Risk Awareness:
The Need for
Transparency in
Operations
Tom McNamara
Senior Vice President, Global Sales
EthicsPoint
FEI Professional Development Session
Risk is…
 Real & reputational
 Compliance-based
•
Regulatory
•
Contractual
•
Socially responsible
 Manageable
Reputation-based fraud is
5 to 7 times more
impactful to share value
than financial fraud.
FEI Professional Development Session
Risk Mitigation: The Process
 Understand your risks
 Evaluate
• Probability
• Impact
• Velocity
Risk Event
Monitor
Probability
Contingency
Impact
 Mitigate
• Communication and training
• Plan contingencies
 Monitor
• Compliance obligations
• Risk events
• Stakeholder feedback
 Respond and learn
Mitigation
FEI Professional Development Session
Risk Awareness
High
Open Door
Policy
Survey
Feedback
Policy &
Procedures
Risk
Hotline/Helpline
Operational Feedback and Reporting
Compliance
Training
Disparate Data Silos
Low
0%
Knowledge
Transparency
100%
© EthicsPoint, Inc. 2009-2011 All Rights Reserved
FEI Professional Development Session
Disparate Data
“Organizations often
support between five and
eight different database
technologies, and 50
different sources of data
from the operational side.”
- Gartner Research Vice President and
Research Director Kevin Strange
FEI Professional Development Session
Problem: Lack of Transparency
 Only 3% of
misconduct reports come through the
hotline -- ERC 2009 National Business Ethics Survey
 Compliance and ethics receives only 6% of
available employee information about top risks -Compliance and Ethics Leadership Council research
•
•
•
50% of observed business misconduct is never reported
60% of information reported to managers by employees
is “siloed”
21% of reported information relevant risk is shared with
legal or others, but is not available to compliance
 Issue is getting worse with three distinct
generations in the workforce
FEI Professional Development Session
High
Understanding Risk
Number of geographies served
Number of organizational entities
Employee Headcount
Union/Non-Union
Weak Culture/Strong Culture
Historical Significance
Risk
•
•
•
•
•
•
Survey
Feedback
Low
0%
Hotline/Helpline
• Risk Appetite
• Social
Responsibility
Vertical Complexity
Voluntary Buffer
Culture
Open Door
Policy
Process
Information
Gathering
Systems and
Technology
• Regulatory Requirements
• Industry Dynamics
• Common Risk Components
Organizational
Complexity
Compliance
Data Integration Policy & Training
Procedures
100%
Analysis
Knowledge |Transparency
FEI Professional Development Session
What should you be capturing?







Industry-based operational risk
• Fraud
• Harassment
• Issue or event
Security control breaches
Internal audits
Regulatory and contractual
compliance issues
Hotline (web and telephony)
Open door policy (internal
reports)
Exit interviews
Gain transparency into
siloed activities and
disparate data sources.
8
FEI Professional Development Session
Do you promote awareness?
 Employee awareness
 Vendor
and representative
awareness
 Repeated communication
events
 Feedback to reporters
 Sanitized reports and
newsletters
FEI Professional Development Session
Questions?
Tom McNamara
© EthicsPoint, Inc. 2009-2011 All Rights Reserved
Senior Vice President, Global Sales
EthicsPoint
tmcnamara@ethicspoint.com