In this special podcast series sponsored by Convercent by One Trust we celebrate Corporate Compliance and Ethics Week 2021. Over this podcast series, I will visit with Convercent by One Trust employees on why they are so passionate about driving ethics to the heart of business. In this fourth episode, I visit with Autumn Sanelli, Senior Director of Professional Services at Convercent by One Trust. Her passion is in helping companies to evolve their ethics and compliance programs through employee engagement and continuous monitoring leading to continuous improvement. Join the Convercent Converge community. It is the single best resource for information on all things ethics and compliance related. There are discussion threads, Q & A on specific topics and resources available to the compliance professional. Best of all, it is all free. Check out the Convercent Converge community by clicking here.
Author: admin
Welcome to the Greetings and Felicitations, a podcast where I explore topics which might not seem to be directly related to compliance but clearly influence our profession. In this episode, I visit with Detective Ed Gillespie, from the Baltimore Police Department, who has incorporated the writing of poetry into his police work. We also talk about why a humanities approach to instructing police academy cadets can bring real change in policing. Some of the highlights include:
- Background of Ed Gillespie and why 9/11 changed him forever?
- What led to writing poetry?
- Poetry as therapy.
- Connections to the War Poets.
- Teaching poetry at the Baltimore Police Academy.
6. Some of Detective Gillespie’s favorite poems.
Resources
Email: Doylegillespie@yahoo.com
Facebook: https://m.facebook.com/pg/edoylegillespie/photos/
Gentrifying the Plague House-poetry by Ed Gillespie
Policeman Poet of Baltimore
Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this episode Ronnie and Tom continue their five-part series on creative ideas you can use during the 2021 Corporate Compliance and Ethics Week.
In this Part 4, we introduce the idea of bringing outside speakers and having them visit with your employees. You can expand this to a keynote talk, all of which is designed to help build your compliance brand within your organization. Tom and Ronnie both agree that Corporate Compliance and Ethics Week initiatives must be followed up throughout the year.
Some of the ideas include:
- One of the ideas Ronnie put forward was to have an Art Show around compliance.
- How about a nationally or even internationally famous Keynote Speaker around business ethics?
- Someone from outside your organization might well have more credibility on overall ethics.
- The speakers should give your employees pause to think more about business ethics and compliance.
Resources:
Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.
Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.
Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.
Categories
Stablecoin
The US government issues a report and recommendation on Stablecoin. Tune in for more on this
I recently had the chance to visit with 6clicks Chief Technology Officer, Dr. Heather Buker and we take up producing an audit-ready report with 6clicks Pixel Perfect™ for a sponsored podcast series. You can check out her episode here.
Buker is the transitional resource who takes the engineering and tech part of the 6clicks solution and puts it into a workable solution for customers. She says of herself, “you can see me, affectionately, as a translator if you will of the product and functionality and how that translates to business use cases, value propositions and things that clients really care about.” She went on to note, “functionality is only as good as the value proposition that it serves. I am here to make sure that those two things meet. I’m kind of the bridge.”
It used to be that the byword for data and data processing was GIGO (garbage in, garbage out). However, now it has evolved to “data is only as good as what you can get out of it. So, it’s not enough to just collect the data and give organizations a sort of single source of truth for their GRC programs anymore. Right? That’s what every SAS solution in the GRC space is really striving for. But, furthermore, users want easy, efficient ways to get that data out of the tool. So, it’s always a bit of an uphill battle when it comes to reporting, you know, there’s a constant flow of new requirements. Every organization has a different use case that needs supporting et cetera, and users have to be able to get their GRC data out of the tool and make it digestible for a wide variety of audiences. And that’s really the key right there. The wide variety of audiences we’re trying to satisfy with reporting needs, what good is it to track their risk and compliance data? If they can’t show/prove to an auditor or their Board members on their current risk posture at the monthly meeting, simply put it isn’t. So, assets reporting is, and frankly always will be, a critical piece of the GRC SAS solution puzzle”.
The problem that the 6clicks Pixel Perfect™ helps solve is repeatability. As Buker explained, “The more we can make GRC processes repeatable, even when it comes to reporting, the easier our platform will be to use and the more widely adopted we can become. To solve for this in the reporting world, we decided to automate report generation.” I asked her for an example, and she said, “6clicks Pixel Perfect™ can take a completed PCI DSS assessment and return Section Six of the report on compliance, filled out an audit ready.” This means a template mandated by the Security Standards Council to drive this functionality and ensure the report is ready to be submitted and properly formatted when generated. All an organization has to do is complete their PCI assessment and the platform will perform our “6clicks magic on the other side and deliver the PCI form from those assessment results minus all of the hassle. We are talking hours upon hours of time savings for QSAs merchants and others on their engagements.”
We concluded with some of Buker’s thoughts on how multiple stakeholders can use the information that 6clicks Pixel Perfect™ solution creates, up and down the chain in an organization, literally from the technical folks on the front lines up to the Board of Directors. She emphasized “what this functionality has to be, has to be up and down, high level, low level, right to Board members who have their monthly meeting or senior management that maybe, managing multiple projects across various lines of business. They don’t always know what they’re looking at when they look at some of these low-level risk, detailed reports or even data in general. We must make it digestible for them. We have to make it meaningful for them. We have to be able to produce reports and analytics at a really high level.”
Buker had a great phrase, that it all has to be in an “accordion range. That is, from highest level to lowest level and then back. And that’s really like the secret sauce of reporting and analytics in the GRC space. Being able to take it full circle from driving change to implementing change and all of the various levels in any organization.”
For more information on 6clicks, check out their website here.
In this special podcast series sponsored by Convercent by One Trust, we celebrate Corporate Compliance and Ethics Week 2021. Over this podcast series, I will visit with Convercent by One Trust employees on why they are so passionate about driving ethics to the heart of business. In this third episode, I visit with Stephanie Holmes, Director of Solutions at Convercent by One Trust. Her passion is helping companies to align to do the right thing in business and unlocking the power of data by the compliance professional. Join the Convercent Converge community. It is the single best resource for information on all things ethics and compliance related. There are discussion threads, Q & A on specific topics and resources available to the compliance professional. Best of all, it is all free. Check out the Convercent Converge community by clicking here.
The SEC obtained an injunction and asset freeze to halt penny stock price manipulation on Twitter.
Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 3, I am joined Stephen Walter to discuss curating and maintaining robust GRC content.
One of the more difficult issues facing the GRC professional or someone new to the space is the seemingly complexity of the issues in GRC. They can literally be overwhelmed. In a multinational organization there will be a myriad of different regulations. Of course, there is data literally across the organization, in multiple silos. Even if the compliance or GRC professional can get access to the data, they probably cannot interpret the data or, more importantly, know how to use it going forward.
Walter said that for someone just starting out at a budding GRC program “navigating the complexities of achieving and maintaining, compliance within a number of regulations and or authorities can be quite daunting.” With all these regulatory compliance requirements, comes content needs. Curating the needed content which could be regulatory or compliance content or it could be as wide and as varied as “content assessments, audits, frameworks, best practice, risk libraries, policies, and control sets.” Providing and housing all of these can present some serious challenges. Next, overlay that content spread through different management systems like Google or SharePoint; together with mailboxes and, as Walter notes, “it really creates chaos. Next consider outdated regulations, leading to outdated risk management policies and other required internal content materials, can all equal noncompliance with the legislations.”
One interesting observation was that because risk and compliance has been elevated in organizations, right up to the Board agenda, these conversations are resonating with companies. This allows smaller companies to have more robust risk and compliance functions through the use of GRC tools and advisors. Walter is seeing much less of a top-down approach where unilateral decisions are made the top. It can now be a more bottom-up approach, democratizing the approach to risk and compliance and bringing in the people that are actually in the trenches to convey their message upward in the company as well. This can make the job of a GRC professional much easier with the wide variety of stakeholders involved, there is something for everyone. A GRC tool allows for the jettisoning of outdated methods and processes so a company can innovate itself into a better system.
We turned to the pace of change brought about by the pandemic. As I have noted elsewhere, we had three to five years of change in 2020 alone. This was certainly true of the GRC space. Walter noted that 2020 and 2021 were “massive storms for regulators.” He pointed to cyber and information security as key areas that saw massive change both in the number of cybercrimes and the regulatory responses to them. Now overlay that with the increasingly complex system of regulations and rules that companies have to navigate, such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and even the cybersecurity laws of the People’s Republic of China (PRC), and you begin to see how risk in one area has grown almost exponentially. Of course, other regulatory responses from the US to Australia have been forthcoming so multi-national organizations face a wealth of new regulatory challenges. Simply keeping up with the regulatory changes can be daunting and using spreadsheets and word documents are simply not enough in 2021.
We then discussed the pace of change both on the regulatory and technology side. Many companies are still stuck in what Walter called the “Dinosaur Age” of using basic word processing skills and tools. Regulators in each country expect companies to know, understand and follow their respective laws and regulations. What is the response of a small to medium sized organization, who is resistant to the required change management and indeed in some ways is “a weird kind of cognitive dissonance?” However, this is the precise reason “why GRC solution tools are going gangbusters for affordability reasons at the moment.” Yet Walter cautioned “you need to be careful what GRC tool you adopt and make sure it’s not just a legacy tool with a facelift.”
Walter concluded with a few thoughts on the 6clicks content library, which he termed “massively rich.” It all begins with authority documents which are the standards, laws, and regulations. From there you move down to policies, which are the measures you put in place to mitigate risk or demonstrate compliance with the controls within them. Next these controls have responsibilities, such as “who does what, how often and when the control measures, which those responsibilities are maintain the effectiveness of that control.” Those are all there already inside the 6clicks content library and you can create your own.
This allows a GRC professional or a risk and compliance professional to put all of these documents into a system and manage it all in the one place. It creates what Walter called “a single point of truth, where you can keep an eye on everything, both internally and externally with the hub and spoke, which is multi entity.” If you are at a company with multiple entities running multiple autonomous GRC programs, “you can keep an eye on that too.” Finally, the control tool authority gap analysis with an AI engine can then identify where those issues may exist. As Walter concluded, “I think once you bring all of that together, you’ve really got something very, very special.”
Join us tomorrow where we take up the topic of producing audit-ready reports with 6clicks Pixel Perfect™, with 6clicks Chief Technology Officer, Dr. Heather Buker.
For more information on 6clicks, check out their website here.
Welcome to the The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth. In this podcast, recent Hill Country resident Tom Fox visits with the people and organizations that make this the most unique areas of Texas. Join Tom as he explores the people, places and their activities of the Texas Hill Country. In this episode, I visit with Mark Tuschak, Vice President for Student Recruitment, External Affairs, Marketing & Communications at Schreiner University. Schreiner has an almost 100-year history of providing top level education to the Hill Country residents (and far beyond). Some of the highlights include:
- How Schreiner University came into being?
- Schreiner has been an Institute, College and University. Can you tell us about each of these phases of the Schreiner?
- What makes Schreiner University so special?
- What are some of Schreiner University’s top academic areas?
- What about the Schreiner University Bar-B-Que team?
- What are a couple of the initiatives Schreiner has put forward in the past 3 years?
- How did Schreiner University weather the pandemic challenge?
- Why is the role of Schreiner University as much or more important than it has ever been?
- What will be the role of Schreiner University in education in 5-10 years?
- Schreiner University will be 100 next year. We are some of the plans to celebrate this milestone?
For more information on the Schreiner University, check out their website, here.