compliance 2020- the future of grc compliance
DESCRIPTION
Ethics & compliance programs would certainly be stronger if organizations had 20/20 hindsight to view issues across their scope, but here is another thought: can you use what you know today to frame what your compliance organization will look like in the year 2020? Both of these concepts - 20/20 hindsight and compliance in the year 2020 - build upon each other. Join Michael Rasmussen, principal analyst with GRC 20/20, who will explore the history of compliance within organizations and how that information can guide future industry growth and importance. Where it has been, Where it is now, and What it will look like in the year 2020. Particularly, he will explore the ways that compliance processes, information and technology will be commonly used in 2020 and how organizations will have greater contextual and situational 20/20 awareness of compliance across the organization. We will tackle how the present can begin taking advantage of what we believe will be best practices in 2020 and improve their compliance operations and intelligence today. Presented by: Michael Rasmussen Principal Analyst, GRC 2020 Ed Petry, Ph.D, Vice President, The Ethical Leadership GroupTRANSCRIPT
![Page 1: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/1.jpg)
Compliance 2020The Future of Ethics & ComplianceJanuary 2013
Michael Rasmussen, J.D., GRCP, OCEG Fellow, CCEPChief GRC Pundit
![Page 2: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/2.jpg)
Compliance in the Midst of Transformation
![Page 3: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/3.jpg)
Compliance in the past
Past
Present2020 -Future
![Page 4: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/4.jpg)
Most organizations rely on
manual ad hoc processes to
manage risk and compliance
change.
This involves individuals that are
overwhelmed with information
who fire off an emails and
manage documents — leading to,
in varying degrees…
Past: The Hydra of compliance inefficiency
![Page 5: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/5.jpg)
Excessive emails, documents,
and paper trails
Lack of an audit trail
Limited reporting
Files and documents out of sync
Wasted resources and spending
Poor visibility across the enterprise
Overwhelming complexity
Lack of business agility
Greater exposure and vulnerability
No accountability
Past: The Hydra of compliance inefficiency
![Page 6: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/6.jpg)
PAST: Too many formats and approaches are inefficient, ineffective, and lack agility
![Page 7: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/7.jpg)
The Winchester Mystery House
• 160 rooms
• 47 fireplaces
• 6 kitchens
• 10,000 windows
• 65 doors to blank walls
• 13 staircases abandoned
• 25 skylights – in floors
• 147 builders/no architects
• Built without a blueprint
• $5.5 million over 38 years
Past: The state of compliance in many organizations
![Page 8: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/8.jpg)
Not Agile
Not Efficient
PAST: Silos lead to greater risk
A non-integrated approach to compliance impacts business
performance and how it is managed and executed, resulting in:
o Poor visibility across the enterprise. A reactive approach to GRC leads
to siloed initiatives that never see the big picture.
o Redundant and inefficient processes. Silos of GRC lead to redundancy,
gaps, and wasted resources.
o Overwhelming complexity. Varying GRC approaches introduce greater
complexity to the business environment.
o Lack of business agility. Complexity drives inflexibility - the organization
is not agile to the dynamic business environment it operates in.
o Greater exposure and vulnerability. A reactive approach leads to
greater exposure and vulnerability.
Not Effective
![Page 9: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/9.jpg)
Past
Present2020 -Future
Compliance Today
![Page 10: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/10.jpg)
OECD
NACD
SEC
NYSErules
SOX
NASDAQrules
ALI
Employment& Labor
AS 3806
FSGThompson
Memo
TIAACREFF
PCAOB
CalPERS
ISO9000
6 Sigma
ERM
COSOERM
AS 4360
BIS
Baldrige
EuropeanQuality
CSRGRI
AA 1000SA 8000
ISO: CSRISO14000
TIAACREFF
Quality
LegalCompliance
ProsecutorialGuidance
Wage &Hour
WorkplaceViolence
FDA
CII
AS 4269
GovernmentContracts
Anti-Discrimination
Anti-Harassment
ContingentWorkforce
Hiring &Retention
HIPAA
InformationManagement
EmployeeInformation
GLBAISO 17709
CCA &FISCAM
GAO XBRL
COBIT
NIST
GlobalMobility
Whistle-Blowing
Turnbull
AFL-CIO
King II
21(a)Seaboard
Caremark
ISO: CSR
ILOConventions
AICPASAS 99 & 70
FFIEC
WebTrustSysTrust
COSOInternal Control
OCC
COCO
CMM
FCPA
OFEHOFederalReserve
HumanCapital CMM
CISA
HHSGuidance
AbbotDecision
DoD
IIAGuidance
EPAAnti-
Money Laundering
Anti-Trust Anti-FruadUSA
PATRIOTDII
IRS & TaxCompetitive
Practices
CCGG
SAS 94
Present: Volume & Complexity
Global Markets &Jurisdictions
Outsourcing &Extended Enterprise
M&A
National, State/Provincial & Local Jurisdictions
![Page 11: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/11.jpg)
Present: Are you focused only on the compliance risks you see?
“Never in all history have we
harnessed such formidable
technology. Every scientific
advancement known to man has
been incorporated into its design.
The operational controls are
sound and foolproof!”
E.J. Smith, Captain of the Titanic
![Page 12: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/12.jpg)
Present: Pressures Upon Compliance
Compliance & Ethics
Governments
Enforcement Agencies
Stakeholders
Younger Generation
Globalization
Social Media
Information Technology
Common Practices
![Page 13: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/13.jpg)
Inability to gain a clear view of compliance dependencies;
High cost of consolidating silos of compliance information;
Difficulty maintaining accurate compliance information;
Failure to trend across compliance assessment /reporting periods;
Present: The pain organizations have expressed
![Page 14: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/14.jpg)
Incapable to provide compliance intelligence to support business decisions and strategic planning;
Redundant approaches limit correlation, comparison and integration of information; and
Lack of agility to respond timely to changing regulations, laws, and situations.
Present: The pain organizations have expressed
![Page 15: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/15.jpg)
Past
Present2020 -Future
The Future of Compliance: Year 2020
![Page 16: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/16.jpg)
Future: Focus on Corporate Integrity
![Page 17: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/17.jpg)
Compliance
Consistency
Efficiency
Effectiveness
Agility
Transparency
Accountability
Future: Needs of Compliance
![Page 18: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/18.jpg)
GRC technology delivers actionable and reliable information
![Page 19: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/19.jpg)
Future: Technology Benefits
![Page 20: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/20.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Risk Management
Compliance will have an active seat at the table of risk management.
There will be improved methodologies and implementations for modeling compliance risk across the organization based on information that is readily accessible to target areas of risk exposure for compliance and integrity to the organization.
![Page 21: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/21.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Code(s) of Conduct
Employees with have an interactive code environment.
They will get be educated on the code through a portal of written, interactive content, and resources that includes:
o Training
o Video
o Ability to get answers to questions
o Reporting on the organizations
performance against the code.
![Page 22: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/22.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Policy & Procedure Management
Similar to the code, policies will be accessed in user-friendly environment through a portal aligned with the organization brand.
Employees will easily be able to find the current policy and read the policy with interactive tools to explain the policy to them.
Policy resources and related forms will be part of the portal.
![Page 23: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/23.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Training
As a result of the interactive
policy management portal,
learning management and
delivery of training will be an
integrated part of the portal itself
and not require disconnected
platforms to be integrated.
![Page 24: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/24.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Monitoring & Assessment
The compliance department will have removed the shackles of spreadsheets and documents
Core platform for compliance assessments with a single survey and assessment engine.
This relieves the burden on the business by having a common interface while allowing compliance to easily report on compliance.
Freeing up time spent on reconciling documents to improving corporate integrity
![Page 25: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/25.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Investigations
The organization will have a single system to record and capture issues, incidents, and events that integrate with hotlines.
Management can readily capture reports made at all levels of the organization.
Investigators will have a core system to manage and record investigations.
As there is one system for managing incidents and investigations, loss information from incidents is easily fed into risk models to improve risk management.
![Page 26: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/26.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Change Management
Compliance will be able to integrate process and technology with information from content providers to rapidly assess changing:
o Risks,
o Regulations,
o Developments around the world, and
o Understand how they impact policy and the integrity of the organization.
When the business changes, such as through mergers and acquisitions, compliance will be able assess and harmonize policies, controls, and processes driving efficiency and effectiveness into business change.
![Page 27: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/27.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Mobility
There’s an app for compliance!
Compliance will embrace mobile technology on tablets and other devices.
o Issue reporting will be readily done through mobile devices.
o Tablets will be used to deliver policies, training, and other interactive content to employees –particularly those without desktop workstation access.
o Mobile devices will be used in conducting investigations, audits, and compliance assessments.
o The ability to record pictures and video right into compliance applications will make these processes more efficient and effective.
![Page 28: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/28.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
3rd Party Management
Compliance will more effectively manage and communicate integrity across its business relationships with:
o Vendors,
o Suppliers,
o Outsourcers,
o Contractors,
o Consultants,
o Service providers, and
o Temporary workers.
This enables corporate integrity to be managed throughout the business ecosystem.
![Page 29: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/29.jpg)
10 Shifts to Compliance Strategy
Compliance 2020
12
3
4
56
7
8
9
10
Metrics & Benchmarking
Integrated information architecture external content the compliance organization will have an optimized infrastructure:
o Report on metrics,
o Trends,
o Benchmarking of compliance to identify how compliance is
performing, and
o Alignment with business performance, strategy, and execution
![Page 30: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/30.jpg)
Future: Compliance Value
EFFECTIVE• Design Effectiveness – Is the system is
logically designed to meet legal and other defined requirements?
• Operating Effectiveness – Does the system operate as designed?
EFFICIENT• Financial Efficiency – How much financial
capital is required?
• Human Capital Efficiency – What type and level of individual(s) are required?
RESPONSIVE• Cycle Time – How much time does it take?
• Adaptability – Can the system adapt to the changing environment including new requirements/business units?
![Page 31: Compliance 2020- The Future of GRC Compliance](https://reader033.vdocuments.mx/reader033/viewer/2022042606/5471ef4ab4af9fb40a8b4e08/html5/thumbnails/31.jpg)
Questions?Michael Rasmussen, J.D, GRCP,
OCEG Fellow, CCEP
+1.888.365.4560
GRC 20/20 Newsletter
LinkedIn: GRC 20/20
Blog: GRC Pundit
Twitter: GRCPundit
Events: GRC 20/20
LinkedIn: Michael Rasmussen