Innovation in Compliance with Tom Fox Thomas Fox

Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 3, I visit with Kairi Isse, on the implementation of your third-party risk management program after the contract is executed. 
Learning about the risk posed by  third-party vendors to a company's compliance program can be an eye-opening experience. However through the use of an AI-based ongoing monitoring search tool with customizable features, auditable trails, for third-party risk management; an organization can ensure that their compliance programs are effective and reduce their risks of fines and reputational damage in the implementation stage after contract is executed. 
Key Highlights 
·      How can modern companies effectively manage third party risk and protect their reputation? 
·      What are the best ways to monitor third parties in a stable vendor ecosystem? 
·      How can AI and machine learning make third party management more efficient and effective?
Notable Quotes 
1.     "The key to this effective risk management is truly the follow up, the ongoing follow up to ensure that all the controls are in place and if needed, are changed." 
2.     "The key to effective risk management is the ongoing follow up to ensure all the controls are in place and if needed, are changed."
3.     "It's not the most data, it's the right data."
4.     "Everything is audited in there; there's audits for the third-party profiles, there are audits for each of the cases."
 Resources
Kairi Isse on LinkedIn
Check out Diligent’s 3rd party products and services here.

Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Associate at the Volkov Law Group. In this Part 2, I visit with Stephanie Font, on the need for evaluation of potential third-party through questionnaires and determination of the necessary due diligence investigations to comply with regulations, while navigating using questionnaires to uncover the truth.  
What is the importance of understanding regulations and risk factors when creating questionnaires to help with due diligence. Through understanding the risk model and what specific regulations the company needs to comply with, creating effective questionnaires to help with due diligence can become easier. Stephanie also found out that having a due diligence risk management system can automate some of the process and help flag any potential risk factors. With the help of questionnaires and due diligence, Stephanie was able to learn how to effectively document and investigate potential third parties.
Key Highlights

How questionnaires can be used to comply with regulations and inform a risk model. 

How due diligence investigations can help to uncover risk factors in a potential third party. 

How a third-party risk management system can automate parts of the process.

 Notable Quotes
 1.     "Knowing what you're trying to comply with and thinking of those questions that are going to get you there is probably the top thing."
2.     "Don't lose your common sense and listen if your gut tells you something's wrong." 
3.     "Documentation is key to create an internal audit trail and have something to show to regulators."  
4.     "Know your own risk model and build the risk model into the system to flag any potential risk factors."
 Resources
Stephanie Font on LinkedIn
Check out Diligent’s 3rd party products and services here.

Is your company's data fit for purpose? In this episode of the Innovation in Compliance podcast, host Tom Fox welcomes Malcolm Hawker of Profisee, a company that creates MDM software, to discuss the importance of data quality, master data management (MDM), and data governance. They also explore how proper data management can drive exceptional results, reduce costs, and ensure compliance. 

Malcolm Hawker is a seasoned data management and governance professional with over 30 years of experience. Malcolm spent 15 years in product leadership, including a stint as Chief Product Officer at a software startup in Austin, Texas. He also led an IT organization at a $2 billion publicly traded company. Malcolm has since specialized in data management, master data management, and governance, working as an analyst for Gartner before joining Profisee as the Head of Data Strategy. Malcolm's passion is helping organizations leverage data to drive results.

You’ll hear Tom and Malcolm talk about these ideas:

Data must be accurate, complete, timely, and unique to be fit for purpose within an organization's business processes.

Master data management (MDM) solves the "single version of the truth" problem, helping organizations maintain consistent and trustworthy data across various systems and departments.

Effective data governance involves creating and implementing policies and procedures related to data management to optimize value, reduce costs, and ensure compliance.

High-level, cross-functional, and functional levels all require tailored governance strategies.

A CDO should define how data governance drives the three levers of revenue, cost savings, and risk mitigation within an organization.

Corporate governance is typically the focus of boards of directors, while data governance is more of a functional or operating level concern.

Data privacy plays a significant role within data governance and must be addressed with robust policies and procedures.

Data governance can contribute to ESG initiatives, with one example being the reduction of carbon footprint through better data management and retention policies.

No matter where technology trends lead, the foundation of accurate, consistent, trustworthy, and fit-for-purpose data remains essential for successful decision making and operations.

"Modern younger business leaders are turning to LinkedIn, they're turning to YouTube, they're turning to podcasts for these types of insights [about business]. I need to be where the business leaders are." Malcolm shares best practices from a data management, data quality, and MDM perspective through his CDO Matters LIVE podcast.

Malcolm's experience at AOL during its rapid growth period on his approach to innovation.


KEY QUOTES
"Data quality is all about making sure that you have data that is fit for purpose, that can be used efficiently in operations within the business, can be accurate and consistent, and trustworthy within the analytics, the reports that are used by that organization.." - Malcolm Hawker

"My point here is that from a governance perspective, …the foundation of data quality, master data management - all the things that go into creating accurate, consistent, trustworthy, fit for purpose data - those things never go away." - Malcolm Hawker

"Modern younger business leaders are turning to LinkedIn, they're turning to YouTube, they're turning to podcasts for these types of insights. I need to be where the business leaders are." - Malcolm Hawker

Resources:
Malcolm Hawker on LinkedIn 
CDO Matters LIVE Podcast
Profisee

Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Due Diligence Service expert; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 1, I visit with Michael Parker on the need for risk mitigation to bring a third-party into a relationship with your organization.
Parker has worked in the compliance arena for six years, learning from his experience in government and tech. For a compliance program to be successful, executive leadership and there must be Board of Director buy-in for oversight as well. The goal of a third-party risk management platform is to protect the assets of the business and create a single source of truth. Through such a mechanism, third parties can be can screened for anti-bribery, anti-corruption, human trafficking, and much more. The Board needs visibility in order to make decisions and an audit log to show activity and diligence if ever needed. It is critical for all compliance function to stay up to date with regulations and keeping their third party platform consistently updated.
Key Highlights

How can a risk-based approach, coupled with a single source of truth and robust platform, help protect business assets and comply with changing regulations?

What is the German Supply Chain Act and how can companies ensure compliance related to human trafficking and human slavery?

How can companies use visual analytics to gain insights into their risk-based approach, and show evidence of due diligence in the face of an audit?

Notable Quotes

"Companies don't do bad things, people do. And as people do, the regulatory landscape changes and it can change quickly. So keeping up with those changes is critical to protecting your assets and mitigating risk."

"We need to increase our defensibility and increase our auditability if somebody comes knocking, we can show and illustrate that we have done our due diligence to mitigate any sort of risk of doing business with this third party."

"Companies don't do bad things, people do."

"Put a platform in place that is robust lends itself to a number of different benefits."

 Resources
Michael Parker on LinkedIn
Check out Diligent’s 3rd party products and services here.

Legal GRC focuses on the various activities and responsibilities that people who report to legal must carry out, such as data privacy and breach response. In this week’s show, Tom Fox reconnects with Bill Piwonka, Chief Marketing Officer of Exterro, to discuss compliance with data privacy. They discuss the concept of legal GRC, which is a subcategory of the larger umbrella of GRC. They also explore how Exterro's legal GRC software can help companies manage their data effectively and efficiently while ensuring compliance.

Prior to Bill Piwonka’s current position at Exterro, he had extensive experience running marketing teams for typically small software companies, helping build them as they grew. His knowledge of both startups and large multinational global organizations, including Intel and Oracle, has given him a unique perspective on the dynamics of different companies. As an expert in compliance and data privacy, Bill's insights and expertise are invaluable to organizations seeking to improve their compliance programs.

Key ideas you’ll hear Tom and Bill discuss:

Legal GRC is a subcategory of the larger umbrella of GRC that focuses on the various activities and responsibilities that people who report to legal must carry out, such as data privacy and breach response.

Understanding where your data is, who owns it, and what regulations apply to it is crucial to effective data management and compliance.

Data governance, data security, and data cleansing are key components of ESG, particularly in the G part, and the management of data is a mandatory step under ESG.

Having a data inventory and understanding what regulations apply to that data from a retention perspective and disposition is essential to minimizing risk and ensuring compliance with various regulations.

The key to minimizing risk and ensuring compliance is to have the processes and technology that enable you to constantly push the deletion button, in accordance with your retention policy.

Extero has broad capabilities in eDiscovery, privacy forensic investigation, incident response, and cybersecurity compliance. Its clients include a wide range of professionals, such as IT, legal ops, GC, compliance, privacy, and HR.

Regulatory obligations around data security and document turnover are a significant concern for organizations, and Extero's eDiscovery product can help clients comply with government agencies' requirements and store relevant information in their ESI vault.

Extero's consent product can help organizations with obtaining and revoking consent across any medium and demonstrate their compliance.

Legal departments are now recognizing the need for people, process, and technology to address issues that are now being enforced, especially on the privacy side. Process orchestration gives legal departments the ability to manage, measure, and optimize their processes and ensure defensibility.

Extero's marketing strategy is to provide high-quality educational content for the people who would ultimately use their products, such as benchmark surveys, case law alerts, and privacy alerts. 


KEY QUOTES
"Legal has to be involved in all the different GRC activities." - Bill Piwonka

"You have to have the guts to push the deletion button. When you have the processes and the technology that enable you to constantly push that button, you're going to minimize your risk and you're going to ensure compliance across a whole swath of regulations." - Bill Piwonka

"If I can help somebody understand how to optimize a data subject access request process or how to conduct a document review more efficiently, and help them do their jobs more effectively - and I do that for five years - they are more productive, they're more efficient, and they like the content that we're creating." - Bill Piwonka

Resources:
Bill Piwonka on LinkedIn | Twitter  
Exterro

"Most successful executives are well aware of meditation and the secret power of it, and that it has a competitive advantage because it can change the way they're thinking, access more levels of creativity and intuition," says Kara Goodwin, a meditation expert and Tom Fox’s guest on the latest episode of Innovation In Compliance. Kara and Tom discuss the transformative power of meditation, the benefits it offers to individuals and companies, and how it can help people find balance and purpose in their lives. She also talks about how meditation can change your brain, reduce anxiety and depression, and unlock your creativity and intuition.

Kara Goodwin is a certified meditation teacher, and the host of The Meditation Conversation Podcast. With a corporate background in IT and sales, Kara's journey into meditation began when she moved to Italy and discovered the transformative power of this practice. Since then, she has been helping people develop their meditation practice through coaching, retreats, and online courses. Through her work, she seeks to help individuals and organizations find balance, purpose, and fulfillment in their personal and professional lives. 

You’ll hear Kara and Tom discuss:

Meditation means something different to every person, but to Kara it's existing in a state that's beyond - beyond thoughts, beyond the body, beyond time, and beyond space. Meditation is getting to a state of higher consciousness, where the cycle of daily thoughts does not exist. 

Developing a meditation practice changes the brain and the nervous system. It can also translate to a person's state outside of meditation, where they can have a higher perspective on things. It allows them to slow down and not get caught up in the minutiae of the day. 

Being able to tell when you're off balance is simply taking mental stock of yourself. "It's just what's showing up for you in your world… It's becoming aware of how we feel and really even having a perspective that has a distance between what we feel and noticing what we feel," Kara says.

You can't solve problems when you're operating in the same mindset they were created in. "When we're in problem-oriented consciousness, we're not necessarily going to find the solution for that problem in the same level of consciousness where the problem is," Kara remarks. "It's by raising ourselves into a higher level of consciousness that we can have access to more creative solutions, more holistic solutions, more win scenarios." 

Meditation is becoming an important component of mental health for businesses and companies. Kara uses the example of the NFL using meditation tactics to keep themselves calm in the high-stress environment they deal with. In addition, employers caring for their employees can also do more to create better working conditions. Caring for their employees in more holistic ways and seeing them as fully formed human beings, will impact the quality of their work. 

Meditation helps nurture whole-brain thinking. Nurturing whole brain thinking and allowing yourself space allows for higher consciousness, which promotes productivity and activity. 


KEY QUOTE
"When we're in problem-oriented consciousness, we're not necessarily going to find the solution for that problem in the same level of consciousness where the problem is." -  Kara Goodwin 

“[Meditation] is really getting into that state of a higher mind where we're not so focused on the little ins and outs and details of the day and the cycles of our thoughts.” - Kara Goodwin

"Most successful executives are well aware of meditation and the secret power of it, and that it has a competitive advantage because it can change the way they're thinking, access more levels of creativity and intuition." - Kara Goodwin

Resources
Kara Goodwin | Twitter | Instagram 
The Meditation Conversation Podcast