Corporate Policies in Disarray  Why Policy Matters  Policy defines boundaries for the behavior of individuals or roles, business processes, relationships, and systems. At the highest level, policy starts with a code of conduct, establishes ethics and values to extend across the enterprise, and authorize policies to govern the entire organization. These filter down into specific policies for business units, departments…

   Health Care Burdened by Risk and Compliance Demands  The health care industry is facing trauma around compliance risk as it scrambles to approach a massive pandemic of regulations, liability and audits. A load of regulations, liability and business exposure bears down on the health care industry from all directions. Health care organizations are burdened by the proliferation of legal…

   Electric Utilities Burdened by Risk and Compliance Demands  Electric power utilities are under increasing pressure for accountability for reliability, and protection of infrastructure and transmission. An increasingly interconnected world means utilities must consider emissions and global warming concerns, corporate social responsibility, capacity and future sustainability of power, and the protection of critical infrastructure. Calls to manage risk are forcing…

 Who Defines the Corporation’s Values and Ethics?  Integrity is a mirror that reveals the truth about a corporation. Corporate reports, filings, and stakeholder communications may say one thing, when in reality the corporation is doing something else. Integrity is violated when corporate policies and procedures are thrown out the window. For a corporation to have integrity, it must have an…

From Finding and Fixing Problems to Compliance Risk Management  Regulations, ethics, and integrity are challenging the organization like never before. Governments are increasing scrutiny of organizations, stakeholders demand transparency, clients want assurance the organization is reputable and upholds their values, and business partners require commitments to compliance and ethics. The role of the chief ethics and compliance officer (CECO) has…

The mismanagement of policies has grown exponentially within organizations with the proliferation of collaboration and document sharing software such as Microsoft SharePoint. These solutions to their credit as well as downfall enable anyone to post a policy. Organizations end up with policies scattered on dozens of different internal Web sites and file shares, with no defined audit trails or accountability…

In many organizations, the role of the chief ethics and compliance officer (CECO)1 is taking on greater importance as he or she guides the enterprise beyond traditional concepts of being the compliance “cop” to being a champion of corporate values, culture, and ethics. This requires that the CECO be an integrated role in the organization’s proactive governance, risk and compliance (GRC) capabilities. Today’s CECO must have a full…

The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change and the broader operational impact of today’s laws and regulations. Just as the CFO needs a financial system or the sales department needs CRM, legal and compliance need regulatory intelligence. Organizations should explore how technology and process combined with regulatory content…

Most organizations fail to manage the lifecycle of policy, resulting in policies that are out-of-date, ineffective, and not aligned to business needs. It opens the doors of liability, as an organization may be held accountable for policy in place that is not appropriate or properly enforced. Organizations require a consistent process to develop, communicate, monitor, and maintain corporate policy and…

Organizational exposure to compliance risk is rising while the cost of compliance soars. Additionally, the ad hoc, reactive approach to compliance brings complexity, forcing business to be less agile. Organizations typically address compliance as singular issues and obligations; as a result they have multiple initiatives working in isolation to respond to each regulatory requirement. These isolated compliance initiatives tend to rely on manual processes burdened…