Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV

click here to

Subscribe to our newsletter



To Unsubscribe click here

The Storyline (part III) of the 8th annual European GRC Summit organized by Copenhagen Compliance

I have two pieces of paper in my hand. The one is a Copenhagen ComplianceŽ Framework on how to implement ethics and culture as vital components of Governance and Risk Management, which is the topic of today's workshop. On the other hand, I have the agenda of the "8th annual European GRC SUMMIT in Copenhagen," on September 22nd -23rd 2014 at the Confederation of Danish Industries.

Scene: The annual senior management seminar/workshop after a rather mediocre year end results of Global Mining.

Participants:
Mr. GEORGE RISKIN, Chairman
Mr. ROBERTO M. ICOMPLI, CEO
Mrs. Caroline Moneypenny, CFO and also in charge of Compliance
Ms. ITA, IT Manager
Mr. I.M. Auditsson, Chief Internal Audit
Mr. Joe Doe, HR Vice president

Everybody is sitting in comfortable chairs at The Las Brisas Hotel in Acapulco, Mexico

GEORGE RISKIN, Chairman of the board of directors for Global Mining, around 50, dressed immaculately in white cotton suit, tie and a colorful Sombrero, sits at the head of a glass table, by the swimming pool reading the agenda for the day's workshop. A discouraged look of apprehension is apparent across his face.

He continues to look at the workshop agenda with a worried look. He picks up a piece of flower, smells it with delight and then leans back in his chair, cleans his Ray Ban glasses and suddenly blazes with a vision;

GEORGE:
Cricket has runs; Soccer has touchdowns, baseball has home runs and in Europe even footballers the score a couple of goals. Why is it so difficult for us to keep count on our compliance, governance and risk management officers? I want to measure success; we need to know what component of GRC works and why. If we can't measure it, we can management or compliance departments.

ROBERTO
The symbols of effective Governance, Risk management and Compliance program, are all spelled out in numerous pieces of regulatory guidance that we have reviewed over time. It just seems that we have implemented an autocratic manual system that provides no value. Our next challenge is to go beyond checking those boxes, performed by our auditors and look at a framework where the company culture, ethics and change management are the focal points.

I.M. Auditsson, interrupts:
Yes, Bob. We need to assess our GRC program effectiveness. We have reached that state and level of GRC maturity. I believe that there are some subjects on the 8th annual European summit that provides guidance on ethics and legal compliance, and provides guidance on metrics and informative GRC benchmarking goals for effectiveness.

GEORGE
Good point Auditsson, we need metrics for measuring and benchmarking Compliance.

When we conducted our annual global survey of ethics and compliance programs, we found that we needed new ways to analyse and explore the values of GRC. We perhaps need to evaluate whether we need to adjust our mission statement based on the new compliance demands and stakeholder values that define our company and further figure out what hope to achieve by implementing GRC.

I.M. Auditsson adds:
Yes, George, we have to make a complete review of our existing policies for particular GRC situations, based on Scenario Planning (a workshop at the conference) further we need to incorporate GRC as a vital element of company resources and also when making hiring decisions. Based on our participation at last year's conference we updated our code of ethics to include GRC components but we are lagging behind in providing general guidelines and a GRC framework for making prudent decisions that uphold our company values.

Ms. ITA, IT Manager
Additionally, I believe that we need to customise our well-defined code of ethics so that it plays an integral role in policy development and training programs. If we follow Auditsson's approach on documentation and testing, we could also automate it and introduce it as a SaaS module in our standard ERP system.

We simply cannot continue to pay lip service to the automation issue as we have done in the past.

CAROLINE MONEYPENNY
So if we decide to document, test and update our code of ethics to reflect the internal GRC policies, the conference will provide the GRC guidelines for defining our company and organizational values.

ROBERTO
Compliance also means writing efficient GRC code that reflects the company culture. Once we do that then we can focus on integrating the GRC system into our broader compliance efforts. Therefore, what we need to discuss at today's workshop is:
  • Defining our company's key ethical issues
  • Documenting an easy-to-follow code of ethics
  • Integrating our GRC code into your compliance program
  • Determine the metrics and measuring our company's ethical performance

Joe Doe, HR Vice president
We need add how to identify the crucial aspects and reshape the way in which risk is understood by all managers and staff in the organisation. We can achieve that by formalising our e-learning for each risk event and conduct workshops, update the technical manuals, and ensure an annual evaluation process for all employees.

This approach is in line with all other employee engagement efforts. We want to encourage healthy GRC behavior to reduce the risk of incidents.

The workshop continues for another couple of hours... GEORGE.
Now let's all go for a swim, see you in the evening for diving into the sea bed of GRC corals.

They all laugh!

GEORGE wipes the sweat from his forehead takes another aspirin and turns his attention back to the European GRC summit brochure. He begins to read the Conference agenda and program in detail.

To be continued in the next Newsletter with information on the conference when GEORGE RISKIN, ROBERT M. ICOMPLI, CAROLINE MONEYPENNY AND Ms. ITA, the IT Manager, and JOE Doe HR Manager, continue their discussion on THE HOW AND THE WHY of a number of issues GRC and IT Security issues including:

Good Governance Is Good Business, Accounting and Audit Functions and Issues are vital, How to Start a Compliance Function from ground Zero; Business cases on Fraud and Corruption with reference to BA and FCPA can cost a bundle, Regulating Internal Controls can also safeguard employee interests, 3rd Party Compliance Issues means that you cannot outsource your responsibilities and liabilities, Oversight Reporting Updates because the authorities are being criticized for not taking a tough stand on the culprits, so we all have to pay, Managing Internal GRC Investigations as part of the recovery is essentially added profits, How to Improve Your GRC Handling Process, Fraud and Detection, Integrating Risk Appetite, and Risk Management are 2 sides of the same coin, regular workshops on Ethics and Culture are training that you cannot avoid, Do you know where your Anti-Corruption Program is Heading? Integrate the Cloud Computing into Your Data Security Program if you want to recover all files on time, ITA recommends using IT to make Governance, risk Management and Compliance easier, She also uses IT and Risk Metrics to Measure Compliance Effectiveness, What's Mandatory & What's Common Sense in your GRC Processes, Enterprise Risk Management Programs must regularly be revisited.