Mammoth Risks and the Future of Compliance

Q&A with Rajeev Gubbala, Co-Founder of AppZen

CCI’s Publisher, Maurice Gilbert, chats with Rajeev Gubbala, Co-Founder and Head of Engineering Operations and Compliance at AppZen. The company’s is a leader in automated audit technology, offering the first artificial intelligence (AI) solution for back-office automation.

Maurice Gilbert: How did you get started on a career in compliance?

Rajeev Gubbala: Well, at a startup you need to wear many different hats all at the same time. AppZen was no different for me. As a resource handling engineering, customer success and technical operations at one point, I was the most qualified to establish compliance at AppZen as we grew as a company.

MG: Who helped shape your views?

RG: Our CTO Kunal Verma. In his words, “of all the engineering excellence, security and compliance are the most important things.”

MG: How do you stay current on ethics and compliance issues?

RG: Typically from magazines and publications from SCCE and similar organizations.

MG: What are some of the most significant issues facing CCOs, Risk Managers, etc.?

RG: Changes in laws relating to compliance, like the GDPR, that need to be enforced at every level of the company. Then there are technological advancements that pop up; they must be compliant as well. A CCO needs to be at least one step ahead of the technology to understand the implication of these changes. And the biggest I believe is employee compliance fatigue; people get worn out by the same messages about compliance over and over.

MG: What do you believe is the optimal reporting structure for the CCO and why?

RG: It depends on the company and its operations. For example, AppZen is a technology-driven company with all operations in the cloud. It becomes imperative to work closely on the technology front. So, the reporting hierarchy is CTO on the top of the compliance office.

MG: How do you affect change within your clients’ environments?

RG: As a SaaS company, AppZen has proprietary technology and processes that seldom require change in a client’s environment. This works much better for us.

MG: How do you see the CCO role evolving within the next three years?

RG: Well, currently, I am responsible for both compliance and techops, and I believe, as we penetrate more into European markets, this role will evolve to completely focus on the compliance aspects of operations. There are lots of challenges out there with specific compliance needs in specific regions. We’re only in the first chapter of a long, yet-to-be written book on data privacy and GDPR.

MG: What do you see as the greatest business risks facing companies today?

RG: Loss of reputation and brand value are the biggest risks. With so many data breaches, even for very well- established companies, this risk is greater than ever.

MG: What do you see as the greatest regulatory risks facing companies today?

RG: Managing the risk with complex risk calculations is the biggest challenge. Real-time risk calculation is very difficult with so many dynamic parts, such as infrastructure changes, application changes and operational changes. Many companies fall behind reacting to risk instead of proactively tracking and planning ahead.

MG: How does your company help its clients mitigate risk?

RG: AppZen takes information security extremely seriously. We have very knowledgeable clients, like Amazon, Citi and Intuit demanding data privacy. We therefore adopt the best in the industry for our information security projects. We have also completed many certifications, including SOC1 – Type2, SOC2 – Type2 and ISO 27001 – and we are GDPR compliant.

MG: What new service offerings do you have in the queue?

RG: We are building an invoice audit product that will be our next big thing.

MG: Compliance departments are often asked to accomplish their work with limited resources … do you see this situation changing any time soon?

RG: That’s where AppZen comes in. Our automated audits are instant and inexpensive, relative to the work of human auditors. AppZen’s patented technology is able to automatically read and understand expense reports, receipts, invoices and contracts while cross-checking that information against countless online data sources. This helps companies determine the accuracy and legitimacy of every dollar of company spend in real time and allows Shared Services, Accounts Payable and T&E teams to detect fraud, compliance issues and policy violations within minutes of an expense report or invoice submission.

The most clear trend in compliance I see is AI taking over more and more tasks that humans don’t want to complete – or pay a premium for other humans to complete – themselves.

Rajeev Gubbala has more than 18 years of industry experience in offering solutions in enterprise applications. He is Co-Founder and Head of Engineering Operations and Compliance at AppZen, where he’s responsible for keeping the company at the forefront of data privacy innovation. He has also led the design and development of AppZen software, building a world-class infrastructure that is scalable and also self-healing.

He is an expert in many aspects of oracle e-business applications and, prior to AppZen, served in roles including business analyst, expert DBA, technical developer and project manager. Rajeev has implemented successful projects with clients including Honeywell, Michelin, Astrazeneca and Fujitsu.