Regulatory Change Management

Regulatory Change Management

Welcome!

Regulatory Change Management Webinar

by 360factors and GRC 20/20

Regulatory Change Management Page 2

Panelists

Ed Sattar- ModeratorCEO- 360factors Regulatory Change Management Thought Leader

Christopher Duden-PanelistCOO-360factors

Michael Rasmussen -ModeratorChief GRC Pundit & Principal Analyst

Dwyayne Jorgenson – PanelistCIA, CFE - Governance/Risk/Controls/Audit Expert


Rising Regulations and Cost


Regulatory Change Impacting Policies

Source: Thomson Reuters


Source: Davis, Polk Dodd-Frank Infographics

Regulatory change is significantly impacting organizations and their policies


1. Over or Under complying is expensive

2. Organizations need to be able to react to risk and business change

3. Regulators are tired of paper-based compliance programs

4. Regulatory change management needs to be defensible

Four Reasons to Implement Regulatory Change Management


RequirementsRegulations

Standards

Business Requirements

Business Process

Risks & Controls

Organization

Location/

Assets

Regulatory Change Management MethodologyHOW

WHY

WHAT

WHO

WHERE


1. Regulatory knowledge base and taxonomy

2. Risk and internal controls

3. Business process -> Regulatory workflow

4. Location / Assets

5. Roles and responsibilities of key management functions

Five Steps to Manage RegulatoryCompliance


Requirements

Knowledge

Based &

Taxonomy

Business Process

Risk and Internal Controls

Roles and Responsibil

ities

Locations and Assets

1. Regulations, standards, requirements and objectives library management

2. Parse the actions from requirements: who, what, when, where, and frequency.

3. Monitor regulatory change

4. Effective vs. Proposed.

5. Mapping- regulatory requirements to CAPA, policy procedures, evidence, checklists, and day-to-day compliance tasks

6. Applicability

Step 1- Requirements Knowledge Base & TaxonomyCOMPONENTS OF A REQUIREMENTS KNOWLEDGE BASE


Step 1 a- Effective and Mature Regulatory Intelligence Delivers:

Regulatory IntelligenceMaturity Delivers . . .

Holistic awareness of changing regulatory risk

Alignment of culture and policy

Risk-intelligent decision-making

Accountability of regulotry change risk

Multidimensional regulatorion analysis and planning

Visibility of risk as it relates to performance and strategy


Step 1 b- GRC 20/20’s Regulatory Intelligence Maturity Model Steps to Increase Maturity

1 •Define a regulatory taxonomy

2 •Establish subject matter experts

3 •Map policies and other content to regulations

4 •Integrate content feeds from knowledge providers

5 •Provide accountability through workflow and task management


1. What is impacted?

2. Define internal controls

3. Define risk levels

Step 2- Risk & Internal Controls

Requirements

Knowledge

Based &

Taxonomy

Roles and Responsibi

lity


Reporting

Regulatory Compliance Software


Step 2 a- Risk & Internal Controls

Requirement

s Knowledge

Based &

Taxonomy

Roles and Responsib

ility

Risk and

Internal Controls

Reporting

Regulatory

Compliance Software

What is management’s responsibility with regards to internal controls and reporting?

What is audit’s responsibility with regards to internal controls and reporting?

What is the board’s responsibility with regards to internal controls and reporting?


Weak Technology• Documents& spreadsheets• Email for workflow & tasks• No audit trail or accountability

Moderate Technology• Basic workflow & task management• No regulatory content feeds• Audit trail for accountability

Strong Technology• Enterprise workflow• Integrated and actionable regulatory content with

policy management• Closed loop process – everything integrated into

one platform• Indexing of regulations to other policies

Small Workforce Large Workforce

Hig

h R

isk

Low

Ris

k

Step 2 b - Risk & Internal Controls


1. Business Process Impact, compliance process around sites, assets, events , timely decisions

3. Process automation and cost

4. Manual vs automation

Step 3- Business Process

Requirements

Knowledge

Based &Taxono

my

Business Process


Reporting

Regulatory Compliance

Software


Automate corrective action to increase speed, eliminate waste and cut costs

Automate scheduling, tasking and tracking

Embed transparency and accountability

Automate management of change

PROCESSESS THAT CAN BE AUTOMATED

PROCESSESS THAT CANNOT BE AUTOMATED

Determining Applicability

Subject matter expertise

Step 3 a- Business Process

Requirements

Knowledge

Based &Taxono

my

Business Process


Reporting

Regulatory Compliance

Software


1. Where is compliance being done?

2.Compliance done at the site and asset level

Step 4. Location & Assets

Requirements

Knowledge Based

&Taxonom

y

Business Process


Roles & Responsibility

Location / Assets


1. Why is it important to define the roles and responsibilities before you create an Regulatory Compliance Framework?

2. What are the barriers to creating a Regulatory Compliance Framework?

3. Is there a specific role and responsibility structure or can it vary from organization and industries?

Step 5. Roles & Responsibility

Requirements

Knowledge Based

&Taxonom

y

Business Process


Roles & Responsibil

ity

Location / Assets


1. What are key roles and structure?

2. What are the key functions?

3. What are the key actions?

4. Outcome / Results

COMPONENTS OF ROLES AND RESPONSIBILITES

Step 5 a- Roles & Responsibility

Requirements

Knowledge Based

&Taxonom

y

Business Process


Roles & Responsibil

ity

Location / Assets


Source: Global survey by KPMG, Inc

BENEFITS OF AN INTEGRATED MANAGEMENT SYSTEM

Automate Regulatory Compliance Through Software

Regulatory Change Management

Presentations & Public Speaking

Transcript of Regulatory Change Management