Spring cleaning governance, risk management, and compliance programs
With spring in the air, thoughts turn to spring cleaning, that time of year when many of us feel compelled to deep clean the kitchen and bathrooms, dust blinds, mop floors, and clean up the outside—be it a garage, porch, yard, or garden. That same mindset that hits us in springtime is handy to have with governance, risk management, and compliance (GRC) programs.
Here are five spring cleaning tips for anyone tasked with conducting audits, maintaining compliance, managing risk within IT, third parties, or the organization, focusing on business continuity, or working in health and safety.
Deep clean internal controls and policies
Over the winter (or since the last audit) some processes may have changed, leading to outdated controls and policies. Use controls testing to spruce up your controls and make any updates. Spiff up policies and take advantage of best practices for policy writing.
Polish up your questionnaires
Springtime is a great time to give your assessment questionnaires a good scrubbing. Look for errors and omissions. See if there’s a commonality in specific questions that causes problems. Invest in tools for the job like the Standard Information Gathering (SIG) questionnaire from Shared Assessments.
Dust off your business continuity plan
Many organizations create business continuity plans and file them away where they collect dust. The trouble is, assets, people, processes, and priorities change over time. It was right last fall but may need updating this spring. Review and update plans using these business continuity best practices.
Declutter your third party roster
Do you have third parties that perform the same duties? Use springtime to declutter, removing lower performing or higher risk third parties. You’ll save time and costs associated with assessments and help lower third-party risk.
Mop the floor with the competition
Companies want a competitive advantage and can find one in risk management. By shifting from decentralized to integrated processes, you can streamline activities and gain efficiencies. All you need is the right technology platform designed for integrated risk management.
Those are our five spring cleaning tips for professionals working in integrated risk management. During springtime when your mind turns to spring cleaning, apply this mindset to the processes you govern. A fresh, clean approach that streamlines processes and improves efficiencies might just get noticed by management.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.