Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Human Resource Management

tyco's approach to compliance challenges

October 2014
TYCO’S APPROACH TO COMPLIANCE CHALLENGES
How Tyco Achieved Value in Compliance Management
CASE STUDY
Governance, Risk Management & Compliance Insight
© 2014 GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form
by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of
GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage
Guidelines established in client contract.
The information contained in this publication is believed to be accurate and has been obtained from sources
believed to be reliablebbut cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability
whatever for actions taken based on information that may subsequently prove to be incorrect or errors in
analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements
of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information
and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may
include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research
should not be construed or used as such.
Table of Contents
Growing Challenges on Compliance Require Change....................................................... 4
How Tyco Achieved Value in Compliance Management.................................................... 5
The Situation.........................................................................................................................5
The Solution..........................................................................................................................5
The Value of SAI Global at Tyco ......................................................................................... 6
Compliance Management Efficiency Value........................................................................7
Compliance Management Effectiveness Value..................................................................7
Compliance Management Agility Value.............................................................................8
GRC 20/20’s Final Perspective............................................................................................ 9
About GRC 20/20............................................................................................................. 10
Research Methodology..................................................................................................... 10
TALK TO US . . .
We look forward to hearing from you and learning what you think about GRC 20/20
research. GRC 20/20 is eager to answer inquiries from organizations looking to improve GRC
related processes and utilize technology to drive GRC efficiency, effectiveness, and agility.
TYCO’S APPROACH TO COMPLIANCE CHALLENGES
How Tyco Achieved Value in Compliance Management
Executive Summary
A reactive approach to compliance, with silos of compliance operations never coordinating and working
together leads to greater risk to the organization. To enable effective, agile, and efficient compliance;
organizations are developing a compliance information and technology architecture that is dynamic,
proactive and information-based. Tyco International could either hire additional employee resources to
manage compliance or Tyco could implement a compliance platform to deliver an integrated compliance
platform across different compliance, risk and ethics focus areas. Tyco did a careful review of compliance
& ethics learning solutions in the market and chose SAI Global as a compliance and ethics content partner
GRC 20/20 has evaluated and verified the implementation of SAI Global at Tyco and confirms that this has
achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context,
GRC 20/20 has recognized Tyco with a 2014 GRC Value Award in the domain of Compliance Management.
Growing Challenges on Compliance Require Change
In the past, compliance has been distributed and fragmented. Even when organizations
had a centralized compliance function to manage critical compliance issues, compliance
really was fragmented and distributed across the organization with varying structures,
accountability, and approach taxing the business, ultimately leading to inefficient and
redundant approaches. Compliance functions relied on document-centric and manual
processes that were not integrated, creating challenges in accountability, reconciliation,
and reporting. Compliance officers spent more time consolidating fragmented
information than they did actually managing and improving compliance.
Like the multi-headed Hydra in mythology, these redundant, manual, and documentcentric approaches of the past are ineffective. As the Hydra grows more heads of
regulation, ethical challenges and obligations, scattered compliance departments
become overwhelmed and exhausted and start losing the battle. A reactive approach
to compliance, with silos of compliance operations never coordinating and working
together leads to greater risk to the organization. This piecemeal approach increases
inefficiencies and the risk that serious matters will go unnoticed. Redundant and
inefficient processes lead to overwhelming complexity that slows the business; all the
while the business environment requires greater agility.
Compliance and ethics has become complex in the globalization of business as the
organization manages obligations across jurisdictions, geographies, and cultures. This
is complicated by the distributed and dynamic nature of the modern organization which
has a complex web of employees, suppliers, vendors, contractors, consultants, and other
third parties, causing a mesh of compliance risk that is difficult to unravel and manage
as the organization is constantly evolving. Business is dynamic: employees, relationships,
©2014 GRC 20/20 Research, LLC; Licensed to SAI Global, Ltd. for Redistribution
4
regulations, risks, economies, litigation, regulation, and legislation are constantly
changing. The challenge is that compliance and ethics have become moving targets.
The trends and forces shaping compliance require organizations to develop a sustainable
strategy and architecture for managing compliance in a dynamic, distributed, and
demanding environment.
The bottom line: Surmounting compliance pressures on organizations require
them to rethink compliance across the organization. To enable effective, agile, and
efficient compliance; organizations are developing a compliance information and
technology architecture that is dynamic, proactive and information-based. Compliance
architecture not only delivers demonstrable proof of a compliance program but also
allows compliance to be proactive and forward-looking. This shift enables the ethics
and compliance organization to have greater efficiency in processing and managing
information, become more effective in ensuring corporate integrity, and more agile in
addressing rapidly changing business, regulatory, legal, and reputational risks.
How Tyco Achieved Value in Compliance Management
The Situation
Tyco is an international organization that provides fire protection and security products
and services to more than three million customers around the world. With over $10
billion in revenues and more than 70,000 employees across 1,000 locations and 50
countries, managing compliance can be a significant challenge.
The Tyco challenge: how to align 70,000+ employees and tens of thousands of third party
relationships across more than 50 countries globally speaking more than 20 languages to
one set of values? And in that context, deliver compliance training and communications
programs that enable and ensure consistency in behavior and ethical decision-making?
The Solution
Basically, Tyco was confronted with a choice: either hire additional employee resources
to collate and report on scattered and disconnected compliance information from a
variety of systems, documents, spreadsheets or emails, or, Tyco could implement a core
compliance solution to deliver an integrated view of information and technology that
would coordinate and automate multiple programs across different compliance, risk and
ethics focus areas.
If they chose hiring more people, this would not solve the fundamental problem:
inconsistent, redundant data and systems. What further complicated this was the fact
that manual reporting across systems was not only time consuming and a drain on human
capital resources, but it also was prone to error. Manual reconciliation and building of
reports introduces errors, oversights, and lacked a good audit trail.
Tyco did a careful review of compliance & ethics learning solutions in the market and
chose SAI Global as their learning development partner across a number of risk areas.
©2014 GRC 20/20 Research, LLC; Licensed to SAI Global, Ltd. for Redistribution
5
The Value of SAI Global at Tyco
GRC is a capability to reliably achieve objectives [GOVERNANCE] while addressing
uncertainty [RISK MANAGEMENT] and acting with integrity [COMPLIANCE].1 Successful
GRC strategies deliver the ability to effectively mitigate risk, meet requirements, satisfy
auditors, achieve human and financial efficiency, and meet the demands of a changing
business environment. GRC solutions should achieve stronger processes that utilize
accurate and reliable information. This enables a better performing, less costly, and more
flexible business environment.
GRC 20/20 measures the value of GRC initiatives around the elements of efficiency,
effectiveness and agility. Organizations looking to achieve GRC value will find that the
results are:
nn GRC Efficiency. GRC provides efficiency and savings in human and financial
capital resources by reduction in operational costs through automating
processes, particularly those that take a lot of time consolidating and reconciling
information in order to manage and mitigate risk and meet compliance
requirements. GRC efficiency is achieved when there is a measurable reduction
in human and financial capital resources needed to address GRC in the context
of business operations.
nn GRC Effectiveness. GRC achieves effectiveness in risk, control, compliance, IT,
audit, and other GRC processes. This is delivered through greater assurance
of the design and operational effectiveness of GRC processes to mitigate risk,
protect integrity of the organization, and meet regulatory requirements. GRC
effectiveness is validated when business processes are operating within the
controls and policies set by the organization and provide greater reliability of
information to auditors and regulators.
nn GRC Agility. GRC delivers business agility when organizations are able to rapidly
respond to changes in the internal business environment (e.g. employees,
business relationships, operational risks, mergers, and acquisitions) as well as
the external environment (e.g. external risks, industry developments, market
and economic factors, and changing laws and regulations). GRC agility is also
achieved when organizations can identify and react quickly to issues, failures,
non-compliance, and adverse events in a timely manner so that action can be
taken to contain these and keep them from growing.
GRC 20/20 has evaluated and verified the implementation
of SAI Global compliance and learning content at Tyco and
confirms that this implementation has achieved measurable
value across the elements of GRC efficiency, effectiveness,
and agility. In this context, GRC 20/20 has recognized Tyco
and SAI Global with a 2014 GRC Value Award in the domain
of Compliance Management.
1
This is the official definition of GRC found in the GRC Capability Model and other work
by OCEG at www.OCEG.org.
©2014 GRC 20/20 Research, LLC; Licensed to SAI Global, Ltd. for Redistribution
6
Compliance Management Efficiency Value
Tyco, along with SAI Global has been able to identify both quantitative (hard objective
facts and figures) and qualitative (soft subjective opinions and experience) measures of
value as they pertain to the human and financial efficiencies they have benefited from.
GRC 20/20 has evaluated and verified the following quantitative and qualitative measures
of compliance management efficiency value:
nn With the SAI Global learning content, Tyco was able to efficiently train more than
45,000 employees through online training. The SAI Global compliance and ethics
content was able to assist managing the project to track completions, and help
Tyco maintain an efficient compliance training and awareness program across its
operations.
nn In addition to online training, Tyco has also tracked offline training for more than
30,000 of its employees.
nn To provide more focused training and education, Tyco also provides ongoing
communications such as live compliance workshops and ethical reflection
sessions to more than 20,000 employees.
Compliance Management Effectiveness Value
Tyco has been able to identify both quantitative (hard objective facts and figures) and
qualitative (soft subjective opinions and experience) measures of value as they pertain to
the effectiveness of compliance management that the organization has benefited from.
GRC 20/20 has evaluated and verified the following quantitative measures of compliance
management efficiency value:
nn Tyco has been able to confirm that 100% of in-scope third parties under contract
are meeting their anti-bribery and anti-corruption requirements.
nn Internal training and communication events with SAI Global’s content is being
successfully and effectively deployed and tracked, including but not limited to
New Hire Training completed within 45 days of on-boarding, and since their
program launch in 2008, they have seen the following trends measured on a twoyear cycle:
†† 2008: 58.7% of employees who observed misconduct reported it.
†† 2010: 60.6% of employees who observed misconduct reported it
†† 2012: 72.8% of employees who observed misconduct reported it
©2014 GRC 20/20 Research, LLC; Licensed to SAI Global, Ltd. for Redistribution
7
GRC 20/20 has evaluated and verified the following qualitative measures of GRC
efficiency value:
nn Tyco reports that they have been able to demonstrate how effective their
program was. Specifically, their culture survey metrics show that employees
are more aware of what is required of them in relation to legal compliance and
ethical behavior and are becoming more diligent in identifying and reporting any
misconduct observed.
nn Tyco’s 2014 ethics & compliance curriculum; Vital Values, includes commitment
to GEC, Conflict of Interest questionnaire completion, and education on Data
Privacy, Anti Bribery, Raising a Concern, Zero Harm, Financial Integrity and trade
Compliance are all critical compliance risk areas of focus at Tyco, and partnering
with SAI Global enables Tyco to strengthen the organizations compliance and
ethics culture.
nn SAI Global’s learning and content contributes to Tyco’s ability to measure overall
compliance program effectiveness, which draws key metrics from a range of
other Tyco program elements, including:
†† Tyco’s Guide to Ethical Conduct (GEC) has been developed and
deployed to every employee worldwide through the SAI Global platform
in a consistent and effective manner.
†† Tyco’s Values in Action program in which managers and their teams
review and discuss case studies based on real events at Tyco and
highlight different aspects of the Tyco values and policies.
Compliance Management Agility Value
Tyco has been able to identify both quantitative (hard objective facts and figures) and
qualitative (soft subjective opinions and experience) measures of value as they pertain
to the agility and responsiveness of GRC they have benefited from. GRC 20/20 has
evaluated and verified the following quantitative and qualitative measures of compliance
management agility value:
nn Tyco is now more agile to a demanding business and regulatory environment.
This is seen through the flexibility Tyco now has to shift focus and adapt to where
the need is greatest. One year Tyco focused on third party management, the next
year the focus was on Conflict of Interest with an action plan that included an
initiative to ensure all employees and third party business sponsors completed a
COI declaration before year-end. Each builds on each other, but also metrics are
monitored across risk areas even when the focus shifts to a different compliance
risk.
nn Tyco has been able to give key GRC stakeholders greater flexibility and agility
to focus on key risks and trends, and respond quickly to emerging risks with the
appropriate risk mitigation actions.
©2014 GRC 20/20 Research, LLC; Licensed to SAI Global, Ltd. for Redistribution
8
nn Tyco’s compliance program has proven agility as it has expanded beyond
employees to now include third parties. Tyco now views their third-party program
as not just a Compliance requirement but as a valuable business asset in which
contracts and metrics are clearly organized with ongoing monitoring and visibility
across all third-party relationships in Tyco’s extended enterprise.
GRC 20/20’s Final Perspective
Tyco has created an Integrated Risk and Assurance Team consisting of members from
internal audit, internal controls and processes, legal compliance and IT. This group
has been able to demonstrate a comprehensive annual review of enterprise risks (top
company risks) and integrated priorities (risks identified by the integrated functions). This
Integrated Risk and Assurance Team identifies and prioritizes key risks for Tyco and it’s
distributed operations, and develops corrective and preventative measures to address
these risks. SAI Global has been able to contribute to Tyco’s success over a number of
years and continues to partner with Tyco as an ethics and compliance solution provider.
©2014 GRC 20/20 Research, LLC; Licensed to SAI Global, Ltd. for Redistribution
9
About GRC 20/20
GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and
compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and
analysis. We provide objective insight into GRC market dynamics; technology trends; competitive landscape;
market sizing; expenditure priorities; and mergers and acquisitions. GRC 20/20 advises the entire ecosystem
of GRC solution buyers, professional service firms, and solution providers. Our research clarity is delivered
through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC
challenges and how to solve them practically and not just theoretically. Our clients include Fortune 1000
companies, major professional service firms, and the breadth of GRC solution providers.
Research Methodology
GRC 20/20 research reports are written by experienced analysts with experience selecting and implementing
GRC solutions. GRC 20/20 evaluates all GRC solution providers using consistent and objective criteria,
regardless of whether or not they are a GRC 20/20 client. The findings and analysis in GRC 20/20 research
reports reflect analyst experience, opinions, research into market trends, participants, expenditure patterns, and
best practices. Research facts and representations are verified with client references to validate accuracy. GRC
solution providers are given the opportunity to correct factual errors, but cannot influence GRC 20/20 opinion.
GRC 20/20 Research, LLC
4948 Bayfield Drive
Waterford, WI 53185 USA
+1.888.365.4560
info@GRC2020.com
www.GRC2020.com
Related documents
Articulate Engage Word Output
Articulate Engage Word Output
Specimen Processing sample submission form
Specimen Processing sample submission form
1. Pick any natural number n = 1, 2, 3, … , 100, … , 100000000000000
1. Pick any natural number n = 1, 2, 3, … , 100, … , 100000000000000
System Center Client Management - Financial Executives International
System Center Client Management - Financial Executives International
Earth Day presentation
Earth Day presentation
Rule count by risk level and process.
Rule count by risk level and process.
Document
Document
Table 1: Frequency of contact with LFP patients
Table 1: Frequency of contact with LFP patients
the entry requirements here
the entry requirements here
Download