Rees Morrison, publisher of Law Department Management, is hosting a series of articles on Cost-effective Compliance Risk Assessment. This series is written by Jeff Kaplan of Kaplan & Walker LLP.
The first article was on Three trends regarding the costs of ineffective compliance. Jeff first focused on the increasing occurrence of the “mega fine.” Then noted that desperate times tend to breed desperate deeds. Lastly he noted that the new attorney-general is the same official who set compliance and ethics standards as part of the DOJ’s enforcement decisions.
The second article was on non-costly ways to achieve C&E program successes. Jeff noted that it is more cost-efficient to build the compliance assessment into other functions.
The third article focused on how to embed risk assessment into the process of drafting “third-party” codes of conduct. Jeff points out that handing your employee to third parties will just lead to confusion. In drafting a code, make sure you elicit comments from the people in the company with direct third party dealings.
Compliance initiatives are indeed taking a seat at the forefront of corporations these days. As you mentioned, the increasing occurence of ‘mega fines’ has highlighted the heightened need for compliance initiatives and oversight/risk management as desperate times lead to desperate deeds.
Many companies find it difficult to handle their risk, compliance, and governance (GRC) initiatives properly. If these GRC programs are not handled and managed properly then they can often be a complete waste of money. My company uses Process Management software to handle our GRC initiatives. The program allows you to map your processes and associate risks, compliance controls, and governance controls directly to each process activity. The entire program is build around one central repository for everything from company processes to documents and spreadsheets.
I’d suggest taking a look at the attached literature, it is a very useful program – they even have a 100% free bpmn modeler plug-in for microsoft visio.