SAP - TINET - Tarragona Internet

(Ron) #1
Greater agility:In addition, as a company adapts and alters its business
model to reflect changes in the market or evolved goals, it will be better
able to evaluate how those changes will affect its risk and compliance
landscape and how individual scenarios interrelate. As a result, the com-
pany will be more adept and faster at developing processes and policies
to address these issues.

Drafting Governance Blueprints...................................................................


To stick with our house metaphor from earlier in the chapter: Before you can
build the house, you need a blueprint, which may include quite a bit of cus-
tomization to meet the tastes of an individual homeowner. Governance is no
different in that it must start with a plan, but that plan will be different for
individual companies and industries due to the idiosyncratic nature of a com-
pany, its regulatory environment, and the need to create a specific area of
practice for the governance organization.

For example, the pharmaceuticals and life sciences industries have strict
compliance requirements from the FDA; therefore, a governance structure
for this sector would need to incorporate the rules for FDA validation.

Given that variation, here’s an overall design map to consider following as
you develop your specific blueprint:

Create a governance office. Creating a dedicated office eliminates the
notion that governance of risk and compliance issues is some sort of
sideline job such as “Hey Ted, why don’t you organize Mary’s retirement
party, and, by the way, could you set up a governance structure for risk
and compliance?” It takes this issue and makes it part of the company’s
structure rather than allowing it to languish as an ad-hoc effort among
individual units.

The governance office is in charge of helping to populate and support the
company’s code of conduct and all risk- and compliance-related policies.
For example, the office could be in charge of investigating violations with
regard to segregation of duties policies and enforcing those policies. The
governance office is also something of a go-to point where employees and
line managers could bring questions about how to resolve issues when
two policies conflict or where a policy conflicts with a stated company
objective.
Functions of the governance office could also include fraud reporting and
prevention, diffusing and communicating policies, training on policies
and conduct, regular reporting, and coordinating compliance functions
among varying business units, to name a few.

70 Part I: Governance, Risk, and Compliance Demystified

Free download pdf