Q&A with Dennis Keglovits, VP of Services at LockPath
Maurice recently had the opportunity to interview LockPath’s Dennis Keglovits, a long-time GRC practitioner who learned early on the importance of access to and partnership with other departments. He sees the compliance function, and the role of the CCO, as changing, taking on a more strategic bent. Compliance is often known as the “land of no,” but Dennis stresses that it’s better to be “in the know” than the “one always saying ‘no.’”
Maurice Gilbert: How did you get started on a career in compliance?
Dennis Keglovits: Not many people go to college thinking “I’m going to be a career auditor.” For me, as with many, it was accidental. Working with an oil company, personal circumstances put me in a position of moving to Dallas (coincidentally, the corporate office location), where my contacts assisted me in securing a role with the company’s internal audit team. So, I packed up the car, and the next week, I entered the life of corporate compliance.
MG: Who helped shape your views?
DK: My first managers were great mentors. They taught me that internal audit and compliance provides access to all functions, the ability to learn the entire business. It was never one department that we were auditing, but rather following the issues, the risks, the company’s strategy. It was this variety that was exciting to me.
MG: How do you stay current on ethics and compliance issues?
DK: That can be one of the hardest questions for compliance professionals to answer. Personally, I read industry publications, books and blogs, and I attend conferences. But most importantly, surround yourself with smart people (through hiring and networking) to stay on top of the issues.
MG: What are some of the significant issues facing CCOs, Risk Managers, etc.?
DK: The biggest issue is getting involved with other departments. As a compliance or risk professional, you’re often on the outside. To other departments, you’re the one that says “no” or says “we can’t do this” – the roadblock. They only see this negative side of compliance and audit. This perception can make it difficult to get involved in the things that matter to the organization. So, it is important to (1) teach them, help them understand the benefits of your service, and (2) work with management to include yourself in key opportunities (e.g., acquisitions). As a result, you will understand the company culture, strategy and objectives. It’s better to be in the “know” than the one always saying “no.”
MG: What do you believe is the optimal reporting structure for the CCO and why?
DK: For me, the optimal reporting structure for the CCO is to the board of directors and, indirectly or administratively, to the CEO. In the worst case, a dotted line to the board should be present, and in the best case, a direct line. Without this, the CCO may be significantly limited in scope and backing, reporting to someone without the necessary clout or desire when needed.
MG: How do you see the CCO role evolving within the next three years?
DK: The CCO role is moving toward increased involvement in strategic objectives. This means setting policies, driving change, and becoming an integral part of the decision-making process.
Over the next few years, CCOs must become more proactive in their programs, meaning they need to push toward best practices for policy management, build more comprehensive risk assessments, etc., rather than just doing the minimum to comply. These best practices will empower them to ferret out deep-rooted issues before they are caught by a regulator or otherwise. While CCOs will never be able to prevent all compliance issues from occurring, formulating clear compliance and risk management processes can help to minimize disastrous events.
MG: What do you see as the greatest business risks facing companies today?
DK: Companies have risks coming at them from all directions, so being able to analyze, predict and manage risks is key. With more companies maturing their risk management programs, companies that fail to do this are giving their competitors an advantage.
MG: What do you see as the greatest regulatory risks facing companies today?
DK: The greatest regulatory risk is the next regulation the company must comply with, sometimes the unknown. With new regulations coming down the pipeline continuously (e.g., GDPR), the ability to quickly comply with the next one is crucial. That means having a strong grasp on the current regulations affecting your business and having a strategy to manage them all simultaneously. Taking regulations one at a time is very costly and inefficient. With a do-once-solve-many strategy, companies can do more with less and ensure they are ready for the next compliance challenge, which may be bigger than the last.
MG: How might Chief Compliance Officers, Chief Audit Officers and Chief Risk Officers prepare to face these risks?
DK: First and foremost, they must put a formal risk management program in place and stick to it. It may not always be popular, but you must formalize it. You can’t “wing it”. Simply hiring people with the right degrees or certifications isn’t going to cut it either. You need to have the right process, team and technology in place. That may include using a combination of resources, whether that’s co-sourcing with an outside party or utilizing a tool like the Keylight Platform to support those processes you have in place.
MG: How does your company help its clients mitigate risk?
DK: We offer a risk management tool that provides the basis and support for our clients’ processes. Our Keylight Platform helps to manage, automate and strengthen the company’s risk management process.
Even for companies with a formal process, if it’s all manual, mitigating risk in a timely and effective manner is unlikely. Having a tool like Keylight to support the process makes the compliance, risk and audit teams much more efficient and effective.
MG: What new service offerings do you have in the queue?
DK: One new addition we have is Keylight Managed Services, which helps to bring the right resources and a formal methodology to the plate for our customers by providing day-to-day GRC program administration support. We’re currently focused on services for vendor and incident management, but compliance and health and safety management are the next line for us.
We have also just updated our Keylight Platform with a new application, Health and Safety Manager. This new addition will help organizations to strengthen workplace safety, encourage workplace safety collaboratio and meet regulatory compliance obligations. Risks identified in Health and Safety Manager can be viewed within the context of an organization’s overall risk posture, providing executives with visibility into the impact on the organization.
MG: Compliance departments are often asked to accomplish their work with limited resources… do you see this situation changing anytime soon?
DK: No. Profitability, margins and the economy will continue to be factors limiting the amount of money companies and compliance departments have to spend. While compliance teams may not see more funding, they can employ technology to cut expenses and to make more informed decisions. And that’s where our platform becomes an asset.
Dennis Keglovits is Vice President of Services at LockPath. With more than 20 years as a recognized leader in the professional services industry, Dennis Keglovits leads LockPath’s support, education and professional services’ teams – created to assist clients in the deployment and ongoing support of their clients. Previously, Keglovits served in regional and national leadership roles for international consulting firms, tasked with delivering creative solutions to some of the world’s most established brands. During this time, he was awarded multiple national achievement awards for his work related to large project management and product development.