Value Achieved in Policy Management
Executive SummaryThe haphazard department and document-centric approaches for policy management of the past compound the problem and do not solve it. It is time for organizations to step back and implement a centralized strategy and approach to authoring, approving, maintaining, and communicating policies across the organization. KeyBank, a subsidiary of KeyCorp (NYSE: KEY), is one of the nation’s largest bank-based financial services companies headquartered in Cleveland, Ohio. With over 18,000 employees, KeyBank’s customers span retail, small business, corporate, and investment banking clients. It has approximately 1,200 branches across 15 states. KeyBank had challenges with policy management in context of it’s accounting policies. They had a process that they described as very ‘clunky,’ manual, and time consuming, with a lot of duplicative work and redundancy. Accounting policies were updated through a series of three phases of review, commentary, and approval between the policy owner teams, the core policy team, and the policy committee. Policy exceptions were identified, reviewed, and approved on an ad hoc basis throughout the year. GRC 20/20 has evaluated and verified the implementation of Wdesk at KeyBank and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized KeyBank and Workiva with a 2019 GRC Value Award in the domain of Policy & Training Management.
Table of Contents
- Policy Management Requires Attention
- Policies: A Foundation in GRC Strategies
- Hordes of Policies Scattered Across the Organization
- Poor Policy Management Exposes the Organization to Liability
- KeyBank: Value Achieved in Policy & Training Management.
- The Challenge KeyBank Faced
- Solution to KeyBank Problem
- KeyBank Achieved Value in GRC Efficiency, Effectiveness, and Agility
- GRC Efficiency Value
- GRC Effectiveness Value
- GRC Agility Value
- GRC 20/20’S Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
AuthorMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.