The enemy: Compliance fragmentation
By Mellisa Lea

CORPORATE ACCOUNTABILITY AGENDA The enemy: Compliance fragmentation Automate, centralize, and coordinate your way to an improved GRC process. BY MELISSA LEA I N TODAY'S GLOBAL ECONOMY, a decentralized and fragmented ap- proach to risk management can lead to serious liabilities and unan- ticipated compliance gaps. Operating in multiple countries and regulatory juris- dictions, where no single, uniform legal standard exists to guide your business, only compounds the problem. It's not uncommon to feel overwhelmed by a diz- zying array of laws, regulatory expectations, local customs, and financial mandates. This environment makes it tempting to fall back on a one-off approach to com- pliance, where you follow more lenient standards In certain jurisdictions and en- force stricter requirements in others. But following this piecemeal approach to gover- nance soon leads to trouble. Communication is difficult at best, and enforcing consistent compliance objectives across global operations becomes nearly impossible. The damage caused by a fragmented approach to gov- ernance, risk management, and compliance (GRC) pro- Melissa Lea practiced corporate defense litigation with various law firms before joining SAP in 2002, where she is responsible for policy management and enforcement on a global basis. could easily include inconsistent applica- tion of standards, duplication of efforts, higher GRC costs, and increased risk, to name a few of the myriad problems. The three tenets It's easier than you might think to com- bat a fragmented approach to GRC. You just need to follow three simple tenets: automate, centralize, and coordinate. If you're going to improve your compliance — and for- ever bury a one-off approach — you need to automate end-to-end GRC processes, including corporate gover- nance and oversight, risk management, and report- ing. Automation eliminates manual processes and re- duces errors — saving you time and money. You'll have more accurate and timely data as well as GRC processes that are both consistent and repeatable across your orga- nization. Without automa- tion, it's nearly impossible to quickly detect, assess, ad- dress, or control new risks as they emerge. You must also centralize grams was recently validated in a survey conducted by the Open Compliance and Ethics Group (OCEG), Deloitte & Touche USA LLP, SAP, and Cisco. Nearly two-thirds of 250 survey respondents re- ported being adversely affected by "silos" within their operations — a result of system, geographic, and organizational fragmentation. What's the net impact of a disjointed GRC approach on your organization? It your GRC data to ensure consistent and reliable information flow. With a shared services approach, such as a central GRC office with direct reporting lines to your board, your organization can improve risk management and reporting on compliance. Best practices include using corporate policies to centrally manage GRC content and support GRC initia- tives across the extended enterprise. Finally, you want to coordinate your global efforts and resources so that all employees are dedicated to working together to support GRC functions. By sharing information and using the same compliance, governance, and risk man- agement terminology and metrics, you establish a coordinated approach. Your global policies are communicated to all employees in a GRC "language" that everyone can understand. And train- ing, policy violations, and responses are consistently administered and tracked across geographic boundaries. A policy violation in China, for example, receives the same response and remediation plan as a policy violation in Canada. If you take an automated, centralized, and coordinated approach to GRC, you'll have the processes in place to apply poli- cies and standards consistently across your global operations, thus boosting employee awareness and understanding of compliance expectations. Recognize the benefits As you might expect, removing frag- mentation from your GRC processes can generate significant shareholder, op- erational, and employee benefits. As you improve your approach to compliance, you can expect higher analyst ratings and investor confidence. Operational benefits include reducing the cost and time associated with compliance and garnering more favorable audit find- ings. Finally, your employee morale and culture will improve as you consistently enforce rules and better align values and compliance standards. As a global company with significant business operations, you can no longer walk from cubicle to cubicle peeking over partitions to ensure that employees are running the business as intended. It's time to communicate corporate policies and expectations consistently across your organization. If you adopt a structured approach to compliance, you can more easily influence corporate culture and re- move the burden of fragmentation from your corporate compliance program. • The author can be contacted at melissa.lea® 16 DIRECTORS a BOARDS

Other related articles