business Process Management Service Offering2016 Akili Business Process Management Service Offering
2016 Akili Business Process Management Service Offering
rnaramore
 

More Related Content

What's hot

The New Competitive Advantage – How a robust compliance program can both prot...
The New Competitive Advantage – How a robust compliance program can both prot...The New Competitive Advantage – How a robust compliance program can both prot...
The New Competitive Advantage – How a robust compliance program can both prot...
PECB
 
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Alex Todd
 
SEC & FINRA 2017 Priorities: A Midyear Update
SEC & FINRA 2017 Priorities: A Midyear UpdateSEC & FINRA 2017 Priorities: A Midyear Update
SEC & FINRA 2017 Priorities: A Midyear Update
MyComplianceOffice
 
ISO Standards support for Anti-Bribery investigations and audits in the cyber...
ISO Standards support for Anti-Bribery investigations and audits in the cyber...ISO Standards support for Anti-Bribery investigations and audits in the cyber...
ISO Standards support for Anti-Bribery investigations and audits in the cyber...
PECB
 
Pfm reform webinar master slides
Pfm reform webinar master slidesPfm reform webinar master slides
Pfm reform webinar master slides
VanessaMcGinley1
 
Whistleblowers – A key but misunderstood tool in the fight against corruption
Whistleblowers – A key but misunderstood tool in the fight against corruptionWhistleblowers – A key but misunderstood tool in the fight against corruption
Whistleblowers – A key but misunderstood tool in the fight against corruption
PECB
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your Obligations
Nimonik
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
Eversheds Sutherland
 
RIA in the context of regulatory policy and governance: UK
RIA in the context of regulatory policy and governance: UKRIA in the context of regulatory policy and governance: UK
RIA in the context of regulatory policy and governance: UK
OECD Governance
 
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
Winston & Strawn LLP
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
Compliance Consultant
 
Competition Assessment: UK
Competition Assessment: UKCompetition Assessment: UK
Competition Assessment: UK
OECD Governance
 
Defining the problem: UK
Defining the problem: UKDefining the problem: UK
Defining the problem: UK
OECD Governance
 
Investigating Corruption: First responses to signs of trouble
Investigating Corruption: First responses to signs of troubleInvestigating Corruption: First responses to signs of trouble
Investigating Corruption: First responses to signs of trouble
PECB
 
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATIONCORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATIONIgor
 
Regulatory & Compliance Account Opening
Regulatory & Compliance Account OpeningRegulatory & Compliance Account Opening
Regulatory & Compliance Account OpeningAxis Technology, LLC
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 

What's hot (17)

The New Competitive Advantage – How a robust compliance program can both prot...
The New Competitive Advantage – How a robust compliance program can both prot...The New Competitive Advantage – How a robust compliance program can both prot...
The New Competitive Advantage – How a robust compliance program can both prot...
 
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)
 
SEC & FINRA 2017 Priorities: A Midyear Update
SEC & FINRA 2017 Priorities: A Midyear UpdateSEC & FINRA 2017 Priorities: A Midyear Update
SEC & FINRA 2017 Priorities: A Midyear Update
 
ISO Standards support for Anti-Bribery investigations and audits in the cyber...
ISO Standards support for Anti-Bribery investigations and audits in the cyber...ISO Standards support for Anti-Bribery investigations and audits in the cyber...
ISO Standards support for Anti-Bribery investigations and audits in the cyber...
 
Pfm reform webinar master slides
Pfm reform webinar master slidesPfm reform webinar master slides
Pfm reform webinar master slides
 
Whistleblowers – A key but misunderstood tool in the fight against corruption
Whistleblowers – A key but misunderstood tool in the fight against corruptionWhistleblowers – A key but misunderstood tool in the fight against corruption
Whistleblowers – A key but misunderstood tool in the fight against corruption
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your Obligations
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
 
RIA in the context of regulatory policy and governance: UK
RIA in the context of regulatory policy and governance: UKRIA in the context of regulatory policy and governance: UK
RIA in the context of regulatory policy and governance: UK
 
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
Competition Assessment: UK
Competition Assessment: UKCompetition Assessment: UK
Competition Assessment: UK
 
Defining the problem: UK
Defining the problem: UKDefining the problem: UK
Defining the problem: UK
 
Investigating Corruption: First responses to signs of trouble
Investigating Corruption: First responses to signs of troubleInvestigating Corruption: First responses to signs of trouble
Investigating Corruption: First responses to signs of trouble
 
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATIONCORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
CORPORATE GOVERNANCE IN A CHANGING ORGANIZATION
 
Regulatory & Compliance Account Opening
Regulatory & Compliance Account OpeningRegulatory & Compliance Account Opening
Regulatory & Compliance Account Opening
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 

Similar to Optimizing Compliance Programs in Organizations: A Top Down Approach

The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
Resolver Inc.
 
DAH15 : Bray Goverance - Not Dirty Words
DAH15 : Bray Goverance - Not Dirty WordsDAH15 : Bray Goverance - Not Dirty Words
DAH15 : Bray Goverance - Not Dirty Words
oGuild .
 
Create a Winning BPI Playbook
Create a Winning BPI PlaybookCreate a Winning BPI Playbook
Create a Winning BPI Playbook
Info-Tech Research Group
 
Stop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data GovernanceStop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data Governance
Mary Levins, PMP
 
2016 Akili Business Process Management Service Offering
2016 Akili Business Process Management Service Offering2016 Akili Business Process Management Service Offering
2016 Akili Business Process Management Service Offering
rnaramore
 
MIS Session 6
MIS Session 6MIS Session 6
MIS Session 6
sant190
 
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthThe Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
Healthcare Network marcus evans
 
Core Skills for Change Agents
Core Skills for Change AgentsCore Skills for Change Agents
Core Skills for Change Agents
Caltech
 
Game Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational ExcellenceGame Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational Excellence
kushshah
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear LLC
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
Nathan Anderson
 
SSCG 8D Problem Solving
SSCG 8D Problem SolvingSSCG 8D Problem Solving
SSCG 8D Problem Solving
SSCG Consulting
 
The 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreThe 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignore
Grant Thornton LLP
 
What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?
PECB
 
Productivity improvement through right governance
Productivity improvement through right governanceProductivity improvement through right governance
Productivity improvement through right governance
Chandan Patary
 
Governing Agile Teams: Disciplined Strategies to Increase Agile Effectiveness
Governing Agile Teams: Disciplined Strategies to Increase Agile EffectivenessGoverning Agile Teams: Disciplined Strategies to Increase Agile Effectiveness
Governing Agile Teams: Disciplined Strategies to Increase Agile Effectiveness
TechWell
 
Data architecture around risk management
Data architecture around risk managementData architecture around risk management
Data architecture around risk management
Suvradeep Rudra
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013Jim Sutter
 
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...
DATAVERSITY
 

Similar to Optimizing Compliance Programs in Organizations: A Top Down Approach (20)

The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
 
DAH15 : Bray Goverance - Not Dirty Words
DAH15 : Bray Goverance - Not Dirty WordsDAH15 : Bray Goverance - Not Dirty Words
DAH15 : Bray Goverance - Not Dirty Words
 
Create a Winning BPI Playbook
Create a Winning BPI PlaybookCreate a Winning BPI Playbook
Create a Winning BPI Playbook
 
Stop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data GovernanceStop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data Governance
 
2016 Akili Business Process Management Service Offering
2016 Akili Business Process Management Service Offering2016 Akili Business Process Management Service Offering
2016 Akili Business Process Management Service Offering
 
MIS Session 6
MIS Session 6MIS Session 6
MIS Session 6
 
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas HealthThe Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
The Challenges of Post-Merger Integration-Luis Taveras, RWJ Barnabas Health
 
Core Skills for Change Agents
Core Skills for Change AgentsCore Skills for Change Agents
Core Skills for Change Agents
 
Game Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational ExcellenceGame Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational Excellence
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
 
SSCG 8D Problem Solving
SSCG 8D Problem SolvingSSCG 8D Problem Solving
SSCG 8D Problem Solving
 
The 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreThe 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignore
 
What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?
 
Productivity improvement through right governance
Productivity improvement through right governanceProductivity improvement through right governance
Productivity improvement through right governance
 
Governing Agile Teams: Disciplined Strategies to Increase Agile Effectiveness
Governing Agile Teams: Disciplined Strategies to Increase Agile EffectivenessGoverning Agile Teams: Disciplined Strategies to Increase Agile Effectiveness
Governing Agile Teams: Disciplined Strategies to Increase Agile Effectiveness
 
Data architecture around risk management
Data architecture around risk managementData architecture around risk management
Data architecture around risk management
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...
 

More from Ethisphere

Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
Ethisphere
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led Investigations
Ethisphere
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Ethisphere
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in Russia
Ethisphere
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Ethisphere
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Ethisphere
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
Ethisphere
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Ethisphere
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Ethisphere
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Ethisphere
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Ethisphere
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Ethisphere
 
Cybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data ThreatsCybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data Threats
Ethisphere
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the Risks
Ethisphere
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Ethisphere
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to Come
Ethisphere
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Ethisphere
 
Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness
Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness
Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness
Ethisphere
 
Open Disclosure: Why and How to manage Conflict of Interest Disclosure
Open Disclosure: Why and How to manage Conflict of Interest DisclosureOpen Disclosure: Why and How to manage Conflict of Interest Disclosure
Open Disclosure: Why and How to manage Conflict of Interest Disclosure
Ethisphere
 
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Ethisphere
 

More from Ethisphere (20)

Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led Investigations
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in Russia
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
 
Cybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data ThreatsCybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data Threats
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the Risks
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to Come
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
 
Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness
Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness
Compliance Control: Assessing Your Program For Anti-Corruption Effectiveness
 
Open Disclosure: Why and How to manage Conflict of Interest Disclosure
Open Disclosure: Why and How to manage Conflict of Interest DisclosureOpen Disclosure: Why and How to manage Conflict of Interest Disclosure
Open Disclosure: Why and How to manage Conflict of Interest Disclosure
 
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
 

Recently uploaded

Personal Brand Exploration Comedy Jxnelle.
Personal Brand Exploration Comedy Jxnelle.Personal Brand Exploration Comedy Jxnelle.
Personal Brand Exploration Comedy Jxnelle.
alexthomas971
 
How Mentoring Elevates Your PM Career | PMI Silver Spring Chapter
How Mentoring Elevates Your PM Career | PMI Silver Spring ChapterHow Mentoring Elevates Your PM Career | PMI Silver Spring Chapter
How Mentoring Elevates Your PM Career | PMI Silver Spring Chapter
Hector Del Castillo, CPM, CPMM
 
Leadership Ambassador club Adventist module
Leadership Ambassador club Adventist moduleLeadership Ambassador club Adventist module
Leadership Ambassador club Adventist module
kakomaeric00
 
Resumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying OnlineResumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying Online
Bruce Bennett
 
lab.123456789123456789123456789123456789
lab.123456789123456789123456789123456789lab.123456789123456789123456789123456789
lab.123456789123456789123456789123456789
Ghh
 
New Explore Careers and College Majors 2024
New Explore Careers and College Majors 2024New Explore Careers and College Majors 2024
New Explore Careers and College Majors 2024
Dr. Mary Askew
 
一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理
一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理
一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理
taqyed
 
原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样
原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样
原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样
atwvhyhm
 
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
dsnow9802
 
'Guidance and counselling- role of Psychologist in Guidance and Counselling.
'Guidance and counselling- role of Psychologist in Guidance and Counselling.'Guidance and counselling- role of Psychologist in Guidance and Counselling.
'Guidance and counselling- role of Psychologist in Guidance and Counselling.
PaviBangera
 
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理
pxyhy
 
一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理
一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理
一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理
yuhofha
 
RECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdf
RECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdfRECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdf
RECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdf
AlessandroMartins454470
 
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMA
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMAMISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMA
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMA
DK PAGEANT
 
一比一原版(UVic毕业证)维多利亚大学毕业证如何办理
一比一原版(UVic毕业证)维多利亚大学毕业证如何办理一比一原版(UVic毕业证)维多利亚大学毕业证如何办理
一比一原版(UVic毕业证)维多利亚大学毕业证如何办理
pxyhy
 
Exploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical CommunicatorsExploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical Communicators
Ben Woelk, CISSP, CPTC
 
Digital Marketing Training In Bangalore
Digital Marketing Training In BangaloreDigital Marketing Training In Bangalore
Digital Marketing Training In Bangalore
nidm599
 
一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理
yuhofha
 
Erection Methodology (KG Marg) MLCP.pptx
Erection Methodology (KG Marg) MLCP.pptxErection Methodology (KG Marg) MLCP.pptx
Erection Methodology (KG Marg) MLCP.pptx
zrahman0161
 
labb123456789123456789123456789123456789
labb123456789123456789123456789123456789labb123456789123456789123456789123456789
labb123456789123456789123456789123456789
Ghh
 

Recently uploaded (20)

Personal Brand Exploration Comedy Jxnelle.
Personal Brand Exploration Comedy Jxnelle.Personal Brand Exploration Comedy Jxnelle.
Personal Brand Exploration Comedy Jxnelle.
 
How Mentoring Elevates Your PM Career | PMI Silver Spring Chapter
How Mentoring Elevates Your PM Career | PMI Silver Spring ChapterHow Mentoring Elevates Your PM Career | PMI Silver Spring Chapter
How Mentoring Elevates Your PM Career | PMI Silver Spring Chapter
 
Leadership Ambassador club Adventist module
Leadership Ambassador club Adventist moduleLeadership Ambassador club Adventist module
Leadership Ambassador club Adventist module
 
Resumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying OnlineResumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying Online
 
lab.123456789123456789123456789123456789
lab.123456789123456789123456789123456789lab.123456789123456789123456789123456789
lab.123456789123456789123456789123456789
 
New Explore Careers and College Majors 2024
New Explore Careers and College Majors 2024New Explore Careers and College Majors 2024
New Explore Careers and College Majors 2024
 
一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理
一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理
一比一原版(U-Barcelona毕业证)巴塞罗那大学毕业证成绩单如何办理
 
原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样
原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样
原版制作(RMIT毕业证书)墨尔本皇家理工大学毕业证在读证明一模一样
 
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
 
'Guidance and counselling- role of Psychologist in Guidance and Counselling.
'Guidance and counselling- role of Psychologist in Guidance and Counselling.'Guidance and counselling- role of Psychologist in Guidance and Counselling.
'Guidance and counselling- role of Psychologist in Guidance and Counselling.
 
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证如何办理
 
一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理
一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理
一比一原版(TMU毕业证)多伦多都会大学毕业证如何办理
 
RECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdf
RECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdfRECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdf
RECOGNITION AWARD 13 - TO ALESSANDRO MARTINS.pdf
 
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMA
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMAMISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMA
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMA
 
一比一原版(UVic毕业证)维多利亚大学毕业证如何办理
一比一原版(UVic毕业证)维多利亚大学毕业证如何办理一比一原版(UVic毕业证)维多利亚大学毕业证如何办理
一比一原版(UVic毕业证)维多利亚大学毕业证如何办理
 
Exploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical CommunicatorsExploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical Communicators
 
Digital Marketing Training In Bangalore
Digital Marketing Training In BangaloreDigital Marketing Training In Bangalore
Digital Marketing Training In Bangalore
 
一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理
 
Erection Methodology (KG Marg) MLCP.pptx
Erection Methodology (KG Marg) MLCP.pptxErection Methodology (KG Marg) MLCP.pptx
Erection Methodology (KG Marg) MLCP.pptx
 
labb123456789123456789123456789123456789
labb123456789123456789123456789123456789labb123456789123456789123456789123456789
labb123456789123456789123456789123456789
 

Optimizing Compliance Programs in Organizations: A Top Down Approach

  • 2. Optimizing Compliance Programs in Organizations: A Top-Down Approach March 19, 2015
  • 3. Kevin McCormack Managing Director, Content & Programming kevin.mccormack@ethisphere.com 303.819.9817 We welcome you to submit any questions for the presenters through the chat function you see on your screen. HOST QUESTIONS RECORDING The event recording and PowerPoint will be provided post event. 3
  • 4. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │4 Danny Goldberg Founder GOLD SRD Terence Lee Regional VP GRC Solutions MetricStream, Inc. SPEAKING TODAY
  • 6. Danny M. Goldberg • Founder, GOLDSRD (www.goldsrd.com) • Former Director of Corporate Audit/SOX at Dr Pepper Snapple Group • Former CAE - Tyler Technologies • Published Author (Book/Articles) • Texas A&M University – 97/98 • Chairman of the Leadership Council of the American Lung Association - North Texas – Calendar Year 2012 • Served on the Audit Committee of the Dallas Independent School District (CY 2008) • Current Dallas and Fort Worth IIA Programs Co-Chair • Fort Worth IIA Board Member • IIA North America Learning Committee Member Certifications: • CPA – Since 2000 • CIA – Since 2008 • CISA – Since 2008 • CGEIT - Since 2009 • CRISC - Since 2011 • CRMA – Since 2011 • CCSA – Since 2007 • CGMA – Since 2012 LAUGH
  • 7. Danny M. Goldberg (cont.) • Highly-Rated, Internationally Recognized Speaker – One of the Top Rated Speakers, 2014 IIA All-Star Conference – 7th Rated Speaker, 2014 ISACA ISRM Conference – One of the Top Rated Speakers, 2014 IIA Mid-Atlantic Conference – One of the Top Rated Speakers, 2014 IIA Gaming Conference – 6th Highest Rated Speaker (out of 116), 2013 IIA International Conference – 3rd and 5th Rated Sessions, 2013 IIA Central Regional Conference – 8th Rated Speaker (out of 120), 2012 IIA International Conference
  • 8. Danny M. Goldberg (cont.) • Published Author – HFTP Journal: Practice Ethics (November 2014) – Bureau of National Affairs - Internal Audit: Fundamental Principles and Best Practices (Professional Commentator) – College & University Auditor (March 2014 Cover) – Project Management – Audit Report Articles (June 2013 Cover, March 2012, March 2011, June 2010 Cover) – “Critical Thoughts on Critical Thinking” – ISACA Journal (May 2012, August 2012) – Internal Auditor Articles (August 2007, December 2007, October 2010) – Dallas Business Journal (January 2011) – “The Yes Man Phenomenon”
  • 9. Agenda • Overview of Compliance and Integration Challenges • Top-Down Risk Based Approach (Centralized Oversight) • Compliance as a key enterprise risk • Key Aspects for Integrated Auditing • Differentiation between External, Internal and Regulatory • Differences (Sample Sizes, Substantive versus Controls) 9
  • 10. Compliance Today • Business is NOT being deregulated; standards are increasing and becoming more stringent • Silo approach to compliance in many large organizations – Little to no integration (competing priorities) – Compliance is not viewed as value-add (“we have to do it”) 10
  • 11. Implications of Lack of Integration • Who owns compliance? Which line of defense? • Limited compliance knowledge in the business/process owners • Advanced preparation becomes a necessity • Lack of separation between auditors (“We get audited all the time”) 11
  • 12. Top-Down Approach • Board Oversight and Support (Compliance Program) • Management Messaging (Continuous) – Focus on Value of Compliance • Continuous Monitoring/Auditing • Incentive Plans tied to Compliance 12
  • 13. Compliance Program • Compliance is Part of Management • Considered at the Strategic/Enterprise Level • Addressed as Part of ERM Program • Address Root Causes when Non- Compliance is uncovered • Consider/Identify business process interdependencies 13
  • 14. Definition of Internal Audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 14
  • 15. Key Enterprise Risks • Focus on Value of Compliance • Top Five risk in most/many industries • Compliance is not optional • Lack of Compliance – Do Not Focus on Fines – Unable to do Business? – Not aligned with Company’s Strategic Objectives? 15
  • 16. Messaging How Do You Get People to Do What They Do Not Want to Do? • Socialize Importance of Compliance • Continuous Communication • Training • Embed in the Business 16
  • 17. Integrated Audit – Natural Similarities Integrated Audit 17
  • 18. Integrated Auditing • Starts at the Top • Umbrella Approach to GRC? – All functions reporting through same authority line • Must start at the Risk Assessment Level – Combine Audit Risks with Compliance Risks (if possible) • Integrate Pool of Auditors 18
  • 19. Types of Continuous GRC • Data Analytics – Continuous Monitoring – Continuous Auditing • Continuous Risk Assessment • Continuous Controls Monitoring • Data Warehousing • Data Mining • Fraud Detection Tool 19
  • 20. Continuous Controls Monitoring • Process performed by management to determine whether policies are operating effectively • Uses automated tests to identify activities and transactions that fail to comply with controls • Allows management to fix control problems timely • Similar to continuous risk assessment – find the key controls, understand how they can be monitored through the system, etc. 20
  • 21. “Who is Auditing Me Now?” • Confusion with Auditees as to who does what • Perception is that audits happen “all the time” – there is no end • Integration will assist perception • Important to delineate between internal and external 21
  • 22. Differences Between Compliance and Internal Audit • Controls testing versus Substantive testing • Non-statistical Sampling versus Statistical Sampling • Concluding on initial sample versus extending sample sizes 22
  • 23. Benefits of Compliance Optimization • Efficiency and Effectiveness of Compliance Process = Money • Real-Time Information (KPI’s) – pushes understanding and acceptance • Increased Readiness to Respond to Third- Parties 23
  • 24. Summary • Compliance must be viewed as a key risk (ERM) • Integration is key to efficiency and effectiveness • Automation (CA/CM) is key to effective response • Can generate new revenue, etc. = Business Opportunity 24
  • 25. © 2015 MetricStream, Inc. All Rights Reserved. Optimizing Compliance Programs in Organizations: A Top-Down Approach Terence Lee Regional Vice President | GRC Solutions MetricStream tlee@metricstream.com
  • 26. © 2015 MetricStream, Inc. All Rights Reserved. Agenda • Challenges faced by the Business today • Facing the Compliance Challenge • Compliance as a Management Function • Benefits of an Effective Compliance Program • Q & A
  • 27. © 2015 MetricStream, Inc. All Rights Reserved. Challenges faced by the Business today
  • 28. © 2015 MetricStream, Inc. All Rights Reserved. Challenges • Addressing changing regulations and mandates. • Management of Regulatory Changes in silos. • Management of policies related to Governance, risk, compliance, ethics, and business conduct. • Lack of systematized operational testing. • Disconnect with BPM and Issue Tracking tools.
  • 29. © 2015 MetricStream, Inc. All Rights Reserved. Facing the Compliance Challenge Managing the Compliances
  • 30. © 2015 MetricStream, Inc. All Rights Reserved. Facing The Compliance Challenge • Standardize Internal Controls – Create a central repository for all types of company’s control systems, including those for operational efficiency, regulatory compliance, and financial reporting. – Have control linkages to related GRC content (regulations, processes, risks etc.) to get a bigger picture . • Use Business Process Management tools – Provide a framework for managing complex processes, ensuring that changes can be made in line with regulations. • Implement Standard Documentation – Have an integrated document repository to store documents pertaining to processes and controls across all subsidiaries. • Simplify Change Management – Enable sharing of documented risks and controls across processes. – Rationalize and reduce documented controls
  • 31. © 2015 MetricStream, Inc. All Rights Reserved. Facing The Compliance Challenge (contd..) • Enable Operational Testing – Test internal controls in a consistent manner across all operations within the company and over time. – Export report data into spreadsheets to simplify the overall operational testing process. • Automate Issue Management – Provide complete visibility into the entire lifecycle of issues – from identification through root cause analysis to remediation. • Enhance Reporting Capabilities – Build executive dashboards which provide enterprise- wide visibility into the internal controls and processes. – Build reports and scorecards for status tracking. – Provide statistics and data by a variety of parameters such as business units, processes, and divisions.
  • 32. © 2015 MetricStream, Inc. All Rights Reserved. Compliance Management Approach
  • 33. © 2015 MetricStream, Inc. All Rights Reserved. Compliance Management Approach Document Mgmt. Translate Rules Into Policies & Procedures Policies & Procedures Rules & Regulations Construct Compliance Strategies Risk / Cost of Compliance Compliance Reporting & Dashboards  G&A  T&E  HR  FCPA, OFAC, AML  Corporate Ethics  Financial Processes  Adherence to Rules & Laws  SEC Rules & Regs.  Financial Controls  Independence  Non-Key Controls  Code of Conduct  OFAC FERC/NERC Controls Self- Testing 3rd Party Testing Training & Certification Notifications & Alerts Attestation Examples Build a control structure that matches company risks
  • 34. © 2015 MetricStream, Inc. All Rights Reserved. A Typical Compliance Management Workflow Planning Organizing Operating Controlling
  • 35. © 2015 MetricStream, Inc. All Rights Reserved. • Risk 1 • Risk 2 • Risk 3 … … … Risks • Control 1 • Control 2 • Control 3 … … … Controls • IT • Function 1 … … … Functions/ Standards • Process 1 • Process 2 • Process 3 … … … Processes • Control Test 1 • Control Test 2 • Control Test 3 … … … Control Tests • Risk-Based • Requirement-Based • Business Unit-Based Risk Assessments • Action Plan • Implement • Monitor Issues • SEC • NASD • PCI • ISO • SOX … Area of Compliance • Regulation 1 • Regulation 2 • Standard 1 • Standard 2 … … References • Policy 1 • Procedure 1 • Work Instruction 1 … … … Policies/Documents Single Platform for Multiple Compliance Programs
  • 36. © 2015 MetricStream, Inc. All Rights Reserved. Benefits of an Effective Compliance Program
  • 37. © 2015 MetricStream, Inc. All Rights Reserved. Benefits • Reduced Cost, Time, and Effort – Automated information flows, assessments and testing, and remediation assignments will reduce over all compliance costs. • Increased Efficiency and Collaboration – Groups will be able to carry out team activities in a productive manner within the collaborative environment. – Business will understand, control and manage business processes within strict tolerances. • Streamlined Change Control – Integrated document management with change control capabilities will keep documentation and processes in sync. This will significantly reduced the amount of redo of documentation for ongoing compliance. • Enhanced Transparency and Visibility – Risk of non-compliance will reduce, assuring the executives of higher customer and investor confidence. • Improved Reporting Capabilities – Enterprise-wide visibility into the financial controls management and compliance process will improve and also highlight issues that need to be addressed.
  • 38. © 2015 MetricStream, Inc. All Rights Reserved. • Over 1,700 employees • Headquarters in Palo Alto, California with offices worldwide • Over 350 enterprise customers • Privately held – backed by leading global VCs, including Goldman Sachs About MetricStream Integrated Governance, Risk and Compliance for Better Business PerformanceVision Solutions • Enterprise Risk Management • Operational Risk Management • Vendor Risk Management • Audit Management • Third Party Management Partners Differentiators • Technology - GRC Platform – 9 Patents • Breadth of Solutions – Single Vendor for all GRC needs • Cross-industry Best Practices and Domain Knowledge • ComplianceOnline.com - Largest Compliance Portal on the Web •GRCIntelligence.com- One stop solution for curated intelligence Organization • EHS & Sustainability • Compliance Management • SOX Compliance • IT-GRC • Quality Management
  • 39. Q&A
  • 40. This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world. For more information on BELA contact: Laara van Loben Sels Senior Director, Engagement Services laara.vanlobensels@ethisphere.com 480.397.2663 Business Ethics Leadership Alliance (BELA)
  • 41.