During the session, I took attendees through each stage of a risk-based compliance process.
- Identify risks across the organization
- Connect risk root causes to corporate policy
- Link Regulations and Requirements to these risks and their mitigating controls
- Structure reporting for flexibility and efficiency
- Develop a process for managing change over time
You can learn more about these steps in detail by downloading this eBook on risk-based compliance.
One of my favorite features of the session was that it wasn’t just a talking session, it was an open discussion. I enjoy audience participation, engagement, and interaction when attendees ask questions or raise concerns they have about their own organization’s processes.
This time, as I took them through each step of the process, I asked them to apply each step to a case study I handed out on Chipotle. The food-borne illness outbreaks Chipotle has been experiencing are great examples of failures in risk management that go above and beyond compliance, which is just the minimum operating standard. Nevertheless, Chipotle has suffered a 46% decrease in their stock value since the initial outbreaks in 2015.
Attendees identified the root-causes of the continued outbreaks and discussed a series of questions such as what controls they thought would mitigate the chain’s risks and how a risk-based approach could have prevented future scandals.
The feedback from attendees was immensely exciting and I look forward to presenting at more SCCE and other conferences in the future!