Building a Compelling Business Case for Boosting your GRC Program

33
© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Building a Compelling Business Case for Boosting Your GRC Program Data, insights and tools to help you build or grow your program—and better protect your organization

Transcript of Building a Compelling Business Case for Boosting your GRC Program

Page 1: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

Building a Compelling Business Case for Boosting Your GRC Program

Data, insights and tools to help you build or grow your program—and better protect your organization

Page 2: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

P R E S E N T E D B Y

Vice President, Advisory ServicesNAVEX Global

Chris McCleanVice President, Research DirectorForrester Research

Randy Stephens

Page 3: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

Agenda

• Is Your Program Stuck in Neutral?• A Framework for Demonstrating

the Value of GRC Measuring the value of

automation Fundamentals Next generation metrics

• Engage Senior Executives With Effective Reporting

• Q&A

Page 4: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

• It’s not in the budget• It’s not a priority• We don’t want to grow a cost center• Our [CEO/CFO/Board] doesn’t see the value• We don’t need more “people who say no”• That scenario is unlikely / that’s not

a risk we need to spend resources mitigating

Use the chat function to share other reasons your efforts to build, grow or expand your GRC program

get shut down.

Pop Quiz: Which of These Have You Heard About Your GRC Program…

Page 5: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

Until you can make a credible, compelling business case for GRC, your program could be stuck in neutral.

Today we’ll share tips for creating a persuasivebusiness case, including:• Metrics• Tools• Best practices

If These Are Your Issues, You Need a Compelling Business Case for GRC

Source: Ethisphere, 2016

Page 6: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

We’ll help you build a framework you can use to get the support you need from the senior executives you need to partner with to make your program effective and successful.

In this presentation, we’ll share: • Metrics that make the case for technology and automation• Fundamentals you need to be measuring, tracking and reporting on• Data and concepts to take your program to the next level—creating

better connections to top business concerns

Talk So Senior Executives Can Hear

Page 7: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

New Ways To Show The Value Of Compliance

Chris McClean, Vice President & Research Director

Page 8: Building a Compelling Business Case for Boosting your GRC Program

Can you explain the value of your program?

Page 9: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 9

Program success metric categories› User adoption:   

• Number of active users by Line of Defense

• Number of times needed to re-instruct users

› User satisfaction:  • User acceptance

• Can our employees perform their basic roles within the program and find their information?

› Coverage of program• Number of business areas managing work on the system

• Usage of data for business decisions on everyday basis in all the units

Page 10: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 11: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 12: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 13: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 14: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 15: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 16: Building a Compelling Business Case for Boosting your GRC Program

Compliance platform success metricsCATEGORY BENEFITS METRICS

Efficiency • Reduced costs of risk assessments and aggregation

• Speed of policy development, approval, distribution

• Improved speed/cost of risk reporting

• Improved speed/cost/coverage of audits

• Staff-hours saved per process

• Payroll savings from delay or avoidance of staff increase

• Reduction in costs for internal and external audits.

Risk reduction

• Reduction in incidents, near misses, loss events

• Reduction in regulatory fines, actions, law suits, etc.

• Reduction in time to discover control gaps, violations

• Reduction in audit/assessment findings

• Reduced number and cost of incidents

• Reduced number/size of fines

• Reduced cost of capital

• Reduced insurance premiums

Enhanced performance

• Use of risk info in management/exec decisions

• Improved decision making when risk is considered

• Risk intelligence coverage

• Risk management process coverage

• Improved reputation among stakeholders (partners, regulators, customers, etc.)

• Reduction in reactionary costs

• Frequency of risk data used in business decisions

• Improvement in financial or operational metrics

Page 17: Building a Compelling Business Case for Boosting your GRC Program

What does your company care about?

Page 18: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 18

Business Leaders Care About Risk

Page 19: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 19

Customer Experience Changes Priorities

Page 20: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 20

Customer-focus Increases Risk Concern

Page 21: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 21

Reputation Factors Raise Risk Criticality

Page 22: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 22

Resilient Brands Keep Promises

Page 23: Building a Compelling Business Case for Boosting your GRC Program

© 2016 Forrester Research, Inc. Reproduction Prohibited 23

Other success metrics to consider› Customer loyalty:   

• Word-of-mouth

• Loyalty after risk events

› Customer satisfaction:  • Survey scores

• Alignment to values

› Revenue support:• New business opportunities

• RFP question coverage

Page 24: Building a Compelling Business Case for Boosting your GRC Program

Key Takeaways

Reputational risk is a growing area of concern, which creates opportunities to connect ethics and compliance to business value.

Justify compliance efforts with improvements in efficiency, risk reduction, and improved performance.

Add program success metrics to track how well your technology and processes are rolling out.

Page 25: Building a Compelling Business Case for Boosting your GRC Program

Thank you

forrester.com

Chris [email protected]

Page 26: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

1) Are we going to wait for a crisis to do something? Crisis could be a fine, lawsuit, negative press coverage and/or reputation damage that will take years to recover from. (“Do we want to be the next…Volkswagen, FIFA, etc.”)

2) Are we missing an opportunity to add significant value? More and more studies show that better GRC practices and a strong organizational culture, characterized by ethical behavior from top to bottom, creates improved bottom-line performance.

3) Are we losing a competitive advantage by not investing in GRC? Ability to attract and retain top talent increases, and turnover decreases in the most ethical companies.

4) Are we enjoying short-term gains while setting ourselves up for unacceptable levels of long-term risk? Profits may look good now. But if regulators came in, would we be able to defend—and document—our decision-making processes related to compliance?

5) Are we taking the right risks—and enough risks? Strong GRC helps you take the right risks in the right way, rather than taking blind leaps.

Tool: 5 Disruptive Questions to Tackle Skepticism About the Value of GRC Head On

Page 27: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

Senior execs and board members expect to see customized, high-level data and information presented thoughtfully.

1) Create a compelling, professional format & structure

2) Deliver reports at the right frequency

3) Include (only!) the most crucial, relevant content

4) Address risk assessment, emerging trends and current events of interest

5) Elevate senior executive & board engagement

Engage Senior Executives & Avoid Common Mistakes in Reporting

Page 28: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

• Own it. When something works, celebrate it. When something doesn’t, be transparent and make improvements.

• Make it part of who you are. Drive awareness and participation, showcase efficiencies and performance improvements

• Commit and follow through. Set targets and stay focused on your goals.

• Emphasize benefits. Business flexibility, efficiency gains, improved employee retention, cost reductions.

• Report and prove. Regular and smart reporting as you improve & grow will help you build on your success.

Checklist: Executing on the Business Case

Page 29: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

I’d Like to Talk with a NAVEX Global Solutions Expert About… [check all that apply]

Getting additional metrics and benchmarks that help me build the business case for GRC program development

Making sure my compliance program meets legal and regulatory requirements

Tools that help me automate, measure and report on the value of critical components of my compliance program

Partnering with an experienced GRC strategic advisor to help strengthen my program

Goal setting, scoping and defining resource requirements for an effective GRC program at my organization

Page 30: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

NAVEX Global’s Comprehensive Ecosystem

Regardless of your program’s place on the ethics and compliance continuum, we can help.

Page 31: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

NAVEX Global’s Resource Center has free resources you can put to work in your program today, including:

• Benchmarking Reports. Leverage our data to demonstrate where major components of your program—hotline, training, policy management, third party risk management and more—are performing against industry norms. http://bit.ly/1Layo5P

• By the Numbers: Making the Business Case for Employee Compliance Training. Legal and reputational risks of employee misconduct are massive. Get the data on how effective compliance training helps. http://bit.ly/1V7Tgvt

• Definitive Guide to Policy Management: Understand how to make all activities related to policy management more efficient and effective http://bit.ly/1NtzPHn

• NAVEX Global’s Blog, Ethics & Compliance Matters: Our expert authors help you stay up to date on the latest trends in E&C. www.navexglobal.com/blog

Additional Tools

Page 32: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

Questions?

Page 33: Building a Compelling Business Case for Boosting your GRC Program

© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.

www.navexglobal.com

Thank You!

Randy StephensVice President, Advisory Services NAVEX [email protected]

Chris McCleanVice President, Research Director Forrester Research

[email protected]