KEY TAKEWAYS & SESSION INSIGHTS

Compliance Tech Talks WASHINGTON D.C. FEBURARY 23, 2016

HOSTED BY

COMPLIANCE TECH TALKS – WASHINGTON D.C.

17 ATTENDEES | 17 COMPANIES | 12 INDUSTRIES AARP Bae Systems Bon Secours Health System, Inc. Booz Allen Hamilton CGI Federal Inc. Ethics Works LLC HDR, Inc Hilton Worldwide, Inc. KBR, Inc Kforce Inc NASDAQ Omx Group, Inc. PAE SAIC The AES Corporation The World Bank Group Under Armour, Inc. Unisys Corporation

Retail

IT Services

Professional Services

Energy

Transportation

Non-profit

Hospitality

Healthcare

Finance

Consulting

Manufacturing

Technology

KEY TAKEWAYS TREND 1 | USE YOUR HOTLINE TO ITS FULLEST POTENTIAL When it comes to reporting to the Board, everyone agreed that a key metric they rely on are hotline statistics. Hotline statistics are heavily relied on when reporting to the Board. This coupled well with what we heard in our recent study with Ethisphere where we found that 97 percent of compliance executives uses hotline and misconduct reporting statistics to report to the Board and governing authorities. Hotline metrics is the first step of incident reporting and case handling. Consequently, this data in conjunction with other channels, is building your in-house compliance data warehouse. Motivating employees to reporting incidents remains an industry-wide pain point. An attendee shared an affectionate nickname for their hotline: “the doors of courage” to help encourage people to utilize it while eliminating the intimation or threating feeling when reporting an incident.

2 | Copyright © 2016

COMPLIANCE TECH TALKS – WASHINGTON D.C.

Another effective and helpful exercise we discussed was secret shopping your own hotline by calling into your own call center and posing as an employee presenting a problem they should be able to solve. Doing this best practice allows you to identify gaps, areas to retrain and gather data to test and measure performance. We shared the importance of root cause – that is when you identify the true influencing factors behind misconduct, it can help you determine and address program weaknesses. Examining root cause can shine a light on problems within your organization down to the employee level. Oftentimes, even comprehensive program and culture assessments may not uncover the true problems behind the problems quite like tracking root cause information as you investigate each and every case.

TREND 2 | GET DATA ACROSS YOUR ORGANIZATION It’s fully understood the importance of getting data across the organization to create compliance awareness and to validate the function as a whole. However, it is key to have strong relationships with other departments as many face misinterpreted or misrepresented messages. It begs the question of an old-fashioned party game of telephone – don’t let what you’re trying to say and the point get convoluted by transmission; make it clear, easy to understand and from your mouth – the mouth of compliance executive. If the message comes from you or your department, the less likely it is for the message to get lost. A few examples attendees shared on how they create awareness and validates the function as a whole are: • Weekly huddles with operating units and share a thought of the day/week around compliance • Weekly compliance report that goes out to the entire company to raise awareness on what has happened/happening as well as what to do if you were in a similar situation • Leverage relationships with other departments so they can communicate compliance updates, reminders and practices down to their team One attendee used the mantra of, “don’t be that teammate.” As employees need to share messages to each other when misconduct occurs, what to do in a certain scenario, what procedure or process to follow – which in no short terms relates to creating a compliancefirst organization. The more this is communicated throughout the company the easier it makes it for employees to report an incident. Moving past the metrics close at hand (e.g., number and types of issues), compliance professionals are searching to find analysis on their hotline can be done to unearth real truths about strengths and vulnerabilities of your company? Leverage data you already have from and other business units to increase the value and utility of incident data. This will help you start to reveal insights about your culture, employee behavior, management tone, retaliation trends, and response consistency.

3 | Copyright © 2016

COMPLIANCE TECH TALKS – WASHINGTON D.C.

TREND 3 | MEASURE THE ROI OF COMPLIANCE CECOs are beginning to get creative in the ways that they find relevant data. One of the most ways to finding relevant data and metrics, for example, is by partnering with HR to collect ethics and compliance information from the annual culture survey, since many companies already deploy a company-wide annual or biennial survey. CECOs also find relevant data through the IT team—particularly noting that IT leaders have the best visibility into all the data stored company-wide, and can be a helpful resource in aggregating relevant data from other departments for measuring ethics and compliance program success. Some commonly cited data points to calculate ROI include: • Number of investigations • Annual program assessment • Government settlements and violations • Cost avoidance • Perceived value • Total spend • Reponsiveness to issues • Reduction of costs from technology • Hotline information We are starting to see data about employee turnover, employee culture and productivity, but there is still room to improve. A significant challenge for compliance leaders today is finding new and relevant data that helps support both the effectiveness of the ethics and compliance program as well as calculate and defend the ROI of the program. One strategy is by taking an industry approach and looking at the cumulative litigation for the entire industry and then dividing costs by the number of business across that industry. Dollar amounts in the millions as a result of this strategy gets the Board’s attention quickly. The most prominent way to measure ROI today is by estimating the money saved from a fine or reputational damage from a violation. To more effectively elevate the stature, funding and influence compliance has in an organization, compliance teams need to establish a more direct correlation between compliance, company strategy and long-term business profitability.

Read the full recap in our blog, The Compliance Report https://www.convercent.com/blog Be sure to check back often for Tech Talk coverage, and follow the conversation on Twitter using #ComplianceTT UP NEXT: LONDON SAN FRANCISCO

4 | Copyright © 2016

2016 COMPLIANCE TECH TALKS WORLD TOUR

5 | Copyright © 2016

Convercent's risk-based global compliance solution enables the design, implementation and measurement of an effective compliance program. Delivering an intuitive user experience with actionable executive reporting, Convercent integrates the management of corporate compliance risks, cases, disclosures, training and policies. With hundreds of customers in more than 130 countries -- including Philip Morris International, CH2M Hill and Under Armour -- Convercent's awardwinning GRC solution safeguards the financial and reputational health of your company. Backed by Azure Capital, Sapphire Ventures (formerly SAP Ventures), Mantucket Capital and Rho Capital Partners, and based in Denver, Colorado, Convercent will revolutionize your company's compliance program.

THANK YOU