This document provides a summary of a presentation on optimizing compliance programs in organizations using a top-down approach. The presentation discusses challenges with siloed compliance programs and the benefits of an integrated, enterprise-wide approach. It emphasizes taking a risk-based approach with board oversight and continuous monitoring. The presentation also compares external, internal, and regulatory audits and argues for differentiating their roles while increasing integration among compliance functions.
Increased regulatory pressure and operational complexity have created a need for a new approach to compliance.
Accenture is not and will not be deemed to be providing the Client with any legal, regulatory or financial advice as part of Accenture’s performance of the Services, production of the Deliverables and/or content in this presentation and Accenture shall have no liability resulting from such matters.
Legal Governance, Risk Management and ComplianceEffacts
The key for corporate legal departments in minimizing risks lies in identifying relevant risks, creating and aligning controls, and monitoring them to ensure compliance.
Increased regulatory pressure and operational complexity have created a need for a new approach to compliance.
Accenture is not and will not be deemed to be providing the Client with any legal, regulatory or financial advice as part of Accenture’s performance of the Services, production of the Deliverables and/or content in this presentation and Accenture shall have no liability resulting from such matters.
Legal Governance, Risk Management and ComplianceEffacts
The key for corporate legal departments in minimizing risks lies in identifying relevant risks, creating and aligning controls, and monitoring them to ensure compliance.
The presentation unifies business value creation and preservation objectives within one framework suitable for use by, and accessible to, all departments of all organizations in all industry sectors. GRC still focuses too much on preserving trust and social capital and not enough on developing them. The entire premise of OCEG's GRC initiative is too narrowly focused and is therefore incomplete. To use a sports analogy, you can't win a football game with defense alone. Offensive business practices develop trust and build social capital, encourage risk taking, facilitate collaboration, and stimulate innovation. These elements remain inadequately addressed by the GRC approach to achieving its Principled Performance objectives.
This webinar provided a mid-year review of financial regulatory priorities, with a focus on SEC and FINRA as well as a discussion on industry events from 2017 that have contributed to and shaped on-going compliance priorities.
Watch recordings from the webinar here; https://mco.mycomplianceoffice.com/mco-webinar/sec-finra-2017-priorities-a-midyear-update
ISO Standards support for Anti-Bribery investigations and audits in the cyber...PECB
This presentation was delivered by Anders Carlstedt, CEO at Parabellum Cybersecurity Services at The ISO 27001 & Anti-Bribery PECB Insights Conference.
Presentation from the webinar "State-Owned Enterprises & Professional Accountancy Organizations in PFM Reform: Recovery Post COVID-19" (August 11, 2021).
ISO 19600 Section 4.5 - Know your ObligationsNimonik
Organizations are required to systematically identify their compliance obligations along with the implications they have on their operations, products and services. Understanding the nature of these obligations and what is needed to meet them is essential to establishing an effective compliance program and contending with compliance risk.
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
Over the last few years the financial services industry has wrestled with the impact of poor conduct. Fines and penalties have soared, franchises have been damaged and the legal and regulatory burden has forced a complete rewriting of business models. As a result there has been a sharpened focus from both a regulatory and governance perspective on “conduct risk” – the pro-active management of anything in which an institution might engage which could impact on customer outcomes, or market integrity. We look into what corporates in other sectors can learn from financial institutions in terms of compliance, culture, governance and ”conduct risk”.
RIA in the context of regulatory policy and governance: UKOECD Governance
Presentation by Rachel Holloway, Department for Business, Energy, & Industrial Strategy, United Kingdom, at the RIA workshop which took place in Lima on 22-24 May 2017. Further information is available at www.oecd.org/gov/regulatory-policy/.
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
The presentation included a discussion of practical steps in-house lawyers can take to build, grow, and measure their corporate compliance program, and why such programs are important for companies, especially those preparing for a sale.
CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies.
We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.
Presentation by Rachel Holloway, Department for Business, Energy, & Industrial Strategy, United Kingdom, at the RIA workshop which took place in Lima on 22-24 May 2017. Further information is available at www.oecd.org/gov/regulatory-policy/.
Presentation by Rachel Holloway, Department for Business, Energy, & Industrial Strategy, United Kingdom, at the RIA workshop which took place in Lima on 22-24 May 2017. Further information is available at www.oecd.org/gov/regulatory-policy/.
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
In a rapidly changing world, companies struggle to keep up with constantly shifting compliance and risk exposure, both external and internal. Regulatory pressure and increasing executive demand for risk insight present evolving challenges for risk, audit, and compliance professionals who are being asked to do more with less. Governance, Risk, and Compliance (GRC) tools help organizations integrate their assurance activities across the three lines of defense, enable more efficient and effective assurance programs, and ultimately sustain the programs. Companies at the beginning of the GRC technology implementation lifecycle often fail to think through all of the components and key activities necessary to ensure a successful initiative. Those that forge ahead without analysis and planning may find that they missed opportunities to converge their risk and compliance programs, their business processes were not ready for automation, the new technology doesn’t work as anticipated, and timelines for completion can’t be met. In fact, without proper planning, companies may not be using GRC tools to their full potential and realizing the value promised to management and key stakeholders.
Despite claims to the contrary, the need for governance does not disappear for agile projects. Your project sponsors have a right to know the status of the health and risk of their investments. But trying to blend traditional agile methods such as Scrum with traditional stage gate approaches can cause frustration for both project teams and their stakeholders. Disciplined Agile (DA2.0) provides straightforward and common sense ideas for applying governance in a lightweight fashion for agile projects. DA2.0 has been adopted organization-wide in some very large companies and in many cases the primary motivations have been related to its hybrid method approach as well as the built-in governance that it provides.
In this talk Rod reviews the four DAD lifecycles along with their associated phases and milestones. He will explain which milestones are highly recommended vs those that are considered optional. He will show how a lightweight Vision statement created in Inception can be used as a governance mechanism for moderating uncontrolled change that often happens on agile projects.
Your Challenge
Companies understand the importance of business process improvement (BPI) and recognize the touted benefits: cost savings, waste elimination, and process efficiency.
With this said, 70% of companies that embark on process improvement initiatives fail.
The high probability of failure is attributed to a number of factors, including lack of continuous improvement and failing to define measurable outcomes.
Our Advice
Adopt a forward-facing outlook. Don’t focus solely on the current state, set improvement targets upfront to drive the initiative.
Break problems down into root-cause variables. Don’t look at the symptom, dive deeper and alleviate the root cause.
Empower business analysts. Create a practical process improvement methodology that your analysts can follow.
Impact and Result
Kick off process improvement by identifying the goals and defining the improvement targets.
Start by referring to the operating model and identifying level 1, 2, and 3 processes. Once the team understands the relationship between processes, they can begin to map a level 3 process using a standard mapping notation.
Use qualitative and quantitative techniques for analyzing the root cause rather than the symptoms.
Ensure the design is aligned with the initial improvement targets. Focus on value-added activities.
Consistently monitor the process and assess the root-cause variables to gauge the success of the process improvements.
Stop the madness - Never doubt the quality of BI again using Data GovernanceMary Levins, PMP
Does this sound familiar? "Are you sure those numbers are right?" "Why are your numbers different than theirs?"
We've all heard it and had that gut wrenching feeling of doubt that comes with uncertainty around the quality of the numbers.
Stop the madness! Presented in Dunwoody on April 18 by industry leading expert Mary Levins who discusseses what it takes to successfully take control of your data using the Data Governance Framework. This framework is proven to improve the quality of your BI solutions.
Mary is the founder of Sierra Creek Consulting
The presentation unifies business value creation and preservation objectives within one framework suitable for use by, and accessible to, all departments of all organizations in all industry sectors. GRC still focuses too much on preserving trust and social capital and not enough on developing them. The entire premise of OCEG's GRC initiative is too narrowly focused and is therefore incomplete. To use a sports analogy, you can't win a football game with defense alone. Offensive business practices develop trust and build social capital, encourage risk taking, facilitate collaboration, and stimulate innovation. These elements remain inadequately addressed by the GRC approach to achieving its Principled Performance objectives.
This webinar provided a mid-year review of financial regulatory priorities, with a focus on SEC and FINRA as well as a discussion on industry events from 2017 that have contributed to and shaped on-going compliance priorities.
Watch recordings from the webinar here; https://mco.mycomplianceoffice.com/mco-webinar/sec-finra-2017-priorities-a-midyear-update
ISO Standards support for Anti-Bribery investigations and audits in the cyber...PECB
This presentation was delivered by Anders Carlstedt, CEO at Parabellum Cybersecurity Services at The ISO 27001 & Anti-Bribery PECB Insights Conference.
Presentation from the webinar "State-Owned Enterprises & Professional Accountancy Organizations in PFM Reform: Recovery Post COVID-19" (August 11, 2021).
ISO 19600 Section 4.5 - Know your ObligationsNimonik
Organizations are required to systematically identify their compliance obligations along with the implications they have on their operations, products and services. Understanding the nature of these obligations and what is needed to meet them is essential to establishing an effective compliance program and contending with compliance risk.
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
Over the last few years the financial services industry has wrestled with the impact of poor conduct. Fines and penalties have soared, franchises have been damaged and the legal and regulatory burden has forced a complete rewriting of business models. As a result there has been a sharpened focus from both a regulatory and governance perspective on “conduct risk” – the pro-active management of anything in which an institution might engage which could impact on customer outcomes, or market integrity. We look into what corporates in other sectors can learn from financial institutions in terms of compliance, culture, governance and ”conduct risk”.
RIA in the context of regulatory policy and governance: UKOECD Governance
Presentation by Rachel Holloway, Department for Business, Energy, & Industrial Strategy, United Kingdom, at the RIA workshop which took place in Lima on 22-24 May 2017. Further information is available at www.oecd.org/gov/regulatory-policy/.
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
The presentation included a discussion of practical steps in-house lawyers can take to build, grow, and measure their corporate compliance program, and why such programs are important for companies, especially those preparing for a sale.
CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies.
We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.
Presentation by Rachel Holloway, Department for Business, Energy, & Industrial Strategy, United Kingdom, at the RIA workshop which took place in Lima on 22-24 May 2017. Further information is available at www.oecd.org/gov/regulatory-policy/.
Presentation by Rachel Holloway, Department for Business, Energy, & Industrial Strategy, United Kingdom, at the RIA workshop which took place in Lima on 22-24 May 2017. Further information is available at www.oecd.org/gov/regulatory-policy/.
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
In a rapidly changing world, companies struggle to keep up with constantly shifting compliance and risk exposure, both external and internal. Regulatory pressure and increasing executive demand for risk insight present evolving challenges for risk, audit, and compliance professionals who are being asked to do more with less. Governance, Risk, and Compliance (GRC) tools help organizations integrate their assurance activities across the three lines of defense, enable more efficient and effective assurance programs, and ultimately sustain the programs. Companies at the beginning of the GRC technology implementation lifecycle often fail to think through all of the components and key activities necessary to ensure a successful initiative. Those that forge ahead without analysis and planning may find that they missed opportunities to converge their risk and compliance programs, their business processes were not ready for automation, the new technology doesn’t work as anticipated, and timelines for completion can’t be met. In fact, without proper planning, companies may not be using GRC tools to their full potential and realizing the value promised to management and key stakeholders.
Despite claims to the contrary, the need for governance does not disappear for agile projects. Your project sponsors have a right to know the status of the health and risk of their investments. But trying to blend traditional agile methods such as Scrum with traditional stage gate approaches can cause frustration for both project teams and their stakeholders. Disciplined Agile (DA2.0) provides straightforward and common sense ideas for applying governance in a lightweight fashion for agile projects. DA2.0 has been adopted organization-wide in some very large companies and in many cases the primary motivations have been related to its hybrid method approach as well as the built-in governance that it provides.
In this talk Rod reviews the four DAD lifecycles along with their associated phases and milestones. He will explain which milestones are highly recommended vs those that are considered optional. He will show how a lightweight Vision statement created in Inception can be used as a governance mechanism for moderating uncontrolled change that often happens on agile projects.
Your Challenge
Companies understand the importance of business process improvement (BPI) and recognize the touted benefits: cost savings, waste elimination, and process efficiency.
With this said, 70% of companies that embark on process improvement initiatives fail.
The high probability of failure is attributed to a number of factors, including lack of continuous improvement and failing to define measurable outcomes.
Our Advice
Adopt a forward-facing outlook. Don’t focus solely on the current state, set improvement targets upfront to drive the initiative.
Break problems down into root-cause variables. Don’t look at the symptom, dive deeper and alleviate the root cause.
Empower business analysts. Create a practical process improvement methodology that your analysts can follow.
Impact and Result
Kick off process improvement by identifying the goals and defining the improvement targets.
Start by referring to the operating model and identifying level 1, 2, and 3 processes. Once the team understands the relationship between processes, they can begin to map a level 3 process using a standard mapping notation.
Use qualitative and quantitative techniques for analyzing the root cause rather than the symptoms.
Ensure the design is aligned with the initial improvement targets. Focus on value-added activities.
Consistently monitor the process and assess the root-cause variables to gauge the success of the process improvements.
Stop the madness - Never doubt the quality of BI again using Data GovernanceMary Levins, PMP
Does this sound familiar? "Are you sure those numbers are right?" "Why are your numbers different than theirs?"
We've all heard it and had that gut wrenching feeling of doubt that comes with uncertainty around the quality of the numbers.
Stop the madness! Presented in Dunwoody on April 18 by industry leading expert Mary Levins who discusseses what it takes to successfully take control of your data using the Data Governance Framework. This framework is proven to improve the quality of your BI solutions.
Mary is the founder of Sierra Creek Consulting
Presentation delivered by Luis E. Taveras, PhD, Former Senior Vice President, Office of Integration, RWJ Barnabas Health at the marcus evans National Healthcare CIO Summit held in Pasadena CA, March 13-14 2017
Many organizations struggle with implementing process improvement. A key enabler is the skill of the change agent. This presentation examines the core skills and concepts needed to be an effective change agent.
Game Changing Quality Strategies that Drive Organizational Excellencekushshah
Quality in the past was more related conforming to requirements, in lot of cases as it relates to engineering requirements and not necessarily enthusiastic customer experience. It was a very narrow definition of quality and focused more on Things Gone Wrong. Goal was to reach a level of customer accepted.
Quality definition today is much broader and winning in quality in this highly competitive environment requires deployment game changing quality strategies.
We will discuss how to infuse the voice of the customer into the way we design our products and services so that they exceed customer expectations. Organizations that engage all functions within enterprise and are customer centric will differentiate themselves from the rest of the competition. This presentation will provide an integrated roadmap on how to integrate proactive quality strategies such as Design for Six Sigma (DFSS), Advanced Product Quality Planning (APQP), Design Failure Modes and Effects Analysis (DFMEA), Process Failure Modes and Effects Analysis (PFMEA) along with reactive strategies such as Six Sigma and control plans to achieve organizational excellence.
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. The IT GRC Solution integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management. Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise
Read More at: http://www.maclear-grc.com/
With these key best practices, you can create strong ERP governance that will help you use your platform effectively, with an increased focus on the strategic objectives of your business.
Learn more - http://gt-us.co/1NJKpfZ
What ISO Management Systems can learn from Balanced Scorecard?PECB
Balanced Scorecard is a Strategy Management System developed by Professors Kaplan and Norton. It is probably the most comprehensive system/tool in the modern world. It allows an organization balance its Strategy across 4 perspectives (Financial, Customer, Internal Process and Learning and Growth Perspectives). It further lets an organization break down each of these 4 perspectives based on 4 criteria which are Objectives, Measures, Target and Initiatives. There is a lot that ISO Implementers and Auditors need to learn from a Balanced Scorecard that will help in better delivering ISO engagements. This webinar will take a critical look at what is Balanced Scorecard and what ISO Consultants need to know to about it.
Main points covered:
• What is a Balance Scorecard?
• How Balance Scorecard allows organization to balance its Strategy across 4 perspectives (Financial, Customer, Internal Process and Learning and Growth Perspectives)
• How an organization breaks down each 4 perspective based on 4 criteria (Objectives, Measures, Target and Initiatives)
Presenter:
This webinar was presented by Orlando Olumide Odejide, who is the Chief Trainer for Training Heights Limited. Orlando is an experienced Enterprise Architect and Programme Director working on various technology solutions including SharePoint, SQL Server, Oracle, SAP, Odoo and Qlikview Technologies for clients in the Financial Services, Government and Manufacturing Sectors.
Link of the recorded session published on YouTube: https://youtu.be/XPPj9XhXl0s
Governing Agile Teams: Disciplined Strategies to Increase Agile EffectivenessTechWell
Many organizations have successfully adopted agile on a subset of their projects, while, at the same time, struggled to do so across entire departments. A common challenge is the need to overhaul the IT governance strategy so that it will work with agile teams. This is a serious issue for governance bodies with little or no practical agile experience, particularly when experience shows that traditional governance strategies increase the risk of failure on agile projects. Scott Ambler introduces The Disciplined Agile Delivery framework for managing and monitoring enterprise agile teams. This framework goes beyond offering an IT governance strategy to provide advanced strategies such as development intelligence and the goal-question-metric measurement approach. Learn the do’s and don’ts of governing agile teams, how governance fits in and enhances the agile project lifecycle, how to measure agile teams, and most importantly, why teams should demand good governance.
In today's competitive market, many organizations are unaware of the quantity of poor-quality data in their systems. Some organizations assume that their data is of adequate quality, although they have conducted no metrical or statistical analysis to support the assumption. Others know that their performance is hampered by poor-quality data, but they cannot measure the problem.
How Ally Financial Achieved Regulatory Compliance with the Data Management Ma...DATAVERSITY
A Data Management Maturity Model Case Study
Ally Financial Inc., previously known as GMAC Inc., is a bank holding company headquartered in Detroit, Michigan. Ally has more than 15 million customers worldwide, serving over 16,000 auto dealers in the US. In 2009 Ally Bank was launched – at present it has over 784,000 customers, a satisfaction score of over 90%, and has been named the “Best Online Bank” by Money magazine for the last four years.
Ally was an early adopter of the DMM, conducting a broad-based evaluation of its data management practices, and creating a strategy and sequence plan for improvements based on the results. Ally’s implementation of an integrated, organization-wide data management program including data governance, a robust data quality program, and managed data standards, resulted in a “Satisfactory” rating on its latest regulatory audit.
In this webinar, you will learn:
How Ally employed the DMM to evaluate its data management practices
Who was involved / lessons learned
How Ally prioritized and sequenced data management improvement initiatives
How the data management program has been enhanced and expanded
Business impacts and benefits realized
Major initiatives completed and underway
How Ally is leveraging DMM 1.0 to proactively prepare for BCBS 239 compliance.
Similar to Optimizing Compliance Programs in Organizations: A Top Down Approach (20)
Want to move your career forward? Looking to build your leadership skills while helping others learn, grow, and improve their skills? Seeking someone who can guide you in achieving these goals?
You can accomplish this through a mentoring partnership. Learn more about the PMISSC Mentoring Program, where you’ll discover the incredible benefits of becoming a mentor or mentee. This program is designed to foster professional growth, enhance skills, and build a strong network within the project management community. Whether you're looking to share your expertise or seeking guidance to advance your career, the PMI Mentoring Program offers valuable opportunities for personal and professional development.
Watch this to learn:
* Overview of the PMISSC Mentoring Program: Mission, vision, and objectives.
* Benefits for Volunteer Mentors: Professional development, networking, personal satisfaction, and recognition.
* Advantages for Mentees: Career advancement, skill development, networking, and confidence building.
* Program Structure and Expectations: Mentor-mentee matching process, program phases, and time commitment.
* Success Stories and Testimonials: Inspiring examples from past participants.
* How to Get Involved: Steps to participate and resources available for support throughout the program.
Learn how you can make a difference in the project management community and take the next step in your professional journey.
About Hector Del Castillo
Hector is VP of Professional Development at the PMI Silver Spring Chapter, and CEO of Bold PM. He's a mid-market growth product executive and changemaker. He works with mid-market product-driven software executives to solve their biggest growth problems. He scales product growth, optimizes ops and builds loyal customers. He has reduced customer churn 33%, and boosted sales 47% for clients. He makes a significant impact by building and launching world-changing AI-powered products. If you're looking for an engaging and inspiring speaker to spark creativity and innovation within your organization, set up an appointment to discuss your specific needs and identify a suitable topic to inspire your audience at your next corporate conference, symposium, executive summit, or planning retreat.
About PMI Silver Spring Chapter
We are a branch of the Project Management Institute. We offer a platform for project management professionals in Silver Spring, MD, and the DC/Baltimore metro area. Monthly meetings facilitate networking, knowledge sharing, and professional development. For event details, visit pmissc.org.
Leadership Ambassador club Adventist modulekakomaeric00
Aims to equip people who aspire to become leaders with good qualities,and with Christian values and morals as per Biblical teachings.The you who aspire to be leaders should first read and understand what the ambassador module for leadership says about leadership and marry that to what the bible says.Christians sh
Resumes, Cover Letters, and Applying OnlineBruce Bennett
This webinar showcases resume styles and the elements that go into building your resume. Every job application requires unique skills, and this session will show you how to improve your resume to match the jobs to which you are applying. Additionally, we will discuss cover letters and learn about ideas to include. Every job application requires unique skills so learn ways to give you the best chance of success when applying for a new position. Learn how to take advantage of all the features when uploading a job application to a company’s applicant tracking system.
New Explore Careers and College Majors 2024Dr. Mary Askew
Explore Careers and College Majors is a new online, interactive, self-guided career, major and college planning system.
The career system works on all devices!
For more Information, go to https://bit.ly/3SW5w8W
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...dsnow9802
Jill Pizzola's tenure as Senior Talent Acquisition Partner at THOMSON REUTERS in Marlton, New Jersey, from 2018 to 2023, was marked by innovation and excellence.
MISS TEEN GONDA 2024 - WINNER ABHA VISHWAKARMADK PAGEANT
Abha Vishwakarma, a rising star from Uttar Pradesh, has been selected as the victor from Gonda for Miss High Schooler India 2024. She is a glad representative of India, having won the title through her commitment and efforts in different talent competitions conducted by DK Exhibition, where she was crowned Miss Gonda 2024.
Exploring Career Paths in Cybersecurity for Technical CommunicatorsBen Woelk, CISSP, CPTC
Brief overview of career options in cybersecurity for technical communicators. Includes discussion of my career path, certification options, NICE and NIST resources.
NIDM (National Institute Of Digital Marketing) Bangalore Is One Of The Leading & best Digital Marketing Institute In Bangalore, India And We Have Brand Value For The Quality Of Education Which We Provide.
www.nidmindia.com
3. Kevin McCormack
Managing Director, Content & Programming
kevin.mccormack@ethisphere.com
303.819.9817
We welcome you to submit any questions for the presenters
through the chat function you see on your screen.
HOST
QUESTIONS
RECORDING The event recording and PowerPoint will be provided post
event.
3
4. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │4
Danny Goldberg
Founder
GOLD SRD
Terence Lee
Regional VP GRC Solutions
MetricStream, Inc.
SPEAKING TODAY
6. Danny M. Goldberg
• Founder, GOLDSRD
(www.goldsrd.com)
• Former Director of Corporate
Audit/SOX at Dr Pepper
Snapple Group
• Former CAE - Tyler
Technologies
• Published Author (Book/Articles)
• Texas A&M University – 97/98
• Chairman of the Leadership
Council of the American Lung
Association - North Texas –
Calendar Year 2012
• Served on the Audit Committee
of the Dallas Independent
School District (CY 2008)
• Current Dallas and Fort Worth
IIA Programs Co-Chair
• Fort Worth IIA Board Member
• IIA North America Learning
Committee Member
Certifications:
• CPA – Since 2000
• CIA – Since 2008
• CISA – Since 2008
• CGEIT - Since 2009
• CRISC - Since 2011
• CRMA – Since 2011
• CCSA – Since 2007
• CGMA – Since 2012
LAUGH
7. Danny M. Goldberg (cont.)
• Highly-Rated, Internationally Recognized Speaker
– One of the Top Rated Speakers, 2014 IIA All-Star
Conference
– 7th Rated Speaker, 2014 ISACA ISRM Conference
– One of the Top Rated Speakers, 2014 IIA Mid-Atlantic
Conference
– One of the Top Rated Speakers, 2014 IIA Gaming
Conference
– 6th Highest Rated Speaker (out of 116), 2013 IIA
International Conference
– 3rd and 5th Rated Sessions, 2013 IIA Central Regional
Conference
– 8th Rated Speaker (out of 120), 2012 IIA International
Conference
8. Danny M. Goldberg (cont.)
• Published Author
– HFTP Journal: Practice Ethics (November 2014)
– Bureau of National Affairs - Internal Audit:
Fundamental Principles and Best Practices
(Professional Commentator)
– College & University Auditor (March 2014 Cover) –
Project Management
– Audit Report Articles (June 2013 Cover, March
2012, March 2011, June 2010 Cover) – “Critical
Thoughts on Critical Thinking”
– ISACA Journal (May 2012, August 2012)
– Internal Auditor Articles (August 2007, December
2007, October 2010)
– Dallas Business Journal (January 2011) – “The Yes
Man Phenomenon”
9. Agenda
• Overview of Compliance and Integration Challenges
• Top-Down Risk Based Approach (Centralized Oversight)
• Compliance as a key enterprise risk
• Key Aspects for Integrated Auditing
• Differentiation between External, Internal and Regulatory
• Differences (Sample Sizes, Substantive versus Controls)
9
10. Compliance Today
• Business is NOT being deregulated;
standards are increasing and becoming
more stringent
• Silo approach to compliance in many large
organizations
– Little to no integration (competing priorities)
– Compliance is not viewed as value-add (“we
have to do it”)
10
11. Implications of Lack of Integration
• Who owns compliance? Which line of
defense?
• Limited compliance knowledge in the
business/process owners
• Advanced preparation becomes a
necessity
• Lack of separation between auditors (“We
get audited all the time”)
11
12. Top-Down Approach
• Board Oversight and Support (Compliance
Program)
• Management Messaging (Continuous)
– Focus on Value of Compliance
• Continuous Monitoring/Auditing
• Incentive Plans tied to Compliance
12
13. Compliance Program
• Compliance is Part of Management
• Considered at the Strategic/Enterprise
Level
• Addressed as Part of ERM Program
• Address Root Causes when Non-
Compliance is uncovered
• Consider/Identify business process
interdependencies
13
14. Definition of Internal Audit
Internal auditing is an independent, objective
assurance and consulting activity designed
to add value and improve an organization's
operations.
It helps an organization accomplish its
objectives by bringing a systematic,
disciplined approach to evaluate and
improve the effectiveness of risk
management, control, and governance
processes.
14
15. Key Enterprise Risks
• Focus on Value of Compliance
• Top Five risk in most/many industries
• Compliance is not optional
• Lack of Compliance
– Do Not Focus on Fines
– Unable to do Business?
– Not aligned with Company’s Strategic
Objectives?
15
16. Messaging
How Do You Get People to Do What They
Do Not Want to Do?
• Socialize Importance of Compliance
• Continuous Communication
• Training
• Embed in the Business
16
18. Integrated Auditing
• Starts at the Top
• Umbrella Approach to GRC?
– All functions reporting through same authority
line
• Must start at the Risk Assessment Level
– Combine Audit Risks with Compliance Risks
(if possible)
• Integrate Pool of Auditors
18
19. Types of Continuous GRC
• Data Analytics
– Continuous Monitoring
– Continuous Auditing
• Continuous Risk Assessment
• Continuous Controls Monitoring
• Data Warehousing
• Data Mining
• Fraud Detection Tool
19
20. Continuous Controls Monitoring
• Process performed by management to
determine whether policies are operating
effectively
• Uses automated tests to identify activities and
transactions that fail to comply with controls
• Allows management to fix control problems
timely
• Similar to continuous risk assessment – find the
key controls, understand how they can be
monitored through the system, etc.
20
21. “Who is Auditing Me Now?”
• Confusion with Auditees as to who does
what
• Perception is that audits happen “all the
time” – there is no end
• Integration will assist perception
• Important to delineate between internal
and external
21
22. Differences Between Compliance
and Internal Audit
• Controls testing versus Substantive testing
• Non-statistical Sampling versus Statistical
Sampling
• Concluding on initial sample versus
extending sample sizes
22
23. Benefits of Compliance
Optimization
• Efficiency and Effectiveness of
Compliance Process = Money
• Real-Time Information (KPI’s) – pushes
understanding and acceptance
• Increased Readiness to Respond to Third-
Parties
23
24. Summary
• Compliance must be viewed as a key risk
(ERM)
• Integration is key to efficiency and
effectiveness
• Automation (CA/CM) is key to effective
response
• Can generate new revenue, etc. =
Business Opportunity
24
40. This webcast and all future Ethisphere webcasts are
available complimentary and on demand for BELA
members. BELA members are also offered complimentary
registration to Ethisphere’s Global Ethics Summit and
other Summits around the world.
For more information on BELA contact:
Laara van Loben Sels
Senior Director, Engagement Services
laara.vanlobensels@ethisphere.com
480.397.2663
Business Ethics Leadership
Alliance (BELA)