Multi-national technology conglomerate
The Challenge
- Had a fragmented approach to policy governance and management which was highlighted following a series of regulatory breaches and sanctions.
- Globally applicable policy suite of hundreds of policies.
- No mechanism to ensure policies understood by those needing to comply.
- No framework deployed to consistently to monitor conformance and performance of the business.
The Solution
- We undertook a major project to develop a framework for their policy governance and compliance monitoring processes, and to integrate their second line of defence functions including compliance, risk and Sarbanes Oxley (SOx) into a cohesive single framework covering strategic, financial, operational and compliance risk.
- We worked closely with corporate functions and key stakeholders from the business to analyse and streamline existing policies and develop a standardised set of control requirements, which collectively made up the policies, against which compliance could be monitored and reported. The policies and control requirements collectively made the Policy and Controls Masterbook.
- Building on the framework of requirements identified, we developed a variety of assessment techniques using a risk-based approach to determine when they should be deployed and mapped these to the framework of policy requirements at entity level.
- We designed and led the implementation of a technology solution to enable the control requirements in the Policy and Control Masterbook to be understood, assigned ownership in each entity and monitored according to the assessment techniques used based on the risk profile of the entity and the requirement.
- We supported the roll out of the framework and methodology across 750 entities in more than 100 countries.
The Outcome
As a result of our work, the client was able to establish:
- Clear control requirements with respect to its global policies;
- A standardised, risk-based assessment approach to monitor adherence with policy;
- Continual improvement via enhanced feedback loops;
- A better informed senior management; and.
- A cultivated risk conscious organisation proactively managing areas of non-compliance.
View all clients
