Building an Integrated and Sustainable ERM Framework

Business operations are becoming increasingly complex. Multiple factors including – exponential growth and change in risks, regulations, globalization, distributed operations, processes, technologies are impacting organizations of all sizes. Managing this change and deriving meaningful information for decision making is a significant challenge for boards, executives, and GRC professionals. Many organizations continue to lag as risks are managed in disconnected silos without collaborating and sharing information. Without an integrated risk information architecture, organizations are challenged to build risk knowledge from scattered data points residing in silos.

Join this session, where experts will discuss how to address the challenge of herding the silos of risk, and established a structured and systemic approach to risk management unified with clear visibility into the top risks affecting each business unit and the company overall.

Join this webinar with executives GRC 20/20 Research as they discuss:

  • The challenges organizations face
  • The solution: How to establish a structured and systemic approach to risk management
  • How to enable a Risk Management Architecture for ERM and Beyond
  • Key components to consider and best practices to follow
  • Defining the technology infrastructure necessary to support a unified and sustainable ERM approach
  • Organizational benefits: by implementing a holistic, integrated, and optimized risk framework

When to Write a Policy

Policies address risk and they introduce risk. Too many policies bring about a state of over control and possibly non-compliance as the organization cannot manage and monitor the policies in place. Too little policies bring a state of under-control in which the organization does not have sufficient guidance on conduct and behavior. Good policies provide clear operating structures for employees, processes, and business relationships with enough latitude to achieve business objectives.

Attendees will be able to address the following items:

  • Determine the need for policy based on the level of risk to the organization
  • Determine the need for a policy based on understanding of business objectives
  • Determine the need for a policy based on regulatory requirements
  • Provide a framework for organizaitons to use to determine if a policy should be written or another policy adapted

ISO31000 and GRC: complementary?

ISO 31000 standard proposes a structured approach for any risk management program to include the vocabulary, principles, framework and process for the management of risk. GRC typically encompasses activities such as corporate governance, risk management and corporate compliance with applicable laws and regulations. What are the differences and what is the added value of each approach?

  • Optimizing ERM Through GRC Principles: Collaboration and Integration of Risk with Governance and Compliance
  • What are the pains and frustrations organizations are experiencing with risk management and GRC
  • How does ERM relate to GRC and vice versa
  • How an integrated and collaborative approach drives performance and integrity
  • What is the role of a strategy, process, information, and technology architecture approach to risk and GRC

3rd Party Management in Financial Services

Regulators such as the OCC, FDIC, CFPB, and NCUA are honing in on the financial services industry and, specifically, their oversight of 3rd party relationships – including vendors. Given the changes in the regulatory environment, the complexities of managing the same 3rd parties across very different regulatory bodies exposes the organization to very different risks.

As a professional in the financial services industry, you are under increasing scrutiny from the regulators to appropriately manage your 3rd party relationships.

In this webinar, you will learn how to build efficient, effective, and agile 3rd party management programs, including:

  • Understand today’s critical regulatory and risk issues in 3rd party management
  • Conduct initial and ongoing 3rd party due diligence
  • Protect the organization through communication of policy and requirements
  • Assess and score 3rd party risk
  • Resolve issues proactively before they grow out of control
  • Provide oversight and reporting of 3rd parties
  • Deliver effective, efficient, and agile 3rd party management processes by leveraging appropriate technology

Defining a GRC Strategy and Blueprint that Bridges GRC Silos

Governance, risk, and compliance (GRC) is not a single role in the organization. Effective GRC requires collaboration across business areas that have historically operated as introverted silos. This comprehensive three-hour workshop walks you through the process of defining a central GRC strategy that encompasses all areas of your business. By attending, you learn how to:

  • Bring together disparate views of risk and compliance along with the roles and stakeholders involved in GRC
  • Formulate strategies to begin and maintain collaboration on GRC across the organization
  • Incorporate IT to drive sustainability, consistency, efficiency, and transparency into enterprise risk and compliance initiatives
  • Assess the complex landscape of applications and technologies that need to start working together to provide a coherent picture into enterprise GRC
  • Incorporate the taxonomy of applications and technologies used for GRC into blueprint architecture
  • Build a roadmap for a successful GRC strategy with a firm technology foundation
  • Stay abreast of dynamic environments, risks, regulations, and case law across multiple jurisdictions

Get Your GRC House in Order: Fundamental Steps Before Buying GRC Technology

Your organization could be at risk because of the scattered and disconnected approaches of past compliance information and processes. To prevent unanticipated risk exposure, your organization may require a governance, risk management and compliance (GRC) that takes into account a thorough understanding of the state of your environment.

So how do you get your GRC house in order?

GRC 20/20 will answer just that in presentation that will examine why organizations need to develop a strategic plan to manage GRC information and processes, and how to put a plan in place. Topics will include:

  • Managing Scattered GRC Information
  • How isolated risk and compliance initiatives introduce greater risk
  • Why siloed GRC information and processes are ineffective
  • Fundamental Steps to Establishing Your GRC Strategy

After an organization has accomplished these steps, it is then ready to think of GRC technology platforms that align to the needs of the organization instead of retrofitting a GRC strategic plan into a system that may not be the right one for the organization.

Maintaining Policies and Keeping Them Relevant

The webinar on policy management addresses a common flaw – the failure to properly maintain policies once issued.  Every policy should go into a periodic review to ensure it remains accurate and necessary.  And given the number of policies in most organizations, and the numerous factors that may give rise to a need for change, this is not as simple as it sounds.  Join our panel of experts for a roundtable discussion of the challenges, best practices, and benefits of a defined system for poicy maintenance.

Learning Objectives:

  • Establish the key steps in policy maintenance
  • Define pathways for receipt of information
  • Determine meaningful metrics
  • Understand value of history and audit trails for defense

Measuring Policy Compliance and Metrics

This webinar looks at the critical issue of ensuring policy adherence, compliance, and metrics for managing polices.  Attendees will learn the challenges, best practices, and benefits of a measurable and trackable system for policy enforcement.

Learning Objectives:

  • Understand monitoring and validation of compliance to policies
  • Define methods for compliance metrics and assessments
  • Determine how to manage exceptions

Increasing Compliance Effectiveness, Efficiency, and Agility with Technology

Compliance obligations and risk to the business is like the hydra in mythology — organizations combat risk, only to find more risk springing up to threaten the organization. Managing GRC activities in disconnected silos leads the organization to inevitable failure. Reactive, document-centric, siloed applications, and manual processes for GRC fail to actively manage compliance in context and leaves the organization blind to intricate relationships of compliance and risk across the business. Without an integrated view of risk and compliance information the scattered and nonintegrated approaches of the past fail and expose the business to unanticipated risk. In a mature GRC program, the organization has an integrated process, information and technology architecture that provides visibility across risk and compliance domains. It offers an integrated approach for business managers and executives to leverage GRC data for risk-aware decision-making and resource allocation.

To address these issues, leading organizations have adopted a common framework, information and technology architecture with shared processes to effectively manage risk and compliance, enable risk-aware decision-making, increase efficiencies, and be agile in response to the needs of a dynamic business environment. Business today requires a common GRC architecture that is context-driven and adaptable to a dynamic and changing business environment.

Effective Policy Awareness and Training

This webinar explores the best practices for distributing policies and determining when and how to provide training.  We often think that once a policy has been formally issued the job is done, but that is far from the truth.  Properly communicating about the availability of the policy is only the start.  Attendees will learn the challenges, best practices, and benefits of a well thought out policy communication plan.

Learning Objectives:

  • Define the key parts of a policy communication plan
  • Identify methods for tracking and delivering training and attestations
  • Determine ways to enable employee access to policies and related materials