
Fueling Your Business through Insights- Driven Governance, Risk Management and Compliance


Adrian Mebane, VP-Global Ethics & Compliance, The Hershey Company
Governance, Risk Management and Compliance (GRC) are oftentimes viewed as impediments or decelerators to a company's ability to leverage advancements in cloud, social, mobile, and Big Data disruptive technologies. At Hershey, we recognize the polarity between "protecting" and "enabling" our business. While there is a natural tension between the two, they are not mutually exclusive and it's possible to achieve synergistic effects.
Hershey is a knowledge and insights driven company. Our Compliance Department, like every department within our company, is expected to be so driven. We further recognize that speed, scale and agility are just as fundamental for us as they are for our business units. Within this context, here are three of our Compliance principles that enable our successful business support: leverage disruptive technologies to achieve insights and Compliance goals, leverage insights for accelerated governance decisions, and achieve speed and scale through organizational agility.
“Leverage Provides Insights”: Compliance and enterprise cloud services are excellent examples of how we leverage disruptive technologies to achieve Compliance goals and generate meaningful insights. We use cloud services for Ethics and Compliance investigations workflow management, distributor due diligence risk assessment management, contract management, and matter management. Cloud services are underway or in place for enterprise email, intranet services, content and document management, and social networking. With such a rich exposure to cloud services, we understand the benefits of rapid implementation and cost effective, scalable services. We also understand inherent limitations with customization and potentially limited influence of future technology roadmaps for our selected platforms. And perhaps most importantly, our selected technologies have enabled us to more fully decompose our global costs for Compliance services to provide two key benefits:
• Direct linkage of Compliance costs to strategic business initiatives so business leaders more fully understand the financial implications of business decisions, and
• Insights on costs for individual Compliance services so that we can optimize the costs and benefits of what Compliance activities are in-sourced versus outsourced.
"At Hershey, we leveraged our own experiences and learnings in disruptive technologies, on company and non-company devices, to quickly focus on and address key risk areas"
Our insights, however, extend well beyond transparency of costs “Insights Accelerate Governance”: Our governance plan for Hershey’s mobility strategy was developed in less than 25 percent of the time and at a significantly lower resource commitment than what was required for our cloud content and document management governance plan. We leveraged our own experiences and learnings in disruptive technologies, on company and non-company devices, to quickly focus on and address key risk areas. It’s much more meaningful for Compliance team members to discuss, for example, the nuances and implications of a data protection strategy for personally identifiable information after they have been required to interact with information security controls on their own systems.
Many of our insights for disruptive technologies, however, originate from outside of our Compliance Department. Our insights are cross-pollinated through our organizational agility.
“Speed and Scale through Organizational Agility”: Organizational boundaries can be impediments to process performance. We recognize that organizational agility is necessary to gain speed and scale to deliver our Compliance objectives. Here are two interesting examples of how we have designed organizational agility at Hershey:
• Physical and Information Security are integrated into a single Global Security department. As the Chief Information Security Officer (CISO), the department head reports to the CIO. He also reports to the Vice President, Global Ethics & Compliance, a function which sits in the Law Department. And as the Business Engagement Lead to the Law Department, the CISO participates on the General Counsel’s staff. In effect and in practice, Information Services (IS) is embedded in the Compliance and Law Departments, and vice versa. The Global Security team bridges the perspectives, priorities and insights of two divergent but complimentary functions.
• Our Ethics Core Team is comprised of personnel from Compliance, Internal Audit, Employee Relations and Security. Team members work at Corporate and regional locations. Regional Finance leaders are Ethics and Compliance champions. Well established processes and priorities enable the core team and champions to scale up quickly and globally to respond to ethics and compliance needs.
“Leaning Forward into the Future”: A “protect” and “enable” Compliance program should not be constrained to the use of disruptive technologies for annual objectives, an optimized governance capability and an agile organizational structure. While valuable to be sure, we can and do operate more strategically. The program should enable Compliance leaders to “look around corners” and into the future to anticipate GRC influences and implications. Are you “thinking big?” We certainly are.
Check Out: Top Risk Management Solution Companies
ON THE DECK
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
The Journey to Swift Digital Transformation
Will data protection law reform open the door to easier international...
Virtual Immersive Learning: The Next Frontier in Higher Education
Making the Case For Moving from Health IT to Health Analytics
Data as a Business
