Determining the Effectiveness & ROI of Your GRC Program · Compliance impacts ROI 6/18/2012 17...
Transcript of Determining the Effectiveness & ROI of Your GRC Program · Compliance impacts ROI 6/18/2012 17...
6/18/2012
1
DeterminingtheEffectiveness&ROIofYourGRCProgram
DeterminingtheEffectiveness&ROIofYourGRCProgram
Bob Conlin, Chief Products Officer
SCCE Regional Conference
June 22, 2012
June 22, 2012Effectiveness & ROI of GRC 1
Today’sObjectivesToday’sObjectives
Adiscussionaround:
Trackingethicsandcompliancesuccess
MeasuringtheROIofyourethicsandcomplianceprograms&technology
Effectiveness & ROI of GRC June 22, 2012 2
6/18/2012
2
WhylistentoaGRCvendor?WhylistentoaGRCvendor? Combined ‐ ELT, EthicsPoint and Global Compliance have:
6,500+ customers
75% of the Fortune 100
More than half of the Fortune 1000
Sponsored an independent ROI study to determine the facts presented
today
Our sales effectiveness depends on our ability to help prospects build a
business case backed by a strong, defensible ROI
June 22, 2012Effectiveness & ROI of GRC 3
MaterialCostsofIneffectiveGRCMaterialCostsofIneffectiveGRC
Thenumberstellthestory:
$49MAveragesanctionforunlawful
ethicalviolation
5%Annualrevenuelosttofraud
$2.4Binfines
collectedbyDOJin2010‐11
43‐yearrecordhighinEEOCcharges
50%ofwitnessedunlawful
misconductgoesunreported
June 22, 2012Effectiveness & ROI of GRC 4
6/18/2012
3
ArecentstudybytheNationalWhistleblowersCenter
foundthat89.7% ofemployeeswhoeventuallyfilea
lawsuit,suchasaFalseClaimsActcase,initiallyreportedtheirconcernsinternallytoeithertheirsupervisororcompliancedepartment.
June 22, 2012Effectiveness & ROI of GRC 5
RISK DATA BEING LOST OR SILOEDRISK DATA BEING LOST OR SILOED
Observed
100%
Source: Compliance and Ethics Leadership Council
50%
Unreportedandlost
30%
Siloedortrapped
Actualriskbeingaddressed
20%
June 22, 2012Effectiveness & ROI of GRC 6
6/18/2012
4
In2011,some56%offraudshadexhibitedoneormorepriorredflagsbutonly10%ofthosehadbeenactedon.Thismeansthatcompanyandpublicsectoremployeesareconsistentlyfailingtoidentify,orrespondappropriatelytowarningsigns.
June 22, 2012Effectiveness & ROI of GRC 7
GOVERNANCE, RISK & COMPLIANCEGOVERNANCE, RISK & COMPLIANCE
8
Control,Monitoring&Enforcement
Event&CaseManagement
Strategy,Performance&Objectives
Reporting&Analytics
Audit&Assurance
RiskManagement
Policy&Procedures
ComplianceManagement
June 22, 2012Effectiveness & ROI of GRC
6/18/2012
5
LegalRisk
ManagementCorporateCompliance
CorporateSecurity
InternalAudit
HRInformationTechnology
FRAGMENTED OVERSIGHTFRAGMENTED OVERSIGHT
June 22, 2012Effectiveness & ROI of GRC 9
Nolongercanorganizationsaffordtofocusonsingleriskandcomplianceissuesasunrelatedprojects;norcantheyallowsoftwareBand‐AidsthatarenotintegratedwiththebusinesstomasqueradeasGRC.AtargetedstrategyaddressingGRCthroughcommonprocesses,informationandtechnologygetstotherootoftheproblem.
June 22, 2012Effectiveness & ROI of GRC 10
THE NETTHE NET
6/18/2012
6
COMPONENTS OF EFFECTIVE COMPLIANCE PROGRAMCOMPONENTS OF EFFECTIVE COMPLIANCE PROGRAM
ToneattheTop
RiskAssessment
Policies,Procedures,Guidelines
ReportingMechanism
Monitor&Assess
RiskAssessment
June 22, 2012Effectiveness & ROI of GRC 11
IntegrityCapital:5.8%higherIntegrityCapital:5.8%higher
7.9% 2.1%
Companieswithopenandactiveemployeecommunication
Othercompanies
Employees’comfortlevelinsharinghonestfeedbackcorrelateswithstrongbusinessreturns:
SOURCE: COMPLIANCE AND ETHICS LEADERSHIP COUNCIL
June 22, 2012Effectiveness & ROI of GRC 12
6/18/2012
7
TheGRCMaturityModelTheGRCMaturityModelCOM
PLIA
NCE C
OM
PLEXIT
Y
UNINFORMED | REACTIVE | ADAPTIVE | PROACTIVE | FULLY INFORMED
Effectiveness & ROI of GRC June 22, 2012 13
EFFECTIVE GRC ENABLES CLIENTS TO:EFFECTIVE GRC ENABLES CLIENTS TO:
COLLECT MANAGE LEARN
risk data from multiple sources
risk and case information in a centralized system
from risk‐related data and monitor program effectiveness
June 22, 2012Effectiveness & ROI of GRC 14
6/18/2012
8
Achieve business objectives
Make better decisions
Build strong cultures
Increase stakeholder confidence
ACT
Protect your brand
Manage organizational risk
Optimize economic & social value
June 22, 2012Effectiveness & ROI of GRC 15
EFFECTIVE GRC ENABLES CLIENTS TO:EFFECTIVE GRC ENABLES CLIENTS TO:
DeterminingtheROIDeterminingtheROIofyour
ethics&complianceprograms
June 22, 2012Effectiveness & ROI of GRC 16
6/18/2012
9
ComplianceimpactsROIComplianceimpactsROI
6/18/2012 17
Proactive compliance programs improve performance, employee relations,
brand equity and shareholder value.
Superiorgovernancepracticesgenerate20%greaterprofit.
Superiorgovernancepracticesgenerate20%greaterprofit.
PROF I TAB I L I T Y
Strongsenseofculturalintegrityboostsshareholderreturnby16%.
Strongsenseofculturalintegrityboostsshareholderreturnby16%.
PERFORMANCE
Organizationsincomplianceavoidupto95%offinesandpenalties.
Organizationsincomplianceavoidupto95%offinesandpenalties.
L IM I T EXPOSURE
Every$1spentsaves$5.21inliability,branddamage&lostproductivity.
Every$1spentsaves$5.21inliability,branddamage&lostproductivity.
MEASURAB L E RO I
‐MITSloanSchoolofManagement ‐ CorporateExecutiveBoard ‐ GeneralCounselRoundTable‐ FederalSentencingGuidelines
Meet NewCo: Compliance Experts
QuantifyyourprogramQuantifyyourprogramVALUE AREA SPECIFIC BENEFITS
OperationalEfficiencies Reduce timespenttalkingandrecordinghotlinecalls
Reducetimespentrecordingand reportingincidents
Reduce timespentsettingupincidentcases
Savings onmaterials,mailingandstoragecosts
Reduceaudit timeandcosts
Reducetimespentgeneratingmanagementreports
Reduceduplicatedeffort
Corporate Risk Increaseawarenessofsmallandmedium‐sized incidents
Reducefinesandpenaltiesfromregulatorybodies
CorporateOversight Reducefraudandotherunexpectedlossevents
Reducelitigationandsettlementcosts
Protectrevenuesbyproactivelymanaging risk
June 22, 2012Effectiveness & ROI of GRC 18
6/18/2012
10
CollectCollectREDUCE TIME SPENT RECORDING AND REPORTING INCIDENTS.
PriortohavinganautomatedsystemthereusedtobeasignificantamountofFTEtimerequiredatanumberofstagesintheprocess:from30‐60minutesrequiredforeachhotlinecall,2‐3hourspercasetogeteachset‐upandintothesystem,andabouthalfadayneededforeachreportthathadtobecreated.
– StaffingCoordinator
June 22, 2012Effectiveness & ROI of GRC 19
ManageManageREDUCE THE DUPLICATION OF EFFORT
Numerous departments are stakeholders
of a single investigation, often repeating
work
A centralized data repository enables
authorized users from every department
to see what is being worked on in real‐
time, avoiding duplication of effort
Theaveragetimerequiredtoresolveacasewasreducedbyatleast10%,duetoareductioninduplicationofeffort,eliminatingissuessuchastheamountoffollow‐upneededbetweendifferentgroups.
– StaffingCoordinator
June 22, 2012Effectiveness & ROI of GRC 20
6/18/2012
11
LearnLearnINCREASE AWARENESS OF INCIDENTS AND ALLEGATIONS
Therewasa40%increaseinthenumberofcasesreportedaftertheimplementationoftheEthicsPointsystem.
– Manager,Cases&Compliance
June 22, 2012Effectiveness & ROI of GRC 21
Act:UsedatatoimproveefficiencyAct:UsedatatoimproveefficiencyKey compliance management challenges facing organizations:
Minimizing time & costs requires to manage all aspects of case
management
Reduce duplication of effort across multiple departments and
processes
Allocate training programs and policies where needed based on active
and historic data
Increase overall corporate oversight to avoid fines/penalties, fraud
and other unexpected loss events.
June 22, 2012Effectiveness & ROI of GRC 22
6/18/2012
12
ROI BY VALUE DRIVERROI BY VALUE DRIVER
June 22, 2012Effectiveness & ROI of GRC 23
BENEFIT SUMMARY SAMPLEBENEFIT SUMMARY SAMPLE
June 22, 2012Effectiveness & ROI of GRC 24
6/18/2012
13
SampleClientSampleClientINDUSTRY Large energy services company
REQUIREMENT Meet anti‐bribery standards under UK Bribery Act, FCPA, and Dodd‐Frank
CHALLENGE Heavily manual processes for identifying, documenting and measuring incidents across four functional groups
• Code of conduct provided for 16 different means of raising issues• Issues being documented on paper via manual processes• Duplication of effort happening in assigning cases, re‐keying data, and capturing
multiple reports on the same issue
APPROACH • Conducted a stakeholder analysis to identify key areas of documentation by each functional group.
• Documented current state and desired state for process and touch points• Created process maps and policies to enforce consistent workflow• Developed change management and training strategy for key stakeholders and teams
IMPACT • Investment: $300,000 over 3 years• Payback 3.3 Months• ROI 605%
June 22, 2012Effectiveness & ROI of GRC 25
SampleClientSampleClient
Increaseoperational
efficiencies
Reducecorporaterisk
Improveoversight
June 22, 2012Effectiveness & ROI of GRC 26