1 / 32

EthicsPoint Overview For NASPL Bill Piwonka September 15, 2009

EthicsPoint Overview For NASPL Bill Piwonka September 15, 2009. Loss and Investigations Management. Risk/GRC Analytics. Policy and Procedure Management. Risk and Control Management. The Four Pillars of Governance, Risk, and Compliance.

halona
Download Presentation

EthicsPoint Overview For NASPL Bill Piwonka September 15, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EthicsPoint Overview For NASPL Bill Piwonka September 15, 2009

  2. Loss and Investigations Management Risk/GRC Analytics Policy and Procedure Management Risk and Control Management The Four Pillars of Governance, Risk, and Compliance “Governance, Risk, and Compliance (GRC) is multiple roles working together in a common framework, collaboration, and architecture to bring an enterprise view across governance, risk, and compliance activities throughout the organization” - Analyst, Forrester Research

  3. Loss and Investigations Management Intake Investigation Insight Identification of Material Events Investigative Management Processes Analytic Analysis Achieve Transparency: Analyze Identify Risks Report Benchmark Evaluate Performance Look Beyond the Hotline: SystemsControlPeopleInterviewsSurveysExternal Sources Manage Investigations: Review & Analyze Investigate Evaluate Escalate Resolve

  4. 74% 46%

  5. Integrating Risk and Knowledge High Risk 0% 100% Knowledge Low

  6. Integrating Risk and Knowledge Organizational Complexity High Vertical Complexity Risk Voluntary Buffer Low 0% 100% Knowledge

  7. Integrating Risk and Knowledge Organizational Complexity High Vertical Complexity Risk Voluntary Buffer Information Gathering Systems & Technology Process Culture Low 0% 100% Knowledge

  8. Agenda • Current Process Overview & Needs • EthicsPoint Overview: • - Philosophy • - Framework • - Client Success • Compliance Complexity & the Business Case • Incident & Event Identification • - Documentation & Workflow • Assessment, Oversight, & Analytics

  9. Corporate Security Human Resources Internal Audit Facilities General Counsel CorporateCompliance Information Technology Loss Prevention Operations Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Current State of GRC (Reporting) Initiatives

  10. Human Resources Internal Audit Facilities Corporate Security General Counsel Operations Information Technology CorporateCompliance Loss Prevention Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Gathering Compliance Stakeholders

  11. EthicsPoint is committed to being a valued partner in the pursuit of a sustainable ethical culture EthicsPoint will be the leading innovator in the leveraged integration ofhotline and case management EthicsPoint will lead the market in offering new data collection methods such as web reporting and mobile input to increase the flow and quality of reports EthicsPoint is dedicated to providing scalable, intuitiveapplications to our clients Strategic Drivers

  12. The Integration of Detached, Localized Activities Convergence of Governance, Risk, & Compliance (GRC) & Business Process Improvement On-demand, Software-as-a-Service (SaaS) Delivery The EthicsPoint Philosophy Enable the transition from disconnected GRC activities to a cohesive, strategic, enterprise-level initiative by embracing a broad range of functions Control breakdowns, process irregularities, and inconsistent data can be identified and alleviated through an integrated GRC strategy Hosted, “no software or servers” solution decreases IT costs, and enables faster deployment and greater flexibility

  13. The EthicsPoint Framework

  14. EP Framework Workflow Activity or Initiative

  15. Revolutionized Hotlines with Web-Based reporting and Hosted/SaaS delivery SOX Compliance Enforced Our History Add-on strategy introduced with enhanced data integration Point of Market Convergence: 1st with Integrated Phone/Web Reporting & On-Demand Issue and Event Management client count A business case is created for integrated GRC Programs Passage of Sarbanes-Oxley (SOX) Act of 2002

  16. Our History client count Our results are clear:99.7% Client Retention

  17. Leading Fortune/Global 500 Companies, Including:

  18. Agenda • Current Process Overview & Needs • EthicsPoint Overview: • - Philosophy • - Framework • - Client Success • Compliance Complexity & the Business Case • - Incident & Event Identification • - Documentation & Workflow • - Assessment, Oversight, & Analytics

  19. GRC: Challenges & Opportunities For Global 2000 companies striving to accelerate growth and enhance business performance while meeting Governance, Risk, and Compliance (GRC) regulatory mandates, EthicsPoint offers a comprehensive system for issue, event, and loss management

  20. …With increased focus on corporate governance and enterprise risk management, firms need governance, risk, and compliance (GRC) software platforms to drive sustainability, efficiency, and consistency in managing enterprise risk and compliance. • Michael Rasmussen, VP, Forrester Research • “Overcoming Risk and Compliance Myopia”

  21. …In an economy where 70% to 80% of market value comes from hard-to-assess intangible assets such as brand equity, intellectual capital, and goodwill, organizations are especially vulnerable to anything that damages their reputations… • Robert G. Eccles, Scott C. Newquist, and Roland Schatz; • Harvard Business Review, February 2007, “Reputation and Its Risks”

  22. Changing Governance Spectrum Optimize Leverage Sustain

  23. Volume and Impact Drives Adoption High Incident Volume Facilities Issues Wage & Hour Conflict of Interest Theft Misuse of Company Resources Unethical Behavior Foreign Corrupt Practices Harassment Low Incident Volume Insider Trading Community Affairs Data Breach Illegal Activity Financial Fraud Low Impact High Impact

  24. Volume and Impact Drives Adoption HIGH INCIDENT/LOW IMPACT OCCURRENCES: - Volume dictates scalable application - Communication and process consistency - Time and activity management - Escalation and outcome review High Incident Volume Facilities Issues Wage & Hour Conflict of Interest Theft Misuse of Company Resources Unethical Behavior Foreign Corrupt Practices Harassment Low Incident Volume Insider Trading Community Affairs Data Breach Illegal Activity Financial Fraud Low Impact High Impact

  25. Volume and Impact Drives Adoption MEDIUM INCIDENT/MEDIUM IMPACT OCCURRENCES: - Increased challenges in the investigation - Inter-departmental process demands - Potential for regulatory oversight High Incident Volume Facilities Issues Wage & Hour Conflict of Interest Theft Misuse of Company Resources Unethical Behavior Foreign Corrupt Practices Harassment Low Incident Volume Insider Trading Community Affairs Data Breach Illegal Activity Financial Fraud Low Impact High Impact

  26. LOW INCIDENT/HIGH IMPACT OCCURRENCES: - Process mandates and regulation drive response - Scope of investigation includes multiple departments - Management of process - Reporting to outside agencies Volume and Impact Drives Adoption High Incident Volume Facilities Issues Wage & Hour Conflict of Interest Theft Misuse of Company Resources Unethical Behavior Foreign Corrupt Practices Harassment Low Incident Volume Insider Trading Community Affairs Data Breach Illegal Activity Financial Fraud Low Impact High Impact

  27. “To gain a total picture of organizational performance, ‘organizational silos’ must be broken down, and data from separate IT systems must be merged.” Scott Mitchell, President and CEO, OCEG

  28. Human Resources Internal Audit Facilities Corporate Security General Counsel Operations Information Technology CorporateCompliance Loss Prevention Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Gathering Compliance Stakeholders

  29. Corporate Compliance Loss Prevention Information Technology Operations Facilities General Counsel Internal Audit Human Resources Corporate Security The EthicsPoint Solution Loss Prevention Corporate Compliance Operations Information Technology Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Local Database Human Resources Corporate Security General Counsel Facilities Internal Audit Creating a Compliance Community Integrated Strategy

  30. Issue and Event Manager – The Suite A Powerful Starting Point A simple transparency solution for your hotline and compliance data Enhanced data consistency, process management, issue awareness Fully integrated with hotline/helpline Our Mid-Tier Option Focus changes from issue review and classification to the comprehensive management of people, processes, and time Single-schema database Advanced resolution management toolkit Improved executive reporting on trends Upper-Most Tier Multi-schema database: extends a common framework, supports a dynamically tailored workflow for each organizational unit Comprehensive, enterprise-wide view of risk related to key issues and outcome data

  31. Issue and Event Manager – The Suite Intake Open Door Policy Audits – Internal/External Hotline Interviews Systems ANALYTIC OPPORTUNITY

  32. EthicsPoint Issue & Event Platform Compliance Training The EthicsPoint “Reflection Point” Advantage Policy & Controls Solutions SOX 404 & 302 Risk Assessment & Management Solutions • Since 2002, billions have been spent on SOX 404 and Risk Mitigation solutions • With the changing GRC spectrum, organizations are just beginning to realize the functional gap that exists due to disparate systems and inconsistent data and process management • EthicsPoint is rapidly becoming recognized by professional service providers as the convergence solution leader

More Related