Podcast: Play in new window | Download (Duration: 13:27 — 12.4MB)
Subscribe: Apple Podcasts | TuneIn | RSS
When Katie Ignatowski (LinkedIn) stepped into a compliance role for the first time at the University of Wisconsin, she had to learn quickly and on the job. She spent time studying and learning from others and identified what she saw as two distinct approaches to compliance programs.
The first approach, which is the most popular, is risk-based. The compliance team provides experts that understand how to comply with high-risk areas. In her case, Title IX was of particular concern. She brought in a Title IX expert who could support the university’s Title IX coordinators and serve as an ongoing resource. This expert also helped write policies and develop training.
The second approach is to follow more of a second line of a defense model. Management serves as the first line of defense. Internal audit is the third line, and compliance is in the middle. The compliance team may convene a working group to address all aspects of compliance and culture, and, of course, risks as well.
So what makes sense for you and your organization? There’s no simple answer. She advocates in this podcast taking the time to decide which is better fit based on where you are starting out and how well you understand the risk landscape.