how to succeed in mitigating compliance risks

How to Succeed in Mitigating Compliance Risks Without Really

Trying

Stephan Blasilli and John StrettonWashington, DC

June 2016

June 27-29, 2016The Ritz-Carlton, Pentagon City

2

Today’s agenda

1. What is compliance?

2. How can intelligent BPM systems (iBPMs) help manage compliance risks? What capabilities should you look for in iBPMs?

3. Techniques for agile tool building

4. How we used these techniques to address compliance risks in our industry (US energy and utilities)

June 27-29, 2016The Ritz-Carlton, Pentagon City

3

Let’s build a definition of “mitigating compliance risk”

Compliance

• Conforming to laws or rules

• Mandated or voluntary

• Subject to change

• Broad and leave room for interpretation

Compliance risk

• Financial, Social (Reputational)

• Acceptable versus unacceptable

Mitigating compliance risk

• Respond quickly to new and changing regulations

June 27-29, 2016The Ritz-Carlton, Pentagon City

4

Here’s an example of a compliance risk in our company

Compliance

• ISO 14001 environmental standard requires you to review the effectiveness of corrective actions

Compliance risk

• Reputational

Mitigating compliance risk

• Automatic task assignmentto review actioneffectiveness

June 27-29, 2016The Ritz-Carlton, Pentagon City

5

What compliance requirements exist within your company?

June 27-29, 2016The Ritz-Carlton, Pentagon City

6

The regulatory landscape for US energy companies reaches far and wide

Source: EnerKnol

June 27-29, 2016The Ritz-Carlton, Pentagon City

7

But what happens when these regulations change?

Source: EnerKnol

June 27-29, 2016The Ritz-Carlton, Pentagon City

8

The cost of non-compliance in our industry can be significant

June 27-29, 2016The Ritz-Carlton, Pentagon City

9

How can intelligent BPM systems (iBPMs) help manage compliance

risks?• Control processes across teams

• Constant chain of custody

• Escalation management

• Complete audit trail

• Quick process changes

• Automated notifications

• Real-time reporting

Agility is key

June 27-29, 2016The Ritz-Carlton, Pentagon City

10

Techniques for agile tool building

• Lean thinking

• MVPs

• Process performance measuring

• Validated learning

• Actionable metrics

• Rapid adoption

• Exception-based processing

June 27-29, 2016The Ritz-Carlton, Pentagon City

11

Think lean to be effective with minimal resources

Source: Eric Ries, The Lean Startup

Build a tool

Measure

ValidatedLearning

June 27-29, 2016The Ritz-Carlton, Pentagon City

12

How to build an MVP for compliance risks

Don’t overcomplicate things. Rigidity of the process should reflect the severity of compliance

risk.Source: Michael zur Muehlen, Stevens Institute of Technology

“Lean” process “Fat” process

Regulatory

Value preserving

Value adding

June 27-29, 2016The Ritz-Carlton, Pentagon City

13

Measure the performance of your MVP

• How users respond

• Understand which activities create value and which ones are waste

• For example: Manager review isn’t further mitigating compliance risk

June 27-29, 2016The Ritz-Carlton, Pentagon City

14

Validated Learning

MVP After validated learning

Collect user feedback to improve process

June 27-29, 2016The Ritz-Carlton, Pentagon City

15

Actionable metrics

Metrics should be:

• Actionable: Demonstrate a clear and causal relationship

• Auditable

• Accessible: Easily understood

Source: Eric Ries, The Lean Startup

Focus on quantityof usage

Adoption phase

Focus on qualityof usage

Established tool

June 27-29, 2016The Ritz-Carlton, Pentagon City

16

Rapid adoption

Regular reminders

Secure commitment from management to act on activity reports

Report on tool usage

Integrate the solution into employee routines

June 27-29, 2016The Ritz-Carlton, Pentagon City

17

Important concept for high-volume processes

Exception-based processing

• Identify criteria for “routine” cases which can be handled by automation (or the minimum possible amount of manual intervention)

• Only cases which do not meet these criteria require additional control steps

June 27-29, 2016The Ritz-Carlton, Pentagon City

18

Example 1: Compliance reporting to government agency

Compliance requirement

• Record and report activities related to construction of a power plan

Challenge

• Requirements are guidelines not rules

• MVP built and tested within 1 week

Solution

• Activity tracker

• Rapid adoption through real-time reports

June 27-29, 2016The Ritz-Carlton, Pentagon City

19

Example 2: ISO compliance

Compliance requirement

• ISO 14001 environmental standard

Challenge

• Pre-assessment revealed lack in incident management practice

• MVP developed + training < 1 month

Solution

• Dynamic incident management tool

• Validated learning (3 versions in <1 year)

June 27-29, 2016The Ritz-Carlton, Pentagon City

20

Summary: What have we discussed today?

• The regulatory landscape for energy companies and utilities is constantly shifting

• Monetary impact of non-compliance can be significant

• Use iBPMs to confront this challenge

• Agility is key

• To address agility challenge apply MVPs, validated learning, rapid adoption, and exception-based processing

June 27-29, 2016The Ritz-Carlton, Pentagon City

21

Thank you for your attention!

Stephan BlasilliCorporate Initiatives EDP RenewablesStephan.Blasilli@edpr.com(832) 266-7495

John StrettonCorporate Initiatives EDP RenewablesJohn.Stretton@edpr.com(713) 365-2537