No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Promoting Collaboration to Improve Risk Management

by Dan Zitting
April 5, 2016
in Compliance
Risk management must work with internal audit and compliance to effectively mitigate risk

Originally posted in Financial Executives International’s FEI Daily Newsletter.

FEI Daily spoke with Dan Zitting, Chief Product Officer at ACL, about the changing compliance environment and a resulting desire among many companies to foster audit, compliance and risk management collaboration.

FEI Daily: Are the demands on audit, compliance and risk management evolving?

Dan Zitting: We certainly think so, and there are differing pressures in various industries. If you look at the SEC enforcement actions over the last year, you can see pressures on several issues, in particular on bribery and money laundering. It seems regulators have pushed a lot of companies to the point where some of these issues have become much hotter than they were in the past, so the question getting asked becomes, “What are compliance and audit, or risk management and audit, doing to coordinate on some of these problems?”

And we find — especially if the company is big and complex — it’s surprising how often the perception of the risk agenda is different between those groups. That disconnect is creating pressure to bring them together.

FEI: What do you think contributes to that disconnect, or the perception of one?

DZ: What we often see pushing that is a question among the risk management and compliance folks who think audit is missing the mark by focusing on issues that aren’t what they see as really high-risk. Audit’s always in that dual pressure of reporting on the things that audit committees are interested in, and pressure from the business to be closer to their risk management concerns.

So we see more of that coming together to say, are we working off fundamentally the same set of risk assessments? Some of these issues are getting to the point where we need both the front-line testing or monitoring of risks as well as that audit oversight and improving alignment among these functions. It’s interesting how challenging that seems to be across companies.

FEI: How are companies trying to improve that collaboration?

DZ: In the clients that we work with, we see a push coming to give audit a stronger role in providing assurance over the risk management process by working with risk assessments and saying, “Is their process for doing that working well? Is it highly effective?” There’s a move away from starting an annual audit risk assessment from scratch and ending up with a completely different set of priorities than perhaps what the risk management function is focusing on.

Collaboration today is happening more frequently so these groups can become more agile and shift away from an annual planning exercise where they do a big risk assessment and build an audit plan to understanding, “what are the key risks this month?” Things change too quickly for [a] traditional type of annual audit planning exercise.

FEI: Is the risk or regulatory environment evolving too quickly for annual planning to be sufficient?

DZ: It’s not even close anymore, and a good example would be an agency like the Consumer Financial Protection Bureau. That’s only been around a couple of years, but they’re changing the kinds of audits and inspections they’re doing regularly. That forces a reaction on the compliance side and the audit side to say, “How are we going to respond to these changes and these oversight bodies in a more agile way?”

In that environment, we think you need to come up with methodologies and tools to give you the ability to analyze risk much faster. If you spend a month going around setting up interviews with key executives and it takes you two months to build an annual plan, that approach won’t fit this faster-moving model.

You need to encourage the use of tools and data to understand how you’re monitoring risk in real time, or at least be able to do so very quickly every month or every week or whatever the case is.

FEI: Are you starting to see more use of data and analytics to support risk management?

DZ: As a company, it feels like we’ve been working on analytics for a long time, and yet it does still feel early, in the sense that we’re finally starting to see a shift in expectations over the last year or so that everybody in the field needs to be able to analyze data at some kind of level.

Analytics are still harder, I think, than a lot of vendors would like to portray, but we’re getting better at making these data sets available so those less technical users can use tools to do that kind of light-level analysis much more quickly. It’s really just on the early stages of that, but there are opportunities with data because the pressure to move faster is so acute now.

FEI: When you look at the interaction of audit and compliance, are there traditional obstacles you have to address?

DZ: Oddly enough, one of the single biggest choke points I see over and over again is the language that’s used between these different departments. It can be as simple as compliance folks, when there’s a compliance violation, they call it an incident, but when an auditor finds something that’s problematic, they call it a finding. It’s almost like, these relatively simple differences in vocabulary can choke off the collaboration, because these departments will think that they’re doing something different, when at a fundamental level, they’re really not. Most of these departments are saying, “Hey, the business has objectives, there [are] key risks to those objectives and there needs to be controls in place to mitigate those risks.” Yet the language around the methodology they use, I think, can choke off collaboration.

If we could bring folks together on how we’re going to talk about risks, then we can align the processes and use the same sorts of technology [and] reporting then become[s] much less complex.

FEI: When you have a conflict like that, how do you start to address it?

DZ: What we would generally recommend doing is taking a step further back and asking the operational business how would they refer to these things and how would they describe their processes. If they understand the vocabulary and risks, they’re more likely to understand any recommendations and change their operations based on it.

Really, that’s the goal these oversight functions are looking for, and you then move that alignment back into the risk assessment process and the auditors, as an oversight role, are working off that same risk assessment and control process.

I think there’s a big value there.  Certainly in COSO, there’s a recommendation to have an overt culture around risk management and how the organization approaches it. I think that’s a big part of it. We see it on the technology side where it comes down to time to implement technology and there’s conflict or trouble making decisions because of the groupthink. But if they’ve taken time to think and talk about their risk management culture, that makes those down-the-line activities much easier.


Previous Post

Cyber Governance – Sticking Your Head in the Sand Is Not an Option

Next Post

The Future with Gen Z

Dan Zitting

Dan Zitting

Dan Zitting serves as Chief Product & Strategy Officer at Galvanize, the leading provider of SaaS solutions for enterprise governance, risk management and compliance (GRC) globally. Recognized by both Forrester and Gartner as the category leader, more than 6,000 of the largest enterprises and governments in over 130 countries globally use our HighBond platform to run their organization better. His role includes executive leadership of the company’s strategy, products, underlying technology and customer service/success. Dan has been recognized with multiple prestigious awards, including CPA Practice Advisor Magazine’s Forty under 40, ColoradoBiz Magazine 25 Most Influential Young Professionals, IIA Emerging Leaders, BCTIA Team of the Year, GRC 20/20 Technology Innovation and Business in Vancouver Forty under 40. Prior to Galvanize, Dan spent 10 years in professional services, including four years with the Technology & Security Risk Services practice at Ernst & Young. Following E&Y, he co-founded advisory firm Linford & Company LLP, a provider of GRC consulting services that grew to serve clients across North America, Europe and Asia. While building his firm, Dan developed a software platform for use by clients, which ultimately led him to leave to found Workpapers.com, the first truly cloud-based audit and compliance management system in the market. Under Dan’s leadership, Workpapers.com found strong success and was ultimately acquired by Galvanize in 2011, combining the power of cloud collaboration and “big data” analytics under one market-leading brand.

Related Posts

russia ukraine war burned out building

Ukraine War Highlights Importance of Banks Investing in the Future of Compliance

by Aidan Houlihan
July 6, 2022

The struggles financial institutions face when it comes to compliance are nothing new. And while technology is often billed as...

crypto security risks

Where the Money Is: Cryptocurrency Industry Grapples With Rising Cybersecurity Risks

by FTI Consulting
July 6, 2022

So long as cryptocurrency remains largely unregulated in the U.S. and most of the rest of the world (and even...

identity governance

Building Dynamic Compliance With Modern Identity Governance Solutions

by Rod Simmons
July 6, 2022

Who has access to what — and when, where and why? Managing the answer to these critical questions is a...

Home CCI

You’re Not the Boss of Me! Feeling ‘Controlled’ May Make Employees More Likely to Break Rules Banning Use of Favorite Apps

by Matt Chiodi
July 6, 2022

An attitude of “productivity at all costs” gave employees a heightened level of control over their app choices in the...

Next Post
The Future with Gen Z

The Future with Gen Z

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance Decision-Making DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring Ransomware RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT