Let’s face it, we live in a technological world where we expect to get more intelligent information faster than ever before. Yet compliance functions are still spending a disproportionate amount of time collecting data with inefficient, siloed and antiquated processes.
According to OCEG’s 2014 GRC Technology Maturity Survey, 53% of organizations are still using spreadsheets, documents and email as their primary technology. But with the right (read: modern) technology, compliance leaders can have complete visibility and access to all of their data and programs. This ultimately helps elevate compliance to a business performer, instead of a cost center or something that’s simply a check-the-box item.
This isn’t news to most CCOs as more than 50% admit that technology is underutilized. Even still, 80% of the solutions being used are standalone, non-integrated technologies that make reporting one of the hardest parts of a compliance team’s job.
When speaking to CCOs and other compliance executives, the most common response I hear about technology is that the board and executives recognize technology is critical to business success by providing better oversight, control, value creation and protection—but compliance teams constantly battle budget constraints.
In addition, there is a challenge to balance technology with full time employees (FTEs) and overcome the “compliance is a cost center” perception. The problem isn’t a lack of value or understanding; it’s difficulty defining and measuring value including cost, benefit, flexibility and efficiency in a way meaningful enough to influence the holders of the purse strings.
So, how do you go about building the business case for technology?
BUILDING A BUSINESS CASE FOR TECHNOLOGY
The first thing to keep in mind is don’t shy away from the hard conversations. Nothing is 100% cupcakes and rainbows—you will run into difficulties and less than ideal circumstances. But evaluating solutions and making the case frankly and honestly will go a surprisingly long way to gaining support. Here are a few things you should keep in mind when evaluating technology and presenting options to your board or executives.
- Be open and honest about costs and risks
- Acknowledge and plan around technology or company hurdles that could drive costs and slow implementation
- Focus on ease of use and utility—they drive company-wide adoption
- Review software capabilities for opportunities and challenges to aligning with existing technology and processes
- Keep long-term requirements and your compliance roadmap in mind
- Drive and leverage support, engagement and buy-in from other functions (audit, risk, IT, HR, etc.)
There is a growing awareness that technology can be a compliance enabler. Last year, the OCEG Technology survey revealed that GRC technology spending is increasing steadily, with 64% of organizations reporting expected spending increases. Talk to and learn from other organizations that have already implemented technology to scale the effectiveness of their compliance programs. Learn from what they did right, what they did wrong and what they would do differently and let those lessons influence your thinking (within the context of your own organizational needs and goals).
Another big factor driving technology in the compliance world is the prevalence and acceptance of change. Between the complex legal landscape, increasing third party expectations, shareholders demanding transparency and high stakes enforcement trends, more board oversight, and c-suite visibility, technology allows you to keep up with the constant demands of both external and internal pressures.
If you think about how far compliance has come in the past 10 years, what is it going to be like five years from now? Flexible technology will not only help companies keep up with new regulations and laws but also stay a step ahead when it comes to compliance risk and health of the organization.
That should be more than enough to make anyone’s head spin, and paint a compelling picture of why organizations should invest in robust, scalable compliance technology. But in case you need more, I’ll cover some benefits of technology a little more in depth.
BENEFITS OF TECHNOLOGY
To advance your technology and mature your compliance program, consider and define parameters for key goals and areas of your compliance program. This will help you frame your discussion and give you a good starting point. Through technology, compliance programs increase efficiency, reduce risk, improve performance and enhance flexibility.
The idea of “increasing efficiency” can so often sound like “make my job easier.” But what companies need to keep in mind is that when teams are efficient they are often more effective as well and ultimately get more done. That’s a good thing!
There are a few key areas where a compliance team would love more efficiency … largely because it gives them better, faster insight to key program initiatives. Here are a few benefits of a more efficient (technology-driven) approach to common compliance areas.
Policy, procedure and control management
The backbone of a strong compliance program, your policies, procedures and controls are likely the most often analyzed, audited and updated aspect of your program. But relying on old paper editions of policies and folders of audit results and procedure documentation means you can’t quickly assess and improve your approach. (And don’t even get me started on how long it will take you to mail or individually email copies of updated policies and procedures to your entire organization!)
Shifting to a tech-based approach makes it faster and easier to develop, review, refresh, approve, distribute, access, attest to, analyze and archive your policies. Plus, everything from draft 1 of your update to the very first archived policy is in one place, making it much simpler to track changes and see which version was in place at the time if an incident occurs.
Everything you do in your program is because of a risk your organization faces. That’s the (overly) simple definition of a risk-based compliance program. Your risks are modern (for the most part) so your approach to monitoring and mitigating them should be as well—particularly if your organization has a global footprint.
Keeping with the faster and easier theme, the right risk-centric technology helps compliance teams identify, analyze, evaluate, prioritize, manage, adjust to, monitor and keep up with the increasing risk landscape.
For larger organizations, this is nearly impossible with siloed solutions that it takes weeks to gather data from and analyze.
Case management is hard to actually manage if you have multiple investigators and compliance team members but everything about the actual case is kept in localized systems not easily accessed or updated across the team. You end up with a lot of paper, emails, notes and other important elements spread across too many locations.
Centralizing your case management with software ensures the entire process is connected and easily accessible by allowed parties. You can take in, route, escalate, prioritize, communicate around, investigate, monitor and resolve cases more easily, effectively and consistently (an important aspect of company trust and transparency) with the right technology.
This one is just starting to make its way into the consciousness of more compliance teams. Everyone knows they need to collect conflict of interest and gifts & entertainment disclosures (two of the major risk areas for just about every organization), but not many have figured out how to work that into the compliance realm.
Without technology, it’s easy to just let this area stay with HR, finance, audit or whichever team currently owns it. But by not actively addressing these topics compliance teams are knowingly letting a risk area go largely unmitigated and unmonitored.
With technology, it’s much easier for even the smallest teams to collect disclosures, route them appropriately, prioritize and escalate as needed, communicate with disclosing parties and managers, approve or decline disclosures, document stipulations and monitor changes.
We already touched on the need for a risk-based compliance program and how technology can make managing risks more efficient. But that’s just the tip of the iceberg when it comes to the benefits of using technology to manage compliance risk.
With better insight into your program as a whole and an easier way to communicate with and monitor employees around the world (including third parties), you have a better handle on the particular risks your company faces—which means you can better address issues before they become full-fledged problems. This naturally leads to a more robust and effective program, which can reduce the potential for enforcement actions and lawsuits. This in turn can help reduce your costs of capital and insurance premiums, less obvious effects that can have a large impact on the business and that executives care deeply about.
Viewing your entire portfolio of compliance risk in one place will help you better prioritize and report on risk mitigation efforts. Having access to real time data (another benefit of technology) also helps you spot issues and weaknesses quickly, leading to faster remediation and continuous program improvement. If a new risk emerges, simply add it to your master risk register and quickly spin up an initiative that fits in nicely with the rest of your program.
On a more tactical level, technology makes it easier to communicate with your entire organization, which helps keep risk management top of mind for everyone. Fostering this culture of risk consciousness can create a sense of risk ownership within every employee and help reduce the chances of noncompliance.
Compliance programs have historically relied on siloed solutions because there wasn’t a better way. Luckily those days are over!
Now teams who are using up-to-date compliance technology can fully manage multiple initiatives and areas of compliance for a single platform. Centralizing your program does more than increase your efficiency and help you address risk—it increased your overall program and team performance.
Using an integrated platform allows teams to link initiatives and data together to get real insights about how one part of the program effects the others (because they almost always do). This results in more complete program oversight leading to fewer undetected incidents.
This integration also drastically cuts down on the amount of time teams need to spend collecting, reconciling and analyzing program data, making it easier for them to create better reports and more accurate assessments and benchmarking. And incase I need to spell it out, better information means better data-driven decision making.
This helps teams truly strengthen their programs, rather than just guess at what needs improvement.
Think back to the time before computers, the internet, smartphones and all the technology that helps us in our daily lives. Now think about how much easier everything is today and how quickly we can communicate with anyone, get to know new people and react when something happens. It’s the same with compliance technology.
Compliance regulations are constantly in flux and teams need to keep up. That means they need a program that is flexible, changeable and scalable enough to help them react and get up-to-date as quickly as possible.
As companies expand by opening locations in different countries or bringing on third party vendors, suppliers, contract workers or subsidiaries, they need to extend the full force of their compliance program to these new entities. This fact of life is pushing compliance technology from static serves and desktop programs to cloud-based solutions and mobile-friendly interfaces. Companies need to recognize these new demands and do what they can to adequately supply all of their employees with access to an effective program.
The time of mailing policies to offices, collection attestations via email and tracking program data on a quarterly basis in Excel are over. The rest of the world has fully embraced technology and compliance programs need to as well. Before we know it, the most successful programs are going to be breaking ground in this respect, not playing catch up.