The Technology Advantage Placing the Right Bets to Build the Program of the Future
April 2016 Michael Rasmussen, J.D., GRCP, CCEP The GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.OCEG.org
2 © 2016, all rights reserved, www.GRC2020.com
Realize that everything connects to everything else. Leonardo da Vinci
3 © 2016, all rights reserved, www.GRC2020.com
Regulatory Activity in Financial Services Tracked 2008-15
4 © 2016, all rights reserved, www.GRC2020.com The Chaos of Compliance Interconnectedness
5 © 2016, all rights reserved, www.GRC2020.com
Inevitability of Failure: Too Many Approaches
6 © 2016, all rights reserved, www.GRC2020.com
Compliance Management by Design: Federated Compliance Management
7 © 2016, all rights reserved, www.GRC2020.com
Compliance Management: a Top Down Approach
Compliance Management Strategy
Compliance Management Technology
Compliance Management Information
Compliance Management Process
8 © 2016, all rights reserved, www.GRC2020.com
The GRC Market: Technology, Information,& Professional Services
Technology to enable and automate compliance processes
Compliance Technology
Intelligence & content for compliance processes, often embedded in technology
Compliance Intelligence & Content
Professional services firms to advise on aspects of compliance
Compliance Professional Services
9 © 2016, all rights reserved, www.GRC2020.com
Compliance Information Architecture Provides 360° Contextual Intelligence
Strategic
Financial
Operational
Preventive
Corrective
Detective
Complaint
Investigation
Event
Strategic
Process
Department
Regulatory
Values
Contractual
Code of Conduct
Training & Awareness
Policies & Procedures
Owner
Employee
Subject Matter Expert
Controls
Risks
Issues
Roles
Objectives
Policies
Obligations
Organization Entity
Asset
Process
Central Hub of Compliance Information
10 © 2016, all rights reserved, www.GRC2020.com
360° Compliance Contextual Analytics & Intelligence Capabilities
Integrated and mapped together to provide context
Analyzed to understand relationships
Action Items
Distributed & Disconnected Compliance Data Points
11 © 2016, all rights reserved, www.GRC2020.com
Compliance Management by Design = Defensible Compliance Management
Compliance Technology Provides Automation and Tracking…
COLLABORATION AUDIT TRAIL ENFORCEMENT MANAGEMENT REPORTING WORKFLOW & TASKS
• Version (date/time • Ask and Resolve • Manage Expectations • Understand Context
• Provide Auditable Records • Demonstrate Sequence • Meet Requirements • Repeatable Cycle
12 © 2016, all rights reserved, www.GRC2020.com
Compliance Engagement: Bringing it to the Coal-Face of the Organization
13 © 2016, all rights reserved, www.GRC2020.com
Compliance management needs to provide a collaborative experience. Compliance engagement is accomplished through socialization and collaboration of compliance within the organization. This involves: • Getting questions answered
• Provide two-way communication
• Sharing information
• Connecting the dots through collaboration
Compliance Collaboration: Providing Collaboration Across the Organization
14 © 2016, all rights reserved, www.GRC2020.com
Compliance Operationalization: Integrating Compliance Across Systems & Processes
15 © 2016, all rights reserved, www.GRC2020.com
Compliance Intelligence: Integration of Actionable Content
16 © 2016, all rights reserved, www.GRC2020.com
Compliance Mobility: Done & Delivered Anywhere at Anytime
17 © 2016, all rights reserved, www.GRC2020.com
Maturing Compliance Through 360° Contextual Compliance Intelligence Delivers . . .
• Awareness
• Alignment
• Responsiveness
• Agility
• Resilience
• Lean Business Operations
Questions? Michael Rasmussen, J.D. The GRC Pundit & OCEG Fellow [email protected] +1.888.365.4560
Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org.
GRC 20/20 Newsletter
LinkedIn: GRC 20/20
Blog: GRC Pundit
Twitter: GRCPundit
LinkedIn: Michael Rasmussen