How to Succeed in Mitigating Compliance Risks
-
Upload
stephan-blasilli -
Category
Data & Analytics
-
view
211 -
download
2
Transcript of How to Succeed in Mitigating Compliance Risks
How to Succeed in Mitigating Compliance Risks Without Really
Trying
Stephan Blasilli and John StrettonWashington, DC
June 2016
June 27-29, 2016The Ritz-Carlton, Pentagon City
2
Today’s agenda
1. What is compliance?
2. How can intelligent BPM systems (iBPMs) help manage compliance risks? What capabilities should you look for in iBPMs?
3. Techniques for agile tool building
4. How we used these techniques to address compliance risks in our industry (US energy and utilities)
June 27-29, 2016The Ritz-Carlton, Pentagon City
3
Let’s build a definition of “mitigating compliance risk”
Compliance
• Conforming to laws or rules
• Mandated or voluntary
• Subject to change
• Broad and leave room for interpretation
Compliance risk
• Financial, Social (Reputational)
• Acceptable versus unacceptable
Mitigating compliance risk
• Respond quickly to new and changing regulations
June 27-29, 2016The Ritz-Carlton, Pentagon City
4
Here’s an example of a compliance risk in our company
Compliance
• ISO 14001 environmental standard requires you to review the effectiveness of corrective actions
Compliance risk
• Reputational
Mitigating compliance risk
• Automatic task assignmentto review actioneffectiveness
June 27-29, 2016The Ritz-Carlton, Pentagon City
5
What compliance requirements exist within your company?
June 27-29, 2016The Ritz-Carlton, Pentagon City
6
The regulatory landscape for US energy companies reaches far and wide
Source: EnerKnol
June 27-29, 2016The Ritz-Carlton, Pentagon City
7
But what happens when these regulations change?
Source: EnerKnol
June 27-29, 2016The Ritz-Carlton, Pentagon City
8
The cost of non-compliance in our industry can be significant
June 27-29, 2016The Ritz-Carlton, Pentagon City
9
How can intelligent BPM systems (iBPMs) help manage compliance
risks?• Control processes across teams
• Constant chain of custody
• Escalation management
• Complete audit trail
• Quick process changes
• Automated notifications
• Real-time reporting
Agility is key
June 27-29, 2016The Ritz-Carlton, Pentagon City
10
Techniques for agile tool building
• Lean thinking
• MVPs
• Process performance measuring
• Validated learning
• Actionable metrics
• Rapid adoption
• Exception-based processing
June 27-29, 2016The Ritz-Carlton, Pentagon City
11
Think lean to be effective with minimal resources
Source: Eric Ries, The Lean Startup
Build a tool
Measure
ValidatedLearning
June 27-29, 2016The Ritz-Carlton, Pentagon City
12
How to build an MVP for compliance risks
Don’t overcomplicate things. Rigidity of the process should reflect the severity of compliance
risk.Source: Michael zur Muehlen, Stevens Institute of Technology
“Lean” process “Fat” process
Regulatory
Value preserving
Value adding
June 27-29, 2016The Ritz-Carlton, Pentagon City
13
Measure the performance of your MVP
• How users respond
• Understand which activities create value and which ones are waste
• For example: Manager review isn’t further mitigating compliance risk
June 27-29, 2016The Ritz-Carlton, Pentagon City
14
Validated Learning
MVP After validated learning
Collect user feedback to improve process
June 27-29, 2016The Ritz-Carlton, Pentagon City
15
Actionable metrics
Metrics should be:
• Actionable: Demonstrate a clear and causal relationship
• Auditable
• Accessible: Easily understood
Source: Eric Ries, The Lean Startup
Focus on quantityof usage
Adoption phase
Focus on qualityof usage
Established tool
June 27-29, 2016The Ritz-Carlton, Pentagon City
16
Rapid adoption
Regular reminders
Secure commitment from management to act on activity reports
Report on tool usage
Integrate the solution into employee routines
June 27-29, 2016The Ritz-Carlton, Pentagon City
17
Important concept for high-volume processes
Exception-based processing
• Identify criteria for “routine” cases which can be handled by automation (or the minimum possible amount of manual intervention)
• Only cases which do not meet these criteria require additional control steps
June 27-29, 2016The Ritz-Carlton, Pentagon City
18
Example 1: Compliance reporting to government agency
Compliance requirement
• Record and report activities related to construction of a power plan
Challenge
• Requirements are guidelines not rules
• MVP built and tested within 1 week
Solution
• Activity tracker
• Rapid adoption through real-time reports
June 27-29, 2016The Ritz-Carlton, Pentagon City
19
Example 2: ISO compliance
Compliance requirement
• ISO 14001 environmental standard
Challenge
• Pre-assessment revealed lack in incident management practice
• MVP developed + training < 1 month
Solution
• Dynamic incident management tool
• Validated learning (3 versions in <1 year)
June 27-29, 2016The Ritz-Carlton, Pentagon City
20
Summary: What have we discussed today?
• The regulatory landscape for energy companies and utilities is constantly shifting
• Monetary impact of non-compliance can be significant
• Use iBPMs to confront this challenge
• Agility is key
• To address agility challenge apply MVPs, validated learning, rapid adoption, and exception-based processing
June 27-29, 2016The Ritz-Carlton, Pentagon City
21
Thank you for your attention!
Stephan BlasilliCorporate Initiatives EDP [email protected](832) 266-7495
John StrettonCorporate Initiatives EDP [email protected](713) 365-2537