Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Compliance, Risk Management, Licensing
1. On-Demand Compliance Audits Assessments Notifications Automated Workflow & Reporting Whole-of- Business Engagement Self Service Portal In control every step of the way
13. Compliance Trends The role of risk management is still a mystery for most businesses. As executives and board members weave it into their corporate strategy and practices, they will look for ways it can improve their bottom line as well. Forrester Research Risk management will increasingly consider third parties and industry issues. Recent failures in the financial sector as well as in retail, food and drug, and other industries have demonstrated clearly that an internal view of risk management is woefully incomplete. The growing connection of businesses through supply chain and sourcing relationships will not be ignored in 2010, which means compliance and risk professionals will be expected to have tighter oversight and control over external aspects of the organization. Corporate Integrity
40. Metrics are focused on vendor delivery of products and servicesSo often organizations look at the surface of a relationship and fail to foresee issues that can cascade, causing severe damage to reputation and exposure to legal and operational risks.
46. Ongoing monitoring and reporting across the life-cycleAn organization can face reputation and economic disaster by establishing or maintaining the wrong business relationships
Welcome to the first Inaugral iComply User Forum, we are very glad you could make, and appreciate the effort you have made to be here.
Businesses are engaged in a continuous struggle to grasp the intricacies of risk managementin an interconnected environment.Operational Risk Management: “. . . the risk of loss resulting from inadequateor failed internal processes, people and systems, or from external events.”Properly revised, it would read “the risk of lossresulting from inadequate or failed internal processes, people, systems, and businessrelationships, or from external events.”
Businesses are engaged in a continuous struggle to grasp the intricacies of risk managementin an interconnected environment.Operational Risk Management: “. . . the risk of loss resulting from inadequateor failed internal processes, people and systems, or from external events.”Properly revised, it would read “the risk of lossresulting from inadequate or failed internal processes, people, systems, and businessrelationships, or from external events.”
■■ Operational risks: Identify, assess, manage, and monitor operational risks across business relationships and their impacton the organization.■■ Regulatory compliance: Regulated industries impose unique requirements that often extend to business partners.These can vary by geography, such as in the case of state-specific regulations in the insurance industry. Brand ownersmust account for these industry-specific compliance obligations throughout their extended enterprises.■■ Corporate social responsibility: Ensuring the partner communicates and reports similar values on social, environmental,and financial practices (e.g., global reporting initiatives).■■ Environmental: Continually monitor business partners’ commitment to environmental standards and compliancewith laws and regulations that impact environmental responsibility and emissions.■■ Geo-political: Continuously monitor political, economic, environmental disaster, social, and security developmentsaround the world, and forecasting their impact on business relationships and operations.■■ Health and safety: Ensure business partners are committed to safe working environments free from hazards.■■ Import and export: Ensure the organization is doing business with the right partners and are not connected to terrorism,organized crime, or unlawful countries (e.g., the Office of Foreign Assets Control (OFAC), and U.S. exportcontrols).■■ International labor standards: Manage adherence to a complex array of international laws and validate partners haveproper controls to ensure compliance to policies on working hours, forced labor, child labor, wage, discrimination andharassment, and benefits.■■ Quality: Provide ongoing monitoring to ensure quality and service-level agreements are met in adherence to the contractand expectations.■■ Security: Validate that business partners meet obligations to protect the physical and information technology environments.■■ Supply-chain risks: Manage and monitor specific risks, disruptions, sourcing, and dependencies within supply-chainsand their impact on the organization and its products.
■■ Operational risks: Identify, assess, manage, and monitor operational risks across business relationships and their impacton the organization.■■ Regulatory compliance: Regulated industries impose unique requirements that often extend to business partners.These can vary by geography, such as in the case of state-specific regulations in the insurance industry. Brand ownersmust account for these industry-specific compliance obligations throughout their extended enterprises.■■ Corporate social responsibility: Ensuring the partner communicates and reports similar values on social, environmental,and financial practices (e.g., global reporting initiatives).■■ Environmental: Continually monitor business partners’ commitment to environmental standards and compliancewith laws and regulations that impact environmental responsibility and emissions.■■ Geo-political: Continuously monitor political, economic, environmental disaster, social, and security developmentsaround the world, and forecasting their impact on business relationships and operations.■■ Health and safety: Ensure business partners are committed to safe working environments free from hazards.■■ Import and export: Ensure the organization is doing business with the right partners and are not connected to terrorism,organized crime, or unlawful countries (e.g., the Office of Foreign Assets Control (OFAC), and U.S. exportcontrols).■■ International labor standards: Manage adherence to a complex array of international laws and validate partners haveproper controls to ensure compliance to policies on working hours, forced labor, child labor, wage, discrimination andharassment, and benefits.■■ Quality: Provide ongoing monitoring to ensure quality and service-level agreements are met in adherence to the contractand expectations.■■ Security: Validate that business partners meet obligations to protect the physical and information technology environments.■■ Supply-chain risks: Manage and monitor specific risks, disruptions, sourcing, and dependencies within supply-chainsand their impact on the organization and its products.
Roadmap to Extended-Enterprise Risk ManagementBuilding the Risk Management Team, incorporating people from:■■ Corporate compliance and ethics: Responsible for validating that the relationship adheres to corporate and suppliercodes of conduct, applicable laws and regulations, and defined policies and procedures.■■ Contracting: Responsible for establishment and execution of mutually beneficial contractual relationship and obligations.■■ Corporate social responsibility: Responsible for monitoring business relationships to see they conform to stated practicesof CSR and sustainability.■■ Environmental: Responsible for making sure business relationships adhere to environmental laws, policies, and procedures.■■ Health and safety: Responsible for ensuring business partners have safe and productive working environments.■■ Information technology: Responsible for ensuring proper security and technology controls are in place to protectsensitive information (e.g., personal information, privacy, and intellectual property).■■ Legal: Responsible for ongoing management and monitoring of legal risks and the legal protection of the organizationacross extended business relationships.■■ Business operations and line-of-business: Responsible for validating that extended business relationships meet businessneeds and the relationship is beneficial to business operations.■■ Quality: Responsible for ongoing management and monitoring of service level agreements and quality control in productionand services, as it pertains to the business relationship.■■ Security: Responsible for the protection of physical and logical assets as it moves beyond or are involved with extendedbusiness relationships.Corporate compliance and ethicsContractingCorporate social responsibilityEnvironmentalHealth and safetyInformation technologyLegalBusiness operations and line-of-businessQualitySecurity
■■ Ensure ownership and accountability are clearly established and understood■■ Manage the on-boarding and the ongoing risk and compliance scoring and assessment processes■■ Conduct initial and ongoing watch-list verifications■■ Actively monitor all business partners for:➢➢ Adherence to code-of-conduct standards and key regulatory policies➢➢ Changes in risk profile based on targeted risk assessments■■ Use built-in question sets to streamline surveys and questionnaires■■ Initiate and mange incident follow-ups and investigations■■ Use verifiable evidence to readily attest to “in compliance” and “in control” status