Category Archives: Governance, Risk & Compliance

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

How Active Governance Can Advance Proactive Risk Intelligence

Posted on by

Boards, regulators and leadership teams are demanding more and more of risk, compliance, audit, IT and security teams. They are asking them to collaboratively focus on identifying, analyzing and managing the portfolio of risks that really matter to the business.

As risk management programs evolve to more formal processes aligned with business objectives, leaders are realizing that by developing a proactive mindset in risk and compliance management, teams can provide added value to help the organization gain agility by identifying new opportunities as well as managing down-side risk. Organizations with this new perspective are more successful in orchestrating change to provide a 360-degree view of both risk and opportunity.

Risk teams that are further along on the journey of leveraging proactive approaches to risk management look not only within the organization but beyond to supplier, third party and customer ecosystems. This means developing a view across the larger enterprise infocosm, to ensure alignment of people, processes and technologies.

An essential prerequisite to proactive risk management is a shift from passive to active governance. To build an active governance competence effectively, governance needs to be “active, engaged and embedded,” rather than “passive, reactive and irrelevant.”

Active governance means being thoughtful about alignment and interlocks policy, risk, compliance, quality and operational programs. Proactive risk intelligence throughout the organization can help it advance by aligning policies, procedures, facilitating an enterprise view of issues and orchestrating change to mitigate risk.

Align Policies, Procedures and Roles

Once proactive risk intelligence is understood and embraced as a concept, the next step is to develop agile and consistent policies that truly reflect and produce desired behavior. This means aligning business strategy and appetites with prescribed behavior, which is typically described not only through policies, but also through procedures, and embedded in role descriptions. It is important to make governance traceable in this way. Likewise, it is critical to make sure roles and responsibilities are aligned with policies and procedures so that employees, partners and third parties are empowered to do the right thing.

buy symbicort online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/symbicort.html no prescription pharmacy

Foundational is consistency between policies and procedures in similar roles across geographies, cultures and business units. Some key things you can do to help your organization include:

  • Align Policies to Business Objectives — Ensure responsible management and oversight of resources by aligning policy to business intent. You can do this by mapping policies to risk tolerances and compliance requirements. Be explicit when defining legal and ethical boundaries.
  • Resolve Global/Local Conflicts in Policies and Procedures — Improve active governance by resolving local/global dissonance—often a policy at one level can contradict a similar overlapping policy at another level—it’s important to iron out discrepancies so that people have confidence in the policy and know it stands for something the organization values.
  • Engage the Right Subject Matter Experts for Policy Creation and Review — Policy life-cycle management can really help. Be sure to include alerts and intelligence to ensure policies reflect compliance to new and changing regulations and business obligations. Establish the right roles and responsibilities for creating, editing, reviewing and publishing polices. Automated workflow can help make this seemingly monumental task achievable. Empower the right decision-making processes for governance of policies and allocation of resources.

Gain an Enterprise View of Issues and Remediation

Now that your organization is looking at risks in the context of appetites, tied to policies that reinforce desired behavior, based on a common language, the next step is rapid, complete issue resolution. Mature organizations can provide a portfolio of issues and incidents, facilitating a 360 view.

By looking at all the incidents and issues tied to a risk, process or asset, your team will begin to develop a preventive capability, and be able to ‘right-size’ remediation investments. Key things you can do to help your organization include:

  • Manage issues as a portfolio — Look at issues across all sources, through a common process, across all aspects of the organization. Not only issues arising from audit, risk management and privacy and compliance teams, IT and security, but also extended to research and development, quality, environmental health and safety and human resource groups.
  • Develop a Proactive, preventive capability  — Think in terms of future changes and what issues may arise in risk and compliance management. For example, getting teams involved early in initiatives such as mergers and acquisitions, new product or service launches or expansion into new markets.
  • ‘Right-Size’ remediation investments — Optimize investments in remediation through end-end root cause analysis—when business units look at an issue in isolation, investments can be made that solve the problem locally, but push symptoms to an upstream or downstream process. Looking at issues across, down and through will help build the 360 views that get at the real root cause and appropriate remediation.

Orchestrate Change across Risk Processes

Creating proactive risk intelligence as a competency is in many ways all about orchestrating change. Continuous value creation is demanded of successful organizations in today’s dynamic world. When collaborative risk teams focus on continuous improvement, they will spot opportunities for operational efficiency and savings that can be used to fund innovations. As organizations mature, collaborative teams can be supported by risk and compliance centers of excellence, shared services and innovation labs.

  • Build a community dedicated to the vision of risk intelligence — Bring people and partners on board with a proactive mindset. Make sure continuous improvement fuels and funds innovation across and within core processes of governance, risk, compliance, privacy and security.
  • Continuously innovate — Manage a portfolio of innovation projects to mature centers of excellence, shared services and distinctive risk and compliance competencies. Leverage technologies to accelerate innovation and gain economies of scale.
  • Continuously improve — A formal investment program identifies synergies and funds strategic initiatives, certification and training programs.

The GRC journey is about orchestrating change to gain a competency of risk intelligence. It requires a proactive mindset and anticipation of future problems needs and changes.

buy pepcid online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/pepcid.html no prescription pharmacy

Active governance is the first step in supporting change and building a competency of proactive risk intelligence by planning and thinking ahead at every stage of the risk management process.

buy revia online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/revia.html no prescription pharmacy

Active governance goes beyond general oversight to ensure alignment and interlock strategy, through policy, procedures and roles in the operational fabric of the organization and carries through to suppliers, customers and third parties. By starting with these core aspects of active governance, you are in your way to creating a competency of proactive risk intelligence in your organization.

Amicus Supports Government’s Position in Mach Mining vs. EEOC

Posted on by

On Nov. 3, six advocacy groups representing the interests of workers and plaintiffs’ class action lawyers filed an amicus brief with the U.S. Supreme Court in Mach Mining v. EEOC, No. 13-1019. A copy is here.

Authored by the Civil Rights Clinic of the Dickinson School of Law and The Impact Fund, the amicus brief represents the collective views of multiple public interest organizations, including the National Employment Lawyers Association, The Impact Fund, the American Association of Retired Person, the Asian Americans Advancing Justice-Asian Law Caucus, Disability Rights California and Public Counsel.

The amicus brief was filed in support of the U.S. Equal Employment Opportunity Commission, which filed its Reply Brief with the SCOTUS on Oct. 27, 2014. In supporting the government’s position, the amicus asserted that the brief represents the “perspective of the victims of workplace discrimination whom Title VII is intended to protect.”

Given the importance of this case and the issue presented, the new amicus brief is well worth a read by employers.

The Context and the Stakes

Mach Mining v. EEOC is a big case for employers and for government enforcement litigation. In a game-changing decision in December 2013, the U.S. Court of Appeals for the Seventh Circuit ruled that an alleged failure to conciliate is not an affirmative defense to the merits of an employment discrimination suit brought by the EEOC.

That decision had far-reaching, real world significance to the employment community, for it means the EEOC is virtually immune from review in terms of the settlement positions it takes prior to suing employers: “pay millions or we will sue and announce it in a media release.”

We have blogged on this case at various points before, as the litigation winded through the lower courts and culminated in the precedent-setting decision of the Seventh Circuit reported at 738 F.3d 171 (7th Cir. 2013). Readers can find the previous posts here and here and here.

In essence, the Seventh Circuit determined that the EEOC’s pre-lawsuit conduct in the context of conciliation activities cannot be judicially reviewed. Subsequently, in what many SCOTUS watchers found ironic, even though the EEOC prevailed in the Seventh Circuit, the Government also backed Mach Mining’s request for SCOTUS review to resolve the disagreement among the courts of appeals regarding the EEOC’s conciliation obligations. Given the stakes, the SCOTUS accepted Mach Mining’s petition for certiorari in short order to resolve this issue.

Amicus Briefs for the Defense

Employer groups have lined up behind Mach Mining to support reversal of the Seventh Circuit’s decision. Seyfarth Shaw LLP submitted an amicus brief to the U.S. Supreme Court on behalf of the American Insurance Association in Mach Mining. For blog readers interested in our amicus brief, a copy is here.

Amicus Brief Filed In Support of the EEOC

The amicus submission to the Supreme Court asserts that interpreting Title VII to allow judicial review of conciliation efforts by the EEOC would harm alleged victims of discrimination by violating the mandate of the statute that conciliation remain confidential. Judicial review, the amicus brief asserts, would chill full and frank settlement discussions; expose sensitive information about pre-lawsuit negotiations to the public, and hurt the cases of allegedly injured workers because federal judges might be potentially influenced by irrelevant settlement communications. The amicus brief also argues that if the SCOTUS interprets the statute to allow judicial review of pre-lawsuit conciliation efforts by the EEOC, dismissal is an overly harsh remedy where those efforts are determined to be inadequate (and instead the parties should be ordered to engage in further settlement negotiations).

The point of the amicus brief about compromising the impartiality of federal judges—by exposing the court to settlement discussions in conciliation—is somewhat surprising. Federal judges conduct mediations and settlement conferences as a matter of course, and are “exposed” to settlement discussions routinely.

Next Up on the Docket

Mach Mining’s answering brief is due on Nov. 26, 2014, and then the SCOTUS will set the case for oral argument for January 2015. We will keep our readers updated as developments occur in this litigation.

This post was previously published on the Seyfarth Shaw website here.

Corporate Reputation Drastically Impacts Talent Acquisition, Salary Costs

Posted on by

According to a study from Corporate Responsibility Magazine and talent acquisition firm Alexander Mann Solutions, company reputation has a significant impact on staff recruitment, retention, and salary expenses. Prospective candidates are extremely hesitant to join a company with a bad reputation and, among those who may be willing to accept a job offer, a significant pay raise is required. Conversely, they can be tempted to move to a company with a good reputation for a significantly lower raise.

To leave their current employer and take a job with a company with a bad reputation, males would require an average of a 53% pay increase—60% among females. In total, nearly half  (48%) would require more than a 50% increase in pay. While 93% of people who are currently employed would leave their employer to work for a company with a good reputation, that rate goes down to 70% for companies with a bad reputation. Workers would only require, on average, a 33% pay increase to move to a company with a good reputation, with just 18% requiring a raise of more than 50%.

buy champix online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/champix.html no prescription pharmacy

Among companies with a bad reputation:

Expense to Recruit to Company with Bad Reputation

Among those with a good reputation:

Expense to Recruit to Company with Good Reputation

These trends hold true and are even magnified among unemployed individuals. An overwhelming 76% of people said they are unlikely to accept a job offer from a company with a bad reputation, even if they do not hold a current job.

Odds of Accepting Job with Company of Bad Reputation While Unemployed

Researchers found that companies face increased recruiting costs due to the greater difficulty to source and attract new hires, particularly when recruiting women and more experienced workers.

buy periactin online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/periactin.html no prescription pharmacy

But these costs are far from the greatest of a company’s troubles.

buy rifadin online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/rifadin.html no prescription pharmacy

“While recruiting expense increases are in the millions of dollars, this great expense is literally dwarfed by the billions of salary cost differential,” the study reads. “The cost of recruiting and salaries added to any expenses associated with a reputation damaged by an environmental scandal, for example, can be disastrous to a company’s bottom line.”

Further, CEO reputation can make a critical impact on the success and expense required to recruit top talent. “A CEO perceived to be active in CR and environmental issues has impact on recruiting. This reputation should be maximized when building the employer brand or against competitors whose reputations may be weaker,” the study said.

The study also examined the most damaging sources of a bad corporate reputation:

Most Harmful Sources of Bad Corporate Reputation

Engaged Boards Lead to Better Information Security Practices

Posted on by

Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”