So, what do you do?
How about setting up a web portal where your defense firms go to submit their budgets along with a defense plan?
Here is how it works:
- Budget Submission: When a budget is submitted, with an accompanying defense plan, it is routed through your approval queue.
- Approval of Budget: Once it is approved, the budget, and potential billing is set in stone unless the attorney submits a request for additional funding. It’s sort of like an adjuster having to fill out a reserve worksheet and submitting it for approval.
- Billing Approval: When the bill comes in, there has to be an approved budget that covers the amount of the invoice or the bill doesn’t get paid. If there is excess in the budget, the additional funds get carved out and applied to the next bill.
That’s it. It’s a simple process that keeps everybody honest.
Why Be Compliant?
How does the cost of complying with regulations compare to the cost of fees and fines incurred when caught out of compliance? Well, recently, a global manufacturer was fined a multi-billion dollar penalty for being found guilty of non-compliance with various regulations.
Let’s break it down a bit:
- U.S. population: approx. 325,000,0001
- World population: approx. 7,400,000,0002
- Total fines/compensation paid by manufacturer: $21,300,000,0003
Using these figures, every person in the world (as of August 2016) would have to incur an average of $2.87 to cover these fines and if the U.S. alone was responsible for this direct loss, it would equal $23 per person.
And these are just the direct costs. Reputational damage and the cost of redesigning processes will probably add another few billion to the total.
In GRC terms for this instance, the governance was ultimately the various regulations to which the company was required to comply. There may have also been other governance within the company, such as policies not to attempt to cheat or mislead the public, or there may even have been contractual governance in the form of contract between buyer and seller of the product that minimum standards would be achieved.
The risk was that if found to be out of conformance, there could be penalties and costs to remediate. It would be interesting to see the risk assessment for this instance (if there was one), including the evaluation of potential criminal actions and remediation costs. Would the cost to comply for the period of this non-compliance have been anywhere close to these numbers, which equal nearly 14% of company revenue?
It’s hard to comprehend the full magnitude of the costs and it will be interesting to see how the company recovers.
Right on the heels of this news, another manufacturer was accused in January of similar fraudulent activities. So, it’s worth wondering whether we can expect more emphasis in many organizations on fully assessing the risks of certain actions, and how effective monitoring of compliance be implemented and maintained.