Investing in the Front End of Compliance
19
©2014 Blue Hill Research. All Rights Reserved. ©2014 Blue Hill Research. All Rights Reserved. Investing in the “Front End” of Compliance: Policy Management & Training David Houlihan Principal Analyst Blue Hill Research
-
Upload
blue-hill-research -
Category
Technology
-
view
235 -
download
3
description
Analyst David Houlihan on why investing in the front end of compliance is the most effective way to see a positive ROI from your governance, risk, and compliance policies.
Transcript of Investing in the Front End of Compliance
©2014 Blue Hill Research. All Rights Reserved. ©2014 Blue Hill Research. All Rights Reserved.
Investing in the “Front End” of Compliance: Policy Management & Training
David HoulihanPrincipal Analyst Blue Hill Research
©2014 Blue Hill Research. All Rights Reserved.
About Me:
Research:Ethics & Compliance ManagementGovernance, Risk, and Compliance Legal Technology
Background:United States Attorney’s OfficeBoston UniversityGTC Law Group
Aberdeen GroupDavid HoulihanPrincipal Analyst
©2014 Blue Hill Research. All Rights Reserved.
What I Do:
Finance: What’s the ROI & TCO?
Information Technology: How do I implement & manage this?
How does this help our business?
Line of Business: Does it improve my performance?
AnswerTechnology Questions
©2014 Blue Hill Research. All Rights Reserved.
Compliance & Non-compliance Costs
Overall Average
Per capita per employee
0% 25% 50% 75% 100%
$3,529,570
$222
$9,368,351
$820
Compliance Non-compliance
Source: The True Cost of Compliance, Ponemon Institute January 2011
$3.69 lost for every $1 spent on compliance
$2.65 lost for every $1 spent on compliance
©2014 Blue Hill Research. All Rights Reserved.
In other words. . .
What you spend on compliance represents only ~21% of what compliance costs you.
(. . .per employee)
©2014 Blue Hill Research. All Rights Reserved.
Cost Sources
Source: The True Cost of Compliance, Ponemon Institute January 2011
40%
60%
DirectIndirect
Compliance
27%
43%
30%
Direct
Indirect
Opportunity
Non-Compliance
©2014 Blue Hill Research. All Rights Reserved.
Compliance Cost Map
Compliance Function
Compliance Operations
BusinessOperations
Implementation
Reduced Revenue
Reduced Stock Value
Staff
Risks
Full time Employees
Attorney Costs
Damages / Settlements
Attorneys
Auditors
Consultants
Resources
Content
Technology
Reputation
Regulatory Action
Private Legal Action
ServicesAttorney Costs
Penalties
Lost Opportunities
Cost to implement
Time lost to implement
To monitoring
To informationacquisition
To incident management
Productivity Loss
©2014 Blue Hill Research. All Rights Reserved.
If you only had $1 to spend on compliance. . .
. . . how could you use it to get $4.69 in savings?
The Challenge:
©2014 Blue Hill Research. All Rights Reserved.
Compliance Management
Fire Prevention Firefighting
©2014 Blue Hill Research. All Rights Reserved.
Spend on Compliance Activities
Data: The True Cost of Compliance, Ponemon Institute January 2011Analysis: Blue Hill Research
74.3% of what organizationsspend on compliance goes to“firefighting.”
11.9%
13.8%
17.7%
25.5%
31.1%
Policy management
Communications
Program management
Compliance monitoring
Enforcement
©2014 Blue Hill Research. All Rights Reserved.
My Recommendation:
Fire Prevention Firefighting Start Here!
©2014 Blue Hill Research. All Rights Reserved.
Why Fire Prevention?
Employee action createscompliance risk.
©2014 Blue Hill Research. All Rights Reserved.
What about the “Bad Apple”?
“Good Luck.”
©2014 Blue Hill Research. All Rights Reserved.
But the Bigger Problems are. . .
(1) Confusion regarding requirements.
(2) Lack incentive to act differently.
? ? ? ? ? ? ? ? ? ? ? ?
©2014 Blue Hill Research. All Rights Reserved.
Policy Management:
Policy ManagementAreas for improvement: Investment Impact:
Stakeholders collaboration “Agency/organization” alignment
Management of changes Efficiency of stakeholders
Removal of outdated policies Clarity of requirements
Communication of changed to organization
©2014 Blue Hill Research. All Rights Reserved.
Training:
TrainingAreas for improvement: Investment Impact:
Employee engagement Efficiency of acknowledge acquisition
Information retention Reduce risk of noncompliance
Sense of consequence More “red flags”
Guidelines of ambiguous situations
©2014 Blue Hill Research. All Rights Reserved.
Build Your Business Case
Compliance Function
Compliance Operations
BusinessOperations
Implementation
Reduced Revenue
Reduced Stock Value
Staff
Risks
Full time Employees
Attorney Costs
Attorneys
Auditors
Consultants
Resources
Content
Technology
Reputation
Regulatory Action
Private Legal Action
ServicesAttorney Costs
Penalties
Lost Opportunities
Cost to implement
Time lost to implement
To monitoring
To informationacquisition
To incident management
Productivity Loss
Damages / Settlements
©2014 Blue Hill Research. All Rights Reserved.
Key Factors to Consider in Solutions
Policy Management Training
Factors to Consider
• Support for content development• Ability to centrally manage and
distribute content• Flexibility of content types incorporated• Security of solution• Support for retiring and archiving
content• Ability to link policy to training and
insight into compliance operations
• Expense of communication• Scalability of communication• Time required to obtain
mastery• Employee engagement in
training• Degree of internalization and
retention• How closely supplied content
supports objectives
Potential integration with enterprise GRC suite to align policies and training with other compliance management and monitoring capabilities.
©2014 Blue Hill Research. All Rights Reserved.
Thank you!
To join the conversation, contact me: [email protected]
New research starts by the end of the month
1
. . .or follow us:
