Welcome to The Ethics Movement, special podcast series highlighting Converge21 The Workshop Edition. This podcast series will feature some of the speakers at the event. You can find out more information about the event and register here. In this podcast, I visit with Carsten Tams, Founder & CEO at EMAGENCE, who will lead the discussion on the Workshop, EMEA: Pragmatic Anti-Retaliation to Meet the EU Whistleblower Directive US: Anti-Retaliation Measures that Stand in the New Age of Whistleblowing. Rising retaliation rates calls for a mindset shift. You’ll define your biggest challenges, Carsten and team will bring the framework to overcome them.
Day: May 4, 2021
Neste episódio, falamos com o ex-ministro da Justiça do Brasil Sergio Moro sobre o crescimento dos programas de compliance no Brasil e como as autoridades brasileiras avaliam os programas de compliance.
Apple Podcasts * Spotify * Amazon Music * Google Podcasts * Stitcher
Questões? Contato com podcasts@milchev.com.
*Esse episódio está em portugues.*
Categories
Episode 1 – The Risk of Timing
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by the Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation. Today’s episode is all about disasters and the unpleasant situations that companies find themselves in. Know more about timing risks and why you should care about when things happen just as much as why they happen accordingly.
Major takeaways discussed in the episode:
- People are the biggest risk. Humans make choices, and 95% percent of breaches at companies are the result of human error.
- Ensure having a second set of eyes on every process. And that’s particularly important in compliance. Having a situation where something that was apparently routine but because of timing has moved to a higher risk can be mitigated by having someone else review the process is an appropriate step.
- Compliance practitioners must have a necessary conversation with leadership, the board, and whoever ultimately is in charge to calibrate and communicate; what kind of risks is your organization willing to put up with on a daily basis?
- Go out there and make people trust the humans in your compliance team that you are open, you care, and you are diligent in your job that if they report something, it will be appropriately investigated. Doing so is how you build the culture of trust.
✅ Connect with Kortney Nordrum:
Twitter: @nordrumlaw
✅ About Thomas Fox:
Thomas Fox, the Compliance Evangelist®, is one of the leading writers, thinkers, and commentators on anti-bribery and anti-corruption compliance. In this latest edition of The Compliance Handbook, he continues to arm seasoned compliance professionals and those new to the realm with the practical, actionable guidance and tools needed to design, create, implement and continually enhance a best practices compliance program.
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management and business ethics, the Compliance Podcast Network. For more information contact Tom Fox at tfox@tfoxlaw.com.
Justin Beals is the CEO and co-founder of Strike Graph, a company helping customers get through their cybersecurity audits. He’s a serial entrepreneur with expertise in AI, cybersecurity, and governance. He founded Strike Graph with the goal to make cybersecurity standards easy to understand and easily accessible. Tom Fox welcomes him to this week’s show to discuss cybersecurity, auditing, and building maturity within an organization.
SOC/SOC2 Audit
Justin explains to Tom the origins of SOC: it was created to ensure that third-party vendors who trade with public companies, and the public companies themselves, were implementing effective cybersecurity practices. SOC2 Audit is a cybersecurity standard that focuses on security within an organization in a number of ways including HR practices, code of conduct, and other compliance liability issues. SOC2 analysis is about how data is encrypted and how new codes get put on servers. “The achievement of something like a SOC2 represents two things: one is an organizational maturity and the second is an assessment of that maturity by an independent party,” Justin tells Tom.
Trust is Currency
Tom asks Justin to share a few tips for when hiring a SOC2 auditor and why it is necessary. “The selection of the right auditor is important strategically because you’re going to want to work with them for a while. Generally, you want to go back to the same auditor [because] it’s more efficient,” Justin responds. Auditors we are familiar with know our practices and can measure them well. He points out that buyers and investors will pick the more trusted company; a company that has done a SOC2 audit is preferred over a company that hasn’t. Trust is what drives them and is what will influence buyers’ decisions.
COVID-19 and What’s Next
Tom asks Justin to reflect on how the pandemic has affected Strike Graph. Justin remarks that his business was established during the pandemic and is a remote work organization. He adds that interest has grown due to the pandemic, and it helped build his company’s success. With the pandemic, certifications and audits are great tools that can help build trust with customers. Justin remarks that in the future, it’s going to be more commonplace to expect vendors to share any form of private information to achieve audits or certifications.
Resources
Justin Beals | LinkedIn | Twitter
StrikeGraph.com
