how to succeed in mitigating compliance risks
TRANSCRIPT
![Page 1: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/1.jpg)
How to Succeed in Mitigating Compliance Risks Without Really
Trying
Stephan Blasilli and John StrettonWashington, DC
June 2016
![Page 2: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/2.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
2
Today’s agenda
1. What is compliance?
2. How can intelligent BPM systems (iBPMs) help manage compliance risks? What capabilities should you look for in iBPMs?
3. Techniques for agile tool building
4. How we used these techniques to address compliance risks in our industry (US energy and utilities)
![Page 3: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/3.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
3
Let’s build a definition of “mitigating compliance risk”
Compliance
• Conforming to laws or rules
• Mandated or voluntary
• Subject to change
• Broad and leave room for interpretation
Compliance risk
• Financial, Social (Reputational)
• Acceptable versus unacceptable
Mitigating compliance risk
• Respond quickly to new and changing regulations
![Page 4: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/4.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
4
Here’s an example of a compliance risk in our company
Compliance
• ISO 14001 environmental standard requires you to review the effectiveness of corrective actions
Compliance risk
• Reputational
Mitigating compliance risk
• Automatic task assignmentto review actioneffectiveness
![Page 5: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/5.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
5
What compliance requirements exist within your company?
![Page 6: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/6.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
6
The regulatory landscape for US energy companies reaches far and wide
Source: EnerKnol
![Page 7: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/7.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
7
But what happens when these regulations change?
Source: EnerKnol
![Page 8: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/8.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
8
The cost of non-compliance in our industry can be significant
![Page 9: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/9.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
9
How can intelligent BPM systems (iBPMs) help manage compliance
risks?• Control processes across teams
• Constant chain of custody
• Escalation management
• Complete audit trail
• Quick process changes
• Automated notifications
• Real-time reporting
Agility is key
![Page 10: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/10.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
10
Techniques for agile tool building
• Lean thinking
• MVPs
• Process performance measuring
• Validated learning
• Actionable metrics
• Rapid adoption
• Exception-based processing
![Page 11: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/11.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
11
Think lean to be effective with minimal resources
Source: Eric Ries, The Lean Startup
Build a tool
Measure
ValidatedLearning
![Page 12: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/12.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
12
How to build an MVP for compliance risks
Don’t overcomplicate things. Rigidity of the process should reflect the severity of compliance
risk.Source: Michael zur Muehlen, Stevens Institute of Technology
“Lean” process “Fat” process
Regulatory
Value preserving
Value adding
![Page 13: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/13.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
13
Measure the performance of your MVP
• How users respond
• Understand which activities create value and which ones are waste
• For example: Manager review isn’t further mitigating compliance risk
![Page 14: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/14.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
14
Validated Learning
MVP After validated learning
Collect user feedback to improve process
![Page 15: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/15.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
15
Actionable metrics
Metrics should be:
• Actionable: Demonstrate a clear and causal relationship
• Auditable
• Accessible: Easily understood
Source: Eric Ries, The Lean Startup
Focus on quantityof usage
Adoption phase
Focus on qualityof usage
Established tool
![Page 16: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/16.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
16
Rapid adoption
Regular reminders
Secure commitment from management to act on activity reports
Report on tool usage
Integrate the solution into employee routines
![Page 17: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/17.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
17
Important concept for high-volume processes
Exception-based processing
• Identify criteria for “routine” cases which can be handled by automation (or the minimum possible amount of manual intervention)
• Only cases which do not meet these criteria require additional control steps
![Page 18: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/18.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
18
Example 1: Compliance reporting to government agency
Compliance requirement
• Record and report activities related to construction of a power plan
Challenge
• Requirements are guidelines not rules
• MVP built and tested within 1 week
Solution
• Activity tracker
• Rapid adoption through real-time reports
![Page 19: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/19.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
19
Example 2: ISO compliance
Compliance requirement
• ISO 14001 environmental standard
Challenge
• Pre-assessment revealed lack in incident management practice
• MVP developed + training < 1 month
Solution
• Dynamic incident management tool
• Validated learning (3 versions in <1 year)
![Page 20: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/20.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
20
Summary: What have we discussed today?
• The regulatory landscape for energy companies and utilities is constantly shifting
• Monetary impact of non-compliance can be significant
• Use iBPMs to confront this challenge
• Agility is key
• To address agility challenge apply MVPs, validated learning, rapid adoption, and exception-based processing
![Page 21: How to Succeed in Mitigating Compliance Risks](https://reader031.vdocuments.site/reader031/viewer/2022021816/58ad7e721a28ab2a768b615f/html5/thumbnails/21.jpg)
June 27-29, 2016The Ritz-Carlton, Pentagon City
21
Thank you for your attention!
Stephan BlasilliCorporate Initiatives EDP [email protected](832) 266-7495
John StrettonCorporate Initiatives EDP [email protected](713) 365-2537