Categories
The Ethics Movement

Corporate Compliance and Ethic Week Celebration-Stephanie Holmes on Passion Around Unlocking the Power of Data for Compliance


In this special podcast series sponsored by Convercent by One Trust, we celebrate Corporate Compliance and Ethics Week 2021. Over this podcast series, I will visit with Convercent by One Trust employees on why they are so passionate about driving ethics to the heart of business. In this third episode, I visit with Stephanie Holmes, Director of Solutions at Convercent by One Trust. Her passion is helping companies to align to do the right thing in business and unlocking the power of data by the compliance professional. Join the Convercent Converge community. It is the single best resource for information on all things ethics and compliance related. There are discussion threads, Q & A on specific topics and resources available to the compliance professional. Best of all, it is all free. Check out the Convercent Converge community by clicking here.

Categories
Compliance Kitchen

The SEC, Twitter and Penny Stock Manipulation


The SEC obtained an injunction and asset freeze to halt penny stock price manipulation on Twitter.

Categories
The Ethics Experts

Episode 096 – Donna McGrath

In this episode of The Ethics Experts, Nick welcomes Donna McGrath, leadership coach & mentor for In-House Lawyers, to the show.

Categories
Innovation in Compliance

Series Spotlight: Revolutionizing GRC with 6clicks: Part 3 – Curating and Maintaining Robust GRC Content


Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 3, I am joined Stephen Walter to discuss curating and maintaining robust GRC content.
One of the more difficult issues facing the GRC professional or someone new to the space is the seemingly complexity of the issues in GRC. They can literally be overwhelmed. In a multinational organization there will be a myriad of different regulations. Of course, there is data literally across the organization, in multiple silos. Even if the compliance or GRC professional can get access to the data, they probably cannot interpret the data or, more importantly, know how to use it going forward.
Walter said that for someone just starting out at a budding GRC program “navigating the complexities of achieving and maintaining, compliance within a number of regulations and or authorities can be quite daunting.” With all these regulatory compliance requirements, comes content needs. Curating the needed content which could be regulatory or compliance content or it could be as wide and as varied as “content assessments, audits, frameworks, best practice, risk libraries, policies, and control sets.” Providing and housing all of these can present some serious challenges. Next, overlay that content spread through different management systems like Google or SharePoint; together with mailboxes and, as Walter notes, “it really creates chaos. Next consider outdated regulations, leading to outdated risk management policies and other required internal content materials, can all equal noncompliance with the legislations.”
One interesting observation was that because risk and compliance has been elevated in organizations, right up to the Board agenda, these conversations are resonating with companies. This allows smaller companies to have more robust risk and compliance functions through the use of GRC tools and advisors. Walter is seeing much less of a top-down approach where unilateral decisions are made the top. It can now be a more bottom-up approach, democratizing the approach to risk and compliance and bringing in the people that are actually in the trenches to convey their message upward in the company as well. This can make the job of a GRC professional much easier with the wide variety of stakeholders involved, there is something for everyone. A GRC tool allows for the jettisoning of outdated methods and processes so a company can innovate itself into a better system.
We turned to the pace of change brought about by the pandemic. As I have noted elsewhere, we had three to five years of change in 2020 alone. This was certainly true of the GRC space. Walter noted that 2020 and 2021 were “massive storms for regulators.” He pointed to cyber and information security as key areas that saw massive change both in the number of cybercrimes and the regulatory responses to them. Now overlay that with the increasingly complex system of regulations and rules that companies have to navigate, such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and even the cybersecurity laws of the People’s Republic of China (PRC), and you begin to see how risk in one area has grown almost exponentially. Of course, other regulatory responses from the US to Australia have been forthcoming so multi-national organizations face a wealth of new regulatory challenges. Simply keeping up with the regulatory changes can be daunting and using spreadsheets and word documents are simply not enough in 2021.
We then discussed the pace of change both on the regulatory and technology side. Many companies are still stuck in what Walter called the “Dinosaur Age” of using basic word processing skills and tools. Regulators in each country expect companies to know, understand and follow their respective laws and regulations. What is the response of a small to medium sized organization, who is resistant to the required change management and indeed in some ways is “a weird kind of cognitive dissonance?” However, this is the precise reason “why GRC solution tools are going gangbusters for affordability reasons at the moment.” Yet Walter cautioned “you need to be careful what GRC tool you adopt and make sure it’s not just a legacy tool with a facelift.”
Walter concluded with a few thoughts on the 6clicks content library, which he termed “massively rich.” It all begins with authority documents which are the standards, laws, and regulations. From there you move down to policies, which are the measures you put in place to mitigate risk or demonstrate compliance with the controls within them. Next these controls have responsibilities, such as “who does what, how often and when the control measures, which those responsibilities are maintain the effectiveness of that control.” Those are all there already inside the 6clicks content library and you can create your own.
This allows a GRC professional or a risk and compliance professional to put all of these documents into a system and manage it all in the one place. It creates what Walter called “a single point of truth, where you can keep an eye on everything, both internally and externally with the hub and spoke, which is multi entity.” If you are at a company with multiple entities running multiple autonomous GRC programs, “you can keep an eye on that too.” Finally, the control tool authority gap analysis with an AI engine can then identify where those issues may exist. As Walter concluded, “I think once you bring all of that together, you’ve really got something very, very special.”
Join us tomorrow where we take up the topic of producing audit-ready reports with 6clicks Pixel Perfect™, with 6clicks Chief Technology Officer, Dr. Heather Buker.
For more information on 6clicks, check out their website here.

Categories
The Hill Country Podcast

Mark Tuschak on Schreiner University


Welcome to the The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth. In this podcast, recent Hill Country resident Tom Fox visits with the people and organizations that make this the most unique areas of Texas. Join Tom as he explores the people, places and their activities of the Texas Hill Country. In this episode, I visit with Mark Tuschak, Vice President for Student Recruitment, External Affairs, Marketing & Communications at Schreiner University. Schreiner has an almost 100-year history of providing top level education to the Hill Country residents (and far beyond). Some of the highlights include:

  1. How Schreiner University came into being?
  2. Schreiner has been an Institute, College and University. Can you tell us about each of these phases of the Schreiner?
  3. What makes Schreiner University so special?
  4. What are some of Schreiner University’s top academic areas?
  5. What about the Schreiner University Bar-B-Que team?
  6. What are a couple of the initiatives Schreiner has put forward in the past 3 years?
  7. How did Schreiner University weather the pandemic challenge?
  8. Why is the role of Schreiner University as much or more important than it has ever been?
  9. What will be the role of Schreiner University in education in 5-10 years?
  10. Schreiner University will be 100 next year. We are some of the plans to celebrate this milestone?

For more information on the Schreiner University, check out their website, here.

Categories
Creativity and Compliance

Corporate Compliance & Ethics Week, Part 3-Contests and Games


Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this episode Ronnie and Tom continue their five-part series on creative ideas you can use during the 2021 Corporate Compliance and Ethics Week.
In this Part 3, we introduce the use of contests and games. In this episode we discuss some of these ideas can be used to help make your compliance team and your compliance function more approachable. Tom and Ronnie both agree that Corporate Compliance and Ethics Week. initiatives must be followed up throughout the year.
Some of the ideas include:

  • Why not try a scavenger hunt through your compliance policies and procedures? You can put some fun easter eggs in different parts of the Code and have them look for it and report back. This would teach employees where to go to find out information relevant to compliance.
  • What about prizes for employees?
  • Some of the types of contests include a Lip Sync Contest and Two Truths & a Lie contest.
  • All of this should be designed to allow your employees to get to know your compliance team.

Resources:
Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.
Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.
Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.

Categories
Great Women in Compliance

Michele Abraham on What Makes Up ESG


Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
ESG, CSR, Sustainability…it seems like the thing that everyone is talking about lately.  In today’s Great Women in Compliance podcast, Lisa speaks with Michele Abraham, Senior Director – Ethics & Compliance, Associate General Counsel at Cooper Standard.  Michele is a leader in this area and has worked to integrate ethics and compliance and ESG.
She talks about what she thinks that compliance officers must to when they are starting to develop an ESG program, and also how the “E” of ESG – “environmental” is often more operational, but the “S” and “G” – Social and Governance – is at the forefront of what E&C professionals are doing today.
Michele is an advocate for Gretchen Ruben’s “The Four Tendencies,” which discusses four personality types and how to work with them.  There is a quiz, so she is asked to guess Lisa’s tendency.
And she concludes with some of the best advice she received…from her mom.
The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Retreat on DoD Cybersecurity for Contractors

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a look at the Department of Defense retreat on its cybersecurity initiative for contractors, CMMC to the new standard of CMMC 2.0.

Some of the issues we consider are:

·      What is CMMC and what morphed into CMMC 2.0?
·      Who led the charge to make these changes?
·      Do these changes help or hurt federal government overall cybersecurity?
·      Will self-assessments work?
·      New FCA claims coming?
·      What about compliance?
Resources
Matt in Radical Compliance, Pentagon Sounds Retreat on CMMC Compliance

Categories
Daily Compliance News

November 10, 2021 the Are You Effing Kidding Me edition


In today’s edition of Daily Compliance News:

  • Adam Neumann is still Adam Neumann.(NYT)
  • Librarian files request for NPAs. (Reuters)
  • Congress wants NFL emails. (WSJ)
  • BoJo integrity questioned. (Reuters)
Categories
Blog

Curating and Maintaining Robust GRC Content

I recently had the chance to visit with Stephen Walter Hhead of Marketing at 6clicks to discuss curating and maintaining robust GRC content for a sponsored podcast series. You can check out his podcast episode here. One of the more difficult issues facing the GRC professional or someone new to the space is the seemingly complexity of the issues in GRC. They can literally be overwhelmed. In a multinational organization there will be a myriad of different regulations. Of course, there is data literally across the organization, in multiple silos. Even if the compliance or GRC professional can get access to the data, they probably cannot interpret the data or, more importantly, know how to use it going forward.
Walter said that for someone just starting out at a budding GRC program “navigating the complexities of achieving and maintaining, compliance within a number of regulations and or authorities can be quite daunting.” With all these regulatory compliance requirements, comes content needs. Curating the needed content which could be regulatory or compliance content or it could be as wide and as varied as “content assessments, audits, frameworks, best practice, risk libraries, policies, and control sets.” Providing and housing all of these can present some serious challenges. Next, overlay that content spread through different management systems like Google or SharePoint; together with mailboxes and, as Walter notes, “it really creates chaos. Next consider outdated regulations, leading to outdated risk management policies and other required internal content materials, can all equal noncompliance with the legislations.”
One interesting observation was that because risk and compliance has been elevated in organizations, right up to the Board agenda, these conversations are resonating with companies. This allows smaller companies to have more robust risk and compliance functions through the use of GRC tools and advisors. Walter is seeing much less of a top-down approach where unilateral decisions are made the top. It can now be a more bottom-up approach, democratizing the approach to risk and compliance and bringing in the people that are actually in the trenches to convey their message upward in the company as well. This can make the job of a GRC professional much easier with the wide variety of stakeholders involved, there is something for everyone. A GRC tool allows for the jettisoning of outdated methods and processes so a company can innovate itself into a better system.
We turned to the pace of change brought about by the pandemic. As I have noted elsewhere, we had three to five years of change in 2020 alone. This was certainly true of the GRC space. Walter noted that 2020 and 2021 were “massive storms for regulators.” He pointed to cyber and information security as key areas that saw massive change both in the number of cybercrimes and the regulatory responses to them. Now overlay that with the increasingly complex system of regulations and rules that companies have to navigate, such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and even the cybersecurity laws of the People’s Republic of China (PRC), and you begin to see how risk in one area has grown almost exponentially. Of course, other regulatory responses from the US to Australia have been forthcoming so multi-national organizations face a wealth of new regulatory challenges. Simply keeping up with the regulatory changes can be daunting and using spreadsheets and word documents are simply not enough in 2021.
We then discussed the pace of change both on the regulatory and technology side. Many companies are still stuck in what Walter called the “Dinosaur Age” of using basic word processing skills and tools. Regulators in each country expect companies to know, understand and follow their respective laws and regulations. What is the response of a small to medium sized organization, who is resistant to the required change management and indeed in some ways is “a weird kind of cognitive dissonance?” However, this is the precise reason “why GRC solution tools are going gangbusters for affordability reasons at the moment.” Yet Walter cautioned “you need to be careful what GRC tool you adopt and make sure it’s not just a legacy tool with a facelift.”
Walter concluded with a few thoughts on the 6clicks content library, which he termed “massively rich.” It all begins with authority documents which are the standards, laws, and regulations. From there you move down to policies, which are the measures you put in place to mitigate risk or demonstrate compliance with the controls within them. Next these controls have responsibilities, such as “who does what, how often and when the control measures, which those responsibilities are maintain the effectiveness of that control.” Those are all there already inside the 6clicks content library and you can create your own.
This allows a GRC professional or a risk and compliance professional to put all of these documents into a system and manage it all in the one place. It creates what Walter called “a single point of truth, where you can keep an eye on everything, both internally and externally with the hub and spoke, which is multi entity.” If you are at a company with multiple entities running multiple autonomous GRC programs, “you can keep an eye on that too.” Finally, the control tool authority gap analysis with an AI engine can then identify where those issues may exist. As Walter concluded, “I think once you bring all of that together, you’ve really got something very, very special.”
For more information on 6clicks, check out their website here.