Compliance is not easy. Organizations across industries have global clients, partners, and business operations. The larger the organization the more complex its operations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. New employees come, others leave, roles change. New business partner relationships are established, others terminated. The business enters new markets, opens new facilities, contracts with agents, or introduces new products. New laws are introduced, regulations change, the risk environment shifts (e.g., economic, geo-political, operational), impacting how business is conducted.
The dynamic and global nature of business is particularly challenging to compliance management. What may seem insignificant in one area can have profound impact on others. Compliance obligations and ethical risk are like the hydra in mythology—organizations combat risk, only to find more risk springing up. Executives react to changing compliance requirements and fluctuating legal and ethical exposure, yet fail to actively manage and understand the interrelationship of risk and compliance.
To maintain compliance and mitigate risk exposure, an organization must stay on top of changing regulatory requirements as well as a changing business environment, and ensure changes are in sync. Demands from governments, the public, business partners, and clients require your organization to implement defined compliance practices that are monitored and adapted to the demands of a changing business and regulatory environment. Compliance activities managed in silos often lead to the inevitable failure of an organization’s governance, risk management, and compliance (GRC) program. Reactive, document-centric, siloed information and processes fail to manage compliance, leaving stakeholders blind to the intricate relationships of compliance risk across the business. Management is not thinking about how compliance and risk management processes can provide greater insight. This ad hoc approach results in poor visibility across the organization and its control environment.
Yesterday’s compliance program no longer works. Boards desire a deeper understanding of how the organization is addressing compliance risk, whether its activities are effective, and how they are enhancing shareholder value. Oversight demands are changing the role of the compliance department to an active, independent program that can manage and monitor compliance risk from the top down. The breadth and depth of compliance risk bearing down on companies today requires a robust compliance program operating in the context of integrated enterprise risk management. This workshop aims to provide a blueprint for attendees on effective compliance management in a dynamic business, regulatory, and risk environment. Attendees will learn compliance management governance and process that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives of the workshop
Attendees will take back to their organization approaches to:
- Effectively manage compliance
- Understand the challenges and pitfalls of managing compliance
- Achieve success capitalizing on agility while maintaining compliance
- Facilitate ongoing monitoring of compliance
- Define a compliance management lifecycle for managing and monitoring compliance
- Establish compliance management ownership and accountability
- Provide compliance management process consistency
- Communicate effectively with employees and stakeholders on matters of compliance
- Track critical compliance workflow and tasks
- Deliver effective compliance governance and assurance to the board of directors, regulators, and stakeholders
- Monitor metrics to establish the effectiveness or compliance management
- Identify and resolve compliance issues
Benefits to attendees
- Understand a top-down as well as a bottom-up approach to compliance management
- Implement compliance management in the context of business strategies, processes, and operations
- Explore compliance management architecture models and how they apply to your organization
- Discover various compliance assessment and monitoring techniques and how they apply to your business
- Develop a compliance information architecture that aligns with business operations and processes
- Effectively communicate and gather attestation on compliance across your organizations
Who should attend?
- Ethics & Compliance Professionals
- Risk Management Professionals
- IT Security Professionals
- Legal Professionals
- Environmental, Health & Safety Professionals
- Corporate Social Responsibility & Accountability Professionals
- Audit Professionals
- Individuals with compliance management, ownership, or oversight responsibilities
Part 1: Compliance Management by Design
Why Compliance Management Matters
- Compliance in Disarray: how organizations mismanage compliance
- Compliance Exposure: how mismanaged compliance expose the organization to risk
- Current drivers & trends pressuring organizations in compliance management
- Different ways organizations approach compliance management
- What Effective Compliance Management Achieves: Compliance role in governance, risk management, and compliance
Part 2: Compliance Governance
Blueprint for Effective Compliance Management
- Compliance Governance Committee: bringing together the range of compliance management roles and responsibilities in the organization
- Compliance Management Charter: defining a structure to govern compliance across the organization
- How to Develop a Compliance Management Strategic Plan
Part 3: Compliance Management Lifecycle
Managing Compliance in Context of Business and Regulatory Change
- Compliance obligation identification
- Ongoing compliance and business context monitoring
- Compliance communications & attestations
- Compliance monitoring & assessment
- Compliance forms & approvals
- Compliance metrics & reporting
- Compliance evaluation, benchmarking & assurance
Part 4: Compliance Management Architecture
Enabling Information & Technology Management for Compliance Management
- Compliance Management Information Architecture: Blueprint for Managing Compliance Content and Related Data
- Types of compliance management information and how it integrates into compliance processes
- Components and requirements for a compliance information architecture
- Compliance Management Technology Architecture: Blueprint for Enabling Compliance Management Processes with Technology
- Kinds of compliance management technologies and what best serves the organization
- Capabilities and requirements of compliance management platforms
- Compliance Management Business Case: Articulating the Value of Effective Compliance Management
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
MetricStream is simplifying Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Our market-leading enterprise and cloud Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance.
The MetricStream GRC Journey methodology integrates GRC technologies and programs across business, IT, and security functions as we enable organizations to realize the vision of Pervasive GRC. Rich content from GRCIntelligence.com and thriving communities like ComplianceOnline.com, as well as MetricStream Special Interest Groups (mSIGs) support the ongoing success of our customers through real-time content feeds and best practices embedded in our Apps.
Leading companies across industry verticals are benefiting from MetricStream’s simple and modular approach to GRC that is transforming risk management in a business environment that is increasingly mobile, social, global, and virtual. We have been consistently rated as a market leader by leading analysts, and have received several awards and recognitions for product innovation and customer success.
MetricStream is headquartered in Palo Alto, California, and has offices across the globe.