Immediate Vault Immediate Access

How Does Google Face Global Challenges?

NEW YORK—Staying a step ahead of regulators around the world is challenging for any global business. For Google, it is a “significant challenge, to say the least,” said Andy Hinton, vice president of global ethics and compliance at Google, Inc. After organizing the world’s information and making it universally accessible, the company’s secondary mission is products that help users, he said.

“Google is boundary-less when it comes to what those products might be and what they might look like,” Hinton said during The Wall Street Journal’s Newsmaker’s Forum in April. “So trying to keep up with driverless cars, drones and providing internet service with floating balloons around the world (Project Loon) is a challenge.”

Google’s compliance program includes the company’s trade, bribery, internet security and privacy issues. While any number of issues may surface, he said, “one of them is to help the company respond to some of the criticism leveled against it, mostly in jurisdictions outside the United States, and to make sure responses are consistent with applicable laws.”

With Google Earth, for example, equipment must be moved around the world. Google Earth “enables people to get information access to the earth, where they otherwise might not be able to see those things,” Hinton said, noting that people can now view Mt. Everest and other places they may never get to see otherwise. This involves contact with customs officials and governments and also creates “lots of opportunities to do things wrong and get in trouble,” he said. “So we are always on top of that. Plus, the equipment we use is so unique that we show up in front of a customs official with a camera on top of a tripod on top of a car and they ask, ‘What is that? It’s not in the manual.’ You have to spend time explaining what it is and help them to be comfortable with it.

online pharmacy amoxicillin with best prices today in the USA

While some governments are more difficult to deal with than others, “there are definite challenges in all the continents and countries,” he said. “Obviously privacy is a challenge in Europe, because there is a different perspective around privacy and internet security than there is in the United States. With APAC [Asia Pacific] there is an integration of gift-giving and business that is relatively unique to the APAC region and can present challenges.”

An important part of its compliance strategy is the company’s diversity, which he added is also part of its mission. “Not just diversity in the traditional perspective, but in bringing on people who can understand the challenges in these regions,” he said.

online pharmacy prelone with best prices today in the USA

“So for gift-giving in the Middle East, sure I can sit in Mountain View trying to figure it out, but we hired an attorney who is in that culture and understands U.S. law and can, in that context, help us navigate the region—balancing expectations of the region with legal expectations in the United States.”

Company Strategy

In fact, Google’s overall hiring policies are part of its strategy to “do things differently, or do them better than other companies,” he said. “That requires us to be incredibly sharp in the way we do hiring.” Now that the company has about 60,000 employees, “it’s important to hire people who share your values and buy into your mission. Because if you are not going to have a lot of rules and you are not going to have an enormous compliance program and checkers following people around, there is a lot of trust and autonomy that you give to your Googlers.”

How does the company accomplish this? “When I interview people and they talk about winning and beating the competition, that’s a huge red flag to me,” he said. “When we started, Larry was very much about the users and we still are. If you build something good that users really like, you can figure out the rest. Revenue and everything else will come. People who have that backwards are tremendously dangerous to the company.”

Google also acquires staff through acquisitions, he said, adding that this talent is “much harder to manage. The larger the acquisition and the more the acquisition has its own culture, the greater the challenge.”

RMORSA: Risk Culture and Governance

The National Association of Insurance Commissioners adoption of the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requires insurance organizations to take a broader approach to risk management. As U.S. insurers begin to mobilize their efforts to comply with the regulation by the 2015 deadline, it’s important for them to take a step back, leverage their existing risk management operations, and develop their RMORSA efforts with a mind to the future.

The groundwork for RMORSA was laid with International Association of Insurance Supervisors’ (IAIS) Core Principle 16 – Enterprise Risk Management – and much of the ORSA requirements can be fulfilled with the adoption of an ERM framework that addresses:

• Risk culture and governance

• Risk identification and prioritization

• Risk appetite and tolerances

• Risk management and controls

• Risk reporting and communication

Before you scoff at the scope of these requirements, consider that the ORSA Guidance Manual stipulates that insurers with appropriately developed ERM frameworks “may not require the same scope or depth of review” as organizations with less defined processes.

As defined by the NAIC, risk culture and governance defines roles, responsibilities, and accountability in risk-based decision making. In effect, the principle builds off of a 2010 SEC mandate requiring corporate boards to document their role overseeing enterprise risk. This rule extends the board’s role in risk oversight from C-level risks, activities and decisions to now having accountability at the business process level. Boards are explicitly given a choice between either having effective risk management, or disclosing their ineffectiveness to the public. Doing neither is considered fraud or negligence. Enforcement actions by the SEC have doubled in recent years, so it’s likely your board has already established risk management as a priority, but what does this mean for your organization?

The first practical issue is that it is no longer sufficient to rely on the audit function as a hub for risk management. Risk responsibility has always been the responsibility of process owners, and ORSA is now mandating better oversight under the guidance of a risk management function. For many organizations, the critical first step has been taken by establishing executive responsibility in a chief risk officer (a CRO is actually required to sign off on the ORSA assessment), but without the appropriate tools to make risk management actionable, accountability beyond the CRO is never properly defined. Front line managers hear “risk responsibility” and take the same action they would for other lofty strategic initiatives—that is to say, they take no action at all.

To engage process owners in a risk culture, each business area must take ownership for a subset of the enterprise risks.

online pharmacy singulair with best prices today in the USA

Risk managers, in effect, do not own the risks to the organization; on the contrary, they own the ERM process. Their primary role is to lay the groundwork for risk assessments, aggregate risk intelligence for board reports and create actionable initiatives for business areas in need of oversight.

Engaging process owners has the dual effect of permeating an enterprise-wide risk culture, while also creating a sense of shared responsibility. The structure defined above also creates three levels of defense, a concept adopted and well-articulated by the Institute of Internal Auditors. The operational risks are owned by the process owners. The risk management function provides guidance and strategic alignment.

online pharmacy spiriva with best prices today in the USA

And finally, internal audit ensures adherence to the proper policies and regulatory standards.

Risk culture and governance cannot be accomplished overnight, but significant progress can be made by adopting and articulating the best practices outlined above.

online pharmacy elavil with best prices today in the USA

For more information on engaging process owners, implementing a standardized risk assessment process, and reporting this information to the board, download LogicManager’s complimentary eBook, Presenting Risk Management to the Board.