How to Succeed in Mitigating Compliance Risks

How to Succeed in Mitigating Compliance Risks Without Really

Trying

Stephan Blasilli and John StrettonWashington, DC

June 2016

June 27-29, 2016The Ritz-Carlton, Pentagon City

2

Today’s agenda

1. What is compliance?

2. How can intelligent BPM systems (iBPMs) help manage compliance risks? What capabilities should you look for in iBPMs?

3. Techniques for agile tool building

4. How we used these techniques to address compliance risks in our industry (US energy and utilities)


3

Let’s build a definition of “mitigating compliance risk”

Compliance

• Conforming to laws or rules

• Mandated or voluntary

• Subject to change

• Broad and leave room for interpretation

Compliance risk

• Financial, Social (Reputational)

• Acceptable versus unacceptable

Mitigating compliance risk

• Respond quickly to new and changing regulations


4

Here’s an example of a compliance risk in our company

Compliance

• ISO 14001 environmental standard requires you to review the effectiveness of corrective actions

Compliance risk

• Reputational

Mitigating compliance risk

• Automatic task assignmentto review actioneffectiveness


5

What compliance requirements exist within your company?


6

The regulatory landscape for US energy companies reaches far and wide

Source: EnerKnol


7

But what happens when these regulations change?

Source: EnerKnol


8

The cost of non-compliance in our industry can be significant


9

How can intelligent BPM systems (iBPMs) help manage compliance

risks?• Control processes across teams

• Constant chain of custody

• Escalation management

• Complete audit trail

• Quick process changes

• Automated notifications

• Real-time reporting

Agility is key


10

Techniques for agile tool building

• Lean thinking

• MVPs

• Process performance measuring

• Validated learning

• Actionable metrics

• Rapid adoption

• Exception-based processing


11

Think lean to be effective with minimal resources

Source: Eric Ries, The Lean Startup

Build a tool

Measure

ValidatedLearning


12

How to build an MVP for compliance risks

Don’t overcomplicate things. Rigidity of the process should reflect the severity of compliance

risk.Source: Michael zur Muehlen, Stevens Institute of Technology

“Lean” process “Fat” process

Regulatory

Value preserving

Value adding


13

Measure the performance of your MVP

• How users respond

• Understand which activities create value and which ones are waste

• For example: Manager review isn’t further mitigating compliance risk


14

Validated Learning

MVP After validated learning

Collect user feedback to improve process


15

Actionable metrics

Metrics should be:

• Actionable: Demonstrate a clear and causal relationship

• Auditable

• Accessible: Easily understood

Source: Eric Ries, The Lean Startup

Focus on quantityof usage

Adoption phase

Focus on qualityof usage

Established tool


16

Rapid adoption

Regular reminders

Secure commitment from management to act on activity reports

Report on tool usage

Integrate the solution into employee routines


17

Important concept for high-volume processes

Exception-based processing

• Identify criteria for “routine” cases which can be handled by automation (or the minimum possible amount of manual intervention)

• Only cases which do not meet these criteria require additional control steps


18

Example 1: Compliance reporting to government agency

Compliance requirement

• Record and report activities related to construction of a power plan

Challenge

• Requirements are guidelines not rules

• MVP built and tested within 1 week

Solution

• Activity tracker

• Rapid adoption through real-time reports


19

Example 2: ISO compliance

Compliance requirement

• ISO 14001 environmental standard

Challenge

• Pre-assessment revealed lack in incident management practice

• MVP developed + training < 1 month

Solution

• Dynamic incident management tool

• Validated learning (3 versions in <1 year)


20

Summary: What have we discussed today?

• The regulatory landscape for energy companies and utilities is constantly shifting

• Monetary impact of non-compliance can be significant

• Use iBPMs to confront this challenge

• Agility is key

• To address agility challenge apply MVPs, validated learning, rapid adoption, and exception-based processing


21

Thank you for your attention!

Stephan BlasilliCorporate Initiatives EDP [email protected](832) 266-7495

John StrettonCorporate Initiatives EDP [email protected](713) 365-2537

Data & Analytics

How to Succeed in Mitigating Compliance Risks