Issue and Event Manager

Download Report

Transcript Issue and Event Manager

EthicsPoint Overview
For
NASPL
Bill Piwonka
September 15, 2009
The Four Pillars of Governance, Risk, and
Compliance
Policy and
Procedure
Management
Risk and
Control
Management
Loss and
Investigations
Management
Risk/GRC
Analytics
“Governance, Risk, and Compliance (GRC) is multiple roles
working together in a common framework, collaboration, and
architecture to bring an enterprise view across governance, risk,
and compliance activities throughout the organization”
- Analyst, Forrester Research
2
Loss and Investigations Management
Intake
Identification of
Material Events
Investigation
Investigative
Management
Processes
Insight
Analytic Analysis
Look Beyond the
Hotline:
Manage Investigations:
Achieve Transparency:
Systems
Control
People
Interviews
Surveys
External Sources
Review & Analyze
Investigate
Evaluate
Escalate
Resolve
Analyze
Identify Risks
Report
Benchmark
Evaluate Performance
3
46%
74%
4
Integrating Risk and Knowledge
High
Risk
0%
100%
Knowledge
Low
5
Integrating Risk and Knowledge
High
Organizational Complexity
Risk
Vertical Complexity
Voluntary Buffer
Low
0%
100%
Knowledge
6
Integrating Risk and Knowledge
High
Organizational Complexity
Risk
Vertical Complexity
0%
Culture
Low
Process
Information
Gathering
Systems
&
Technology
Voluntary Buffer
Knowledge
100%
7
Agenda
• Current Process Overview & Needs
• EthicsPoint Overview:
- Philosophy
- Framework
- Client Success
• Compliance Complexity & the Business Case
-
Incident & Event Identification
-
Documentation & Workflow
-
Assessment, Oversight, & Analytics
Current State of GRC (Reporting) Initiatives
Local
Database
Local
Database
Local
Database
Local
Database
Information
Technology
Corporate
Compliance
Loss
Prevention
Operations
Human
Resources
General
Counsel
Facilities
Internal
Audit
Corporate
Security
Local
Database
Local
Database
Local
Database
Local
Database
Local
Database
9
Gathering Compliance Stakeholders
Local
Database
Local
Database
Information
Technology
Local
Database
Corporate
Compliance
Loss
Prevention
Human
Resources
Local
Database
Operations
Local
Database
General
Counsel
Corporate
Security
Facilities
Internal
Audit
Local
Database
Local
Database
Local
Database
Local
Database
10
Strategic Drivers
EthicsPoint is committed to being a valued partner in the pursuit of a
sustainable ethical culture
EthicsPoint will be the leading innovator in the leveraged integration
of hotline and case management
EthicsPoint will lead the market in offering new data collection methods such
as web reporting and mobile input to increase the flow and quality of reports
EthicsPoint is dedicated to providing scalable, intuitive applications
to our clients
11
The EthicsPoint Philosophy
The Integration of Detached, Localized
Activities
Enable the transition from disconnected GRC
activities to a cohesive, strategic, enterprise-level
initiative by embracing a broad range of functions
Convergence of Governance, Risk, &
Compliance (GRC) & Business Process
Improvement
Control breakdowns, process irregularities, and
inconsistent data can be identified and alleviated through
an integrated GRC strategy
On-demand, Software-as-a-Service
(SaaS) Delivery
Hosted, “no software or servers” solution
decreases IT costs, and enables faster
deployment and greater flexibility
12
The EthicsPoint Framework
13
EP Framework Workflow
Activity or Initiative
14
Our History
Add-on strategy
introduced with
enhanced data
integration
Point of Market Convergence:
1st with Integrated Phone/Web
Reporting & On-Demand Issue
and Event Management
2,000
1,750
client count
1,500
1,250
1,000
750
500
250
0
2001
2002
2003
2004
SOX
Compliance
Enforced
Revolutionized Hotlines
with Web-Based reporting
and Hosted/SaaS delivery
Passage of SarbanesOxley (SOX) Act of 2002
2005
2006
2007
2008
A business case is
created for integrated
GRC Programs
15
Our History
2,000
1,750
client count
1,500
1,250
1,000
750
500
250
0
2001
2002
2003
2004
2005
2006
2007
2008
Our results are clear: 99.7% Client Retention
16
Leading Fortune/Global 500 Companies, Including:
17
Agenda
• Current Process Overview & Needs
• EthicsPoint Overview:
- Philosophy
- Framework
- Client Success
• Compliance Complexity & the Business Case
- Incident & Event Identification
- Documentation & Workflow
- Assessment, Oversight, & Analytics
GRC: Challenges & Opportunities
For Global 2000 companies striving to accelerate growth and enhance
business performance while meeting Governance, Risk, and Compliance
(GRC) regulatory mandates, EthicsPoint offers a comprehensive system for
issue, event, and loss management
19
…With increased focus on corporate governance
and enterprise risk management, firms need
governance, risk, and compliance (GRC) software
platforms to drive sustainability, efficiency, and
consistency in managing enterprise risk and
compliance.
Michael Rasmussen, VP, Forrester Research
“Overcoming Risk and Compliance Myopia”
20
…In an economy where 70% to 80% of market
value comes from hard-to-assess intangible
assets such as brand equity, intellectual capital,
and goodwill, organizations are especially
vulnerable to anything that damages
their
reputations…
Robert G. Eccles, Scott C. Newquist, and Roland Schatz;
Harvard Business Review, February 2007, “Reputation and Its Risks”
21
Changing Governance Spectrum
Optimize
Leverage
Sustain
22
High
Incident
Volume
Volume and Impact Drives Adoption
Facilities
Issues
Wage &
Hour
Theft
Low
Incident
Volume
Unethical
Behavior
Conflict of
Interest
Misuse of Company
Resources
Harassment
Community
Affairs
Low Impact
Illegal Activity
Foreign
Corrupt
Practices
Data
Breach
Insider
Trading
Financial Fraud
High Impact
23
High
Incident
Volume
Volume and Impact Drives Adoption
Facilities
Issues
HIGH INCIDENT/LOW IMPACT
OCCURRENCES:
- Volume dictates scalable application
- Communication and process
consistency
- Time and activity management
- Escalation and outcome review
Wage &
Hour
Theft
Low
Incident
Volume
Unethical
Behavior
Conflict of
Interest
Misuse of Company
Resources
Harassment
Community
Affairs
Low Impact
Illegal Activity
Foreign
Corrupt
Practices
Data
Breach
Insider
Trading
Financial Fraud
High Impact
24
High
Incident
Volume
Volume and Impact Drives Adoption
MEDIUM INCIDENT/MEDIUM
IMPACT OCCURRENCES:
- Increased challenges in the
investigation
- Inter-departmental process demands
- Potential for regulatory oversight
Facilities
Issues
Wage &
Hour
Theft
Low
Incident
Volume
Unethical
Behavior
Conflict of
Interest
Misuse of Company
Resources
Harassment
Community
Affairs
Low Impact
Illegal Activity
Foreign
Corrupt
Practices
Data
Breach
Insider
Trading
Financial Fraud
High Impact
25
Volume and Impact Drives Adoption
High
Incident
Volume
LOW INCIDENT/HIGH IMPACT
OCCURRENCES:
- Process mandates and regulation
drive response
- Scope of investigation includes
multiple departments
- Management of process
- Reporting to outside agencies
Facilities
Issues
Wage &
Hour
Theft
Low
Incident
Volume
Unethical
Behavior
Conflict of
Interest
Misuse of Company
Resources
Harassment
Community
Affairs
Low Impact
Illegal Activity
Foreign
Corrupt
Practices
Data
Breach
Insider
Trading
Financial Fraud
High Impact
26
“To gain a total picture of organizational
performance, ‘organizational silos’ must be
broken down, and data from separate IT
systems must be merged.”
Scott Mitchell, President and CEO, OCEG
27
Gathering Compliance Stakeholders
Local
Database
Local
Database
Information
Technology
Local
Database
Corporate
Compliance
Loss
Prevention
Human
Resources
Local
Database
Operations
Local
Database
General
Counsel
Corporate
Security
Facilities
Internal
Audit
Local
Database
Local
Database
Local
Database
Local
Database
28
Creating a Compliance Community
Local
Database
Local
Database
Corporate
Compliance
Loss
Prevention
Local
Database
Local
Database
Information
Technology
Operations
The EthicsPoint
Solution Strategy
Integrated
Human
Resources
Corporate
Security
Local
Database
General
Counsel
Facilities
Internal
Audit
Local
Database
Local
Database
Local
Database
Local
Database
29
Issue and Event Manager –
The Suite
A Powerful Starting Point
A simple transparency
solution for your hotline and
compliance data
Enhanced data consistency,
process management, issue
awareness
Fully integrated with
hotline/helpline
Our Mid-Tier Option
Focus changes from issue
review and classification to
the comprehensive
management of people,
processes, and time
Single-schema database
Advanced resolution
management toolkit
Improved executive reporting
on trends
Upper-Most Tier
Multi-schema database:
extends a common
framework, supports a
dynamically tailored workflow
for each organizational unit
Comprehensive, enterprisewide view of risk related to
key issues and outcome data
30
Issue and Event Manager – The Suite
Intake
Open Door Policy
Audits – Internal/External
Hotline
Interviews
Systems
ANALYTIC OPPORTUNITY
31
The EthicsPoint “Reflection Point” Advantage
Policy &
Controls
Solutions
SOX 404 & 302
EthicsPoint
Issue & Event
Platform
Risk Assessment
& Management
Solutions
Compliance
Training
 Since 2002, billions have been spent on SOX 404 and Risk Mitigation
solutions
 With the changing GRC spectrum, organizations are just beginning to realize
the functional gap that exists due to disparate systems and inconsistent data
and process management
 EthicsPoint is rapidly becoming recognized by professional service providers
as the convergence solution leader
32