Your vendor’s keeper–managing compliance risks in the extended enterprise

Low-angle view of hospital sign

Extended enterprise risk, or third-party risk, is a significant concern at most large organizations. One compliance executive recently said that according to his organization’s regular internal surveys, third parties pose at least double the risk of any other risks they measure. Yet this is a variety of risk over which organizations tend to have less control. What practices can help manage it?

That conversation was part of the recent Cross-Industry Compliance Leadership Summit that Deloitte hosted at Deloitte University. At the event, which gathered risk and compliance leaders from industries like health care, entertainment, financial services, consumer products, and retail, I moderated a discussion about the challenge of managing third-party risk. Because companies in different industries use and relate to vendors in different ways, there were a variety of stories. But a few common leading practices stood out.

Continue reading “Your vendor’s keeper–managing compliance risks in the extended enterprise”

2014 Compliance Trends Survey Report

2014 Compliance Trends Survey ReportPosted by Tom Rollauer, Executive Director, Center for Regulatory Strategies, Deloitte & Touche LLP

Deloitte and Compliance Week magazine recently released a joint survey report on key compliance trends in 2014. The annual survey, which is in its fourth year, included 209 responses representing a wide range of industries from America and around the world. Questions focused on three major issues:

  • Do compliance executives have the appropriate authority and resources to do their jobs?
  • Are compliance executives addressing the right risks?
  • Do compliance executives use the right metrics to measure progress?

This year’s survey found some level of improvement in all three areas; however, the results were a mixed bag and overall there is still a burning need for organizations to improve how they handle their compliance activities — particularly in light of today’s increasingly demanding compliance environment and the complex new requirements associated with laws such as the Dodd-Frank Act and Affordable Care Act.

Continue reading “2014 Compliance Trends Survey Report”

Highlights from the 2014 Compliance Week Conference

Highlights from the 2014 Compliance Week ConferencePosted by Nicole Sandford, Partner, Deloitte & Touche LLP

Deloitte recently presented at the 2014 Compliance Week Conference in Washington, D.C., which drew top executives and compliance professionals from leading companies across a wide range of industries. Hot topics included the rising importance of reputation risk and third-party risk, as well as the need for a more integrated and efficient approach to managing different types of compliance risk.

Managing risk and compliance in today’s fast-paced global business environment is more challenging than ever. To avoid trouble, many companies are conducting a number of risk assessments for different purposes, including those executed by internal audit, enterprise risk and compliance. All of these are important. However, many compliance professionals and executives at this year’s conference expressed concern that these efforts have not been well coordinated, resulting in “assessment fatigue” in the businesses.

Continue reading “Highlights from the 2014 Compliance Week Conference”