Regulatory Change Management
-
Upload
360factors -
Category
Presentations & Public Speaking
-
view
191 -
download
1
description
Transcript of Regulatory Change Management
Regulatory Change Management Page 1
Welcome!
Regulatory Change Management Webinar
by 360factors and GRC 20/20
Regulatory Change Management Page 2Page 2
Panelists
Ed Sattar- ModeratorCEO- 360factors Regulatory Change Management Thought Leader
Christopher Duden-PanelistCOO-360factors
Michael Rasmussen -ModeratorChief GRC Pundit & Principal Analyst
Dwyayne Jorgenson – PanelistCIA, CFE - Governance/Risk/Controls/Audit Expert
Regulatory Change Management Page 3Page 3
Rising Regulations and Cost
Regulatory Change Management Page 4Page 4
Regulatory Change Impacting Policies
Source: Thomson Reuters
Regulatory Change Management Page 5Page 5
Source: Davis, Polk Dodd-Frank Infographics
Regulatory change is significantly impacting organizations and their policies
Regulatory Change Management Page 6
1. Over or Under complying is expensive
2. Organizations need to be able to react to risk and business change
3. Regulators are tired of paper-based compliance programs
4. Regulatory change management needs to be defensible
Four Reasons to Implement Regulatory Change Management
Regulatory Change Management Page 7Page 7
RequirementsRegulations
Standards
Business Requirements
Business Process
Risks & Controls
Organization
Location/
Assets
Regulatory Change Management MethodologyHOW
WHY
WHAT
WHO
WHERE
Regulatory Change Management Page 8
1. Regulatory knowledge base and taxonomy
2. Risk and internal controls
3. Business process -> Regulatory workflow
4. Location / Assets
5. Roles and responsibilities of key management functions
Five Steps to Manage RegulatoryCompliance
Regulatory Change Management Page 9Page 9
Requirements
Knowledge
Based &
Taxonomy
Business Process
Risk and Internal Controls
Roles and Responsibil
ities
Locations and Assets
1. Regulations, standards, requirements and objectives library management
2. Parse the actions from requirements: who, what, when, where, and frequency.
3. Monitor regulatory change
4. Effective vs. Proposed.
5. Mapping- regulatory requirements to CAPA, policy procedures, evidence, checklists, and day-to-day compliance tasks
6. Applicability
Step 1- Requirements Knowledge Base & TaxonomyCOMPONENTS OF A REQUIREMENTS KNOWLEDGE BASE
Regulatory Change Management Page 10
Step 1 a- Effective and Mature Regulatory Intelligence Delivers:
Regulatory IntelligenceMaturity Delivers . . .
Holistic awareness of changing regulatory risk
Alignment of culture and policy
Risk-intelligent decision-making
Accountability of regulotry change risk
Multidimensional regulatorion analysis and planning
Visibility of risk as it relates to performance and strategy
Regulatory Change Management Page 11
Step 1 b- GRC 20/20’s Regulatory Intelligence Maturity Model Steps to Increase Maturity
1 •Define a regulatory taxonomy
2 •Establish subject matter experts
3 •Map policies and other content to regulations
4 •Integrate content feeds from knowledge providers
5 •Provide accountability through workflow and task management
Regulatory Change Management Page 12Page 12
1. What is impacted?
2. Define internal controls
3. Define risk levels
Step 2- Risk & Internal Controls
Requirements
Knowledge
Based &
Taxonomy
Roles and Responsibi
lity
Risk and Internal Controls
Reporting
Regulatory Compliance Software
Regulatory Change Management Page 13Page 13
Step 2 a- Risk & Internal Controls
Requirement
s Knowledge
Based &
Taxonomy
Roles and Responsib
ility
Risk and
Internal Controls
Reporting
Regulatory
Compliance Software
What is management’s responsibility with regards to internal controls and reporting?
What is audit’s responsibility with regards to internal controls and reporting?
What is the board’s responsibility with regards to internal controls and reporting?
Regulatory Change Management Page 14Page 14
Weak Technology• Documents& spreadsheets• Email for workflow & tasks• No audit trail or accountability
Moderate Technology• Basic workflow & task management• No regulatory content feeds• Audit trail for accountability
Strong Technology• Enterprise workflow• Integrated and actionable regulatory content with
policy management• Closed loop process – everything integrated into
one platform• Indexing of regulations to other policies
Small Workforce Large Workforce
Hig
h R
isk
Low
Ris
k
Step 2 b - Risk & Internal Controls
Regulatory Change Management Page 15Page 15
1. Business Process Impact, compliance process around sites, assets, events , timely decisions
3. Process automation and cost
4. Manual vs automation
Step 3- Business Process
Requirements
Knowledge
Based &Taxono
my
Business Process
Risk and Internal Controls
Reporting
Regulatory Compliance
Software
Regulatory Change Management Page 16Page 16
Automate corrective action to increase speed, eliminate waste and cut costs
Automate scheduling, tasking and tracking
Embed transparency and accountability
Automate management of change
PROCESSESS THAT CAN BE AUTOMATED
PROCESSESS THAT CANNOT BE AUTOMATED
Determining Applicability
Subject matter expertise
Step 3 a- Business Process
Requirements
Knowledge
Based &Taxono
my
Business Process
Risk and Internal Controls
Reporting
Regulatory Compliance
Software
Regulatory Change Management Page 17Page 17
1. Where is compliance being done?
2.Compliance done at the site and asset level
Step 4. Location & Assets
Requirements
Knowledge Based
&Taxonom
y
Business Process
Risk and Internal Controls
Roles & Responsibility
Location / Assets
Regulatory Change Management Page 18Page 18
1. Why is it important to define the roles and responsibilities before you create an Regulatory Compliance Framework?
2. What are the barriers to creating a Regulatory Compliance Framework?
3. Is there a specific role and responsibility structure or can it vary from organization and industries?
Step 5. Roles & Responsibility
Requirements
Knowledge Based
&Taxonom
y
Business Process
Risk and Internal Controls
Roles & Responsibil
ity
Location / Assets
Regulatory Change Management Page 19Page 19
1. What are key roles and structure?
2. What are the key functions?
3. What are the key actions?
4. Outcome / Results
COMPONENTS OF ROLES AND RESPONSIBILITES
Step 5 a- Roles & Responsibility
Requirements
Knowledge Based
&Taxonom
y
Business Process
Risk and Internal Controls
Roles & Responsibil
ity
Location / Assets
Regulatory Change Management Page 20Page 20
Source: Global survey by KPMG, Inc
BENEFITS OF AN INTEGRATED MANAGEMENT SYSTEM
Automate Regulatory Compliance Through Software
Regulatory Change Management Page 21Page 21