Welcome to a special five-part podcast series, A Conversation with Skillsoft and StoneTurn: From the Code of Conduct to Risk Assessment to Continuous Improvement. This week’s podcast series is jointly sponsored by Skillsoft and StoneTurn Group, LLP. In this podcast series we will explore the recently released 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2020 Update). We focus on your Code of Conduct and how it is informed by your Risk Assessment, training on your Code of Conduct, performing a Risk Assessment and conclude with how all this ties to continuous monitoring and continuous improvement. Participants in this podcast series include: from Skillsoft, Charlie Voelker, Director, Compliance Products; John Arendes, Vice President and GM of Global Compliance Solutions; from StoneTurn, Toby Ralston, Managing Director, Jamen Tyler, Managing Director and Stephen Martin, Partner. In this third episode, I visit with Jamen Tyler on conducting an effective risk assessment.
We began with some of Tyler’s top tips for conducting a risk assessment. She began that everyone needs to understand that risk assessments are about putting together and thinking about all of your risks. This means typically thinking about risks falling into kind of four buckets. They are (1) financial, (2) operational (3) legal/regulatory and (4) reputational. While most companies are pretty well versed in conducting risk assessments for financial and operational risks; legal regulatory and reputational can be just as harmful. This means a company needs to think critically about those final two buckets of risk, in addition to the more traditional financial operational risks. This means targeting specific risk areas by subject matter and even breaking it down to specific geographies or business units, can be both more efficient. It can also help to insure you are conducting risk assessments on a timely basis.
The next area is around data and Tyler “always recommends leveraging data.” Many companies now have enterprise resource management systems and other reporting tools. Some may have external data analytics that they use in their operations. So, these can be extremely helpful in the risk assessments, things like accounting reviews, whistleblower reports, third party management tools. They provide this sort of real time data that can reveal the sorts of hot spots for potential issues. So, always making sure that you’re leveraging that information is really key and connecting with the right stakeholders is number four.”
Tyler further noted, you want to make sure that you’re always talking with individuals with the most knowledge about your company’s operations, what practices are actually on the ground and what the compliance culture is really like. This is going to depend a lot on the scope of your risk assessment. It will typically include senior management, individuals from Finance, Internal Audit, Human Resources, Communications and Marketing, etc. Lastly, you actually need to put your findings into practice. A lot of companies with great risk assessment processes, create reports but do not take action. You need to actually address the identified risks raised. You should be always using the risk assessment findings to benchmark and evaluate your compliance program to develop enhancements and improvements going forward. By reviewing the changes, you can also assess how well those changes actually worked when you conduct your next risk assessment.
Join us tomorrow where I visit with John Arendes, Vice President and GM of Global Compliance Solutions at Skillsoft, who helps us take a deep dive into assessing your risks and using that process to then manage those risks.
If you enjoyed today’s podcast, I want to let you know about an upcoming webinar Skillsoft and StoneTurn are hosting. The webinar “Evolving Your Compliance Program” will be held on Wednesday Sept 23 and will explore how companies are leveraging data and information to improve and evolve their compliance programs. Information and Registration click here.
For more information on Skillsoft’s compliance offerings, click here.
For more information on the Skillsoft/StoneTurn partnership, click here.
For more information on StoneTurn, click here.