Two Perspectives for your program: Operating and Governance
You can download a full copy of the slides from this webinar.
Full transcript available below:
Hello, everyone, and welcome to today's webinar hosted by me, Joe Boyhan, of MCO and third-party risk expert and president of ONTALA Linda Tuck Chapman.
Okay. Basically, I like frameworks. I mean, that's kind of what the business world teaches you. If you think about your program from two perspectives, it's two sides of the same coin. Your operating framework is all about the life cycle. How do you actually recognize something is happening, bring it through due diligence. Take it into contracting. Make sure you're complying. Stay on top of it. Make sure the business, assess the risk, et cetera. That's really designing the workflow and the processes and the tools, and who's going to do what when, and how often is part of your overall operating framework. The best idea is to standardize them, put repeatable processes in place, and then put that risk-adjustment lens on it.
|
That will make it easier for you to have a single program because I know early days people were concerned that basically you couldn't create a program for a multitude of relationships that they don't on the surface appear to have a lot in common. In your operating framework and your due diligence, typically for a financial services company you can have 20 or 25 different risk categories that you may wish to consider. If you're in a different industry, you're going to have a different set so, for example, food services could have several hundred that they're concerned about. What you'll find if you develop a program that is robust, is that there are many that are common to all. |
||
|
There is information security, privacy, business continuity management, perhaps anti-money laundering. There may be fraud opportunities. You're going to look at insurance and compliance risk, and contract risk, et cetera, and so when you start to think about it, that's why it's not that hard to build a single program for the company. The other side of the coin is where does governance sit? I know governance is a bit of an overused word, but I'm talking about governance in the actual purest sense. You have a board of directors. You have senior management and you have enterprise risk management if you're in that larger company. That really is the overall governance for the company. Where did you fit in? Where does this fit in? |
||
|
That's really the governance framework, which is it's really all about the controls and the visibility. Many companies have put in place a third-party management oversight committee and as you go through the program, I've already liked to have these in place. |
||
|
They're a great sounding board, and can provide strategic oversight but, also, you're going to start to run into things that happen in the business and so you need a point of escalation and senior enough people who can make decisions whether or not it's acceptable to step outside some of your risk tolerance or to not meet the criteria and that's why you want to put in place things like KRIs and your risk appetite and it's a particularly effective challenge because it is your responsibility in the second line of defense to challenge things that are not good for the company but, by the same token, you also need yourself in the line of sight, so having an oversight committee is probably a good idea to help make those decisions. |
||
|
This is really two sides of the same coin and you really do need to be build both of these, even if you're building on a phased basis.
This webinar was co-hosted with Linda Tuck Chapman of Ontala Performance Solutions. |
Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation.
