Michael Rasmussen, President of Corporate Integrity, Julian Parkin, Group Privacy Programme Director at Barclays, and John Kelly, Director at OpenPages, spoke in a webinar on taking a strategic approach to managing compliance. The webinar was sponsored by Compliance Week. These are my notes.
Michael set the stage by asking: Does your organization walk its talk? He equated risk to an iceberg. You have a big chunk of risk awareness visible to many. But 90% of it is below the surface. He equated that 90% to “risk ignorance.” As you might expect with a graphic of an iceberg, he used a Titanic metaphor.
A soloed approach to GRC leads to a lack of visibility, wasted resources, unnecessary complexity, a lack of flexibility, and vulnerability. Compliance is NOT going away. It is a business process that is only increasing in volume and complexity.
Julian took over and started with a focus on data privacy and operational risk. Many companies come into compliance because they have an “incident.” As a financial institution, they are very concerned with customer data and how their employees treat it. They focused not only on the stored data, but their hardware as well.
Barclays used this great branding tool to reinforce the message. There were several instances where they took a laptop left alone or other data source, leaving just this postcard behind. For them it is important for them to show to their customers that their information is safe with them, just as their money is safe with them.
John took over to display some of his company’s IT solutions for compliance. He pointed out that a spreadsheet fails as a compliance tool because it lacks the audit trail to show what infotmation was known when.