Categories
31 Days to More Effective Compliance Programs

Day 12 of One Month to Better 3rd Party Management – Auditing of Third Parties

Auditing third parties is critical to any best practices compliance program and an important tool in operationalizing your compliance program. This is a key manner in which a company can manage the third-party relationship after the contract is signed and which the government will expect you to engage in going forward. As stated in the 2020 Update, under the section entitled, Management of Relationships, is the following query: Does the company have audit rights to analyze the books and accounts of third parties and has the company exercised those rights in the past? This means you must not only have audit rights but also exercise them.

 Three key takeaways:

1. Be prepared.

2. It is not an investigative interview but an audit interview.

3. Listen, listen, and listen.

Categories
SBR - Authors' Podcast

Jon May ‘Who Says You Can’t’

Welcome to the Sunday Book Review, the Authors Podcast! On this episode, Tom as he welcomes Jon May, a seasoned compliance expert and author of the book “Who Says You Can’t?” to this week’s episode of Sunday Book Review-Author’s Edition.

In this engaging podcast, Tom and Jon discuss their favorite cases, including John Adams’ defense of British soldiers in the Boston Massacre and the tactics used to establish their innocence. They also cover topics such as fraudulent activity, white-collar criminal defense, and discussing the delicate balance between protecting civil liberties and fighting criminal activity. Jon’s unique perspective and experience in the field make for an informative and thought-provoking discussion you won’t want to miss. Tune in now to gain insights into compliance and to learn more about Jon’s book and practice.

Tune into Sunday Book Review-Author’s Edition for an exceptional conversation about how to live according to values and make great things happen. This fascinating podcast will surely bring insights, discussion, and knowledge to the forefront. Don’t miss Sunday Book Review-Author’s Edition and get an insightful look into the power of living out your values.

Key Highlights Include

·      Jon May’s Career and Compliance Interest

·      Motivation for Writing and John Adams’ Defense

·      Jury selection and criminal defense strategies

·      Corporate executives and prosecution

Notable Quotes

1.     “Over and over again, it is a master class in how to do a closing argument.”

2.     “In each of my articles, I found a different tactical problem that I tried to develop the best practices for where they weren’t any best practices.”

3.     “Adams found the perfect way of having the jurors see what was facing the soldiers, what how the mob looked to the soldiers looking through their eyes so that they could feel the chunks of ice being thrown.”

4.     ” If Tom Fox said yes that I put it in a book, hey, you know, he has that much confidence in me.”

Resources

Jon May 

On Creative Criminal Defense Consultants

Who Says You Can’t: Strategy and Tactics for Becoming a More Creative Criminal Defense Lawyer

 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Innovation in Compliance

Building Trust Through Compliance with Girish Redekar

Building trust is a key component of any successful business, but in today’s world, trust is increasingly linked to compliance. On this episode of Innovation in Compliance, Tom Fox hosts Girish Redekar, co-founder and CEO of Sprinto. Girish shares his insights on the overwhelming nature of compliance, the benefits of frameworks like SOC 2 and ISO 27001, and the importance of building trust through compliance.

Girish Redekar is the co-founder and CEO of Sprinto, a software company that provides an automated solution for achieving and maintaining compliance for other software companies. Girish is a software engineer by trade and has a wealth of experience in running and managing software businesses. Prior to founding Sprinto, he ran a software company called Recruiter Box, where he wrote a bulk of the early code and managed teams, as well as ran product marketing.

 

You’ll hear Girish and Tom discuss:

  • Going through the compliance process can help companies holistically view their organization and think about what it really takes to secure the data that they are handling on their customers’ behalf. 
  • Sprinto translates SOC 2 and ISO programs into specific security practices to run in your company and automate those practices, which can make it ten times faster and a lot less overwhelming.
  • Frameworks like SOC 2 and ISO 27001 provide a standardized form of building a security program that both companies and customers can trust. “What that means is that if I claim that I am SOC 2 compliant and I can provide documentation to the same, you as my customer can actually trust the documentation and have some assurance that I do indeed run these security practices,” Girish remarks. 
  • The compliance stack is a list of tools that you would use to become compliant, or maintain a security posture.
  • Sprinto’s security and compliance platform includes risk management, compliance management, vulnerability management, and incident management features.
  • A compliance command center allows you to look at all manner of security risks through “a single pane of glass”. The command center gives you one place where you can monitor what’s happening in your company and how to mitigate it. 
  • Girish notes that people are often the weakest link in a company’s security and that security leaders worry about employees inadvertently sharing credentials or falling victim to social engineering attacks.
  • Concerns around cybersecurity are relatively similar across the globe.
  • Ransomware attacks were a major concern for security leaders in 2022, and cybersecurity insurance is becoming increasingly popular as a means of protecting against such attacks.

 

KEY QUOTES

“Think of SoC 2 and ISO… they’re no different than SATs. …you write SATs and you have like one score and then that you can use across colleges. SoC 2 and ISO are not very different than that.” – Girish Redekar

 

“It’s pretty fascinating that a standard should emerge out of just the way people want to build trust in the way they do business.” – Girish Redekar 

 

“…the way I think about a compliance command center is nothing but a single pane of glass where you get to see exactly what your security and your compliance posture is, where the gaps are.” – Girish Redekar 

 

Resources

Girish Redekar on LinkedIn | Twitter

Sprinto

Categories
Daily Compliance News

April 18, 2023 – The Wall Street Reckoning Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Sex + BMW=gross corruption in Norway. (The Guardian)
  • Wall Street reckoning coming over Jeffrey Epstein. (NYMagazine)
  • DeSantis threatens punitive action against Disney. (NYT)
  • SEC charges Brittrex. (Reuters)
Categories
Data Driven Compliance

Anil Karmel on Revolutionizing Compliance with RegOps

Data Driven Compliance, hosted by Tom Fox, is a podcast featuring an in-depth conversation about the uses of data and data analytics in compliance programs. In this episode, host Tom Fox visits with Anil Karmel, co-founder of RegScale. They delve into the issue of compliance at scale. They discuss the concept of DevOps and how it can be applied to compliance through a discipline called “RegOps.” It emphasizes automating compliance to create a near-real-time process while providing a good user experience.

As a co-founder of RegScale, Karmel discusses their journey of cultural transformation in compliance, creating an API-centric platform to provide real-time evidence and automated reporting for compliance gaps. We highlight the need for a philosophical change in compliance and discuss the evolving regulatory and business landscape. Don’t miss out on this insightful podcast episode!

Key Highlights

·      Scalable Compliance Solutions

·      Reg Ops: Applying DevOps to Compliance

·      Streamlining Compliance Reporting with Real-time Information

·      RegScale: Solving Compliance Challenges for Enterprises

·      Modernizing Compliance through Regulatory Operations Approach

Notable Quotes

“Realize this manual paper-based process of trying to demonstrate regulatory compliance is just not something that can be scaled manually.”

“It needs to be easier for the producer and consumer to produce and consume the content.”

“You can present the status of your compliance program, where your gaps are in near real-time, where the associated risks are, and the cost to remediate.”

“Unless there is this transformation of how we do our jobs by leveraging a regulatory operations approach to leverage the best of the machine and the best of the human, we’re already behind the eight ball.”

 Resources

Anil Karmel on LinkedIn

RegScale

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn