The city of Black Hawk, Colorado, despite having only 80 official residents, hosts 21 casinos and can accommodate up to 15,000 people during a busy weekend. This unique situation makes the city's government structure similar to that of a larger city, with multiple departments each assigned to different responsibilities. The city manager struggled to establish conformity in many of the human resources practices and training material pertaining to employees’ duties, procedures, and policies. The city also looked to protect itself from litigation stemming from a terminated employee. An additional obstacle was the lack of computer literacy among all city employees due to departments not regularly utilizing computers.

Embry-Riddle Aeronautical University, with a strict concern for students and employees in locations across the globe, wanted to ensure that the school’s policies and procedures were transparent in order to foster an educational environment of safety and integrity. The university encountered many of the same risk issues as other universities, but also had unique challenges related to teaching students to fly aircraft. For example, something as small as a wrench turn going awry could ground an entire fleet of aircraft. The university needed a system that would allow the school to listen to any questions or concerns and facilitate the prompt and appropriate resolution to any issues that were discovered. And with safety as the main focus, Embry-Riddle wanted to provide a system that would make students and employees feel comfortable reporting.

Eggleston Services, a non-profit organization providing services for individuals with disabilities, was facing challenges in tracking records against two major goals - ensuring the safety and security of their employees and the individuals they assist, and maintaining the facility’s accreditation via the Commission on Accreditation of Rehabilitation Facilities (CARF). The organization was using a cumbersome and outdated paper process for case management, which was not consistent and did not provide meaningful reports for use by senior management and outside agencies.

Endesa, one of the largest electric power companies in the world and Spain’s largest utility, needed to implement corporate governance mechanisms in response to mandates. However, for Spain’s largest electric utility, a mere hotline was not sufficient. When Endesa began searching for a reporting mechanism that could handle sensitive ethics and compliance issues around the world, the company turned to NAVEX Global. Initially, it was a federal mandate that led Endesa to consider an external hotline provider, but the company quickly realized that it made good business sense to use the hotline as part of an enhanced set of internal controls and reporting options.

TELUS, a national telecommunications company in Canada, was facing a challenge in managing its ethics and compliance program. The company's hotline reporting system was limited and inefficient, with reports going directly to a single desk and being tracked via spreadsheets. As a small department, providing 24/7 access, multilingual capability, and online access from anywhere in the world was a significant challenge. The company needed a more structured, centralized approach to ethics and compliance that could efficiently identify and resolve issues. They also wanted to encourage employees to adopt an 'ask first, act later' mentality towards ethical challenges.

At the end of 2010, Conn’s Vice President of Enterprise Risk Management Byron Smith began searching for a world-class provider to help address hotline and communication opportunities with its associates. Conn’s sought a solution to replace three different hotlines across the company and corral hotline information into a single repository for analysis to provide its more than 4,000 associates additional methods to report on issues and events within the organization. The company’s previous system didn’t combine all the information; it simply handled each report on an individual basis without an overall systematic approach. Additionally, the team wanted to ensure that they could effectively capture a few key pieces of information with regularity.

Rubio’s, a restaurant chain with over 200 locations and 3,250 employees, wanted to increase its understanding of the risks it faced. The company was particularly interested in improving the way employees communicate their concerns to management. Rubio’s already used NAVEX Global’s hotline to meet federal whistleblowing standards, but it was intended only for reporting major ethical issues. The company wanted to expand the use of the hotline as a comprehensive communication tool for reporting anything that might compromise the wellbeing of employees and other stakeholders. This would provide greater insight into potential financial misconduct and other risk issues.

The Texas A&M University System, one of the largest and most complex systems of higher education in the United States, was facing a challenge with its hotline systems. The hotlines, which served various purposes such as providing a confidential place for employees to clarify policy and report concerns, were scattered throughout the A&M System. There were hotlines for security, student safety, research impropriety, human resources, ethics, and financial fraud, among others. However, these hotlines were managed by each of the universities and agencies within the A&M System, resulting in a lack of a big picture perspective. The university system realized that it should track these risks as a system rather than piece by piece, but each university still needed to manage its own sub-set of issues.

Eastern Idaho Regional Medical Center (EIRMC) was struggling with their manual policy management system. The process was time-consuming, costly, and inefficient. The hospital was spending over $14,000 per year on policy committee meetings alone. Additionally, the Joint Commission's evolving view of policy and procedure management increased the need for a more efficient system. The commission now expects organizations to not only have policies in place but to use these policies to drive their practice. This new requirement made it more important than ever for EIRMC to have their policies easily accessible, well-organized, and not in conflict with one another, which was difficult to achieve with their manual process.

Methodist Healthcare System of San Antonio (MHS) was using a document management system that was not efficient. The system used primitive search methods, did not support uploading of documents and routinely lost or truncated documents within the system. This caused great difficulty during essential Joint Commission surveys. The Joint Commission audits identified areas of weakness in MHS’s policy management system. Surveyors discovered that employees could not find documents in MHS’s electronic policy manager and some policies were not kept current. Additionally, policy documents were difficult to find and difficult to edit. These shortcomings alerted MHS officials to the need for improved policy management.

When Jeff Killeen stepped into the role of the first Chief Compliance Officer at Bumble Bee Seafoods, he had a tall order in ahead of him: consolidate and place as many compliance functions as possible under one roof. The largest branded shelf-stable seafood company in North America, Bumble Bee has more than 1,500 employees and operations spread out from its headquarters in San Diego to fish suppliers in Southeast Asia. Killeen needed to formalize the company’s ethics and compliance program to address Bumble Bee’s specific industry complexities, resonate across the company’s global operations, use resources conservatively and wisely, and most importantly, help the company maintain a culture that supported business values as well as objectives.

Valero Energy Corporation, North America’s largest independent refiner and marketer, operates 16 refineries and more than 5,000 retail venues. The Port Arthur refinery, located in southeastern Texas, employs over 800 employees and achieves a total production of 95,000 barrels per day. To create a safe workplace that meets OSHA’s Voluntary Protection Program (VPP) standards, as well as positively execute Valero’s best practice standards, Port Arthur needed a way to keep their policies and procedures accessible, orderly and accurate. Given the tough economic times, the refinery was also looking to implement a solution in the most cost-effective way possible. The Port Arthur refinery is only one of Valero’s 16 refineries. The campus consists of four complexes and more than 800 employees. In 2007, Valero corporate headquarters sent policy writers to Port Arthur to spend months rewriting and updating the refinery’s operating manuals. These procedures were maintained in a series of spreadsheets and paper copies stored at each complex and varied based on managerial preference. When the writers finished, Reggie Ramirez, Port Arthur’s Process Safety Management Coordinator, wanted to see that the procedure documents never again fell into disarray. Unfortunately, Port Arthur had no system to consistently manage the newest manuals.

Cummins, a global power leader with approximately 46,000 employees worldwide, was facing the challenge of maintaining a consistent communication structure across its global operations. The company was outgrowing its old vendor and needed a system that could support its Code of Conduct policies on a global scale. The company launched a Six Sigma project to determine the necessary requirements for an ideal system. As an international company, Cummins needed a comprehensive reporting system to maintain a consistent workplace culture around the world.

PNC Bank, a leading provider of financial services in the United States, was facing challenges with managing their policies and procedures. They had made significant investments in Lotus Notes® and an intranet website to manage their documents, but neither system met their high standards. The overlap between the applications created confusion and version control issues. From a compliance perspective, the lack of clarity, consistency, and readership metrics was an unacceptable risk for the institution. They needed a document management system with intuitive versioning controls, powerful search and tagging features, and compliance-savvy reporting tools. In addition to these internal challenges, PNC Bank also needed to comply with a wide variety of regulations such as The Bank Secrecy Act of 1970, Sarbanes–Oxley Act of 2002, Anti-money Laundering (1986, 1992, 1994, 1998), and Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.

Operating in a heavily-regulated industry can bring all kinds of challenges, especially when dealing with complex policies that regularly require updates to stay in regulatory compliance. For Don Braspenninckx, Vice President and Chief Compliance Officer at Mortgage Center, this was a challenge he was all too familiar with. Managing policies in different Word, Excel and PDF documents was creating major headaches. One regulation could touch nine separate, distinct areas of the company, so trying to disseminate information and keep it organized for all employees was a challenge.

When Hahnemann Hospital and Saint Christopher’s Hospital for Children were divested from Tenet Healthcare and purchased by American Academic Health System in early 2018, the two hospitals found themselves without a hotline reporting system. The hospitals needed a system that could serve as a confidential place for employees to clarify policy and discuss or report concerns, a communications channel beyond the rumor mill, a way to direct employee questions to the appropriate resource, an opportunity to provide guidance before a poor decision is made, an early warning of issues or problem areas brewing in the organization, and a last internal stop for whistleblowers before they take an issue outside the organization to a regulator or attorney.

Hy Cite Enterprises, a wholesale distribution company, began expanding its operations globally about fifteen years ago. As their global profile grew, so did the complexity of managing the many subsidiaries, suppliers and different types of compliance risks to which the company was now exposed. Performing due diligence on new third parties and continuously monitoring those entities was challenging. Hy Cite was using internally developed applications to track and monitor third parties, collecting information from a variety of sources that were not meant to manage the due diligence process. The company realized that it was not sustainable to continue using the same systems and needed a system that had what they needed in a single place.

The town government of North Kingstown recognized the need for a system that allowed citizens to report problems or concerns anonymously. This was in response to the popular opinion in the community for more information about the government as well as accountability for the government. The town started the search for a third-party system at the recommendation of a state auditor and outside consultants.

Navicent Health was cited for document control issues with their internally-built SharePoint repository. This led to the task of building ISO 9001 2015 certified policy and procedure management systems for all Navicent hospitals. The challenge was to create and maintain a standardized work environment with consistent document management, information control, and knowledge sharing across the enterprise, which included 12 entities and about 12,000 documents.

The luxury fashion accessories manufacturer and retailer faced a two-fold challenge. Firstly, they had to comply with Dodd-Frank Section 1502 and similar international regulations that require public companies to disclose annually whether conflict minerals exist in their supply chains. If so, companies must report on due diligence efforts and conduct a private sector audit. This was a daunting task for the company as it worked with over 1,000 suppliers around the world, making it difficult to know which, if any, were sourcing conflict minerals. The second challenge was the public pressure on organizations for transparency. Meeting compliance and audit requirements mandated by Section 1502 would cost around $3.5 million annually and take six to 12 months to complete.

Claims Recovery Service was struggling with managing compliance and audits due to inadequate processes. They were using manual processes such as spreadsheets, stored documents, email, and other office tools. The company had to comply with numerous financial rules and regulations, which was a time-consuming process with a high risk of missing something. They relied on documents in hundreds of file folders in multiple network drives, each with its own security permission. The company maintained a list of policies on spreadsheets and Sharepoint sites, but none of the information was linked, making it nearly impossible to update policies or even know they existed. As regulations grew more complex, customer compliance demands multiplied, and the cost of noncompliance grew steeper, it quickly became clear spreadsheets weren’t enough. The company was spending more than $500,000 a year managing compliance.

A mobile messaging company was in hyper-growth mode but needed to mature its compliance program to keep pace with a growing list of regulations and B2B customer demands. The company had to comply with 173 contracts, 254 regulatory mandates, and 9,700 contract demands. The company’s startup culture made things harder, because it thrived on tribal knowledge, undocumented processes, and a shoot-from-the-hip management style. While that culture could thrive in a small startup environment with few compliance mandates, the company had become a subsidiary of a publicly traded company and counted four of the top 10 global brands as customers. Meeting even basic business requirements was becoming impossible to manage using manual processes like spreadsheets.

The biosciences division of a major university, comprising 5,000 faculty and staff across 32 departments, faced a significant challenge in managing its information security. Each department had its own IT support and unique cybersecurity requirements, creating a siloed environment that hindered the security team's ability to assess the entire IT landscape. This resulted in gaps in security controls, inconsistencies in applying these controls, and duplication of efforts. The university's commitment to open inquiry and interdisciplinary research, which involved freely sharing information, introduced additional risk. The security team also struggled to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.

The company faced challenges related to compliance requirements and incident management. The existing solution was reliable for gathering information on incidents, but it lacked steps for managing information toward a resolution in a secure manner. The company also faced hurdles in controlling and restricting access to information around incidents that involved HR and the Healthcare Information Portability and Accountability Act (HIPAA). Additionally, the company’s use of vendors pointed to the need for regular assessments and a defined process for managing vendor incidents. The company sought a more secure and efficient way to manage incidents associated with HR, vendors and IT, as well as a smarter approach to IT risks and vulnerabilities.

The nation’s largest health information network faced significant challenges in managing information security, particularly due to the sensitive nature of the data it processed. The company had to comply with a range of regulations and industry standards, including HIPAA, EHNAC, SOX, PCI DSS, and ISO. The complexity of these compliance requirements was compounded by the company’s lack of visibility into current and pressing risks, making it difficult to provide data or metrics to inform management decisions. Additionally, the company’s Information Security department struggled to secure funding, as it was viewed as a cost center and had difficulty justifying budget requests without clear insight into IT and information security risks.

The social game developer was facing challenges in managing cyber risk, compliance, and audits due to inadequate processes. They were using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort. The company needed a senior analyst to lead its nascent program, as well as invest in a technology platform that could streamline cyber risk, compliance, and audit management activities while supporting game development.

The Toledo Clinic, a large private multi-specialty physician group, was facing challenges in managing policies and employee reports. The organization was using SharePoint to manage policies and procedures, but the system was not effective. The Clinic's Corporate Compliance Officer, Drew Williamsen, had previous experience with SharePoint and knew that it was not capable of being a policy management system. In addition to this, the organization did not have a proper hotline. All reports were done via spreadsheets and disparate documents, making it difficult to track reports and visualize trends.

Before the YMCA of Greater Rochester implemented an employee hotline system, the organization relied on a whistleblower policy to help them encourage employees to report their concerns. But on the heels of high-profile corporate scandals in the early 2000s, the organization realized it needed to formalize its reporting process and demonstrate its commitment to transparency. With more than 3,000 employees in 17 branches, across five counties in western New York, Fernán Cepero, Chief Human Resources Officer and Chief Diversity Officer wanted to ensure that all employees had a voice and felt like they were being heard.

The Concord Fire Department in Massachusetts was facing a challenge in managing its policies and procedures for various emergencies. The department had a need for a better system to manage these documents and ensure that all department employees were aware of the content of these policies and procedures. Additionally, the department needed to standardize its operating procedures. With four different groups at two stations, there were up to eight different ways of operating at a particular emergency scene. This lack of standardization was causing confusion and inefficiency during emergency responses.

Zespri International, a New Zealand-based kiwifruit exporter with operations across Europe, Asia, and the Americas, faced severe financial and legal repercussions when one of its importers was found guilty of duty evasion in China. The company's Chinese subsidiary was prosecuted as an accessory to the under-declaration of customs duties by a former importer. This led to an investigation, the imposition of significant fines on Zespri, imprisonment of a Zespri employee, and significant legal fees. Investigations revealed that trust and a lack of understanding were core factors. The incident also resulted in huge costs in terms of time and resources, with employees being interviewed, documents being requested multiple times, ongoing court cases taking employees away from their jobs, and media attention shining an unwanted spotlight on the company.