Value/Bene�t Statement
Application
Methodology/Enablers
People Process Technology
Full Spectrum
Compliance
• SAS• ACL• SQL• SAP• CURA• Barnowl• EasyRisk
Subject Matter Experts
Legal and Risk
RegulatoryData
AnalystsFinancial
Laying the foundation for Regulatory Compliance
Link to Compliance
Function
Risk Intelligent Map
Compliance Methodology
Internal Audit and Compliance Integrator
COSO
Responsible For: Accountable To:
How will this be achieved?
Utilising and industry leading organisation that already has people, process and technology to immediately perform compliance functions that include controls assurance and business value impact.
Leveraging your existing capability and supplementing with the necessary people, process and technology to move Regulatory Compliance to a business value contributor.
Create Regulatory Compliance capability which considers people, process and technology that is led internally.
Biggerchallenges,
higherstakes
• Corporate Accountability• Governance and Sustainability• Enterprise-wide Risk Management• Link to organisation-wide vision
• Board and Management oversight• Sufficient staffing and resources• Defined roles & responsibilities• Policies and procedures
• Documented risks and tolerance levels• Assessment methodology for risk prioritisation• Aligned risk process across programme• Ongoing cycle plan for assessments
• Regular employee communications• Metrics/Key Performance Indicators• Escalation and incident response• Board/Senior Management reporting
• Baseline training requirements• Specialised training• Ongoing updates to training materials• System to track completion status
• Ongoing assessment of requirements• Ability to leverage existing platforms• Support monitoring and reporting• Centralised data repository
BusinessValue
Compliance
De
ve
lop
“Compliance” Visi
on Sta
tem
en
t
De
velop Governance Pro
cess
es
Pe
rform
Compliance Risk A
sses
sme
nt
Monitoring and Test
ing
Re
po
rting and Com municat
ion
Compliance Trainin
g
Co
mpliance and Technol
og
y
• Independent testing of compliance controls• Inventory of laws and regulations• Defined scope and frequency • Corrective actions and discipline
Super-Charged Compliance
Outsource Co-Source In-House
Regulatory Compliance management is the management discipline of designing and implementing effective systems to ensure that an organisation actually complies with the laws’ regulations and codes of practice relevant to its operations.
• Increasing laws and regulations• Larger penalties/personal liabilities• Increasing board level oversight• New whistleblower standards• Held to higher standards by regulators/shareholders• A “higher bar” for effective compliance programmes
• Staff• Management• Executive Management • Board of Directors
• Regulators• Shareholders• Industry Analysts• Clients• State
• Advocate a compliance strategy that anticipates future trends across business products services and geographies.
• Moving... From tick boxes to accounting of the complete industry footprint and corresponding compliance risks.
• Increased coverage• Better risk identification• Covering all ambits of the COSO framework effectively• Consistency in approach• Quantification of exposure• Industry-agnostic• Projecting into the future
Business value contributorPain Points• What’s changing – and what’s our game plan for changing with it?• How do we research and prepare for what’s happening in the future?• How is compliance incorporated into our five-year business plan?• How are compliance trends incorporated into our growth decisions?• How are we identifying, monitoring, and adjusting for emerging compliance risks and requirements?
Regulatory Compliance: A Business Value Contribution
© 2013 Deloitte & Touche. All rights reserved. Member of Deloitte Touche Tohmatsu LimitedDesigned and produced by Creative Services at Deloitte, Johannesburg. (806222/sue)
ContactKriba MoodleyDirect: +27 (0) 11 806 5914Mobile: +27 (0) 83 327 4500Email: [email protected]