How Compliance Technology Can Build an Effective GRC Program
Change is the greatest challenge impacting compliance. How can compliance technology help you successfully navigate these changes and build an effective compliance program?
We’re currently seeing a significant volume of legal and regulatory change – changes in laws rules, regulations, and enforcement actions. We have changes in the external risk environment involving market forces, geopolitical risk, competition, and societal shifts driven by technology. And we have the internal business changes involving strategy, processes, technology, employees, third-party relationships, mergers, and acquisitions.
Parte de nuestro Convertirse en un profesional de la gestión de políticas serie
How can you successfully navigate these changes and build an effective compliance program?
To explore the answers, Graham Machray y Henry Umney, SVP of Commercial at Mitratech (on the GRC side of our portfolio), sat down with Michael Rasmussen, founder of GRC 20/20 Research, LLC and an internationally recognized pundit on governance, risk management, and compliance, during this year’s Interact EMEA conference.
With a look at the biggest challenges to overcome and best practices to adopt, our experts dove deep into how to navigate the potential chaos ahead. Just some of what was touched on?
Navigating the chaos of change
“Navigating chaos is trying to keep up with all this change – regulatory change, risk change, and change in the business. And not just keeping up with all this change individually, but trying to keep all this change in sync.”
“Regulators and law enforcement are wisening up…and want to see a complete system of record. What compliance assessment was done and on what date and time? Who was that policy communicated to? How do they access that policy? How are they trained on that policy?” observed Michael Rasmussen.
“You look at the United States, The Department of Justice evaluation of compliance program guidelines were just updated last June. One of the significant things that came out in that update was the system of record and audit trail,” he said. “And a lot of organizations will fall down because they don’t have a strong audit trail and system of record of activities and interactions. Because documents, spreadsheets, and emails just do not deliver it.”
Where compliance technology can step in
“Organizations need to take a top-down approach to understand ‘what is our compliance management strategy?’ What are the common processes and themes that need to be defined to manage that strategy and implement it?” Rasmussen continued. “And then what’s the information technology architecture that can enable this? The strategy itself needs to understand how we communicate with executives and the board and fulfill fiduciary obligations there.”
[bctt tweet=”‘Regulators and law enforcement are wising up…and want to see a complete system of record.’ – Michael Rasmussen” via=”no”]
“We have the use of technology (like the IoT) that can cause compliance issues,” he pointed out, “but then we have the use of technology that can actually mejorar compliance and help us manage a stronger system of record and audit trail.
“My point…is that documents spreadsheets and emails aren’t going to get you there, it’s going to wear the organization down,” Rasmussen said, “and you’re going to work complaints challenges because of it, and we need to look way for ways to automate this.”
Henry Umney pointed out that choosing the right compliance technology in the first place is key to success. “Selecting the appropriate tool of tools to meet the compliance agenda is is important so that you don’t take and backward steps.”
One aspect of compliance technology he pointed out was the need for enterprise-capable integrated solutions that can also be componentized. “So we have organizations that use (our) policy management,” he cited as an example,”either at the divisional level, but then across the enterprise.” This allows smaller organizations to utilize specific solutions, but larger ones can take advantage of more or all of a provider’s enterprise compliance suite.