Search

Email Risk Management

What is at risk?

Emails are now the principle communication method between organiations as well as within organisations.  Yet they are rarely treated with the same respect that a letter or other formal document will be.  And that lack of respect extends to the safekeeping of emails with their original contents (both in the body and via attachments).

However, emails are considered as much Electronically Stored Information (ESI) as are Microsoft Word documents or Excel spreadsheets.  This is especially true of legal discovery under the US Federal Rules of Civil Procedure (FRCP).

The true risk of not understanding a) what has been communicated via email (inbound and outbound), b) where the original copies of those emails are presently kept and c) who should/shouldn't be using email to communicate about certain subjects, is unimaginably large.  Imagine a scenario with one company preparing to acquire another and an email is inadvertantly sent to a third party.  Or internal emails discussing possible lay-offs in the workforce accidently arriving in the union organiser's inbox ... the consequences of either situation could be catastrophic!

The benefits of taking action

Protecting your organisation from email leakage and inappropriate usage is more good business sense than big brother in action.  Taking a managed approach to email analytics and risk mitigation, using modern screening technology, allows the normal (valid) day-to-day email traffic to continue as usual.  However, exceptions are flagged by the system and held until an approved person clears them for sending or withdrawal.

Whilst this can add some delay to the 'suspect' emails being delivered it offers the organisation full visibilty of communication within sensitive areas of the business.  And this could be the difference between a successful business acquisition or very public 'egg on face'.

Eliminating email-related risk

dOPS international will work with your senior management team to define the phrase-based keyword lexicon that email screening software requires.  Email screening software uses the same fuzzy-logic techniques as spam filtering software does to scan inbound and outbound emails (and their attachments) looking for key indicators of exceeding pre-defined thresholds of acceptability.  Flagged emails are held before delivery and offered to approved members of staff for human validation or deletion.

Once the lexicon is established, d2OPS international can help you decide which scanning software to use as well as help implement the work-flow that drives the exception handling.  We can also help audit the use of email throughout current business-processes looking for weaknesses as well as opportunities for efficiency improvements without increasing risk. We will pay particular attention to mobile workers and home workers who might be using email on the company's behalf but are outside of traditional IT security systems.

 

Records & Asset Risk Management

What is at risk?

Organisations that have been in operation for a number of years build up a large volume of records and assets.  Some will be well documented and managed, but others, especially older records, may not.

Yet the organisation may need to access historic records, or prove their authenticity, under the time pressure of a major business initiative or even a litigation case.  The uncertainty over which records and assets are well protected and which aren't risks compromising the organisation.  And depending upon the nature of the situation this risk could be severe, especially if litigation is involved.

To make matters worse, this risk is exponeniated when an organisation operates multi-nationally as different national rules for record storage periods and authenticity apply.

The benefits of taking action

It is easy to see that having a single central database of all records and assets that can track their ownership, whereabouts and changes would eliminate this risk.  However it might seem like a 'Holy Grail' solution, good in theory but couldn't be achieved in practice.

With the advent of super-intelligent software systems it is achievable in practice, no matter how adverse the stating position. As long as you plan and execute the project coherently you can establish the base point of where you are now and implement a management/tracking system to keep that base point accurate.

And with such a system in place your organisation would always have a very high degree of certainty of the location and authenticity of core records and assets.

Eliminating records and asset related risk

The key to eliminating the risks pertaining to record and asset management is the central collation of information related to critical records/assets.  This will allow you to identify and prioritise risk areas and keep an accurate track of future changes/movements.  Bearing in mind that many of the records and assets may not be in electronic format makes this a difficult, but not impossible, task.

d2OPS international's approach is to work with you through an information modelling project which then leads into the setting up a suitable tracking process.

Enterprise Information Modelling

• Identify the critical records and assets (documents and records, physical assets, people, processes, knowledge, relationships, ...) and their location
• Identify interdependencies (how are different records and assets related or dependent upon each other)
• Classify the results in a structured way to ensure current and future consistency and to determine risk priorities
• Determine the permission hierarchy for controlling accountability, access, change and movement of records and assets
• Define business rules for how the records and assets will be managed in future to remove risks

Records and Asset Tracking

• Implement a central records & asset database to systemise the output of the Enterprise Information Modelling project
• Implement electronic processes to track all electronic records, including setting up data vaults for the protection of 'original copies' where required
• Implement physical tracking processes to track all non-electronic assets.  These should be recorded electronically in the central database, and could include automatic systems such as RFID tagging to track physical assets that are mobile.

d2OPS international can work with you to identify software solutions to support the above projects if current systems are not suitable.

 

search_results

Sitemap

Testimonials

News/Blog

Welcome to d2OPS international

Interesting information

How to get hold of us

Who we are

Delivering workable governance, risk and compliance solutions to corporate businesses is a highly specialised area. It requires skills covering international law, business processes and hierarchies, solution architectures and IT systems.

But to be really effective at delivering those solutions quickly and without skimping on depth or quality requires a small and dedicated team that have worked together over a long period … just like ours.

Tim Bovy, Chief Executive Officer (Global Operations) 

Tim has nearly 30 years of experience in designing and implementing various types of information and risk management systems for major law firms such as Clifford Chance and Richards Butler; and for major accountancy firms such as Deloitte & Touche. He has also developed solutions for organisations such as BT, Imperial Tobacco, Rio Tinto, the Kuwaiti government, and the US House of Representatives.   He is currently project leader in defining and developing the strategy for the Rio Tinto global governance, risk, and compliance system, which covers a broad spectrum of compliance risk management.

Tim holds a BA degree, magna cum laude, from the University of Notre Dame, and MA and C.Phil degrees, with high distinction, from the University of California.

Tim has written articles for, and given lectures at, City University in London and at Oxford University. He lives in Marlow, England, where he is on the Executive Committee of the Marlow Chamber of Trade and Commerce.

Ed Beck, Chief Executive Officer (USA Operations)

Ed has served as Executive or Senior Vice President, General Counsel & Secretary of Mervyn’s LLC, a $2.5 billion department store chain, Yamanouchi Consumer, Inc., and its predecessor, Shaklee Corporation, a NYSE and Fortune 500 consumer products company, and The Pacific Lumber Company, a NYSE and Fortune 1000 lumber and welding products company. 

Ed began his legal career with Pillsbury, Madison & Sutro in San Francisco.  He has substantial experience in a broad range of compliance areas, serving as chief compliance officer in the various companies for which he has worked.  Ed has also managed all legal aspects of several successful acquisitions and divestitures, dealt with numerous corporate governance matters, served on the Board and Audit Committee of Yamanouchi Consumer Inc. and chaired the Board, Audit Committee and Compensation Committee on behalf of the company’s Japanese Chairman.

Ed has served on numerous professional and non-profit Boards, including the San Francisco Chamber of Commerce, the San Francisco Bar Association, and The San Francisco Conservatory of Music. He also served as Chair of the Bay Area General Counsel Group.

Ed holds a BA degree, cum laude, from Yale and a JD degree, cum laude, from Harvard Law School.

Harry Hodgson, Chief Information Officer

Harry has over 20 years experience with major IT companies in business and quality planning, designing and implementing processes, improving performance and managing operations. This experience includes working with Data General and EMC at UK Board level as well as International Management level covering Europe, the Middle East and Africa.

Particular areas of expertise include defining/implementing business processes and rules, FCPA risk management, ISO9000 quality systems, training, call centres, purchasing, logistics and managing and coordinating complex projects across all business areas and geographies.  Harry has a very successful record of achieving objectives in terms of time, efficiencies, effectiveness and significant cost savings.

Rob McHardy, Chief Technology Officer

Rob received both his bachelors and masters degrees from Oxford University, in 1991. He began working with Tim immediately after graduation as a project manager on a £multi-million project, involving two of the world’s largest ship builders. Rob was responsible for setting up a records management system for a large document database, which ran to over 1 million pages.

From that experience Rob quickly grew into a highly skilled systems engineer. In 1993 he spearheaded the Kuwaiti government project, which managed the massive insurance claims against Iraq, following their 1991 invasion of Kuwait. Since then Rob has built up extensive expertise in system architecture, design and implementation. This ranges, from working with sophisticated databases, such as Microsoft SQL Server and Oracle, to preparing detailed specifications and diagramming precise hardware configurations, to writing bespoke code to enhance systems integration and workflow procedures.

Over the years, Rob has overseen the design and implementation of numerous successful systems in the US, Europe, and the Middle East.

Rob is the CTO of d2OPS international and is the technical authority on all of the company's client engagements.

Who we do it for

On the surface the issues surrounding Governance, Risk and Compliance (GRC) may seem to only affect the very large multi-national businesses. But in truth they affect all businesses - though the scale of the problem is clearly more extensive with larger and multi-national organisations.

Typical areas of concern for small businesses

• Overwhelmend by the number and variety of compliance rules/regulations
• Don't fully understand the significance of the impact of non-compliance
• Belief that professional help with this will be too expensive for the business to afford

Typical areas of concern for large national businesses

• Compliance management is seen as the responsibility of the legal team only
• Implications of non-compliance is not well understood at all levels of the business
• Uncertainty over which international regulations apply to a national business
• Confusion over the 'cascaded' compliance obligations of suppliers and partners
• Maybe considering expansion into new geographies but unsure how the additional compliance obligations will operationally impact the business

Typical areas of concern for large multi-national businesses

• Understand the legal/technical risks of compliance but can't translate them into their full operational impacts
• Unable to isolate the operational changes needed to mitigate compliance risks at all levels
• IT systems and processes are thought to be preventing operational changes from being made
• Key information and audit trails are dispersed, stored in different formats (including paper records) and could be managed by mobile workers
• Poor segregation of compliance-related responsibilities is compromising risk management
• Need practical solutions ... not more management reports

If any of these concerns ring true for your organisation, then give us a call.  We can talk you through the issues and help you decide what level of impact Governance, Risk and Compliance management has for you - and most importantly what your first steps to controlling it could be.

How we do it

We have developed process and techniques that allow us to tackle the highly complex problem of capturing, consolidating and managing an organisation's governance, risk and compliance issues.

We can explain in detail how we do this when we meet you for the first time.

In advance of that, however, let us give you an outline of the areas that we cover to give you a feel for the completeness of our service:

• Identify a company’s compliance obligations, and assemble them into a coherent knowledge base.
• Establish a system Lexicon (sometimes known as ontology) to clearly define the terms that comprise the system Taxonomy, thus enhancing the precision rate in searching for documents and facilitating activities such as global risk profiling and cross-referencing.
• Map, link and route compliance obligations to the appropriate positions within the company to establish accountability and ensure that there are no “accountability gaps”.
• Uncover and include the current status of all of the metrics regarding the operational, business conduct, legal, regulatory, policy, and voluntary commitment (including contractual) compliance risks confronting the company.
• Design a comprehensive recording method for hazards and risks, and their economic and non-economic consequences, including an operational risk scoring mechanism to focus management resources.
• Define notification alerts and escalations and the use of operational dashboards to enforce internal and external due dates, whilst providing the ability to reassign resources on the fly when a person is unable to act on a due date (absent, ill, on leave, etc) to ensure that there are no gaps in the fulfilment of obligations.
• Incorporate a Key Reporting Views Process, which is continually updated in a constant cycle of replicating information back to the Master Compliance Database for delivery to the appropriate business level, including Global, Regional, National, Business Unit, and any other level to which the timely delivery of compliance obligation information is critical, enabling the company to expose global non-compliance risk and to compare compliance management across the entire enterprise.
• Develop a system for handling change notifications for compliance obligations, which are automatically invoked through business processes that monitor automatic update notification services from third party compliance portals, either internal or external to the company.
• Develop a method that ensures that recording a risk will trigger an automated process, which requires the recording of a Risk Mitigation and Action Plan.
• Develop a method that ensures that recording a compliance-related incident will trigger an automated process, requiring the recording of a Corrective Action Plan.
• Design (and optionally deploy) an IT system architecture, centred on the Master Compliance Database, that fully encapsulates the system requirements above, but that can be implemented within the company’s current IT application, network and security infrastructure.

A brief sample of our Management Compliance Process is available to view here.

Contract Risk Management

What is at risk?

There was a time when all of an organisation's contracts could be centrally scrutinised before signing.  This allowed for high-levels of consistency and control.  But in today's multi-national fast moving companies the idea of all contracts going to a single central human resource for processing is just not viable.  Sales deadlines, production deadlines and the ever present stockholder pressure for growth mean that time is very much of the essence.

So we have the situation where in reality contracts are being negotiated and signed at many different levels within the organisation, and often in different legal juristictions.  There may well be documented procedures that cover this, but they are not always adhered to rigorously ...or even at all. The result is that many organisations have lost control of their Contract Lifecycle Management (CLM) and cannot be sure of what contracts exist, under what terms and where the original copies are held.

And this isn't just in the realm of the inept ... it is a daily situation facing many very well known corporations around the world.

The benefits of taking action

Gaining control of the Contract Lifecycle allows organisations to coordinate resources to negotiate better terms, track and plan for their own exposure to contractual obligations, police variations from the defined obligations by other parties, and to manage the end-of-life or renewal of contracts as appropriate. 

This will significantly reduce the risk that the organisation faces from the total of all of its contracts as well as providing essential managerial visibility of status, progress and potential issues.

Eliminating Contract Management risk

d2OPS international can assist organisations in eliminating the substantial risk in Contract Lifecycle Management through a systems based approach that both protects the business as well as allowing commercial flexibility to meet market needs.

Our approach starts with an audit programme to establish a realistic assessment of the scale of the problem, the areas of weakness, and where increased flexibility is required.  Employee 'workarounds' are uncovered and documented as are bottlenecks and inflexibilities in the formal contractual system.

Once the assessment is complete an extended workshop is run to define a business rules-based approach that will accomodate the different operational needs across the different levels of the business set against the central need for visibility and accountability.  This workshop may run in stages over a period of weeks if neccessary.

With the business rules defined, d2OPS international will work with the client to implement these rules into IT systems, either pre-existing or newly acquired.  Part of this process is the establishment of a central 'contract vault' where electronic copies (including scanned copies of paper contracts) are automatically stored.  This vault provides the core visibility that the organisation needs as well as providing document authenticity which is important for Electronically Stored Information (ESI) management and possible Federal Rules of Civil Procedure (FRCP) litigation.

FRCP & ESI Risk Management

What is at risk?

In December 2006, the Federal Rules of Civil Procedure (FRCP) were amended to include Electronically Stored Information (ESI).  Whilst this may be seen as the US Federal Courts merely catching up with the 21st century, the real news story is the significant impact that the changes will have on the way that companies are expected to store and protect electronic information that might be relevant to current or future litigation.

And don't forget that ESI includes email, which is hard enough to control at the best of times!

In court cases since the changes the US courts have demonstrated that they take a very dim view of organisations that fail to respect the FRCP provisions for legally discoverable electronic information.  The risk is that inadequately protecting electronic information could lead to adverse instructions, significant fines or even losing a case that would otherwise have been settled favourably.

The benefits of taking action

Companies that protect ESI with auditable systems and processes clearly have an advantage over those that don't.  Not only are they sure that the information they use to mount their legal action is accurate and provably original, they will also avoid the risk of negative court reactions (that could incur significant fines as a result).

An additional benefit is that having a controlled and protective approach to ESI make a lot of business sense as it ensures that company information is fully protected for accuracy and originality.  This will help the organisation make better informed decisions regardless of whether there is a risk of future litigation in that area.  Furthermore, a comprehensive approach that accounts for non-electronic information within the same management system will give an organisation a truly inclusive view of all corporate information.

Eliminating FRCP/ESI risk

d2OPS international can help you to implement a comprehensive ESI compliance system that will mitigate current and future FRCP risks. Our approach is made up of two key stages:

1. Identify, capture and protect current relevant ESI
   • define a lexicon of relevant keywords for data searching, using current and potential litigation
   • search ALL ESI, with categorisation using the keyword lexicon (using smart software for speed and reduced cost, for example a search of six terabytes of dispersed data can return the results in a matter of seconds)
   • human 'sifting' of returned ESI in an organisation's own document management sytem to identify relevance and authenticity
   • protection of identified ESI in a secure data 'vault' to deliver and manage provable originality
2. Audit organisational processes in order to design and implement a rigorous system to correctly manage FRCP/ESI risks for the future

This approach has been designed to help in-house counsel in large and multi-national corporations significantly reduce costs by quickly identifying all of the electronic data relevant to a litigation matter (or potential litigation matter) within minutes/hours rather than days/months.  Data can be delivered directly to an existing document management/litigation support system for legal review and analysis.  Thereafter newly created ESI will be automatically handled in the most appropriate manner to reduce FRCP risks in line with audited business processes.

Useful links

US Federal Courts, Federal Rules of Civil Procedure (.pdf)

LexisNexis, FRCP Readiness: 10 Practical Tips for Paralegals

 

FCPA/UK Bribery Act /OECD Risk Management

What is at risk?

Every company with operations or sales overseas should carefully consider whether it has effective policies and procedures in place that adequately manage the company’s risks under the US Foreign Corrupt Practices Act (FCPA) 1977, the UK Bribery Act, and the OECD's Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (OECD) 1997.

While most business executives are aware of the regulation's basic objectives, they find it a daunting task to protect their companies and their employees from potentially disastrous consequences - stiff fines and prison sentences - that could result from a failure to comply.

The benefits of taking action

Companies should proactively protect themselves against bribery violations. The “Federal Sentencing Guidelines for Organisations,” issued by the U.S. Sentencing Commission and applicable to criminal violations of all federal statutes such as the FCPA, require federal courts handing down criminal sanctions to take into account the existence or absence of effective corporate compliance programs.

The presence of an effective compliance program can significantly reduce a corporation’s sentence, in some cases by as much as 95%, while the absence of such a program can increase the sentence.

Managing Bribery Risk

d2OPS international can assist you in implementing a Bribery Prevention Compliance System that will:

• Be Proactive, enabling the company’s board and management to track patterns and trends that pinpoint areas of abuse that they can quickly remedy.
• Provide Information in Real Time, so that the company can avoid bribery abuses that could result in serious violations if there is no mechanism in place for reporting such violations to the board and management in real time, thus allowing them to continue unnoticed until it is too late.
• Digitise Business Rules and Processes, so that the board and management can monitor activities that could lead to international bribery violations.
• Establish Accountability and Create a Deterrent, digitising itself acts as a deterrent since employees will know that the system is monitoring their activities by flagging and reporting unusual activity that occurs outside of established parameters. This process would make the recurrence of the activity virtually impossible since the system would immediately reveal the wrongdoer to the company’s board and management, allowing them to take immediate remedial action.
• Enable Processes and Procedures to be Flexible and Easily Changed, providing the company’s board and management with the ability to update and improve the Bribery Prevention system as circumstances change.
• Enable the Board and Management to Update Business Rules, so that they can keep pace with the ever-changing regulatory environment in which they work by editing Business Rules immediately and easily, as and when changes occur in international bribery regulations.
• Provide a Clear and Thorough Audit, thus providing the board and management with a comprehensive overview of potentially harmful activities, as well as providing them with the ‘fingerprints’ of any wrongdoers.
• Provide reporting and analytics that continuously monitor and report upon the organisation's global exposure to risk.
• Enable Cross-Platform Compatibility & Communications, to enable the full integration of all information relevant to international bribery issues.
• Demonstrate Bribery Prevention Compliance to external agencies, through documented processes and escalation systems.

Software Tools

d2OPS international has access to, and experience of, a number of software tools that can be used to support the mitigation of international bribery risk.  These tools allow for the implementation of business-rules based thresholds, the breaking of which will indicate anomolies to management 'dashboards' and other reporting systems.  Example areas of vulnerability that these software tools could monitor are:

1. Checking potential 3rd party business entities against lists of suspect persons, etc. from governmental agencies and against the company’s own list of previously disapproved entities.
2. Creation of an exception report identifying any actual company vendors that don’t match the company’s authorised vendor list.
3. Detecting unusual entertainment expenses.
4. Detecting violations of maximum expenditure limits (e.g., 10% maximum commission)
5. Detecting any unusually high expenditures or any unusual payment mechanisms (e.g., payment required in advance or paid to another party).
6. Verifying that evidence has been obtained, and kept, regarding special uses for commission payments (e.g., that they will be used to build a warehouse).

Useful Links

US Department of Justice, Foreign Corrupt Practices Act

US Department of Justice, lay-person's Guide to the Foreign Corrupt Practices Act

US Bureau of Industry & Security, suggestions to avoid dealing with unauthorised persons

US Bureau of Industry & Security, red flag indicators

US Bureau of Industry & Security, denied persons list

US Bureau of Industry & Security, unverified parties list

US Department of Treasury Office of Foreign Assets Control, specially designated nationals and blocked persons list

GRC Management

What is at risk?

In a word ... everything!

Governance, Risk and Compliance (GRC) management is unfortunately a catch-all term - very easy to put in reports but very hard to quantify and protect against. This means that to determine exactly what risks your organisation faces under GRC regulations in all of your geographic operations can seem like an impossible task.

GRC covers a wealth of business areas, but much focus has been placed on financial management and governance.  Sarbanes-Oxley (SOX), COSO guidelines and the UK's Combined Code on Corporate Governance have hit the headlines in recent times, but these are just the tip of the iceberg.  It is essential that organisations can quantify and proactively manage all of their risks in the GRC area - otherwise they, and their officers/directors, face potential litigation which can result in huge fines or even custodial sentences.

The benefits of taking action

Taking action on GRC sooner rather than later will save cost and delay.  It will it give the senior management team much improved visibility and control over key operational areas of the business and may also avoid potential litigation. It will also allow the organisation increased freedom to undertake new business initiatives knowing that they can incrementally manage new GRC risks from a stable base point.

What a comprehensive GRC management solution should include (as a minimum) 

• Identification and assembly of an organisation's compliance obligations into a coherent knowledge base
• Automatic linking and routing of compliance obligations to the appropriate positions within the organisation to establish accountability and ensure that there are no 'accountability gaps'
• Information covering the current status of all metrics regarding the operational, business conduct, legal, regulatory, policy and voluntary commitment (including contractual) compliance risks confronting the organisation
• Provision of comprehensive records of hazard and risk, and their economic and non-economic consequences, including an operational risk scoring mechanism to focus management priorities and resources
• Notification alerts/escalations and the use of operational dashboards to enforce internal and external due dates, providing the ability to reassign resources on the 'fly' when a person is unable to act on a due date to ensure that there are no gaps in the fulfilment of obligations
• A Key Reporting Views process which is continually updated in a constant cycle of replicating information back to the master GRC database for delivery to the appropriate business level enabling the exposure of non-complaince risk and to compare GRC compliance across the entire enterprise
• Change notifications for compliance obligations which are automatically invoked through business processes that monitor update notification services from third-party compliance portals, either internal or external to the organisation
• The recording a risk that triggers an automated process will mandate the recording of a risk mitigation and action plan
• The recording an incident that triggers an automated process will mandate the recording of a corrective action plan

Eliminating Governance, Risk and Compliance risk

We undertake a detailed study of the company’s current Governance, Risk and Compliance (GRC) environment to identify the gaps that exist. Then we set out a complete blueprint for delivering a comprehensive GRC management solution, including the system architecture, lexicon, business processes and hierarchies, and all business rules.

Written down like this it sounds simple. It isn’t. But we’ve developed the tools, processes, techniques and delivery team to make it thorough and effective whilst achieving an ‘astonishing’ speed of delivery.  

Once we’ve completed our work, the client will have a risk management system that will:

• Be predictive, enabling the company’s board and management to track patterns and trends that pinpoint areas of abuse that they can quickly remedy.
• Provide information in real time, so that the company can avoid ‘Nick Leeson’ type and Shell-style abuses that escalated to intolerable levels because there was no mechanism in place for reporting such abuses to the board and management in real time, thus allowing them to recur.
• Digitise processes and procedures, so that all information related to compliance is stored in a database which generates real-time reports for the board and management to monitor activities that could lead to serious instances of non-compliance. Digitising itself acts as a deterrent since employees will know that the system is monitoring the information that they enter into it, as well as flagging and reporting unusual activity that occurs outside of established parameters. This process would make the recurrence of the activity virtually impossible since the system would immediately reveal the wrongdoer to the company’s board and management, allowing them to take immediate remedial action.
• Enable processes and procedures to be flexible and easily changed, providing the company’s board and management with the ability to update and improve systems as circumstances change, as well as enabling them to adapt the system to different and increasing requirements in the various countries in which the company operates.
• Enable the board and management to update business rules, so that they can keep pace with the ever-changing regulatory environment in which they work by editing business rules immediately and easily, as and when changes occur. This should include the ability to refine and update algorithms according to circumstances so that monitoring and control is constantly refined and improved.
• Provide a clear and thorough audit, using the digitising of processes and procedures as noted above, thus providing the board and management with a comprehensive overview of potentially harmful activities, as well as providing them with a ‘fingerprint’ of anyone making changes to the system.
• Provide reporting and analytics that continuously monitor and report upon the organisation's global exposure to risk.
• Enable cross-platform compatibility & communications, to enable the full integration of all information relevant to Governance, Risk and Compliance issues.

Useful links

Committee of Sponsoring Organizations of the Treadway Commission (COSO), website

Financial Reporting Council, UK Combined Code on Corporate Governance

US Library of Congress, Sarbanes-Oxley Act 2002

 

What we do

We help organisations get to grips with the business and compliance risks that they face whether they be legal, financial, procedural, environmental or social responsibility oriented.

The business areas that we offer risk management services for are:

• Governance, Risk and Compliance - enabling the organistion to gain control and visibility of all areas that come under the general umbrella of GRC, including financial elements such as the US Sarbanes-Oxley and UK Combined Code on Corporate Governance regulations
• FCPA/UK Bribery Act/OECD* - protecting the organisation against potential corrupt practices and related allegations
• Contracts - managing the lifecycle of contracts to protect the organisation without compromising commercial versatility
• FRCP & ESI - controlling the location and authenticity of legally discoverable electronically stored information
• Records & Assets - removing uncertainty over record and asset location, authenticity and accountability
• Email - protecting against the risk of inadvertant/inappropriate communications via email and tracking historic information

Typically in large multinational corporations, there is inadequate visibility of overall exposure to business and compliance risks. Additionally, there is often a reliance on individuals at the National or Business Unit levels to identify and manage the risks, usually to differing standards and recording levels. The major problem is that there are usually no common processes or tools in place to achieve this, ‘common’ being the operative word here. The consolidation of business and compliance management activities is therefore often difficult to achieve whilst at the same time that there is increasing pressure from international legislatures for more and more transparent accountability.

It seems to many CEOs to be an intractable ... and potentially very expensive ... problem.  That’s where we can step in.

Using our experience we undertake highly focused projects that audit specific organisational environment or process-flows to identify the risks that exist. Then we set out a complete blueprint for delivering a comprehensive risk management solution, including the system architecture, lexicon, business processes and hierarchies, and all business rules. And it's done very quickly ... without the bureaucracy of a large report-writing management consultancy.

Written down like this it sounds simple. It isn’t. But we’ve developed the tools, processes, techniques and delivery team to make it thorough and effective whilst achieving an ‘astonishing’ speed of delivery.

Once we’ve completed our work, the client will have a risk management solution that will:

• Be predictive
• Provide information in real time
• Digitise processes and procedures
• Enable processes and procedures to be flexible and easily changed
• Enable the board and management to update business rules
• Provide a clear and thorough audit
• Enable cross-platform compatibility & communications

If you want to know more about how we can help your organisation quickly overcome critical business risks in any of these areas, just give us a call.

*OECD's Convention on Combating Bribery of Foreign Public Officials in International Business Transactions 1997

Home_top

we don't write long reports
d2OPS International makes business strategies operational without the fuss that plagues corporate projects. We get straight down to work in helping define the business processes and business rules necessary to deploy vital strategies across the enterprise. This can involve managing Governance, Risk and Compliance obligations, managing FCPA risk or enforcing the Federal Rules of Civil Procedure that govern electronically stored information. And we can do it nationally, regionally or globally.