Documente Academic
Documente Profesional
Documente Cultură
AKHENATON MARCANO, HEAD, OPERATIONAL RISK, FIRST CITIZENS BANK OF TRINIDAD AND TOBAGO
TOM HARPER, EXECUTIVE VICE PRESIDENT AND GENERAL AUDITOR, FEDERAL HOME LOAN BANK OF CHICAGO
YO DELMAR, VP GRC SOLUTIONS, METRICSTREAM
Housekeeping
• Download slides at https://go.oceg.org/transforming-
grc-into-a-growth-enabler-bfsi-s-perspective
• Answer all 3 polls
• Certificates of completion
(only for OCEG All Access Pass holders)
• Evaluation survey at the close of the webinar
• Find the recording on the Resource tab of the OCEG
site, under Archived Webinars
2
Learning Objectives
3
Poll 1
Do you have an OCEG All Access Pass (a paid membership) and would you like to
receive CPE credit for this event?
a. Yes, I have an All Access Pass and I would like to receive a
Certificate of Completion for this event
b. Yes, I have an All Access Pass but I do not need a Certificate of
Completion
c. No, I do not have an All Access Pass but I would like to get one and
receive CPE credit for this and future webcasts I attend
d. No, I do not have an All Access Pass and I don’t want to buy one at this
time (so I won’t get CPE credit for this event)
4
DRIVERS: What Enterprises Face Today
EXPANDING INTO NEW MARKETS ECONOMIC/3RD PARTY
NEW COMPETITION
LAUNCHING NON-TRADITIONAL PRODUCTS
OPERATIONS
Empowering the Culture & Change Aligning 1st, 2nd, & 3rd
First Line Management Lines of Defense
Growth Enabler
DRIVERS: Intelligent, Risk Based Decisions
Compliance Risks. Operational Risks. Regulatory Risks. IT Risks…
Data Aggregation, Real-time Reporting Prescriptive Recommendations
Reporting & MIS & Early Warning based on Scenario Analysis
Historical Data Analysis and Causal Exploration Forecasting of Diverse GRC Data Sets
TRENDS: GRC where the users are
TRENDS: What’s Coming?
b. Partially, for example, we’ve increased efficiencies for the the business
c. Yes, without our GRC platform we would not have supported a strategic goal
d. Yes, we align our GRC program to support our organization’s strategic and growth objectives
11
Key Areas in GRC to Focus on
Challenges
What’s the Research Saying?
WHAT TO FOCUS ON: Role & Alignment
Risk Aware Decision Making Visibility and
BOARD OF
Accountability into
DIRECTORS
Risk Profile
CHIEF
AUDIT
Revenue Optimizing Risk Strategies EXECUTIVE
COMMITTEE
OFFICER
Understand Reduce Earnings Risk Weighted Align digital business Defend the extended Protecting Protecting the Serve as the final
risk impact on Volatility while Process & Resourcestrategy to drive enterprise from Regulatory and brand and line of defense and
business reducing cost Optimization corporate objectives external and internal Corporate Integrity creating be on the strategy
decisions digital and emerging opportunities table of the
threats company
* This is an indicative organizational hierarchy only. Actual organizational hierarchies and reporting structures will vary from business to business
WHAT TO FOCUS ON: Business Value
Driving a Culture of
15x
67% Improvement in risk
metrics tracking
CCO Compliance and
Integrity
Improvement in risk
Guiding the business
reporting visibility and
efficiency for the executive
50% towards risk reward
CRO
Reduction in the cost
optimized decisions
management and board of audit follow-ups
• Many to Many relationships BU/FU Country/Region Legal Entity • Reduced redundancy and improved
between multiple data accountability due to defined
Organization
objects relationships
Regulatory Objectives
Body
Area of Risk
Compliance
Control
Standard
Regulatory
Requirement Development
Process Evidence
Product Function
Framework Document
Reference Reference
An Example – Between Compliance & Risk
Regions
Countries
Lines of Business
• Example of relationships across the Legal Entities
compliance and risk universe driving latent
Regulatory Body Sub lines of Business
synergies across functional units
Area of Risk
Compliance
Question /
Data Libraries of Compliance Universe Requirement Procedure
Associated with the Risk Universe
Process Regulatory
Data Libraries of Risk Universe Associated with the Development
Compliance Universe
Product / Service Function
Asset Loss
Framework Policy
Reference
RISK
COMPLIANCE
IT RISK and CYBER
AUDIT
THIRD PARTY GOVERNANCE
POLL 3
Has your GRC Platform yielded anticipated benefits?
d. Yes, as we rollout our GRC initiatives, continuously improve and are overachieving benefits
Critical success factors in implementing an
integrated GRC program:
lessons learned
industry best practices to
improve business performance
LESSONS LEARNED - Best Practices - 7 Steps
Understand organizational strategic imperatives and
B
E
S
1 Business Value and CSFs: Driving the Right Priorities priorities as well as expectations of how and when
business value will be achieved
T
Rate the Maturity and Readiness of each target business
P
R
2 Maturity and Readiness: Sequencing for Value unit or group and sequence rollout priority based on
value to be achieved and ability to get ready
A
C
For each business unit, and each use case, scope the
T
I
C
3 Rollout Scope: Prioritizing Use Cases with Lines of Defense activities that will be completed by each line of defense
E
Map out the rollout milestones and activities, from
O
V
4 Effective Rollout Plans: Leveraging Champions general sessions to testing, specific training and
communication involvement from Champions
E
R Understand what roles and job functions will change and
V
I
E
5 Organization Change Management: Being Proactive how individuals will be impacted, retrained or redeployed
W
Define the Communications Plan for each rollout group,
6 Communications: Celebrating Successful Adoption with executive sponsor and champion involvement,
and sentiment surveys
• Make sure you and your users know the internal SLAs and support structure – when there is a problem or ticket, user
S
satisfaction is tied to the speed of resolution – don’t let frustration set in. Don’t let perception distort app effectiveness –
T
E bad news travels faster than good news.
P
S
LESSON LEARNED - by Step
Step Lessons Learned
B 6.Communications: • Adoption – make sure you tracking real usage and adoption and incidents. You don’t have success unless your end users
E Celebrating
S
are using the system and know where go when they have a question or a problem
Successful Adoption
T
• Reward the team! Toot your own horn! Make good news travel faster and wider!
P
R
A • Really listen to what you users are saying – Use the Five Whys and Learn to Interpret complaints for the underlying root
C cause
T
I
C
E 7. Continuous
Improvement: Agile • Incremental improvements by tweak can have corresponding multiplier effects. “Horseshoe missing, hobbles the
O Value Attainment
V warhorse, loses the King’s battle – For want a nail we lost the kingdom”.
E
R • Schedule regular (at least quarterly) meetings and continue to conduct survey/interact to see how it is working
V
I
E • Measure the value attained and continue to make incremental improvements to increase value.
W
• Don’t take criticism personally – they may be frustrated with the change, the process or the app, not you.
S
T
E
P
S
•Ways to leverage technology to
enable an effective, sustainable
GRC program across the
enterprise.
Operational Audit
Third-Party Management THIRD-PARTY QUALITY NCM & CAPA
GRC PLATFORM
GRC CLOUD GRC FOUNDATION GRCINTELLIGENCE GRC ANALYTICS APPSTUDIO
Why MetricStream?