Categories
Compliance Week Conference Podcast

Compliance Week 2024 Speaker Preview Podcasts – Michael Rinard on the Intersection of Compliance and IT

In this episode of the Compliance Week 2024 Speaker Preview Podcasts series, Michael Rinard discusses his panel presentation at Compliance Week 2024, “Opportunities at the Intersection of Compliance and IT.” Some of the issues he will discuss in this podcast and his presentation are:

  • Compliance, CISOs, and Cyber security
  • Getting Board engagement
  • Seeing old friends, meeting new friends, and learning about new best practices at Compliance Week 2024.

I hope you can join me at Compliance Week 2024. This year’s event will be held April 2-4 at the Westin Washington, DC, Downtown. The line-up is first-rate, with some top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event, offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 19th year, join 500+ compliance, ethics, legal, and audit professionals who gather to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. Compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs, among many others, to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 80+ respected cross-industry practitioners, including CEOs, CCOs, regulators, federal officials, and practitioners, to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from panels on leadership, fraud detection, confronting regulatory change, abiding by cross-border rules and regulations, and the always-favorite fireside chats.
  • Bring actionable takeaways from various session types, including cyber, AI, Compliance, Board obligations, data-driven compliance, and many others, to your program for you to listen, learn, and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount on the registration price. Enter the discount code TFOX2024 for $200 off.

The Compliance Podcast Network produces the Compliance Week 2024 Preview Podcast series. Compliance Week sponsors this series.

Categories
Greetings and Felicitations

Great Structures Week III: The Roman Arc and Resourcing Your Compliance Program

Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this special series, I consider many structural engineering concepts are apt descriptors for an anti-corruption compliance program. In this episode 3, I consider the Roman Arch and resourcing your compliance program. Highlights include:

  • Why and how was the Roman Arch such an engineering innovation?
  • What other corporate functions can a CCO look to?
  • How does HR help facilitate through all its employee touchpoints?
  • How can IT help a CCO meet its obligations under the 2020 Update to the Evaluation of Corporate Compliance Programs?
  • How can compliance use Internal Audit as a key corporate adjunct?

Resources

 “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity,” taught by Professor Stephen Ressler from The Teaching Company.

Categories
Blog

Exiger’s Fight to Secure Supply Chains: Spotlight on Information Technology & Telecommunications

Welcome to a blog post series on Exiger’s fight to secure supply chains, sponsored by Exiger LLC. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. In Episode 3, I visit with Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management, and Andrew Lehmann, Associate Director, and discuss supply chain issues in the Information Technology & Telecommunications sectors.
We began with an overview of risks affecting the Information and Communications Technology (ICT) industry. This includes hardware and software manufacturers and service providers. Because of this dual nature, there are dual challenges for companies operating in the ICT space. Chi noted this is “largely due to their business involving so much storage of sensitive customer data and facilitating the transmission of that data worldwide. It also includes attack factors on the infrastructure they are setting up and supporting. This means that the industry has to contend with multiple types of third-party and supply chain risks.
Supply chain disruption in this industry is a critical risk factor. Lehmann noted a couple of ways to help prevent such attacks, stating a “starting point is getting a handle on whether or not you have an overreliance in your supply chain concentrated in one geographic area or perhaps one country in particular. And not just that, but you might have an overreliance on a single supplier, just one company, one manufacturing facility in one country that is specialized in producing equipment to your specifications.” So, you should look at “who are all of your direct suppliers, and then go a few levels deeper and learn more about their entire supply chain and find out how much of that is based in one country.” He pointed to printed circuit boards, where “90% of the manufacturing facilities are in Asia, primarily east Asia. More than half of those factories are in China, which gives you a lot of risks just in terms of that geographic concentration.”
In addition to the direct risk modeling, you should also consider geopolitical risk. Here think of Taiwan, one of the staunchest US allies in the world. However, it is under increasing pressure from China. The Russian invasion of Ukraine has awakened many peoples’ eyes to the risk of the overreliance on supply chain manufacturers from Taiwan. Can you diversify your supplier base in light of this information? It may well behoove you to do so sooner rather than later.
Chi noted this is “a seismic shift in how our clients think about globalization globally. Previously a company would order a server rack, not caring where the parts came from. Today we are now asking the questions and establishing frameworks for us to realize that we may need to diversify ourselves away from Taiwan’s semiconductor industry, for example, where 53% of global chips are manufactured.” That “mental shift in asking the right questions and training which we work with to ask those questions is creating real-world impacts.”
We then turned to the question of to whom should this message be directed? Chi said this was an interesting question, as it got down to “management philosophy at core.” Historically the answer would be “supply chains deal with purchasing, and purchasing is done by procurement. This meant that procurement would be the risk stewards and the risk owners that have the responsibility to look into the issues.” However, that type of thinking has greatly evolved and indeed, “overwhelmingly what we’ve seen over the last two years is that various stakeholders from across the business have really formed working groups and can consistently communicate with each other.”
All of this has helped to do away with siloes. Now “procurement is working with the IT security professionals to perform vendor reviews of software bills of material for the hardware vendors that any given firm may be purchasing.” There has also been an evolution of the Board’s thinking about the supply chain and procurement. Chi related that it had been a “collective group effort across some of the world’s largest enterprises working together. It can include the background subject matter expertise of IT, security of procurement, or even diversity and inclusivity with vendors that you might be purchasing from, which is typically seen as outside of risk management function.” It is bringing “all stakeholders in the business, putting their budgets on the line to make those decisions.”
We conclude with the role of the Board of Directors. Boards must start asking questions about their organization’s supply chain risk and risk management strategy. Chi believes a key role for a Board is to “set the tone at the top of any given organization, align the shareholders’ values and provide the strategic vision of any given enterprise.” But he cautioned that most boards’ “lack of risk detection” around the supply chain could be a limiting factor. He emphasizes that Boards should “prioritize the governance framework of the firms that they oversee to the real-world risks of what that means to their organizations.”
Join us tomorrow, where we will put the spotlight on the Defense Industrial Base.
 Resources
Skyler Chi Profile
Andrew Lehmann  Profile
Exiger Website
Exiger’s Supply Chain Explorer

Categories
ComplianceLIVE

Fun-Size Your Password Can’t Be PASSWORD123: Staying Compliant While Working From Home

Amanda zooms with show regular Chris Martin about how to stay compliant while working from home.

Check out more episodes and full episode videos at ComplianceLine.com, and don’t forget to subscribe on your favorite podcast platform!