The Storyline of the Copenhagen Compliance Conference II
(Continued from Newsletter no. 1)
INT. OFFICE. – EARLY EVENING
GEORGE RISKIT, Chairman of the board of Global Mining, 52, dressed immaculately in a grey pin striped suit, sits at his desk reading The Wall Street Journal.
A concerned look suddenly appears across his face as we see the headline: GOLDMAN SACHS FINED $22m (€17.8) BY US REGULATORS
. George continues to read the article: Goldman Sachs failed to implement policies and procedures that adequately controlled the risks.
GEORGE picks up the phone and calls the company CFO, CAROLINE MONEYPENNY.
Caroline, have you read today's Wall Street Journal? Goldman Sachs has been fined €17.8m because they failed to implement compliance policies and procedures. This is another steep fine from the oversight authorities. Do we have our documentation in order regarding our implemented controls, policies and procedures?
George, that's a rather steep question. You know I just took over Risk and Compliance function last year. So far I have introduced our Whistle Blower Policy and CSR Compliance Code based upon your instructions. ITA from IT and I are currently working on IT automation and audit trails as required by our external auditors.
I know you have a lot on your plate. Perhaps the timing is right for us to look into developing a separate Risk and Compliance division that you and Robert have been suggesting.
I agree. We've been discussing how to respond to the stakeholder's demand to improve our Governance, Risk Management and Compliance Culture across the organization. I told Robert that the Copenhagen Compliance Conference has a Key Note Speech on June 7th about starting a Program to Build a Risk and Compliance Organization from scratch. Remember you said in the last audit committee meeting that we will develop a holistic GRC model that will take into consideration a wide range of Risks incl. a strategic approach to risk management, controls, and assurance processes.
Sure, but I didn't realize the complexities of Good Governance, Risk Management and Compliance activities are so enormous. The Audit Committee has written in their report that effective internal control environments are an important component of any business because it increases the awareness, trust and confidence across the organization. Let's all attend the Copenhagen Compliance Conference because we all agree that Good Governance Is Good Business and that Accounting and Audit Functions and Issues are vital safeguard employee interests, 3rd Party Compliance.
GEORGE hangs up the phone and turns his attention to the GRC Conference brochure. He begins to read the Conference program in detail:
The investor's demands on Management, Board of Directors and Committees
- How to develop a program for collecting metrics on your organizations GRC efforts and what to presents to the board.
- What should directors and senior management report and inform, based on their vast array of data and concerns, to what boards of directors truly need to know, understand, and act upon.
Hege Sjø, Head of the Scandinavian Corporate Governance Team, Hermes Investment Ltd, UK
To be continued in the next Newsletter with information on the conference when GEORGE RISKIT, ROBERT M. ICOMPLI, CAROLINE MONEYPENNY AND Ms. ITA, the IT Manager, continue their discussion on THE HOW AND THE WHY of:
Oversight Reporting Updates because the authorities are being criticized for not taking a tough stand on the culprits so we all have to pay, Managing Internal GRC Investigations as part of the recovery is essentially added profits, How to Improve Your GRC Handling Process, Fraud and Detection, Integrating Risk Appetite and Risk Management are 2 sides of the same coin, regular workshops on Ethics and Culture are training that you cannot avoid, Do you really know where your Anti-Corruption Program is Heading? Integrate the Cloud Computing into Your Data Security Program if you want to recover all files on time, ITA recommends using IT to make Governance, risk Management and Compliance easier, She also uses IT and Risk Metrics to Measure Compliance Effectiveness, What's Mandatory & What's Common Sense in your GRC Processes, Enterprise Risk Management Programs must be revisited regularly.