Chief Risk Officer and Compliance Officers

"It is the rare company that intelligently manages the full spectrum of risk; that breaks through the organizational barriers that obscure a view of the risks facing a company; and that systematically anticipates and prepares an integrated response to potentially significant risks."

– Deloitte White Paper "The Risk Intelligent Enterprise"

As your company's Chief Risk Officer or Chief Compliance Officer, you want fast access to information so that you are better able to manage the full spectrum of risk in your company – industry-specific, compliance, competitive, environmental, security, privacy, business continuity, strategic, reporting and operational risk. If you have to create a project or pull a team together in order to get the data you need, you are waiting too long. If it takes a week, a month, or often three months, for the information to be gathered, it may already be too late.

While you are trying to manage risk – for example, to determine if your customer data is being properly protected, or if there are procedures to protect your intellectual property, your company may have already sustained some incidents of non-compliance. External auditors may have already identified material weaknesses in your processes and may have already assessed fines.

As the executive of a company, you are held accountable for any breaches of security or non-compliance to company policies. How much risk do you want to chance? Are you being reactive or proactive?

Take for example the process in which a large bank monitors new accounts in accordance with the Anti-Money Laundering regulation in the U.S. Patriot Act. In a large bank with hundreds of branch offices, information must first be collected from all departments at the local level. Hundreds of branch offices then send their transactional account data in spreadsheets to the regional offices where it is combined and sent to the headquarters location. At the national level, all the regional information is finally merged for the first time. While the lengthy process of collecting and collating the transactional data is going on, new accounts, violating these AML restrictions, may be opened. It is too late, the incidents have already occurred – and without you knowing it and without you being able to correct them in real time. Is this what your business model looks like?

Another example is the process by which a large hospital, with a network of healthcare centers, monitors compliance with the Health Information Portability and Accountability (HIPPA) Act. Since each center operates independently, information about whether the HIPPA policies are in place and whether staffs are abiding by those policies and are protecting patients' medical information needs to be recorded. Staffs must complete the necessary checklists, follow up on exceptions, collate the data, and send the information to the headquarters location to be merged. It can easily take three months to gather the information, and during this time, you as the chief compliance officer have no idea of your organization's status regarding compliance. You are literally flying blind. Since it takes a full quarter to gather the necessary information, once security violations are discovered, how long will it then take to follow up, alert the appropriate centers, investigate the incidents, get them resolved, and file reports to the authorities? Can you afford to run your business this way?

These are the questions you need to ask yourself:

1. Do you want real time information at the enterprise level so that you are able to know the current status of all of your company's governance activities?
2. Do you want to know that the internal controls are appropriate for the business risks facing the organization?
3. Do you want to be able to correlate the information between regulations and policies and the procedures that fulfill those policies?
4. Do you want to know which policies satisfy certain regulations? Which policies satisfy multiple regulations? Which procedures fulfill specific policies?
5. Do you want to be able to know about, address and correct a violation immediately?
6. When new regulations are put into law, do you want a system that allows you to interpret the regulations, break them into their components, create policies and procedures that fulfill them, assign and educate the employees who are responsible for completing the tasks?
7. Do you want reports on all of these activities?

Then you need to think seriously about Polivec's Enterprise Governance Solution. The Solution gives you an integrated, enterprise view of all governance activities and allows you to manage risk, reduce cost, minimize complexity and protect your current investments in compliance.