NAVEX
Overview
|
HQ Location
United States
|
Year Founded
2012
|
Company Type
Private
|
Revenue
$100m-1b
|
|
Employees
1,001 - 10,000
|
Website
|
Twitter Handle
|
Company Description
NAVEX Global is the worldwide leader in integrated risk and compliance management software and services. Its solutions are trusted by thousands of customers worldwide to help them manage risk, address complex regulatory requirements, build corporate ESG programs and foster ethical workplace cultures.
Supplier missing?
Start adding your own!
Register with your work email and create a new supplier profile for your business.
Case Studies.
Case Study
Soneva Enhances ‘Speak-Up’ Channels
Soneva, a luxury resort group with properties in the Maldives and Thailand, was facing a challenge in ensuring that its employees, referred to as hosts, felt safe and secure. The company had open lines of communication between hosts and management, but there were instances when female hosts were hesitant to use these direct lines to report sensitive issues or discuss concerns. The company wanted to ensure that hosts would always feel comfortable to approach the company to discuss any issue, so they decided to look for a way to enhance the existing lines of communication by providing a safe way for hosts to make a report directly to the senior leadership team.
Case Study
Structuring Policy Management
Sanford Health, the largest rural nonprofit health care system, was facing a significant challenge in setting and managing policies across its 43 hospitals and nearly 250 clinics. Each of Sanford’s major hospitals was using a separate system for writing, updating and distributing policies. Over time, this became an increasingly disorganized approach. The smaller clinics in the Sanford system had to rely on paper copies or locally stored electronic versions of policies that were scattered, hard to track down and sometimes outdated. It was impossible to audit the policies and ensure employees were aware of the latest guidelines. When it came time for Sanford leadership to revise policies or draft new ones, documents would be mailed from one person’s desk to another, with multiple versions getting mixed up—a frustrating arrangement that was almost impossible to track.
Case Study
Getting the Inside Scoop on Potential Workplace Misconduct
The E.W. Scripps Company, a diverse media concern with interests in newspaper publishing, broadcast television stations, and licensing and syndication, was facing challenges in encouraging employees to report ethical issues in the workplace. The company had a company-run hotline for issue reporting and managed the cases with a spreadsheet and paper file system. However, this approach posed challenges that Scripps decided to solve by outsourcing. The company wanted to gain a more consolidated view of what was happening in the company.
Case Study
PolicyTech® Helps Ocwen Financial Corporation Keep Pace with Regulatory Demands
Ocwen Financial Corporation, a large mortgage company in America, was facing a demanding regulatory environment. The regulatory expectations in the financial services industry had risen dramatically, and the company was held to a high bar. They faced regulatory demands that required a new, more robust governance process for the company’s policies. They needed a solution that would meet the demands of regulators as well as deliver significant business value. The company realized that their current tools would not be sufficient to satisfy their business needs. They needed a program built for policy management so they could manage all of their company’s policies and procedures consistently and efficiently.
Case Study
Alliance Data Builds Robust Incident Management Program with EthicsPoint
Alliance Data, a leading provider of marketing, loyalty, and credit solutions, was facing challenges with its employee reporting system. The company, which manages over 100 million consumer relationships for some of the world's leading brands, was using a pen and paper system to manage employee reports. With 20,000 associates across the company, this system proved to be inefficient and made it hard to manage employee reports effectively. In addition, keeping track of the historical context behind the data was a challenge. The company needed a more efficient and effective way to manage employee reports and track data over time.
Case Study
Speaking up for Student Safety at Kamehameha Schools
Kamehameha Schools, one of the world's largest charitable organizations, faced a significant challenge in ensuring the safety of its students. With a large number of staff and students, the school needed a system to promptly discover and address any issues of misconduct or potential misconduct. The school's CEO, Jack Wong, emphasized the importance of providing safe and healthy learning environments for students to flourish. To foster safety and transparency, Kamehameha decided to expand its compliance helpline to make it easy for all members of the school community, including students, parents, and staff, to report concerning behavior.
Case Study
Accredited Care Changes Lives
Eggleston, a non-profit organization providing opportunities to people with disabilities, was facing challenges with its hotline reporting system. The system was cumbersome and outdated, relying heavily on paper processes. This made it difficult to effectively ensure the safety and security of their employees and the individuals they assist. Additionally, the organization wanted to maintain its exemplary accreditation via the Commission on Accreditation of Rehabilitation Facilities (CARF). The accreditation provides independent validation of their operations and offers assurance of Eggleston’s reliability as a partner to prospective clients, customers, investors, and regulatory bodies.
Case Study
Major Medical Device Manufacturer Automates IT Risk and Compliance Processes
The medical device manufacturer was struggling with a lack of insight into IT risks, siloed information, and inefficient audit preparation. The company’s IT security team was not equipped to manage risks and comply with audits. Essential information was difficult to track down, often stored in emails or individual spreadsheets. The company managed web application assessments, penetration tests and vulnerabilities as separate efforts. Reporting was manual and cumbersome, so risks were rarely visible to leadership. Audits were labor-intensive tasks that required collecting data from different departments and it took weeks of preparation before external auditors arrived. The medical device manufacturer needed a unified way to collect information, report on potential risks and streamline the audit process.
Case Study
Fostering Community Through Hotline Management at Guthrie
Guthrie, a non-profit, multi-specialty integrated health system serving Pennsylvania and New York states, needed a way to effectively collect, assess, and act on feedback from its stakeholders. The organization wanted to ensure it was providing an environment where stakeholders, both internal and external, felt comfortable expressing their concerns. The challenge was to maintain the legacy of the organization in the pursuit of patient care while also ensuring that stakeholders felt heard and that their feedback was being acted upon.
Case Study
Texas Roadhouse Cooks Up a Hearty, Ethical Culture
Texas Roadhouse, a restaurant chain headquartered in Louisville, Kentucky, was in need of an upgrade for its in-house hotline system. The company had always stressed the value of a fun work experience for employees, but that experience was sometimes affected by behavior that went against the company’s values - including issues of ethics, discrimination or other negative behaviors. In order to identify and prevent those issues from happening, the company provided an employee hotline and kept track of cases using hand-written notes. However, this system was not ideal and the company had outgrown it. They decided to find a vendor that was best-in-class for their industry.
Case Study
Milford Police Department Improves Efficiency
The Milford Police Department (MPD) was struggling with an outdated policy and procedure management system that relied heavily on paper folders. This made it difficult for officers to locate documents and determine if they were current. The system was not in line with state accreditation standards, which required a more efficient and organized method of managing policies and procedures. The department needed a solution that would allow them to easily access, track, and archive their policy documents.
Case Study
PolicyTech® Slashes Six Months Off Hospital’s Policy Process
San Juan Regional Medical Center (SJRMC) was struggling with a slow and inefficient policy management process. Policies were taking up to six months to a year to pass through various levels of document owners, reviewers, approvers, and committees before becoming official. The hospital lacked a centralized system for managing policies across its seven healthcare facilities located outside of the main hospital. Additionally, many of their policies existed in a solely typewritten format, and their document management system for electronic policies did not provide reminders to update documents or possess the capability for a structured review and approval cycle.
Case Study
Major Health Insurer Manages Vendor Risk with NAVEX Global’s GRC Platform
The major health insurer was struggling to comply with HIPAA data security requirements and other regulations due to inefficient manual processes for vendor risk management. The company had previously adopted a GRC platform, but it proved to be overly rigid and required technical expertise to configure, leading the risk management team to revert to manual processes. The company needed a more advanced GRC platform that could streamline vendor risk assessments, comply with healthcare regulations, require little or no IT assistance, and achieve high user adoption.
Case Study
Finding a Cure for the Common Compliance System
Samaritan Health Services (SHS), a regional network of Oregon hospitals, physicians, and senior care facilities, was facing a challenge in maintaining compliance with all governmental mandates. The organization had a small compliance department, headed by Corporate Compliance Officer Colleen Fair, which was responsible for ensuring compliance for all 5,000 SHS employees. The department was using a toll-free hotline through a third-party service for anonymous employee reporting. However, this service had limitations as it lacked web-based reporting functionality and a case management system that would allow compliance staff to add data from conversations that did not come to her attention through the hotline.
Case Study
Fulton Financial Keeps Risk in Check
Fulton Financial, a mid-sized bank, wanted to take a more proactive approach to risk. The company needed a system that would increase employee confidence, provide insight into trends indicating risk issues, and facilitate inter-departmental collaboration to address concerns. Fulton initially used an internal system to meet federal requirements and identify fraud exposure. However, this system did not inspire confidence among employees, had limited functionality, and was difficult to staff. The company sought a more efficient solution.
Case Study
Best-in-Class Compliance for Jefferson County Public Schools
Jefferson County Public Schools (JCPS) is a large school system with over 100,000 students and 155 schools. With a budget of $1 billion, the school system is committed to safeguarding every taxpayer dollar. However, with over 18,000 employees, there is always a risk of financial misconduct or fraud. The school system needed an effective means for employees to report any concerns they may observe regarding misconduct, financial fraud or other issues. They were looking for a hotline and integrated case management system that would be flexible, high quality and easy to work with.
Case Study
Island Hospital Streamlines Safety Procedures and Boosts Compliance with PolicyTech®
Island Hospital’s accreditation process requires them to keep detailed records on hospital procedures – including violations and remediation. After receiving the emails, department managers and safety officers would exchange dozens of emails discussing how to address the violation. “We would accumulate 40 to 60 emails per issue. We were burying critical information – and sometimes staff wouldn’t take action because there were no clear next steps.” said Sheikh. “It was a very chaotic and disorganized process.”
Case Study
Highland Rivers Health Leaves Their Paper Trail Behind
Highland Rivers Health, a large behavioral healthcare provider in Georgia, was struggling with an outdated, paper-based policy management system. The organization, which operates 36 facilities and employs nearly 700 people, had to rely on individual employees at various locations to maintain policies and procedures. The process of converting paper policies to PDFs and uploading them to the intranet was time-consuming and inefficient, often resulting in policies being outdated by the time they were made available online. The organization also had to maintain a team to monitor version tracking, which required about 15 people to travel once a month to review and revise all policies. This was not only a drain on resources but also a major challenge when it came to searching for and providing evidence for accreditation.
Case Study
Primetals Sets Global Cultural Standards
Primetals, a company with more than 40 company offices, engineering, workshop and service centers in close to 20 countries, faces a variety of potential business risks. In emerging markets, some employees encounter different cultural practices that can open up supply chain risks such as bribery, corruption and kickbacks. Because of these risks, Primetals saw the need to gather input from employees to adhere to their values of transparency and compliance. While the company encourages employees to report potential issues through their open door policy, Primetals also understood that employees needed to have more options — including an anonymous hotline and case management system.
Case Study
OpenMarket's Compliance Maturation with Keylight Platform
OpenMarket, a global leader in mobile messaging, was facing a challenge in meeting the growing security requirements imposed by contracts, laws, and standards. The company had 254 compliance mandates related to various laws, regulations, rules, and standards, along with 173 customer contracts with over 9700 contractual obligations. The company's existing model of compliance performed by service teams relying on user-based tools like spreadsheets was not sufficient to meet these requirements. Global brands had begun asking for security requirements that OpenMarket couldn’t meet with current processes. As such, the company needed a more streamlined, yet comprehensive approach to compliance in order to do business with global enterprises.
Case Study
Major Telecom Company Accomplishes Security Compliance in 18 Months
The telecom company was given a mandate by its board to create a broad-reaching governance, risk and compliance (GRC) program managing everything from audit and compliance to third-party risk and business continuity. The company faced a number of challenges, including a staffing shortage, customer demands, a dynamic regulatory environment and the off-the-grid nature of Alaska. They relied on spreadsheets, email and tribal knowledge for a patchwork compliance program, and lacked a comprehensive view of real risk areas. The Board requested the new GRC program to be up and running in 18 months.
Case Study
Scalable Policy Management Helps Carnegie Robotics Earn ISO 9001:2008 Certification
Carnegie Robotics, founded in 2010, initially focused on research and development with a small portion of the company’s resources devoted to manufacturing. However, with a rapidly growing manufacturing business and contracts with the government, the company found it increasingly difficult to manage their ever-growing collection of policies and assembly instructions through email and spreadsheets. The company needed a robust policy management system that could accommodate its growth and the need to mature its business processes.
Case Study
Community Health Alliance Eliminates Excuses for Lack of Policy Awareness
Community Health Alliance (CHA), a Nevada-based health center, was struggling with manual processes for policy management. The organization needed a robust policy management system to streamline policy distribution and identify potential risks. The existing manual clearance process was inefficient, with policies sitting on desks for months or getting lost. The lack of a robust system was posing a risk to the organization's compliance and overall performance.
Case Study
Fulton Financial Keeps Risk in Check
Fulton Financial Corporation, a part of the highly-regulated banking industry, had been using an internal system to meet federal requirements and identify potential risks early. However, this system did not instill confidence among employees, had limited functionality, and was difficult to staff. The company wanted to take a more proactive approach to risk, especially in the current economy where financial organizations are under increased pressure. They needed a new reporting system that would boost employee confidence and help mitigate risk.
Case Study
Bernhard Schulte Ship Management: NAVEX Customer Success Story
Bernhard Schulte Ship Management (BSM) faced the challenge of managing a diverse, non-permanent workforce that changes with contract timelines. This was particularly difficult on operating ships where resources, consistent online access and dedicated HR and whistleblowing management personnel are limited. The company needed a way to govern how these different backgrounds interacted and worked with each other, allowing people to voice concerns, raise safety issues and report misconduct easily. Additionally, regional requirements, including varied language support and contact information, had to be managed effectively.
Case Study
UH Laboratory Improves Policy Management with Compliance Software
University Health (UH) had hundreds of policies and procedures that needed to be distributed and attested to across the organization. Prior to implementing PolicyTech, UH was faced with managing hundreds of policies and procedures and tracking various documents without a centralized system to support their needed order of operations. UH is required to have standardized policies and procedures in place for the staff to follow, and continuous control over that process must start at the beginning.
Case Study
High-Growth Software Company Scales to Meet Demand for Risk Monitoring
The software company, based in Portland, Oregon, was facing a growing challenge in tracking and responding to risks posed by customer data collection. As the company grew, it faced increasing regulatory requirements from new industries such as healthcare and finance, geographic data privacy laws, and various requirements for third-party vendor relationships. The company's existing risk management processes, which relied heavily on spreadsheets, emails, shared drives, local drives, and even print-outs, were proving inadequate. The company had no central repository for risk management data, and the information security manager was struggling to manually find and track all this information. The company needed a more efficient and effective way to manage risk, track audit requests, align their responses to regulatory requirements, demonstrate compliance, and protect customer data.
Case Study
Vista Outdoor Leverages NAVEX Global Platform to Build Robust Compliance Program
After being spun off from another company, Vista Outdoor needed to establish its own compliance program. Wanting to keep the functionality and compliance capability from the previous organization, Vista Outdoor looked for ways to start the new organizational venture on the right foot with robust compliance tools in place. The company wanted to have a better understanding and control in regards to what their third-party partners may be doing, or how they’re representing themselves – and Vista Outdoor. They wanted to ensure that their partners are not acting nefariously, jeopardizing the company with potential corruption or bribery activity.
Case Study
Rubio’s Takes a Fresh Approach to Ethics & Compliance
Rubio’s Restaurants, a company with over 3,250 employees, was facing a challenge in understanding the risks that the company faced. The director of internal audit, Dennis Kreta, wanted to improve the way employees communicate their concerns to management. The company needed a compliance system that would keep employees safe and happy. Kreta knew that he needed greater insight into any possible risk issues the restaurant faced – from employment concerns to possible financial misconduct.
Case Study
El Pollo Loco’s Work Culture Takes Flight
El Pollo Loco, a leading quick-service restaurant chain specializing in flame-grilled chicken, was facing a challenge in maintaining a good relationship with its employees. The company was using a basic employee hotline service and a relatively disorganized case management system. With only spreadsheets and scattered notes, it was impossible to see any trends emerging in the data. The process was clearly inadequate for El Pollo Loco’s needs. The company wanted to generate employee communication and reduce legal risk by listening to feedback and acknowledging concerns. However, the existing system was not efficient in providing a systematic approach to documenting case assignments and streamlining workflow.
Case Study
City of Black Hawk Uses NAVEX Global’s PolicyTech to Mitigate Risk
The city of Black Hawk, Colorado, despite having only 80 official residents, hosts 21 casinos and can accommodate up to 15,000 people during a busy weekend. This unique situation makes the city's government structure similar to that of a larger city, with multiple departments each assigned to different responsibilities. The city manager struggled to establish conformity in many of the human resources practices and training material pertaining to employees’ duties, procedures, and policies. The city also looked to protect itself from litigation stemming from a terminated employee. An additional obstacle was the lack of computer literacy among all city employees due to departments not regularly utilizing computers.
Case Study
Propelling Risk Management at Embry-Riddle
Embry-Riddle Aeronautical University, with a strict concern for students and employees in locations across the globe, wanted to ensure that the school’s policies and procedures were transparent in order to foster an educational environment of safety and integrity. The university encountered many of the same risk issues as other universities, but also had unique challenges related to teaching students to fly aircraft. For example, something as small as a wrench turn going awry could ground an entire fleet of aircraft. The university needed a system that would allow the school to listen to any questions or concerns and facilitate the prompt and appropriate resolution to any issues that were discovered. And with safety as the main focus, Embry-Riddle wanted to provide a system that would make students and employees feel comfortable reporting.
Case Study
Eggleston: Accredited Care Changes Lives
Eggleston Services, a non-profit organization providing services for individuals with disabilities, was facing challenges in tracking records against two major goals - ensuring the safety and security of their employees and the individuals they assist, and maintaining the facility’s accreditation via the Commission on Accreditation of Rehabilitation Facilities (CARF). The organization was using a cumbersome and outdated paper process for case management, which was not consistent and did not provide meaningful reports for use by senior management and outside agencies.
Case Study
Endesa Generates Increased Efficiency and Control
Endesa, one of the largest electric power companies in the world and Spain’s largest utility, needed to implement corporate governance mechanisms in response to mandates. However, for Spain’s largest electric utility, a mere hotline was not sufficient. When Endesa began searching for a reporting mechanism that could handle sensitive ethics and compliance issues around the world, the company turned to NAVEX Global. Initially, it was a federal mandate that led Endesa to consider an external hotline provider, but the company quickly realized that it made good business sense to use the hotline as part of an enhanced set of internal controls and reporting options.
Case Study
TELUS Signals a New Approach to Compliance
TELUS, a national telecommunications company in Canada, was facing a challenge in managing its ethics and compliance program. The company's hotline reporting system was limited and inefficient, with reports going directly to a single desk and being tracked via spreadsheets. As a small department, providing 24/7 access, multilingual capability, and online access from anywhere in the world was a significant challenge. The company needed a more structured, centralized approach to ethics and compliance that could efficiently identify and resolve issues. They also wanted to encourage employees to adopt an 'ask first, act later' mentality towards ethical challenges.
Case Study
Conn’s Looks to Gain New Insight
At the end of 2010, Conn’s Vice President of Enterprise Risk Management Byron Smith began searching for a world-class provider to help address hotline and communication opportunities with its associates. Conn’s sought a solution to replace three different hotlines across the company and corral hotline information into a single repository for analysis to provide its more than 4,000 associates additional methods to report on issues and events within the organization. The company’s previous system didn’t combine all the information; it simply handled each report on an individual basis without an overall systematic approach. Additionally, the team wanted to ensure that they could effectively capture a few key pieces of information with regularity.
Case Study
Rubio’s Takes a Fresh Approach to Ethics and Compliance
Rubio’s, a restaurant chain with over 200 locations and 3,250 employees, wanted to increase its understanding of the risks it faced. The company was particularly interested in improving the way employees communicate their concerns to management. Rubio’s already used NAVEX Global’s hotline to meet federal whistleblowing standards, but it was intended only for reporting major ethical issues. The company wanted to expand the use of the hotline as a comprehensive communication tool for reporting anything that might compromise the wellbeing of employees and other stakeholders. This would provide greater insight into potential financial misconduct and other risk issues.
Case Study
Texas A&M University System Integrates Scattered Lines of Communication
The Texas A&M University System, one of the largest and most complex systems of higher education in the United States, was facing a challenge with its hotline systems. The hotlines, which served various purposes such as providing a confidential place for employees to clarify policy and report concerns, were scattered throughout the A&M System. There were hotlines for security, student safety, research impropriety, human resources, ethics, and financial fraud, among others. However, these hotlines were managed by each of the universities and agencies within the A&M System, resulting in a lack of a big picture perspective. The university system realized that it should track these risks as a system rather than piece by piece, but each university still needed to manage its own sub-set of issues.
Case Study
Improved Performance Pays Off After First Audit
Eastern Idaho Regional Medical Center (EIRMC) was struggling with their manual policy management system. The process was time-consuming, costly, and inefficient. The hospital was spending over $14,000 per year on policy committee meetings alone. Additionally, the Joint Commission's evolving view of policy and procedure management increased the need for a more efficient system. The commission now expects organizations to not only have policies in place but to use these policies to drive their practice. This new requirement made it more important than ever for EIRMC to have their policies easily accessible, well-organized, and not in conflict with one another, which was difficult to achieve with their manual process.
Case Study
Methodist Healthcare of San Antonio Enhances JCAHO Compliance
Methodist Healthcare System of San Antonio (MHS) was using a document management system that was not efficient. The system used primitive search methods, did not support uploading of documents and routinely lost or truncated documents within the system. This caused great difficulty during essential Joint Commission surveys. The Joint Commission audits identified areas of weakness in MHS’s policy management system. Surveyors discovered that employees could not find documents in MHS’s electronic policy manager and some policies were not kept current. Additionally, policy documents were difficult to find and difficult to edit. These shortcomings alerted MHS officials to the need for improved policy management.
Case Study
Bumble Bee Seafoods Shores Up Ethical Culture with NAVEX’s Software Ecosystem
When Jeff Killeen stepped into the role of the first Chief Compliance Officer at Bumble Bee Seafoods, he had a tall order in ahead of him: consolidate and place as many compliance functions as possible under one roof. The largest branded shelf-stable seafood company in North America, Bumble Bee has more than 1,500 employees and operations spread out from its headquarters in San Diego to fish suppliers in Southeast Asia. Killeen needed to formalize the company’s ethics and compliance program to address Bumble Bee’s specific industry complexities, resonate across the company’s global operations, use resources conservatively and wisely, and most importantly, help the company maintain a culture that supported business values as well as objectives.
Case Study
Improving Procedure Management
Valero Energy Corporation, North America’s largest independent refiner and marketer, operates 16 refineries and more than 5,000 retail venues. The Port Arthur refinery, located in southeastern Texas, employs over 800 employees and achieves a total production of 95,000 barrels per day. To create a safe workplace that meets OSHA’s Voluntary Protection Program (VPP) standards, as well as positively execute Valero’s best practice standards, Port Arthur needed a way to keep their policies and procedures accessible, orderly and accurate. Given the tough economic times, the refinery was also looking to implement a solution in the most cost-effective way possible. The Port Arthur refinery is only one of Valero’s 16 refineries. The campus consists of four complexes and more than 800 employees. In 2007, Valero corporate headquarters sent policy writers to Port Arthur to spend months rewriting and updating the refinery’s operating manuals. These procedures were maintained in a series of spreadsheets and paper copies stored at each complex and varied based on managerial preference. When the writers finished, Reggie Ramirez, Port Arthur’s Process Safety Management Coordinator, wanted to see that the procedure documents never again fell into disarray. Unfortunately, Port Arthur had no system to consistently manage the newest manuals.
Case Study
Cummins Keeps a Consistent Company Culture
Cummins, a global power leader with approximately 46,000 employees worldwide, was facing the challenge of maintaining a consistent communication structure across its global operations. The company was outgrowing its old vendor and needed a system that could support its Code of Conduct policies on a global scale. The company launched a Six Sigma project to determine the necessary requirements for an ideal system. As an international company, Cummins needed a comprehensive reporting system to maintain a consistent workplace culture around the world.
Case Study
Overcoming PNC’s Intranet Challenges
PNC Bank, a leading provider of financial services in the United States, was facing challenges with managing their policies and procedures. They had made significant investments in Lotus Notes® and an intranet website to manage their documents, but neither system met their high standards. The overlap between the applications created confusion and version control issues. From a compliance perspective, the lack of clarity, consistency, and readership metrics was an unacceptable risk for the institution. They needed a document management system with intuitive versioning controls, powerful search and tagging features, and compliance-savvy reporting tools. In addition to these internal challenges, PNC Bank also needed to comply with a wide variety of regulations such as The Bank Secrecy Act of 1970, Sarbanes–Oxley Act of 2002, Anti-money Laundering (1986, 1992, 1994, 1998), and Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
Case Study
Mortgage Center Brings Consistency to Policy Management
Operating in a heavily-regulated industry can bring all kinds of challenges, especially when dealing with complex policies that regularly require updates to stay in regulatory compliance. For Don Braspenninckx, Vice President and Chief Compliance Officer at Mortgage Center, this was a challenge he was all too familiar with. Managing policies in different Word, Excel and PDF documents was creating major headaches. One regulation could touch nine separate, distinct areas of the company, so trying to disseminate information and keep it organized for all employees was a challenge.
Case Study
American Academic Health System Builds Flexible Reporting System
When Hahnemann Hospital and Saint Christopher’s Hospital for Children were divested from Tenet Healthcare and purchased by American Academic Health System in early 2018, the two hospitals found themselves without a hotline reporting system. The hospitals needed a system that could serve as a confidential place for employees to clarify policy and discuss or report concerns, a communications channel beyond the rumor mill, a way to direct employee questions to the appropriate resource, an opportunity to provide guidance before a poor decision is made, an early warning of issues or problem areas brewing in the organization, and a last internal stop for whistleblowers before they take an issue outside the organization to a regulator or attorney.
Case Study
Alliance Data Builds Robust Incident Management Program with EthicsPoint
Hy Cite Enterprises, a wholesale distribution company, began expanding its operations globally about fifteen years ago. As their global profile grew, so did the complexity of managing the many subsidiaries, suppliers and different types of compliance risks to which the company was now exposed. Performing due diligence on new third parties and continuously monitoring those entities was challenging. Hy Cite was using internally developed applications to track and monitor third parties, collecting information from a variety of sources that were not meant to manage the due diligence process. The company realized that it was not sustainable to continue using the same systems and needed a system that had what they needed in a single place.
Case Study
Fostering Transparency in North Kingstown RI
The town government of North Kingstown recognized the need for a system that allowed citizens to report problems or concerns anonymously. This was in response to the popular opinion in the community for more information about the government as well as accountability for the government. The town started the search for a third-party system at the recommendation of a state auditor and outside consultants.
Case Study
Navicent Health Builds a Knowledge Management Ecosystem With PolicyTech®
Navicent Health was cited for document control issues with their internally-built SharePoint repository. This led to the task of building ISO 9001 2015 certified policy and procedure management systems for all Navicent hospitals. The challenge was to create and maintain a standardized work environment with consistent document management, information control, and knowledge sharing across the enterprise, which included 12 entities and about 12,000 documents.
Case Study
A Luxury Fashion Accessories Manufacturer Streamlines Compliance with Conflict Minerals
The luxury fashion accessories manufacturer and retailer faced a two-fold challenge. Firstly, they had to comply with Dodd-Frank Section 1502 and similar international regulations that require public companies to disclose annually whether conflict minerals exist in their supply chains. If so, companies must report on due diligence efforts and conduct a private sector audit. This was a daunting task for the company as it worked with over 1,000 suppliers around the world, making it difficult to know which, if any, were sourcing conflict minerals. The second challenge was the public pressure on organizations for transparency. Meeting compliance and audit requirements mandated by Section 1502 would cost around $3.5 million annually and take six to 12 months to complete.
Case Study
Claims Recovery Service Embraces Integrated Risk Management & New Risk Culture
Claims Recovery Service was struggling with managing compliance and audits due to inadequate processes. They were using manual processes such as spreadsheets, stored documents, email, and other office tools. The company had to comply with numerous financial rules and regulations, which was a time-consuming process with a high risk of missing something. They relied on documents in hundreds of file folders in multiple network drives, each with its own security permission. The company maintained a list of policies on spreadsheets and Sharepoint sites, but none of the information was linked, making it nearly impossible to update policies or even know they existed. As regulations grew more complex, customer compliance demands multiplied, and the cost of noncompliance grew steeper, it quickly became clear spreadsheets weren’t enough. The company was spending more than $500,000 a year managing compliance.
Case Study
Mobile Messaging Company Outgrows Manual Regulatory Compliance
A mobile messaging company was in hyper-growth mode but needed to mature its compliance program to keep pace with a growing list of regulations and B2B customer demands. The company had to comply with 173 contracts, 254 regulatory mandates, and 9,700 contract demands. The company’s startup culture made things harder, because it thrived on tribal knowledge, undocumented processes, and a shoot-from-the-hip management style. While that culture could thrive in a small startup environment with few compliance mandates, the company had become a subsidiary of a publicly traded company and counted four of the top 10 global brands as customers. Meeting even basic business requirements was becoming impossible to manage using manual processes like spreadsheets.
Case Study
Major University with Diverse Requirements Automates Information Security
The biosciences division of a major university, comprising 5,000 faculty and staff across 32 departments, faced a significant challenge in managing its information security. Each department had its own IT support and unique cybersecurity requirements, creating a siloed environment that hindered the security team's ability to assess the entire IT landscape. This resulted in gaps in security controls, inconsistencies in applying these controls, and duplication of efforts. The university's commitment to open inquiry and interdisciplinary research, which involved freely sharing information, introduced additional risk. The security team also struggled to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.
Case Study
Major Consumer Products Leasing Firm Streamlines Incident Management
The company faced challenges related to compliance requirements and incident management. The existing solution was reliable for gathering information on incidents, but it lacked steps for managing information toward a resolution in a secure manner. The company also faced hurdles in controlling and restricting access to information around incidents that involved HR and the Healthcare Information Portability and Accountability Act (HIPAA). Additionally, the company’s use of vendors pointed to the need for regular assessments and a defined process for managing vendor incidents. The company sought a more secure and efficient way to manage incidents associated with HR, vendors and IT, as well as a smarter approach to IT risks and vulnerabilities.
Case Study
Major Health Information Network Connects To Better Information Security
The nation’s largest health information network faced significant challenges in managing information security, particularly due to the sensitive nature of the data it processed. The company had to comply with a range of regulations and industry standards, including HIPAA, EHNAC, SOX, PCI DSS, and ISO. The complexity of these compliance requirements was compounded by the company’s lack of visibility into current and pressing risks, making it difficult to provide data or metrics to inform management decisions. Additionally, the company’s Information Security department struggled to secure funding, as it was viewed as a cost center and had difficulty justifying budget requests without clear insight into IT and information security risks.
Case Study
Major Social Game Developer Embraces Integrated Risk Management and New Risk Culture
The social game developer was facing challenges in managing cyber risk, compliance, and audits due to inadequate processes. They were using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort. The company needed a senior analyst to lead its nascent program, as well as invest in a technology platform that could streamline cyber risk, compliance, and audit management activities while supporting game development.
Case Study
The Toledo Clinic Improves Policy and Incident Management with Compliance Software
The Toledo Clinic, a large private multi-specialty physician group, was facing challenges in managing policies and employee reports. The organization was using SharePoint to manage policies and procedures, but the system was not effective. The Clinic's Corporate Compliance Officer, Drew Williamsen, had previous experience with SharePoint and knew that it was not capable of being a policy management system. In addition to this, the organization did not have a proper hotline. All reports were done via spreadsheets and disparate documents, making it difficult to track reports and visualize trends.
Case Study
YMCA of Greater Rochester Provides a Voice to All Employees
Before the YMCA of Greater Rochester implemented an employee hotline system, the organization relied on a whistleblower policy to help them encourage employees to report their concerns. But on the heels of high-profile corporate scandals in the early 2000s, the organization realized it needed to formalize its reporting process and demonstrate its commitment to transparency. With more than 3,000 employees in 17 branches, across five counties in western New York, Fernán Cepero, Chief Human Resources Officer and Chief Diversity Officer wanted to ensure that all employees had a voice and felt like they were being heard.
Case Study
Concord Fire Department Improves Emergency Response with PolicyTech®
The Concord Fire Department in Massachusetts was facing a challenge in managing its policies and procedures for various emergencies. The department had a need for a better system to manage these documents and ensure that all department employees were aware of the content of these policies and procedures. Additionally, the department needed to standardize its operating procedures. With four different groups at two stations, there were up to eight different ways of operating at a particular emergency scene. This lack of standardization was causing confusion and inefficiency during emergency responses.
Case Study
Zespri International Strengthens Compliance Following Challenges
Zespri International, a New Zealand-based kiwifruit exporter with operations across Europe, Asia, and the Americas, faced severe financial and legal repercussions when one of its importers was found guilty of duty evasion in China. The company's Chinese subsidiary was prosecuted as an accessory to the under-declaration of customs duties by a former importer. This led to an investigation, the imposition of significant fines on Zespri, imprisonment of a Zespri employee, and significant legal fees. Investigations revealed that trust and a lack of understanding were core factors. The incident also resulted in huge costs in terms of time and resources, with employees being interviewed, documents being requested multiple times, ongoing court cases taking employees away from their jobs, and media attention shining an unwanted spotlight on the company.
Case Study
Auburn University Builds Effective Higher Education Hotline System
Auburn University was advised by an external auditor to outsource its employee hotline system. The university wanted to provide a system that could guarantee anonymity and increase employee confidence in reporting incidents. The previous system, an internally-operated phone number and recording device, was found to be unsuccessful. The university understood that confidence in the system would increase if it was managed outside of the institution.
Case Study
Berry Gardens provides a comprehensive, multi-lingual whistleblowing solution using NAVEX Ethics Point®
Berry Gardens, a co-operative of British berry growers, was facing challenges in its reporting system. Traditional avenues of reporting, such as through line managers or HR representatives, or via suggestion boxes, were not providing the level of confidentiality and security required. Some employees felt uncomfortable reporting face-to-face, while the anonymity of suggestion boxes could not be guaranteed. The senior leadership team was looking for ways to improve the current processes and culture, focusing on enabling and encouraging confidential reporting to help maintain and improve the company's high ethical standards.
Case Study
EnerSys: ESG Program will Automate Resource Footprint Calculations
EnerSys, a global leader in stored energy solutions for industrial operations, recently deepened their commitment to Environmental, Social, and Governance (ESG) objectives. The management team hired an ESG team to accelerate the company's sustainability maturity curve. This decision was made to promote a responsible culture at EnerSys, and also aligned with the increasing expectations of the board of directors, investors, and customers from around the world. As a key part of their program, EnerSys needed to establish a baseline GHG footprint across 173 locations for reporting, analysis, site comparison, improvement planning, and commitment management. Standard PC software could not be reliably used to manage this process.
Case Study
Fintech Company Strengthens Its Lines of Defense with NAVEX IRM
The fintech company was looking to expand into consumer-facing technology, but they had to address their processes for identifying, mitigating, and reducing risk. They had a strong internal audit program, but the issues identified were not getting the necessary attention across the organization. The management of risks associated with daily operational activities was weak, leading to low audit ratings. Stakeholders were concerned whether the business could make risk-based decisions necessary to safely implement cutting-edge fintech. The organization’s management committee charged their risk management function with building a traditional three-lines of defense program. This meant cultivating accountability and ownership at the first line of the business, where risks are introduced to the organization. It required standing up a true second-line defense reporting to the Chief Risk Officer. Most importantly, it necessitated a risk culture in which everyone is responsible for identifying and reporting issues.
Case Study
Kerry Group Sets Global Standards With EthicsPoint®
Kerry Group was faced with the challenge of adapting to the new requirements of the EU Whistleblower Protection Directive. The company's internal legal function took over the speak-up program and the NAVEX account as a legal responsibility. They needed a new focus team to quickly understand the software and adapt the solution to meet new requirements. Another challenge was making resources available across their operations. The company wanted to go beyond standard directive requirements and provide documentation for the system across all languages used in the business, including online, external and offline resources. Finally, there was little to no visibility over the progress of whistleblowing cases, which made it difficult to measure improvements, case-type volumes over time or to report in detail where areas of concern lay.
Case Study
PolicyTech® Enables Streamlined Communication and Centralized Policy & Procedure Management
Before implementing PolicyTech, St. Joseph’s relied on personal drives, shared drives, and binders containing the various policies and procedures. This led to version control issues and inefficiencies, as well as duplicative work. The organization also faced unique policy challenges due to its specific nature. The lack of a centralized system led to silos between departments and a lack of transparency. Team members were often working on the same thing without knowing it, leading to unnecessary duplication of efforts.
Case Study
Vanderlande Overcomes Company Culture Challenges Using EthicsPoint® Software
In 2017, after the acquisition by TICO, Vanderlande and other group business entities needed to launch a new speak-up program that would meet the needs of a scattered and role-diverse workforce. The company had to ensure that the local entities could meet the regulatory requirements, such as those in the EU Whistleblower Protection Directive. There were also cultural challenges to overcome. For example, speaking up in Europe is largely seen as ‘doing the right thing’, but is often less so in Asia Pacific or the Middle East.
Case Study
Currys Streamlines Case Management Process Using EthicsPoint®
Before transferring to NAVEX EthicsPoint, Currys had no case management system, working from an online reporting platform and manually downloading spreadsheets into an Excel tracking table – a time-consuming manual process. The Compliance Team, which manages and monitors Currys whistleblowing cases, needed a modernized system that would streamline, save time, and add GDPR security when dealing with reports. In addition, Currys’ old whistleblowing system had no automatic functions reporting on enhanced data analytics, limiting the Compliance Team in its effectiveness and efficiency of tracking case types, numbers, potential areas of concern, and topic trends.
Case Study
A Unified System of EthicsPoint and Incident Management Allows DP World to Reliably and Efficiently Manage Hotline Reporting
Before implementing an incident reporting system, DP World relied on collecting reports submitted by email or through a phone line based at the company headquarters in Dubai. Calls were answered in English or Arabic, but with employees speaking dozens of languages across many time zones, the company needed a scalable solution that could be implemented with consistency globally. The old setup did not address the whistleblower’s needs, or the internal information needed for incident reporting. The company was essentially capturing reports in an unformatted email or documenting from a phone call that may not even be answered because it was not staffed 24/7/365.
Case Study
Enterprise Software Developer Earns ISO 27001 Certification
The enterprise software developer, a small company with about 85 employees, set a goal to achieve ISO 27001 certification. This certification sets the standard for information security and requires a sustainable information security management system (ISMS) that can comply with all seven ISO 27001 categories. The company knew that using spreadsheets for compliance would not be sufficient due to the rigorous requirements of the certification. The Chief Technology Officer (CTO) was leading the project and needed a technology solution to build an ISMS capable of earning ISO certification.
Case Study
Castolin Eutectic Builds Holistic View of Compliance With Suite of NAVEX One Platform Products
Castolin Eutectic, an industrial Maintenance and Repair technology company, needed a more holistic view of its compliance strategy. The company required a new code of conduct, compliance with the incoming EU Whistleblowing Directive, and an ESG framework to effectively manage how it measures multiple important factors. The company's most recent code of conduct was outdated and needed a new version that complied with regulations and would overcome barriers between regions. Castolin Eutectic was also in need of an incident management platform, as required by the EU Whistleblowing Directive. The challenge was finding a cultural fit across different regions, as not every market felt it would be suitable. Other parts of this revamp were to educate employees about ethics and compliance, to improve the organization’s culture and for its compliance suite to be effective.
Case Study
ECHO Health Enables Business Growth with NAVEX Vendor Management
ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.
