Tag: data governance

Categories
This Week in FCPA

Episode 297 – the Ng Convicted edition


As the NY Mets have the best record in baseball and we prepare for the celebrations of Easter and Passover, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the Ng Convicted edition.
Stories

    1. Roger Ng was convicted. Tom in the FCPA Compliance and Ethics Blog.
    2. Lessons from DOJ’s first cyber fraud settlement? Annie Hudgins in the FCPA Blog.
    3. Depression as corporate materiality issue. Dick Cassin in the FCPA Blog
    4. Should CCOs be required to certify compliance programs? Mike Volkov in Corruption Crime and Compliance.
    5. CEO fined by SEC for impeding whistleblower. Aaron Nicodemus in Compliance Week. (sub req’d) Matt Kelly in Radical Compliance.
    6. How much BOD oversight of compliance is enough? Jeff Kaplan in Conflict of Interest Blog
    7. Compliance in recessionary times. Jim DeLoach in CCI.
    8. Water and corruption. Rick Messick in GAB.
    9. Why should an organization disclose diversity information? Antinuke Adrian in Harvard Law School Forum on Corporate Governance.  
    10. Data governance best practices. Eray Eliaçik in Data Economy

Podcasts and More

  1. Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during an FCPA investigation and thereafter. 
  2. Into Star Trek, then join Tom and John Champion, who is on a 15-year mission to do a podcast on every episode of Star Trek, television, movie, and animated show on the podcast MissionLogPodcast.com. In Part 1, from TOS up to the start of TNG. In Part 2, from TNG to today. 
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. 
  4. Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the code Fox200. More here
  5. Join Tom and Jay at ECI Impact 2022. Listeners to this podcast can save 20% off registration
    by entering discount code: TOM20 at checkout.
  6. Welcome back, Sam Rubenfeld.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Innovation in Compliance

The Data Confident Internal Auditor with Yusuf Moolla


 
Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.
 

 
Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world. 
 
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:

  • Data being used purely for reporting
  • The data-driven approach where the data does the talking
  • The process-focused approach
  • The hypothesis-focused approach

There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds. 
 
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom. 
 
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well. 
 
Resources
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor
 

Categories
Innovation in Compliance

Leveraging Communications as an Asset with Robert Cruz

 
Robert Cruz is the Vice President of Information Governance at Smarsh and is Tom Fox’s guest on this episode of the Innovation in Compliance Podcast. Tom and Robert talk about information and data governance, communications data strategies, and how Smarsh helps its customers mitigate risks through its platforms.  
 

 
New Communication and Risk
In the hybrid work environment employees use new communication sources such as Whatsapp, Discord, and Slack to converse daily. This poses a risk that compliance professionals are now challenged to govern since each of these technologies is different. Firms have to update their systems for this purpose and this is where Smarsh comes in. “Our communications intelligence strategy and platform helps customers bring [communication data] into a central point of control, so they can not only identify the risk but also that they can leverage this information as an asset of their business,” Robert tells Tom. These new communication sources are simply ways for companies to engage, and if leaders can engage on their clients’ terms, it can allow them to expand their markets. 
 
A Level of Complexity
Workers have started to return to the office. Tom asks Robert to share how this has impacted the hybrid work environment, and if it has added any complexity for the compliance individual. The biggest challenge for compliance is that controls need to work consistently regardless of where an individual is. “You need to be securing an individual, not securing the particular location that individual is located in,” Robert says. Compliance professionals need to make sure that they don’t have blind spots, and that their controls work regardless of technology. This has also created more areas for which compliance professionals have to be accountable. 
 
What’s Next
Communications data strategies in the coming years are not going to be heterogeneous. Robert stresses that when data is heterogeneous, it makes it difficult for people to understand. What is going to happen in the future is an acceleration in public cloud adoption and the adoption of artificial intelligence solutions. “The use of the machine to help individuals get through the volume and variety of information… are definitely on trend lines and will just become even more prominent and common across not just large enterprises but into medium size and even smaller firms in the near future,” Robert remarks to Tom.
 
Resources
Robert Cruz | LinkedIn 
Smarsh
 

Categories
Innovation in Compliance

An Evangelist for Document Governance with Jen Snyder


 
Jen Snyder is the chief evangelist at GovQA, a technology company providing compliance software for governments. Tom Fox welcomes her to this week’s show as they discuss the compliance challenges facing governments, and how her company’s software is helping combat those challenges.

Government Challenges
Tom asks Jen to explain why management of government requirements is so critical and difficult. “In the government industry, everything you’re doing is being done with government money, so everyone has the right to understand what’s being done with that money,” she remarks. She adds that many of the challenges the government faces are because the private sector is ahead in terms of documentation: while the private sector’s documents and records are digitized, the government’s are still on paper. The pandemic has mandated a remote workforce, but adapting to a new normal is not familiar to government culture, Jen remarks.
Data Governance
With data governance, there is both the tactical solution and the strategic solution. Tom asks Jen to elaborate on how GovQA helps companies in these areas. “What we do as a company is we look and follow each state’s legislative rulings on how they need to manage data,” she says. GovQA always follows the process of CEO departments and governor offices’ data governance policies. Jen expresses that with the changes of the pandemic, and the civil unrest within the US, states are now re-evaluating their policies, and with that comes new data areas that need new governance.
Being Compliant
Jen talks about the software GovQA has in assisting companies with legal holds. She iterates that the software allows the organization to build an audit trail and then stores it within specific software, so it can be accessed when necessary. Customers can feel confident that their data is protected: the company follows federal standards and guidelines and even goes further to bring in a third-party auditor. Rigid adherence to compliance standards is part of GovQA’s workplace culture, Jen emphasizes.
Resources
GovQA
Jen Snyder on LinkedIn