Interact 2020 现场报道，第二天：风险与合规登上舞台
If there ever was a time for risk and compliance management to be in the spotlight, it’s now.
For Day Two of our annual user community event, the marquee was crowded with experts whose stock-in-trade is risk and compliance management. That included Mitratech’s own experts, some of the industry’s leading consultants and pundits, and our clients. All of them had plenty to talk about as they explored the effects the pandemic has had on their organizations and the business world at large.
GRC 2020: Seizing Opportunities in Times of Disruption
Mark Delgardo, Managing Director, GRC, at Mitratech and Scott Metro, Partner at PWC explored the GRC landscape in 2020, discussing how best to overcome, and even 茁壮成长 in a time of disruption and change. The recurring theme they debated was the need to constantly align compliance, legal and contractual obligations to the wider business processes. They reviewed how automation could best drive consistency, accuracy, and resilience across the enterprise and throughout the supply chain.
As Scott observed:
Managing The “New Normal” with a Remote Workforce
Tony Bethell, VP Strategic Alliances at Mitratech and Jay Chakraborty, Partner, PWC considered the practicalities of managing a remote workforce in a world that still requires compliance with a host of regulations and policies, despite many people continuing to work from home.
The issues they explored included policy and compliance enforcement, management, and attestation, where people are using a host of desktop-based applications, environments, and processes featuring Excel, Tableau, and Python, for example, to deliver customer services in a hybrid office/home-working environment. Core to their conversation was how to most effectively 控制权 these processes and applications, as Jay observed:
In these times…managing those endpoints (EUCs) is extremely critical, because it may be a matter of survival.
The New Paradigm of Obligations Management
吉姆-蒙哥马利, Director, Product Management at Mitratech played host to Karen Montgomery, Director, Risk & Compliance at Mitratech, Stephen Gutleber, a leader for Information, Security & Compliance at Aimbank, and renowned pundit and analyst 迈克尔-拉斯穆森（Michael Rasmussen of GRC 20/20.
The panel explored the plethora of regulatory and legal changes that are constantly being introduced across the world, and reviewed the best tools, strategies, and approaches to capturing them, assessing them, enforcing them, and reporting on them. The focus was on one’s own business, as well the need to look at third parties and even fourth parties to ensure comprehensive enterprise-wide obligations management, and Michael made that last requirement clear:
“What used to be understood as a compliance obligation internally now expands across third-party relationships.”
Ethics Rising: Creating a Culture of Ethics and Accountability
Dan Hamilton, President of Mosaic Consulting was joined by 布莱恩-麦戈文, GM, Workflow Solutions at Mitratech, and David Esposito, Director of Legal Operations at Capital One.
“Once an email goes out the door, you have no idea where it can end up… anything you say or write down, you should just assume it can become public knowledge.”
Vendor Risk Management: The Moment is Now!
Jay Fitzhugh, Chief Regulatory Officer at Mitratech led a panel that included 罗德尼-坎贝尔, Director of Third Party/Vendor Management at Valley National Bank, Hector Jimenez, Director of Operational and Vendor Risk Management at Enterprise Risk Management, and Adrian Rodriguez, VP/Internal Controls Manager at Amerant Everyone shared some excellent advice with several clear overall messages.
Vendor Risk Management is ever-growing and changing, therefore clear lines of communication are essential between contract owners and vendors through upper-level management. Automated vendor risk software is equally as important as employee training to ensure employees use the tools available to them. It’s important to take the time to draft strong vendor contracts with SLA’s and continuously monitor vendors beyond traditional, point-in-time reviews. And agility and business resiliency need to be incorporated into an overall VRM strategy, 特别是 in today’s environment.