Addressing Anti-Bribery and Corruption Workshop

GRC 20/20 Workshops provide interactive training to groups of people on a range of GRC topics. These workshops provide a collaborative learning environment in which the attendees will be guided through lectures, problems, activities, and discussion.

GRC 20/20 can be engaged to deliver workshops internally to organizations as well as sponsored by GRC solution providers for their clients and prospects. GRC 20/20 regularly teaches the following workshops throughout the world in 1/2-day, full-day, and multi-day formats . . .

[tabs id=”Addressing_Anti-Bribery_and_Corruption_Workshop” heading=”Addressing Anti-Bribery and Corruption Workshop”] [tab title=”Description” tabid=”Description”]

Every organization relies on a broad range of third parties for critical business operations that span borders.  With the increasingly strict enforcement of global Anti-Corruption regulations like FCPA and the UK Bribery Act, your employees, suppliers and partners can create risk and liability that could result in significant business sanctions and damage to your valuable brands. These laws prohibit bribery and corruption, by you and the companies with whom you conduct business. No company can afford to let this risk go unmonitored.

In this interactive workshop we will overview anti-bribery and corruption laws and standards (e.g., US FCPA, UK Bribery Act, OECD Guidelines), enforcement actions, and trends in anti-bribery and corruption enforcement. We will spend time discussing what regulators look for in anti-bribery and corruption compliance programs and how to go about building a program that is defensible.  

Attendees will be given real-life scenarios and case studies and use interactive discussions and scenarios – all to ensure a proper understanding of how to effectively and efficiently address anti-bribery and corruption compliance.This workshop will deliver useful links, real life cases, checklists, and compliance tips that enhance the learning experience.  

 [/tab] [tab title=”Who Should Attend” tabid=”Who_Should_Attend”] 

  • Compliance Officers, Managers & Professionals
  • Legal Professionals
  • Ethics Professionals
  • IT Architecture focused on supporting anti-bribery & corruption programs
  • And other roles interested in anti-bribery & corruption

[/tab] [tab title=”What Attendees Learn” tabid=”What_Attendees_Learn”]

  • Overview of Anti-Bribery & Corruption Laws and Standards
  • Government Officials, Enforcement Actions & Trends
  • Red Flags to Be Aware of
  • Dealing with Agents and Other 3rd Parties
  • Developing a Due Diligence Process
  • Defensible Compliance Processes
  • Managing Gifts, Entertainment & Hospitality Expenses
  • Effective Policy Communication & Training
  • Keeping Your Anti-Bribery & Corruption Program Current in a Dynamic Business Environment

[/tab] [/tabs]  

 

GRC Strategy, Process & Technology Workshop

GRC 20/20 Workshops provide interactive training to groups of people on a range of GRC topics. These workshops provide a collaborative learning environment in which the attendees will be guided through lectures, problems, activities, and discussion.

GRC 20/20 can be engaged to deliver workshops internally to organizations as well as sponsored by GRC solution providers for their clients and prospects. GRC 20/20 regularly teaches the following workshops throughout the world in 1/2-day, full-day, and multi-day formats . . .

[tabs id=”GRC_Strategy_Process_&_Technology_Workshop” heading=”GRC Strategy, Process & Technology Workshop”] [tab title=”Description” tabid=”Description”]

“GRC is a capability to reliably achieve objectives while addressing uncertainty and acting with integrity.” OCEG GRC Capability Model 2.1

In this workshop you’ll gain the knowledge necessary to efficiently design and enhance GRC activities across your business based on established GRC standards. Through lectures and practical group interaction, discussions and exercises, you will learn about defining a GRC strategy, strengthening core business processes, and improving use of technology to support the integrated governance, management and assurance of performance, risk and compliance.

In today’s complex global business environment, having a transparent view of information and a coordinated approach to the governance and management of performance, risk and compliance is critical to success. Organizations that understand and apply the principles of integrated governance, risk and compliance (GRC), in both processes and technology, have a real competitive advantage.  They improve their ability to make well-informed strategic decisions and are better able to response with agility and speed to threats and opportunities that arise.

The objective of this seminar is to provide attendees with the knowledge necessary to efficiently design and enhance GRC activities across the business based on established GRC standards. Through lectures and practical group interaction, discussions, and exercises, attendees learn about defining a GRC strategy, strengthening core business processes, and improving use of technology to support the integrated governance, management and assurance of performance, risk and compliance.

At the heart of the seminar is the OCEG GRC Capability Model. Although various standards and frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG GRC Capability Model is the only open standard that provides comprehensive and detailed practices for an integrated GRC program.

Organizations can use the GRC Capability Model to address a broad GRC program across the organization or develop a structure within domains of GRC (e.g., compliance, risk management, audit).  The goal is to make GRC processes more effective, efficient, and agile to the needs of the business.

 [/tab] [tab title=”Who Should Attend” tabid=”Who_Should_Attend”]

  • GRC Strategists, Executives & Architects
  • Compliance Professionals
  • Risk Professionals
  • Security Professionals
  • Audit Professtionals
  • Enterprise Architects
  • IT Professionals
  • And others responsible for GRC Strategy, Process, Information, and Technology

[/tab] [tab title=”What Attendees Learn” tabid=”What_Attendees_Learn”]

Objectives:

  • Prepare attendees for the Certified GRC Professional exam (www.GRCcertify.org)
  • Understand the components of the OCEG GRC Capability Model
  • Align risk and compliance in context of the organization
  • Understand, define, and enhance organizational culture as it relates to performance, risk, and compliance
  • Implement GRC processes that are effective, efficient, and agile
  • Motivate and inspire desired conduct through the concept of Principled Performance
  • Understand technology’s role in GRC
  • Learn how to develop a GRC strategic plan
  • Ongoing monitoring and continuous improvement of GRC activities through metrics and measurement

Workshop Agenda:

  • Introductions
  • GRC Challenges Organizations Face
  • GRC in Context
    • Business context and need for GRC
    • Layers of GRC
    • Advantages of OCEG’s Principled Performance
  • Defining Our Terms
  • OCEG GRC Capability Framework
    • Context
    • Organize
    • Assess
    • Proact
    • Detect
    • Respond
    • Measure
    • Interact
  • GRC Strategy
    • Elements of a GRC strategic plan
    • Current state to desired state
    • Business case for integrated GRC
    • Degrees of integration
  • GRC Professional Exam Preparation
    • GRCP exam areas
    • Exam resources
    • Sample GRCP exam questions
  • Wrap-Up

[/tab] [/tabs]

Effective 3rd Party Management Workshop

GRC 20/20 Workshops provide interactive training to groups of people on a range of GRC topics. These workshops provide a collaborative learning environment in which the attendees will be guided through lectures, problems, activities, and discussion.

GRC 20/20 can be engaged to deliver workshops internally to organizations as well as sponsored by GRC solution providers for their clients and prospects. GRC 20/20 regularly teaches the following workshops throughout the world in 1/2-day, full-day, and multi-day formats . . .

[tabs id=”Effective_3rd_Party_Management_Workshop” heading=”Effective 3rd Party Management Workshop”] [tab title=”Description” tabid=”Description”]

No company is an island unto itself: Organizations are a complex and diverse system of business relationships. Risk and compliance challenges do not stop at traditional organizational boundaries. Organizations today struggle to identify, manage, and govern extended business relationships as they stand in the shoes of their vendors, partners, suppliers, and relationships. Business partner problems and issues are the organizations problems that directly impact the organization’s brand and reputation. When questions of business practices, compliance, and controls arise, the organization is held accountable, and it must ensure that business partners behave appropriately.

Risk, regulatory, and business environments are in a constant state of change. Extended business relationships — supply chain, value chain, vendors, service providers, outsourcers, and contractors — cannot be left to themselves. Business relationships must comply with regulatory requirements, corporate and regional cultures, codes of conduct, statements of social responsibility and sustainability, policies, risk limits and controls, and other business practices. Anything that impacts business relationships can taint the organization’s brand — such as child labor, quality issues, fraud, privacy violations, or other misconduct. Procurement, and other parts of the business, tend to look at the formation of a business relationship and fail to foresee issues that can cascade and cause severe damage to reputation, and exposure to legal and operational risk throughout the ongoing relationship itself.

Organizations struggle with consistent processes to manage 3rd party risk and compliance. Business needs defined processes, information, frameworks, and technology to effectively and efficiently manage 3rd party extended business relationships. The goal is to enable business agility by providing defined and integrated accountability processes that can manage risk and compliance in the context of business change across business relationships. A clearly defined approach to managing risk and compliance across extended business relationships requires a consistent lifecycle and program supported by a common information and technology architecture.

 [/tab] [tab title=”Who Should Attend” tabid=”Who_Should_Attend”]

  • Risk Managers
  • Compliance Officers/Managers
  • Corporate Social Responsibility/Accountability
  • Procurement
  • Supply Chain Management
  • Vendor Management
  • Legal
  • IT/Information Security
  • Business Operations

[/tab] [tab title=”What Attendees Learn” tabid=”What_Attendees_Learn”]

  • Disarray of 3rd party management
  • Understand regulatory and risk issues in 3rd party/vendor management bearing down on organizations
    1. Supply chain/vendor Code of Conduct and policies
    2. Social Accountability/International Labor Standards
    3. Conflict Minerals
    4. Anti-Brbiery & Corruption
    5. Security
    6. Privacy
  • Roles & responsibilities in 3rd party management
  • 3rd party risk Assessment
  • 3rd party audit and inspections
  • Effective 3rd Party Management Lifecycle
    1. Understand regulatory and risk issues in 3rd party/vendor management bearing down on financial services organizations
    2. Conduct initial and ongoing due diligence in 3rd party and vendor relationships
    3. Protect the organization through communication of policy and requirements across 3rd party relationships
    4. Assess and score 3rd party/vendor risk
    5. Resolve issues before they grow out of control
    6. Provide oversight and reporting of vendor/3rd party relationships
  • How 3rd party management solutions deliver effective, efficient, and agile 3rd party management processes
  • Relationship of 3rd Party Management to Other Areas of GRC

[/tab] [/tabs]  

When to Write a Policy

Policies address risk and they introduce risk. Too many policies bring about a state of over control and possibly non-compliance as the organization cannot manage and monitor the policies in place. Too little policies bring a state of under-control in which the organization does not have sufficient guidance on conduct and behavior. Good policies provide clear operating structures for employees, processes, and business relationships with enough latitude to achieve business objectives.

Attendees will be able to address the following items:

  • Determine the need for policy based on the level of risk to the organization
  • Determine the need for a policy based on understanding of business objectives
  • Determine the need for a policy based on regulatory requirements
  • Provide a framework for organizaitons to use to determine if a policy should be written or another policy adapted

Effective Policy Management & Communication Workshop

GRC 20/20 Workshops provide interactive training to groups of people on a range of GRC topics. These workshops provide a collaborative learning environment in which the attendees will be guided through lectures, problems, activities, and discussion.

GRC 20/20 can be engaged to deliver workshops internally to organizations as well as sponsored by GRC solution providers for their clients and prospects. GRC 20/20 regularly teaches the following workshops throughout the world in 1/2-day, full-day, and multi-day formats . . .

[tabs id=”Effective_Policy_Management_Communication_Workshop1405″ heading=”Effective Policy Management & Communication Workshop”] [tab title=”Description” tabid=”Description”]Policies & procedures must be in place to safeguard and educate staff, to protect the organization against unnecessary risk, ensure the consistent operation of the business, uphold ethical values of the organization, and to defend the organization should it land in turbulent legal waters. 

However, effectively managing policies is easier said than done. Ad hoc or passive approaches mean that key policies are out-dated, scattered across the business, and not consistent– resulting in confusion for recipients; and an insufficient level of governance and reporting for auditors and regulators.

It is no longer enough to simply make policies available. Organizations need to guarantee receipt, affirmation AND understanding of policies across the business. To consistently manage and communicate policies, organizations are turning toward defined processes and technologies to manage the Policy lifecycle. The continual growth of regulatory requirements, complex business operations, and global expansion demand a well thought-out and implemented approach to policy management.

This workshop provides a collaborative learning environment in which the attendees will be guided through lectures and discussions to learn how to implement an effective policy management process within their organizations. [/tab] [tab title=”Who Should Attend” tabid=”Who_Should_Attend”]

  • Policy Managers & Administrators
  • Corporate Managers
  • Ethics
  • Human Resources
  • Legal
  • IT/Information Security
  • Corporate Social Responsibility
  • Supply/Value Chain
  • Health & Safety
  • Business Operations
  • And other roles responsible for writing, managing, and communicating policies[/tab] [tab title=”What Attendees Learn” tabid=”What_Attendees_Learn”]
  • Disarray of Policy Management
  • Defining a process lifecycle for managing policies 
  • Determining when to write a policy
  • Keeping policies current in the midst of business, risk, and regulatory change
  • Policy governance models
  • Establishing policy ownership and accountability 
  • Roles & responsibilities in policy management
  • Developing a MetaPolicy – the policy on writing policies
  • Providing consistency in policies through consistent style and language 
  • Communicating policies across extended business relationships 
  • Effective policy communication, attestation, and training 
  • Delivering an interactive and engaging policy portal to employees and partners
  • Monitoring metrics to establish effectiveness and/or issues with policies 
  • Maintaining policies and keeping them relevant
  • Enabling policies through a proper GRC information and technology architecture
  • Relating policy management to risk, issue/case, and other GRC areas[/tab] [/tabs] 

GRC Architecture Workshop

GRC 20/20 Workshops provide interactive training to groups of people on a range of GRC topics. These workshops provide a collaborative learning environment in which the attendees will be guided through lectures, problems, activities, and discussion.

GRC 20/20 can be engaged to deliver workshops internally to organizations as well as sponsored by GRC solution providers for their clients and prospects. GRC 20/20 regularly teaches the following workshops throughout the world in 1/2-day, full-day, and multi-day formats . . .

[tabs id=”GRC_Architecture_Workshop” heading=”GRC Architecture Workshop”] [tab title=”Description” tabid=”Description”]

“GRC is a capability to reliably achieve objectives while addressing uncertainty and acting with integrity.” OCEG GRC Capability Model 2.1

GRC is what is achieved in the business and its operations. This means that GRC needs to be understood in the context of business architecture. To achieve good GRC processes in your environment requires an understanding of what the business is about, how it operates, and how it should be monitored and controlled through information and technology.

GRC is about taking an enterprise/business architecture approach to understanding the business and how it operates. This includes:

  • Strategy architecture. Understanding what the business is about and where it is going. This requires that we understand GRC in the context of business performance, strategy, objectives as well as its culture and values.
  • Process architecture. Flowing from strategy are the processes that define the business and how it operates. Good GRC is done in the rhythm of the business.
  • Information architecture. To support business operations and processes you need a good definition of GRC related information and how information flows across the business.
  • Technology architecture. You need to make sure that GRC technologies integrate with your business operations, systems, and processes.

 [/tab] [tab title=”Who Should Attend” tabid=”Who_Should_Attend”]

  • GRC Architects
  • Enterprise Architects
  • IT Professionals
  • And others responsible for GRC Strategy, Process, Information, and Technology

[/tab] [tab title=”What Attendees Learn” tabid=”What_Attendees_Learn”]

  • Business is the context of GRC
  • The cadence of GRC in the rhythm of business
  • Relationship and integration of GRC to Enterprise Architecture
  • Understand a top-down as well as a bottom-up approach to defining a GRC process
  • Implement GRC in the context of business, process, and operations
  • Explore different GRC architecture models and how they apply to your organization
  • Discover the various technology categories for GRC and how they apply to your business
  • Take a risk-focused approach to developing a GRC information architecture
  • Align GRC with business performance, strategy, and objectives
  • Effectively communicate GRC with the business
  • Developing a GRC strategic plan
  • GRC Processes & the GRC Capability Model
  • GRC Information Architecture
  • How GRC Information Relates to Each Other
  • GRC Information in the Context of Business Strategy and Process
  • GRC Technology Architecture
  • Areas of GRC Technology
  • How GRC Technology Integrates Into the Business
  • GRC Technology Architecture Models[/tab] [/tabs] 

Effective Regulatory Change Management Workshop

GRC 20/20 Workshops provide interactive training to groups of people on a range of GRC topics. These workshops provide a collaborative learning environment in which the attendees will be guided through lectures, problems, activities, and discussion.

GRC 20/20 can be engaged to deliver workshops internally to organizations as well as sponsored by GRC solution providers for their clients and prospects. GRC 20/20 regularly teaches the following workshops throughout the world in 1/2-day, full-day, and multi-day formats . . .

[tabs id=”Effective_Regulatory_Change_Workshop” heading=”Effective Regulatory Change Management Workshop”] [tab title=”Description” tabid=”Description”]

In the time it takes you to consider this workshop your business has changed. Business drifts in a sea of change. One particular area of change that bears down on the organization is the siege of changing laws, regulations, and enforcement actions.

When regulatory change management is an ad hoc process with little to no documentation, accountability, and task management, there is no possibility to be intelligent about regulatory risk that impacts your business. The typical organization does not have adequate processes in place to monitor regulatory change, determine impact on business processes, prioritize, and make changes to policies. Information itself is not enough organizations are overwhelmed by data through legal and regulatory newsletters, Websites, e-mails, and content aggregators.

The organization needs a defined regulatory change management process to assimilate the intake of relevant information, track accountability on who needs to perform what actions, model the potential impact on the organization, establish priorities, and determine if the organizations policies, procedures, and controls need to be adjusted to address the change.

This workshop enables the attendee to build a regulatory intelligence strategy and process that monitors regulatory change, measures impact on the business, while implementing appropriate policy, training, and control updates.

 [/tab] [tab title=”Who Should Attend” tabid=”Who_Should_Attend”]

  • Compliance Officers/Managers
  • Internal Policy Managers/Administrators
  • Human Resources
  • Legal
  • IT/Information Security
  • Business Operations
  • Health and Safety

[/tab] [tab title=”What Attendees Learn” tabid=”What_Attendees_Learn”]

  • Disarray of regulatory change
  • Understand regulatory change management lifecycle
  • Roles & responsibilities in regulatory change management
  • Develop a regulatory taxonomy/framework indexed to your organizations enterprise risk taxonomy
  • Understand roles and responsibilities in the regulatory change management process
  • Conduct a business impact analysis to understand regulatory change impact on your business
  • Map regulations to policies so that you know what policies to review when regulations change
  • Revise communication and training programs to keep them current with regulatory change
  • Monitor and audit action plans to ensure that changes to regulations are driven into the controls of the business
  • Information & technology architecture for regulatory change management

[/tab] [/tabs] 

Why Companies Have a Disconnect Between Theory and Practice in Their GRC Practices

Mature Governance, Risk Management & Compliance Needs an Enterprise Architecture Approach

Continued on the MEGA Corporate Governance Blog (The GRC Pundit is a guest blogger) . . .

[button link=”http://community.mega.com/t5/Blog/Mature-Governance-Risk-Management-amp-Compliance-needs-an/ba-p/9315″ color=”default”]READ MORE[/button]

2014 GRC Value Award Nominations are Being Accepted

The 2014 GRC Value awards are to recognize GRC solutions that have returned significant and measurable value to an organization.

Whether technology, content, or professional service providers – all can submit an award about a solution or service.  However, the nomination must be on a specific implementation/project in a verifiable client.  No generalizations or consolidations of multiple clients.  The GRC Value awards are to acknowledge specific QUANTIFIABLE value in a specific instance.  Every nominee if selected for final recognition (both solution provider and client) must be willing to spend up to an hour on the phone (separately and not together) to discuss the submission and validate accuracy of submission.  Only the top nominations in each category will go through the validation process. 

All award submissions are based on a single real-world implementation.   Factual accuracy and integrity is necessary.  GRC 20/20 will take all the nominations and select in each category the submissions that articulate the greatest quantifiable value in objective, measurable terms.  We are looking for hard facts not just soft bullet points.  Time saved, dollars saved, FTEs reduced.  Numbers win, generalizations lose.  Every submission must have contact information of the organization that claims to have received this value.  These organizations will be contacted and interviewed to determine if they have actually received the stated value as portrayed.  Any misrepresentation of issues found will disqualify the nomination from receiving the award and the next set of nominations in each category will be evaluated.   

Each recipient of an award will be written up and acknowledged.  Details of the nomination will be referred to but can be handled anonymously (if formally requested) in award announcements/communications from GRC 20/20.

Nominations must be received by June 30, 2014.  Recipients will be notified in August 2014 at least two weeks before formal announcements/publications are made in early September 2014.

Download the nomination form:

{rsfiles path=”2014 GRC Value Nomination Form.docx”}