A Case of success: Definition and implementation of a Legal Compliance Model in a big Italian Company


1.    Issue/Problem

  • Applicable laws and regulatory rules continuously changing.
  • Board of Directors urging to empower the tools available to the Compliance Committee aimed at guaranteeing the ongoing compliance process effectiveness.


2.    Objective

  • With the Compliance Committee we agreed on targeting the Project to define a Compliance Model which joined both interactive assessment features and dynamic monitoring functions, along with both law and organization changes self-adapting functions
    • investigate the legal risk profile of the Company by multiple points of view: the risk itself, the organization structure, the processes, with all their mutual intersections.
    • the mitigation plan had to offer such a multiplicity of intelligence dimensions, along with a dynamic dashboard to monitor the evolution of the plan.


3.    Assessment:

  • After a deep evaluation with the Client, we both agreed on aiming any efforts at deploying The Beeg Suite! Model to accomplish the specific intelligence requirements.
  • The Project team’smain points of concern/analysis were:
    • Perform a process analysis by which find out the interconnections between human resources, critical processes, risk profiles and corrective actions.
    • Define the most versatile set of questions by which assess each manager aiming the very specific characteristics of its job.
  • Our approach started from the BPR standard Model and the COSO Risk Management Framework, leveraging on the features available in our software application.
  • The key issue that we examined was offering the easiest and yet versatile intelligence opportunity to managers along with a reliable security profile to management of intrinsically sensitive data.

4.    Recommendations/Suggestions

The recommendations we suggested to the Client were:

  • to always keep the organization structure up-to-date since the software allowed a very effective change management features.
  • to split the assessment in two sections, the first, more general, referring to the Internal Control System, the second, more specific, investigating the particular responsibility area of each Manager.
  • to define a set of incorrect behaviors and one of corrective actions. These should match with each other and with the processes and tasks.

5.    Results:

The project resulted in:

  • An effective layout of the structure, with detailed match between tasks and people.
  • A Risk Management environment allowing the client to be absolutely independent in managing the risk profile of the Company and in monitoring the corrective action needed to mitigate the risk.
  • The empowerment of the auditing committee in managing its internal controls duties.