This week on Office Hours, hosts Dan Zitting and Kevin Legere summarize Kevin's experiences as a data analytics consultant to audit and compliance teams who are just getting started with an analytics program. Kevin distills the what he found are really the five key steps to getting off the ground and building your first "data robots". These worked at Fortune 500 company's and the US Federal Government, hopefully they work for you if you are just diving into "data-powering" your team or function!
This week on Office Hours, hosts Dan Zitting and Kevin Legere reflect on their time working in compliance and try to extract some common themes that seem to make compliance smoother and put control over compliance risk back in the hands of the compliance professionals (who CAN'T just be check mark chasers if compliance burden is a concern). We share in this episode how lessons we learned from the CPA exam, defense lawyers, and criminal trials influence our thinking about compliance programs and, in turn, how we thought about structuring technology to help. This episode is a little preachy, we didn't mean that way, but we feel strongly about changing the paradigm for compliance. Hope you like it!
This week on a LONG and in-depth Office Hours, hosts Dan Zitting and Kevin Legere try to teach the basics of using scenario modeling (or simulation analysis) to enhance risk management and risk assurance. Scenario modeling enables GRC professionals to make far more informed risk decisions by considering the universe of potential outcomes of a given risky scenario... by understanding the probability of outcomes that are inside or outside the organization's risk tolerance, we can make quantified and informed decisions that make the organization better and impress the crap out of management! We'll run through a real case study from the Arizona State Lottery to make the points, with a little side lesson what does "random" truly mean. Find out if the pick 3 lottery really is indeed truly random!
This week on Office Hours, our hosts, Dan Zitting and Kevin Legere, talk about managing risk events. What are risk events? They could be anything from an ethics hotline reports, conflict disclosures, security incidents, sexual harassment incidents, unexpected financial instrument value fluctuations, physical security breaches, vendor failures, etc., etc. No matter which function you're in or the risk you're responsible, it is surely possible to centralize the capture, review, and remediate these events in a way that maximizes assurance of appropriate follow-up while creating insightful reporting and automating much of the process. In this episodes we share examples of how to do so in ACL software, bu the principles apply regardless.
This week on Office Hours, our hosts, Dan Zitting and Kevin Legere, talk about having a plan and roadmap for SOX that will differentiate the value your program delivers. Most companies have basic SOX testing nailed down by now, but it's still far too manual and far too inefficient. These types of SOX programs are growing stale - we need a roadmap to better value. Additionally, robotic automation is coming to SOX programs, so we can either be the ones building the automation or the ones being automated. This episode lays out the maturity curve and gives real examples to push toward getting there.