Innovation in Compliance with Tom Fox

Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Business Development.In this episode 4, we discuss Supply Chain issues in the defense industrial base (DIB) with Jennifer Nestor and Theresa Campobasso. Highlights of this podcast include:·   The DIB's role in Supply Chain Security;·   What has changed for the DIB regarding Supply Chain Risk Management; and·   How the DIB responds to the government-led changes in Supply Chain standards.ResourcesJennifer Nestor ProfileTheresa Campobasso ProfileExiger WebsiteExiger's Supply Chain Explorer

Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management;  Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management;  Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Business Development. In this episode 3, we discuss Supply Chain issues in the Information Technology & Telecommunications industry with Skyler Chi and Andrew Lehmann. Highlights of this podcast include:·      Unique vulnerabilities in this sector;·      Potential operational disruptions from one geo-region or single source in IT; and ·      Hardware and software requirements in Supply Chain Risk Management.ResourcesSkyler Chi ProfileAndrew Lehmann  ProfileExiger WebsiteExiger’s Supply Chain Explorer

Welcome to a podcast series on the fight to secure Supply Chains, through cross-industry innovation. This series is sponsored by Exiger. In this series we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Business Development. In this Episode 2, we discuss Supply Chain issues in manufacturing and consumer markets with Kim Lee and Nick Wildgoose. Highlights of this podcast include: Key challenges in Supply Chain Risk Management in the manufacturing and consumer sectors; How manufacturing and consumer sectors can improve their approach to managing Supply Chain risk; and The evolving supply risk areas in respect of the manufacturing and consumer industry sectors. ResourcesKim Lee ProfileNick Wildgoose ProfileExiger WebsiteExiger’s Supply Chain Explorer

Alan Saquella is a fraud risk practitioner as well as a Certified Protection Professional and Certified Polygraph Examiner. He currently works as a full-time professor at the Embry-Riddle Aeronautical University where he teaches security, intelligence, and fraud investigation in the business world. Tom Fox welcomes him to this week’s show to talk about how the corporate security world and fraud investigation intersect and form a union, and how this union helps to build a more effective fraud prevention program. The Plague Upon the Corporate WorldTom wants to know how big an issue fraud and corruption are in the corporate world and how they manifest themselves. Alan believes that the statistics in the ACF report are not a true representation of fraud taking place in the real corporate world. He states, “Whether you're a private company or publicly-traded company, there's a lot more that goes on that's never reported.” He remarks that the report claimed that about 50% of fraud cases are prosecuted or brought to the prosecution. From his work, he understands that less than 5% of cases are actually brought to the prosecution. With regard to corruption, Alan says that for some companies in and outside of the United States, “corruption and bribery are just part of doing business” so it will continue to flourish. Organizations usually bury cases of fraud or corruption, as they can be damaging and embarrassing to the brand’s public image and reputation. Additionally, fraud and corruption are white-collar non-violent crimes, which is why they are not taken seriously by the organization.The Dilemma of WhistleblowersAccording to the report, the ideal way to detect fraud in your organization is internal reporting, also known as whistleblowing. The government also suggests that the primary element of successful anti-corruption compliance programs are whistleblowers. Tom asks Alan if he agrees with these proposed ideas. Alan cautions, “I’ve seen it used very effectively in some organizations and not so much in others … I think all corporate investigative folks will agree it’s a key element to a fraud prevention program. Where I found it to be most successful is when it’s highly publicized.” Companies that do not advertise their fraud whistleblowing hotline are less likely to get tips, as potential whistleblowers feel less confident in reporting any indiscretions. Fraud PreventionTom asks Alan what he thinks are the key elements of a successful fraud prevention program. Alan explains that even though whistleblowers are the most effective way to curb fraud in the workplace, companies must also look at the way they conduct business internally. “For example, tying bonuses to individual performance is always a risky endeavor. It tends to cause folks to take those chances and they're right down the fence in that gray area,” he cautions. Alan advises that companies should reward based on group performance, to prevent desperate employees from committing fraud to get ahead. Additionally, companies ought to communicate with high-risk groups about fraud and fraud prevention. Alan explains that groups like sales and accounting tend to be most active in the fraud area. He also suggests that behavior-based surveys are one of the most effective programs in fraud prevention. These types of surveys give a lot more useful information than opinion surveys and it also “calls out the whistleblowers instead of waiting for the whistleblower to get to that point where they're frustrated.” ResourcesAlan Saquella | LinkedIn | Embry-Riddle Aeronautical University

Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management;  Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management;  Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Business Development. In this Episode 1, we discuss Supply Chain issues in the healthcare industry with Erika Peters and Tim Stone. Highlights of this podcast include:·      Key challenges for Supply Chain Risk Management in healthcare;·      Lessons learned from Covid-19 on Supply Chain in healthcare; and ·      The evolving areas for Supply Chain Risk Management in healthcare.ResourcesErika Peters ProfileTim Stone ProfileExiger WebsiteExiger’s Supply Chain Explorer

Sandeep Bhide is the Vice President of Product Management at ProcessUnity, a company that is making good governance, risk, and compliance (GRC) practices and tools available to organizations via third-party risk and cybersecurity program management tools. Tom Fox welcomes him to this week’s show to talk about their Third-Party Risk: A Turbulent Outlook Survey report and how ProcessUnity helps their clients.The Purpose of ProcessUnityTom asks Sandeep to explain the basis of ProcessUnity and the key products and services they are offering. Sandeep says that the company offers cloud-based solutions that provide help for organizations of all sizes, that allows them to automate their risk and compliance programs. He adds that it is an easily customizable program that reduces manual administrative tasks and allows customers to focus on “the more strategic risk mitigation activities”. ProcessUnity has the ability to review the company's GRC program and deliver great results quickly. Third-Party Risk: A Turbulent Outlook Survey Report Tom wants to know what was the intent behind this report and how it came to fruition. Sandeep states that the objective of the study was to determine how well organizations understood and managed risk associated with their third-party partners. 301 IT and cybersecurity decision-makers and influencers participated in the survey, and they were asked about their concerns and challenges when managing certain risks, and how it has impacted the security incidents related to their third-party partners. Sandeep shares the overall findings of the survey found that:  Third-party relationships continue to expand exponentially;  Companies continue to seek outsourced services and software in order to perform optimally and to replace talent and supply sources due to the pandemic; The majority of respondents have experienced an IT security incident over the last two years because of a third-party relationship.  The Gathering StormTom asks Sandeep to explain the concept of “the gathering storm” and the technological solution ProcessUnity provides to help navigate it. Sandeep explains that the term refers to a supply chain attack executed by “close third-party relationships that have either physical or network access to equipment and premises and those that provide software vital to a business’ operation.” Sandeep then warns that companies should vet these third parties since their role is so important. Most companies would rather focus on their core businesses, however; they feel it doesn't make economic sense for them to do everything themselves and third parties provide the types of talent they need to properly conduct their business. Sandeep comments that “companies can outsource the work which is an imperative for them, but they can’t outsource the risk”. To manage your third parties, you must have multiple in-house and out-house methods to vet them, including questionnaires or assessments. You have to get to know your partners because they have the most risk attached to them.Resources Sandeep Bhide | LinkedIn | ProcessUnity  

Paula Zirinsky is the co-founder and Chief Strategist of Structura Strategy Group, a company that specializes in marketing advice that helps companies build a strategic foundation. Tom Fox welcomes her to this week’s show to discuss the unintended effects of the pandemic within the workplace and how marketing benefits the company when the board takes it seriously. Mentor and Career Inspiration Paula calls Harold Dobbs the best boss she ever had. Dobbs was originally her mother’s eccentric boss who was the head of a liquor company, and he was very marketing and promotional oriented. He later opened a cooperative advertising business for liquor stores, where he gave her a job photocopying promotional flyers and putting them into envelopes. At the end of each workday, he thanked her for all the work she put in that day and how the company would not have existed without her help. As he was such an attentive boss who was passionate about his work, he instilled this enthusiasm for marketing and a strong work ethic in Paula and also demonstrated how to show appreciation for your employees. Unintended Effects of the Pandemic Tom asked Paula to explain some of the unintended effects of the pandemic. Paula explains due to the pandemic, companies introduced various wellness programs so that they could directly speak to their employees and stay in touch with people; they most likely would not have reached out to pre-pandemic. This simple task helped companies become aware of their employees’ needs, which is a positive effect of the pandemic. Another unintended effect is remote working and how it gave rise to new opportunities never seen before. As a result of the stay-at-home mandate, employees were forced to work from home, which allowed jobs to have access to a geographically dispersed talent base, which created jobs for people on a national and even international scale. The Benefits of Marketing Tom asks Paula how marketing impacts the board of directors of a public or private company. Paula explains that there are three main ways how marketing impacts the board. Firstly, “Marketing will enhance how the company, the board, and the executive team are seen and perceived. Marketing works with the branding purpose, vision, and mission of the company.” When the board accepts all marketing strategies designed to help, the company will flourish, as both clients and employees enjoy working with the company. She adds that marketing allows the company to look at their clients and see what they are missing and how to rectify it. Lastly, boards have to take into account the lack of diversity on their committees and the absence of marketing experts. According to a study done in 2019, the majority of Chief Marketing Officers are women. To have a successful company, there must be CMOs on the board, which will increase diversity in the workplace. Invest in MarketingPaula urges companies to invest more of their company resources in marketing. She states, “Sales are about today and what you're getting in marketing is about building for the future – the growth of your company and the future of your company.”ResourcesPaula Zirinsky | LinkedIn | Twitter Structura Strategy Group

Avi Singer is the founder and CEO of Showd.me, a company that is helping organizations provide remote and on-demand compliance training solutions, specifically in the healthcare space. Tom Fox welcomes him to this week’s show to talk about how Showd.me helps its clients and compliance as a service.  The Commercialization of ComplianceAvi tells Tom that the name Showd.me came from a common experience: when you ask someone how they learned to do something they would usually reply, “Somebody showed me”. Showd.me began as a platform that was designed for companies to implement social and peer-to-peer learning. This means that it allows new employees to learn and train from more experienced employees across the organization, via an easy-to-use learning management platform. They grasped the opportunity to break into the healthcare compliance industry, where they aid in hiring, developing, retaining, and certifying the organization’s employees. Compliance as a ServiceTom asks Avi to define compliance as a service and how the concept resonates for him in the marketplace. Compliance as a service is providing a platform where compliance training can be readily accessible for those who require it, Avi responds. “In the compliance marketplace the platform is important, the technology, the learning management platform is important, and accessibility is important, and whether people can use it is important,” Avi explains. He adds that making it in the compliance as a service industry, means tailoring the content and the training for their audience, in order to achieve the organization’s goal. Talent Acquisition and Retention In a response to Tom’s question, Avi explains how Showd.me helps an organization with setting up their new hires for success. He says that there are two concepts that they take into consideration during the application and hiring process. They are hiring for a while and hiring for now. When hiring for a while, you should focus on selling your organization as the ideal work environment, where future employees can see themselves thriving. Showd.me helps their clients by doing the paperwork and remote training for the prospective “hired for a while” employees. Additionally, they provide support for every step of the new journey for the new employees. When hiring for now, clients are encouraged to ensure that the application, interview, and hiring process happens as quickly as possible by utilizing an online platform. Tom then asks how they would alter their training in the future to maintain talent acquisition and retention. Avi replies that fervent data analysis is the answer: they can identify which training techniques work and which ones have stopped working. Looking AheadTom asks Avi how technological advancements would affect the process of compliance going into 2025. Avi explains that whenever a company implements a new compliance requirement, it is in addition to the previous requirements, which may get confusing. Therefore, you must have systems with processes in place to combat the changing times as efficiently as possible. ResourcesAvi Singer | LinkedIn | Twitter showd.me 

Blane Warrene is the Vice President of Product Management at Smarsh, an organization that helps companies manage risk in their electronic communications. Tom Fox welcomes him to this week’s show to talk about a variety of topics surrounding compliance around mobile and hybrid work environments. Compliance Challenges in The Hybrid Work EnvironmentThere are three key factors that are compliance challenges in the hybrid work environment: the risk that comes with using company devices, bringing your own devices to handle company data, and consumer applications. Blane stresses that implementing policy is vital because policy is the frame in which the organization operates. However, Blane also remarks that a layer of processing technology has to be embedded within policy in order to completely tackle the issues that cause compliance challenges. Finding The Right BalanceMany companies and clients struggle with finding the right balance among apps, smartphones and global work tools. The key to achieving this balance is to first find out what the client or customer wants to enable. "The right first question is what problem are you trying to either solve, or what do you need to enable for your business," Blane tells Tom. Take compliance out of the equation and simply focus on what the customer wants to achieve with their company. When you approach it that way, you often get a clearer answer that leads to the use case. Capturing CommunicationTom asks Blane what Smarsh recommends to capture or archive communications such as email or text. Blane explains that social media communication is what you want to plan for because each of the sources that you go to, has a different way to get the data. Smarsh makes it easier for someone who wants to capture a wide set of data. "What we do recommend is that it comes in on a regular frequency such as real time or daily, and they certainly have the ability with retention rules to not keep everything forever which is not productive," Blane says. Certain pieces of data can only be kept for a finite period of time, but doing this ensures that the client doesn't have a blind spot on the things they know they're using. What Tools Should You AllowCompanies sometimes determine what tools they should allow based on where they are in the world. The tools are also based on what they as companies are trying to solve, how they communicate and what models they support. "That discussion helps us, basically enable us, to say to them 'Here is the way you solve these use cases and ultimately you want them in a single pane of glass'," Blane expresses. He adds that from a compliance perspective, you want to know that you can retain that data even if you get it in different ways. Data should be able to be viewed in a common context and not across separate silos.ResourcesBlane Warrene | Twitter Smarsh

Kris Reynolds is the CEO of Arrowhead Consulting, a company that guides other organizations on managing their employees, processes, and tools. Tom Fox welcomes him to this week’s show to talk about corporate culture, strategies for post-pandemic productivity, and the future of project management. Culture As a FocusCorporate culture is important and must be aligned with the business's core values. Your core values also can't be simple slogans that you have up on walls. They have to be constantly acted on. "If you're not really living and breathing the core values, you're not really going to be a culture fit," Kris tells Tom. Post-Pandemic StrategiesKris itemizes three strategies companies should be engaging within the post-pandemic business world: creativity, relationships and connections, and going back to basics. Creativity in advertising and marketing is key, and Kris also suggests pairing creativity with relationships. "I would encourage companies whether you're small or large, to take the time to do more personal related touchpoints with the people that you're trying to engage with," he remarks. Going back to basics as a strategy is looking back at what got you to where you are as a business, and making sure that you're accentuating those elements in your business. Making Meetings More EfficientTom asks Kris to give some tips to make corporate meetings more efficient. The goal of meetings should be decision-making. Corporate meetings should be about making sure that the knowledge shared is being used to advance the respective initiative. Kris stresses having structured meeting agendas that are time-boxed and having the meetings begin with the most important topics. Having meetings commence like this enforces a sense of urgency and will encourage employees to arrive on time. The Future of Project Management in TechnologyKris explains that there will be a greater focus on virtual reality training as opposed to Zoom meetings and PowerPoint presentations. This is because training in the future has to be experiential and hands-on. Training has to be engaging. "If we have some training spaces where we have the virtual reality, you could be training with somebody across the other side of the globe and being able to talk and work on projects together and things like that," Kris tells Tom. ResourcesKris Reynolds | LinkedIn | Twitter Arrowhead Consulting