Tag: Lee Dittmar

The Unexpected Benefits of Sarbanes Oxley

coverThe April 2006 issue of the Harvard Business Review has an article by Stephen Wagner and Lee Dittmar on The Unexpected Benefits of Sarbanes Oxley.

Although the article is somewhat dated when it talks about the second year under Sarbanes Oxley, it foretells some of the current thoughts in compliance. Compliance is good for business. Two and a half years later, the Madoff scandal illustrates the need to be more transparent to your investors and for investors to look closer at their investments. Documenting business process and putting controls in place will make your business run better.

Good governance is a mixture of the enforceable and the intangible. Organizations with strong governance provide discipline and structure; instill ethical values in employees and train them in the proper procedures; and exhibit behavior at the board and executive levels that the rest of the organization will want to emulate.

IT for GRC: Improving Information Quality

Carole Switzer, President of OCEG and Lee Dittmar, principal of Deloitte Consulting LLP presented this webinar.

There is an imperative to improve governance, risk management and compliance processes to better manage risk, address increasing regulatory requirements, increased executive accountability and the fragmentation of information. It is about getting the right information, to the right person, at the right time. (Isn’t that knowledge management too? )

What is the information problem?

  • Managers need to know, anticipate and respond quickly and correctly
  • Stakeholders expect reliable and transparent reporting
  • Time and resources are spent searching for data
  • Data overload
  • DINK – Data Is Not Knowledge

It is not about “check the box” compliance it is about improving your business.

Lee thinks governance, risk and compliance should be viewed comprehensively and leverage common systems. Integrated systems can help overcome silos. The key is a single source of the truth.

The goal is to get GRC embedded in the core processes. To be “in the flow” instead of “above the flow.”

Lee is seeing organizations adopting the business concepts of integrated GRC (even if they do not call it GRC).