6/18/2012

1

DeterminingtheEffectiveness&ROIofYourGRCProgram

DeterminingtheEffectiveness&ROIofYourGRCProgram

Bob Conlin, Chief Products Officer

SCCE Regional Conference

June 22, 2012

June 22, 2012Effectiveness & ROI of GRC 1

Today’sObjectivesToday’sObjectives

Adiscussionaround:

Trackingethicsandcompliancesuccess

MeasuringtheROIofyourethicsandcomplianceprograms&technology

Effectiveness & ROI of GRC June 22, 2012 2

6/18/2012

2

WhylistentoaGRCvendor?WhylistentoaGRCvendor? Combined ‐ ELT, EthicsPoint and Global Compliance have:

6,500+ customers

75% of the Fortune 100

More than half of the Fortune 1000

Sponsored an independent ROI study to determine the facts presented 

today

Our sales effectiveness depends on our ability to help prospects build a 

business case backed by a strong, defensible ROI

June 22, 2012Effectiveness & ROI of GRC 3

MaterialCostsofIneffectiveGRCMaterialCostsofIneffectiveGRC

Thenumberstellthestory:

$49MAveragesanctionforunlawful

ethicalviolation

5%Annualrevenuelosttofraud

$2.4Binfines

collectedbyDOJin2010‐11

43‐yearrecordhighinEEOCcharges

50%ofwitnessedunlawful

misconductgoesunreported

June 22, 2012Effectiveness & ROI of GRC 4

6/18/2012

3

ArecentstudybytheNationalWhistleblowersCenter

foundthat89.7% ofemployeeswhoeventuallyfilea

lawsuit,suchasaFalseClaimsActcase,initiallyreportedtheirconcernsinternallytoeithertheirsupervisororcompliancedepartment.

June 22, 2012Effectiveness & ROI of GRC 5

RISK DATA BEING LOST OR SILOEDRISK DATA BEING LOST OR SILOED

Observed

100%

Source: Compliance and Ethics Leadership Council

50%

Unreportedandlost

30%

Siloedortrapped

Actualriskbeingaddressed

20%

June 22, 2012Effectiveness & ROI of GRC 6

6/18/2012

4

In2011,some56%offraudshadexhibitedoneormorepriorredflagsbutonly10%ofthosehadbeenactedon.Thismeansthatcompanyandpublicsectoremployeesareconsistentlyfailingtoidentify,orrespondappropriatelytowarningsigns.

June 22, 2012Effectiveness & ROI of GRC 7

GOVERNANCE, RISK & COMPLIANCEGOVERNANCE, RISK & COMPLIANCE

8

Control,Monitoring&Enforcement

Event&CaseManagement

Strategy,Performance&Objectives

Reporting&Analytics

Audit&Assurance

RiskManagement

Policy&Procedures

ComplianceManagement

June 22, 2012Effectiveness & ROI of GRC

6/18/2012

5

LegalRisk

ManagementCorporateCompliance

CorporateSecurity

InternalAudit

HRInformationTechnology

FRAGMENTED OVERSIGHTFRAGMENTED OVERSIGHT

June 22, 2012Effectiveness & ROI of GRC 9

Nolongercanorganizationsaffordtofocusonsingleriskandcomplianceissuesasunrelatedprojects;norcantheyallowsoftwareBand‐AidsthatarenotintegratedwiththebusinesstomasqueradeasGRC.AtargetedstrategyaddressingGRCthroughcommonprocesses,informationandtechnologygetstotherootoftheproblem.

June 22, 2012Effectiveness & ROI of GRC 10

THE NETTHE NET

6/18/2012

6

COMPONENTS OF EFFECTIVE COMPLIANCE PROGRAMCOMPONENTS OF EFFECTIVE COMPLIANCE PROGRAM

ToneattheTop

RiskAssessment

Policies,Procedures,Guidelines

ReportingMechanism

Monitor&Assess

RiskAssessment

June 22, 2012Effectiveness & ROI of GRC 11

IntegrityCapital:5.8%higherIntegrityCapital:5.8%higher

7.9% 2.1%

Companieswithopenandactiveemployeecommunication

Othercompanies

Employees’comfortlevelinsharinghonestfeedbackcorrelateswithstrongbusinessreturns:

SOURCE: COMPLIANCE AND ETHICS LEADERSHIP COUNCIL

June 22, 2012Effectiveness & ROI of GRC 12

6/18/2012

7

TheGRCMaturityModelTheGRCMaturityModelCOM

PLIA

NCE C

OM

PLEXIT

Y

UNINFORMED       |       REACTIVE       |       ADAPTIVE       |       PROACTIVE       |       FULLY INFORMED 

Effectiveness & ROI of GRC June 22, 2012 13

EFFECTIVE GRC ENABLES CLIENTS TO:EFFECTIVE GRC ENABLES CLIENTS TO:

COLLECT MANAGE LEARN

risk data from multiple sources

risk and case information in a centralized system

from risk‐related data and monitor program effectiveness

June 22, 2012Effectiveness & ROI of GRC 14

6/18/2012

8

Achieve business objectives

Make better decisions

Build strong cultures

Increase stakeholder confidence

ACT

Protect your brand

Manage organizational risk

Optimize economic & social value

June 22, 2012Effectiveness & ROI of GRC 15

EFFECTIVE GRC ENABLES CLIENTS TO:EFFECTIVE GRC ENABLES CLIENTS TO:

DeterminingtheROIDeterminingtheROIofyour

ethics&complianceprograms

June 22, 2012Effectiveness & ROI of GRC 16

6/18/2012

9

ComplianceimpactsROIComplianceimpactsROI

6/18/2012 17

Proactive compliance programs improve performance, employee relations, 

brand equity and shareholder value.

Superiorgovernancepracticesgenerate20%greaterprofit.

Superiorgovernancepracticesgenerate20%greaterprofit.

PROF I TAB I L I T Y

Strongsenseofculturalintegrityboostsshareholderreturnby16%.

Strongsenseofculturalintegrityboostsshareholderreturnby16%.

PERFORMANCE

Organizationsincomplianceavoidupto95%offinesandpenalties.

Organizationsincomplianceavoidupto95%offinesandpenalties.

L IM I T   EXPOSURE

Every$1spentsaves$5.21inliability,branddamage&lostproductivity.

Every$1spentsaves$5.21inliability,branddamage&lostproductivity.

MEASURAB L E   RO I

‐MITSloanSchoolofManagement ‐ CorporateExecutiveBoard ‐ GeneralCounselRoundTable‐ FederalSentencingGuidelines

Meet NewCo: Compliance Experts

QuantifyyourprogramQuantifyyourprogramVALUE AREA SPECIFIC BENEFITS

OperationalEfficiencies Reduce timespenttalkingandrecordinghotlinecalls

Reducetimespentrecordingand reportingincidents

Reduce timespentsettingupincidentcases

Savings onmaterials,mailingandstoragecosts

Reduceaudit timeandcosts

Reducetimespentgeneratingmanagementreports

Reduceduplicatedeffort

Corporate Risk Increaseawarenessofsmallandmedium‐sized incidents

Reducefinesandpenaltiesfromregulatorybodies

CorporateOversight Reducefraudandotherunexpectedlossevents

Reducelitigationandsettlementcosts

Protectrevenuesbyproactivelymanaging risk

June 22, 2012Effectiveness & ROI of GRC 18

6/18/2012

10

CollectCollectREDUCE TIME SPENT RECORDING AND REPORTING INCIDENTS. 

PriortohavinganautomatedsystemthereusedtobeasignificantamountofFTEtimerequiredatanumberofstagesintheprocess:from30‐60minutesrequiredforeachhotlinecall,2‐3hourspercasetogeteachset‐upandintothesystem,andabouthalfadayneededforeachreportthathadtobecreated.

– StaffingCoordinator

June 22, 2012Effectiveness & ROI of GRC 19

ManageManageREDUCE THE DUPLICATION OF EFFORT  

Numerous departments are stakeholders 

of a single investigation, often repeating 

work

A centralized data repository enables 

authorized users from every department 

to see what is being worked on in real‐

time, avoiding duplication of effort

Theaveragetimerequiredtoresolveacasewasreducedbyatleast10%,duetoareductioninduplicationofeffort,eliminatingissuessuchastheamountoffollow‐upneededbetweendifferentgroups.

– StaffingCoordinator

June 22, 2012Effectiveness & ROI of GRC 20

6/18/2012

11

LearnLearnINCREASE AWARENESS OF INCIDENTS AND ALLEGATIONS  

Therewasa40%increaseinthenumberofcasesreportedaftertheimplementationoftheEthicsPointsystem.

– Manager,Cases&Compliance

June 22, 2012Effectiveness & ROI of GRC 21

Act:UsedatatoimproveefficiencyAct:UsedatatoimproveefficiencyKey compliance management challenges facing organizations:

Minimizing time & costs requires to manage all aspects of case 

management

Reduce duplication of effort across multiple departments and 

processes

Allocate training programs and policies where needed based on active 

and historic data

Increase overall corporate oversight to avoid fines/penalties, fraud 

and other unexpected loss events.

June 22, 2012Effectiveness & ROI of GRC 22

6/18/2012

12

ROI BY VALUE DRIVERROI BY VALUE DRIVER

June 22, 2012Effectiveness & ROI of GRC 23

BENEFIT SUMMARY SAMPLEBENEFIT SUMMARY SAMPLE

June 22, 2012Effectiveness & ROI of GRC 24

6/18/2012

13

SampleClientSampleClientINDUSTRY Large energy services company

REQUIREMENT Meet anti‐bribery standards under UK Bribery Act, FCPA, and Dodd‐Frank

CHALLENGE Heavily manual processes for identifying, documenting and measuring incidents across four functional groups

• Code of conduct provided for 16 different means of raising issues• Issues being documented on paper via manual processes• Duplication of effort happening in assigning cases, re‐keying data, and capturing 

multiple reports on the same issue

APPROACH • Conducted a stakeholder analysis to identify key areas of documentation by each functional group.

• Documented current state and desired state for process and touch points• Created process maps and policies to enforce consistent workflow• Developed change management and training strategy for key stakeholders and teams

IMPACT • Investment: $300,000 over 3 years• Payback 3.3 Months• ROI 605%

June 22, 2012Effectiveness & ROI of GRC 25

SampleClientSampleClient

Increaseoperational

efficiencies

Reducecorporaterisk

Improveoversight

June 22, 2012Effectiveness & ROI of GRC 26

6/18/2012

14

Questions?Questions?

BobConlinChiefProductsOfficerbconlin@ethicspoint.com

Effectiveness & ROI of GRC June 22, 201227