The importance of good corporate governance for an organization's success has been a topic discussed across. However, even though organizations keep in mind the principles, the different models and all the aspects of good governance, there is always scope for error and that is why issues in corporate governance are in abundance. Especially accountability issues. By now, we know how important accountability and transparency is in corporate governance. Let us look at some of the steps you could take against potential issues that you may have to face.
It is now well established that the board in any corporation plays a pivotal role in its governance, which is why care should be taken to not put undeserving, inexperienced people who are incapable of handling crucial situations and forming suitable solutions. So that everyone’s point of view is represented in the board, it is important to have a diverse group of people in the group with a healthy mix of ethnicities and men and women. Besides the board managing everything, it is important that the seriousness of the entire corporate governance business is ingrained in the corporate culture. Complying on paper is not enough; there should be visible, tangible compliance and subsequent results. Board appointments should be done by voting only and on the basis of talent and experience and not because of family contacts or influence. This will make sure that the board comprises of people who are dedicated towards working for the company’s cause and not just there for the sake of it.
The board also needs to be evaluated on the basis of their performance. The performance of directors as a group as well as individual performance need to be considered by elaborating on both qualitative aspects and quantitative aspects how they achieve objectives, how they handle ethical issues. Usually, these evaluations are called to be made public such that the results actually have an impact on the directors. However, such evaluations can become sensitive in nature and full public disclosure may turn out to negative impact on the organization.
Independent directors are accused for maintaining a passive stand regarding the board’s decisions. However, in cases where these directors have protested against promoter decisions, they have been removed for non compliance with the promoter and this is by law as it is stated that an independent director can be easily removed by promoters or majority shareholders. This inherent conflict has a direct impact on independence. Therefore, to make sure that directors are not just simply removed from the board, there needs to be a better evaluation system in place to justify the removal and the decision of the majority should be taken into account.
Directors have duties not only towards the corporation that they head and its stakeholders but also towards its employees, the community and the environment’s protection. These general duties need to be carried out by all directors, however the independent ones come across as complacent. This may be due to the lack of actual implementation. Therefore, to further propagate accountability, the entire board must be mandated to be present for all meetings with stakeholders to incite healthy camaraderie.
In some countries, the founder’s identity is often merged with the company’s identity in the sense that they identify as one and the same. The founder has immense control over the working of the company and can make or break any aspect of governance. There is a lack of succession planning and founders keep exercising their power to influence crucial decisions regarding the company. It is important that the founders chalk out a succession plan and implement it.
A risk management policy has always been imperative and has gained more importance over the years, especially in today’s world where big businesses are under the scrutiny of the media and other competitors. A proper risk management strategy needs to be chalked out and inculcated in the day to day workings of the company. The independent directors are mandated to assess the risk management systems of the company.
Today, everything is digitalized, and as much as it has an immense number of advantages, it also poses a great risk to the privacy of data. The board must be familiar with at least the basics of cyber security to protect the company against a potential data scandal. The board must invest a reasonable amount of time and money in order ensure the goal of data protection is achieved.
Companies that meet the specific criteria/thresholds are required to constitute a CSR committee from within the board. This committee goes on to frame a CSR policy. Companies are required to spend at least 2% of the average net profits of last three financial years on CSR activities. In case the expenditure is not carried out, proper justification needs to be provided. CSR is important and CSR projects should be managed by board with as much interest and vigor as any other business project of the company.
A good corporate governance system ensures transparency, fairness, and accountability. VComply offers a complete GRC management solution to help you streamline everyday compliance processes with a centrally managed, cloud-hosted system.
Good governance is important for the smooth and effective functioning of the organization. It is a broader concept; and includes oversight and practices to establish an organization’s strategic direction and achieve its purpose and make the best use of available resources.
In this article, we'll take a look at what governance means, why it's important, and the steps to establish a strong governance framework.
Governance is defined as the systems that control and operate an organization’s decision-makers and the actions that hold its people accountable. This includes rules, laws, relationships, systems, and processes. Ethics, risk control, facilitation, and administration are all part of governance too. Governance is subtle and may not be easily observable.
Governance is much more than the organs of the organization. In a broad sense, it is about the culture and institutional environment in which the public and stakeholders interact among themselves and participate in public affairs.
Governance is the heart of any successful organization. A company or organization needs to achieve its objectives and drive improvement, as well as maintain legal and ethical standing in the eyes of shareholders, regulators, and the wider community.
The broader goals of good governance are as follows:
A culture of integrity exists when employees recognize top managers as honest, trustworthy, and ethical and there is transparency in working. This sets a positive example and allows them to be respectful, even during conflicts.
Good governance helps in maintaining healthy relationships between employers, employees, and co-workers. It leads to effective relationships in an organization.
Good governance has always been recognized as a critical tool for advancing sustainable development.
Achieving sustainable development is a participatory and constant process to achieve economic, environmental, and social objectives in a balanced and integrated manner.
It provides decision-makers with a framework for working systematically across sectors and territories. Ultimately, it helps standardize processes for consultation, negotiation, mediation, and consensus-building on priority societal issues where interests differ.
Good governance is also about measuring performance to achieve targets and takes appropriate actions, in case of non-performance.
The governance structure helps you work with updated systems and avoid mistakes due to redundant systems. When all rules are appropriately followed and every detail is recorded, it minimizes the chances of careless errors.
The benefits of good governance which can have a greater and positive effect on the business are as follows:
Consistency in good governance creates a culture of brilliance in an organization. The leadership's behavior defines the behavior of the personnel. Good governance helps reinforce this sentiment.
Good governance leads to good business outcomes, which in turn leads to better performance from the organization's employees. All of this has a positive effect on the reputation of a company.
Each organization has issues, problems, and nonconformities. An organization with good governance can eliminate these by diminishing the negative impact of these issues and containing the risk internally.
When major stakeholders such as employees, suppliers, and the wider community participate in decision making together, it creates a greater vision for successful outcomes. When each stakeholder has sufficient responsibility, it increases the chances of an organization reaching its goals.
Good governance reduces the fear of safety, performance, and warranty concerns, which may dangerously affect an organization and its stakeholders. This improves financial stability and safeguards the interests of customers, staff, suppliers, and shareholders.
An organization that represents stability and reliability has a greater chance of attracting investors of premium quality. It also increases opportunities to borrow funds at a higher rate.
It's easy to mistake good governance for good management, but both are different. Let's take a look at the finer differences between the two concepts:
Governance refers to the norms, strategic vision, and direction that formulate high-level goals and policies. Management runs the organization in line with the broad goals and direction set by the governing body.
Governance directs the management to ensure that the organization is achieving the desired outcomes and it ensures that the organization is acting wisely, ethically, and legally.
On the other hand, management makes operational decisions and policies to keep the governance bodies informed and educated. Management is always responsive to requests for additional information if required.
The role of governance is to ensure that the organization is working in the best interests of the public, and more specifically the stakeholders who are served by the organization’s mission
The management is responsible for implementing the broader vision and goals of governance.
Steps to Establish Good Governance
Let's take a look at the important steps to establish good governance:
Appoint a Suitable Board
A Board should be balanced and competent if you wish to achieve success from governance.
Qualified directors are a part of good governance who understand the business properly, and also provide a good point of view in the meetings.
Regularly review the board
The make-up of the board is crucial and can build or destroy the success of the corporate governance of the organization. A review of your board allows you to make improvements when needed and keep things up to the mark.
Build a strong foundation for inspection
Develop a strong system to monitor and evaluate the actions and responsibilities of the board and management. A board must have a clear view of management’s actions and be available while making all key decisions.
Make risk management a priority
Initiate a risk management plan and internal control structure that is beneficial to your business and aims to assess its effectiveness regularly.
Plans of disaster recovery are critical for any business, and a key component of good governance.
Promote honest reporting
Reporting is a critical part of corporates. Governance should aim to set up seamless processes for audits and other financial reporting, to ensure transparency and accountability.
Provide appropriate information
Being transparent with stakeholders is quintessential. It can be accomplished by providing appropriate information at all times.
It includes declaring all transactions of parties involved as well as the interests of all the directors of the organization. If directors have any interests outside the organization, it influences their decision making.
This level of transparency promotes the confidence of stakeholders and lowers reputational risks.
Integrity is not limited to honest reporting. An organization must encourage a sense of integrity in all actions, and ensure employees have sufficient incentives to put it into practice.
Good governance is a cornerstone of success and development for a company. It is a work in progress and needs to be evaluated at all times, so an organization doesn't lose its way and forget its mission.
If you're looking for a better way to manage governance in your organization, take a look at GRC software by VComply.
As a healthcare nonprofit, you have the opportunity to impact thousands of lives. However, being a healthcare nonprofit comes with it's fair share of regulatory and organizational issues that can affect your long term future.
In this article, we’ll take a look at the common compliance requirements of healthcare non-profits.
As varied as healthcare issues can be, there are many different types of healthcare nonprofits too. Let's take a look at some of the most common ones below.
These are federally funded 501(c)(3) organizations that provide healthcare services to low income groups. They are generally located in areas where people do not have access to medical support. They serve people from diverse backgrounds and communities. Apart from basic healthcare, they often provide programs related to nutrition, exercise, and wellness. They form a critical component of the public healthcare system, ensuring people in both urban and rural areas benefit from healthcare innovations. Even though they’re nonprofits, they work with cutting edge technology, equipment, and systems to ensure the best care for patients.
Rehabilitation centers for drug addicts are another type of healthcare nonprofit. The cost of enrolling in a private de-addiction facility can be out of bounds for people from low income households. Unfortunately, such people are more likely to develop habits of drug abuse and dependency. Thus, they are more in need of such services. Nonprofit centers such as these help people cope with depression and anxiety, and ultimately, eliminate their dependence on drugs.
While physical health is important, mental wellbeing is also a crucial aspect of healthcare. Non profit mental health organizations help people recognize signs of mental distress and address them in a timely manner. Generally, mental health is considered a taboo topic and people refrain from talking too much about it. An important role of these nonprofits is also to raise awareness about mental health issues, and encourage people to come forward and seek help. Mental healthcare centers consist of professionals who help people cope with distress, both emotionally and psychologically.
Nonprofit healthcare organizations enjoy various benefits from the government, including a waiver of taxes. Hence, they are closely scrutinized by government bodies and must comply with certain rules and laws to maintain their nonprofit status. Organizations that fail to meet federal compliance guidelines face penalties and fines, and can also be barred from raising funds.
Some common compliance requirements for nonprofit healthcare organizations include:
The board of a healthcare non profit organization serves as the guiding light for its actions, helps ensure that it is legally compliant at all times, and manages and supervises it's activities. Each board member should have a specific role.
First and foremost, it is important for a board to ensure a healthcare nonprofit meets rules and regulations in the healthcare industry on an ongoing basis. Board members are also responsible for providing strategic leadership, financial stability, and executive support to a nonprofit organization.
The board must develop and communicate the organization's vision, mission, and goals. It must continually monitor the organization's progress and outcomes. Typically, a robust system for evaluating performance should include the budget, balance sheet, income statement, annual report, and financial reports. These are all critical documents when filing the 990 form.
In terms of legal compliance, the board must ensure all 990 filings are made on a regular basis. Finally, the board is also responsible for heading fundraising activities for a healthcare nonprofit. Successful healthcare nonprofits are generally managed by enthusiastic board members, who regularly attend meetings, actively participate in every aspect of the nonprofit's functioning, and represent the organization in a positive manner.
HIPAA stands for Health Insurance Portability and Accountability Act, implemented in 1996 to safeguard the privacy of healthcare information. The goal of HIPAA is to ensure that healthcare information of the public is not shared with any unauthorized parties, without an individual’s consent.
To maintain the security of patients’ health information under HIPAA, healthcare nonprofits are expected to do the following:
The HIPAA is enforced by the U.S Department of Health and Human Services. If an employee or consumer makes a complaint, it is investigated and corrective action is taken against non compliant organizations.
Often, HIPAA violations occur when healthcare information is stolen, sensitive data is copied, or information is disclosed verbally.
Violation of HIPAA can incur severe penalties for healthcare organizations. These include:
HIPAA violations have cost many hospitals and organizations hefty fines. St. Elizabeth’s Medical Center was charged a fine of $218,400 after they put the public health information of nearly 500 patients at risk. In another case, the Anchorage Community Medical Health Services had to pay a fine of $150,000 after a malware revealed the records of more than 2,700 patients. The center used outdated systems and software, and did not upgrade their technology. This case underlines the importance of processes and procedures, as well as regularly checking your software for malware.
It can be hard to detect security and compliance issues in growing and complex healthcare nonprofits. Moreover, compliance with HIPAA and other regulations often entails huge amounts of paperwork that healthcare organizations can find cumbersome.
A simple solution to their compliance needs is using an automated compliance software that extends across through their entire organization. This will help them maintain consistency and minimize human error.
An automated system for healthcare compliance such as VComply offers the following benefits to nonprofits:
We hope this article sets you up to successfully fulfill your legal compliance needs. Violations of laws such as HIPAA are often the result of technical oversight and not keeping pace with changing technology. With the right tools and software, they are completely avoidable, so you can focus on what matters most: providing world-class patient care.
Enterprise Risk Management has been gaining relevance in today’s time due to the dynamic nature of regulations and a competitive market environment. Risk management internal to the company is where the majority of companies are focusing on which special emphasis on optimizing internal controls and processes. However, the major party of enterprise risk management is vendor risk. Managing multiple vendors, suppliers and partners are now difficult. With shrinking margins always the concern for corporates, companies can only focus on optimizing its costs in which effective vendor management plays an important role.
With businesses now focusing on specializing in a specific part of activities, outsourcing the critical processes and systems to vendors makes the vendor management a very important task.
Vendor risk management program is a challenging task due to the complexity arising from a large number of internal and external participant’s involvement and the vendor.
Your six step success guide for effective vendor risk management process:
Internal Controls: Establish strong and organization-wide internal controls. This would standardize the quality and requirements of the vendor. This would help in clearly assessing the vendor on various required parameters. Setting an internal control parameter on pollution levels to help judge the vendors on their products or services pollution level.
Vendor Contracts: In order to mitigate vendor risks and clearly communicate the value which vendor needs to provide, contracts are the most preferred way for a relationship. Mutual agreement of the necessary terms and conditions would bring both the vendor and customer on the same page with a clear understanding of each other’s role. Key elements should include review period, audit rights and security requirements.
Risk Assessments: Vendor Risk Management typically involves three distinct risk categories namely Business Profile Risk, Control Risk and Relationship Risk. Business Profile Risk addresses the financial, regulatory compliance, and geopolitical nature of the vendor; Control Risk addresses the processes and policies a vendor adopts to effectively deliver on the contract agreement. Relationship Risk is the risk associated due to engaging in business with a vendor.
To assess the risk, it is important to perform due diligence of the vendor. During risk assessment, set-up high-risk controls to measure, and indicators to alert when problems arise.
Onsite Audit: Conduct on-site audit to assess critical processes adopted by the vendor. Establish an audit plan before the visit so that critical areas are inspected and correct and relevant findings are documented for further review.
Reporting: Report your findings in a concise audit report providing important guidance to an internal team like legal and logistics to review the vendor and provide suggestion to the vendor to improve on its weak controls in order to be compliant with the organization.
Monitor Risks: Constantly monitor changing business environment of organizations as well as the vendor. This would help the organization to predict any risks arising due to non-compliance. You can effectively manage vendor risks by setting necessary compliances on VComply. Monitor the vendor’s financial health, regulatory compliances, internal controls and security measures.
“Knowledge constantly makes itself obsolete with the result that today’s advanced knowledge is tomorrow’s ignorance”. One has to be on the learning curve and continuously move up. Business today operates in a highly complex & dynamic world. GRC is a discipline that brings together focus areas across corporate governance, enterprise risk management and corporate compliance. The aim of an effective GRC strategy is to ensure that the right efficiencies are brought in and more effective information sharing & reporting mechanisms are enabled.
GRC in the Past, Present & Future
GRC as an acronym denotes GOVERNANCE, RISK, and COMPLIANCE but the full story of GRC is so much more than these three words. Organizations in the past followed a non-integrated process to manage GRC. This non-integrated process led to a cumbersome environment in the organization followed by high costs, duplicacy, lack of visibility into risks, inefficiency, greater vulnerability, Inability to address third-party risks, and too many negative surprises.
The core functionality of GRC has evolved in response to the need for a standardized and centralized data and process management structure supporting compliance and risk management functions in light of increasing complexity in both activities.
VComply helps an organization manage governance in a centralized database.
An effective GRC regime is essential in today’s business world but can be challenging to implement. The organization in the present have realized that implementing the GRC system can lead to more efficiency, reliability and is important for sustainability and future development. GRC can altogether transform your business. But, there are certain challenges pertaining to a GRC system, workplace Silos being one of them. GRC processes operate in silos at many companies, creating abundant frameworks and systems which can result in:
Today, however, businesses are demanding much more from their GRC programs. When businesses accomplish these objectives well, they are positioned to excel in security, reliability, automation, and privacy. But first, they need to integrate GRC with the rest of the business to build a level of digital trust in terms of data accuracy and reliable business processes. Compliance can be overwhelming, but with a tool like VComply, the risk of noncompliance is enormously reduced. VComply is a one-time solution for all mid-size and large size organizations. VComply provides different solutions like Audit management, IT management, risk management, Enterprise GRC management, Performance management and many more.
So What is GRC’s future in the next few years?
Organizations initiating or are already in the middle of their GRC journey should ideally opt for a holistic, integrated and programmatic approach. It is important to understand that responsibility for GRC compliance lies not with just a few individuals, but rather in the combined hands of the entire organization. Regardless of GRC’s past, present, or future, GRC platforms represent the best way to meet the requirements of compliance and risk management. No matter how you define it, the adoption of a GRC platform can be a defining moment at your company.
VComply ensures your organization is at the right track by providing a hassle-free environment that your business requires!
The most basic GRC components are provided by most of the GRC Vendors with their platforms that can be configured to fit different GRC solutions. Organizations who are looking to implement GRC technology for a specific need will evaluate the functionality and cost of the solution differently when compared to organizations seeking an integrated GRC solution.
The basic functional components of a GRC platform include:
Some other components that important for supporting the core architecture are:
• Configuration – Configurability is essential to meeting unique customer requirements related to the data model, data input and visualization, and reporting.
• Data integration – GRC platforms mostly provide seamless integration across third-party systems via a web-based application program interface (API) as well as automated common-data-format (.xml, .csv) uploads.
• Data security – GRC platform vendors typically offer a role-based security architecture that supports enterprise, entity, record and field-level security.
• Contextualization – When there is integration in GRC implementation, the ability to provide different navigation and input screens becomes very important for organizations because they are likely to use a more intuitive platform.
• Performance – The organization must start evaluating architecture performance by establishing performance standards based on the composition of users. Many GRC platforms lack “snappiness” even when not under heavy load. Knowing the vendor’s largest implementation and comparing it with the size of yours will help ensure that the platform meets your load requirements.
While the cloud is an extremely hot topic for organizations worldwide, it is still a pretty broad concept that covers a plethora of services and delivery models. As businesses begin to consider switching to the cloud, be it for application or infrastructure deployment, it is more important than ever to understand the differences between the various cloud services.
There are three main models of cloud service to compare: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Each having its own benefits, as well as variances, making it necessary to understand the differences between SaaS, PaaS, and IaaS to know how to choose the best one.
SaaS: Software as a Service
Software as a Service, also known as cloud application services, is the most commonly utilized option for businesses in the cloud market. SaaS uses the internet to deliver applications, which are managed by a third-party vendor, to its users. Most of the SaaS applications are run directly through the web browser and do not require any downloads or installations on the client side.
Due to its web delivery model, businesses don’t need to have IT staff download and install applications on each individual computer. Vendors manage all of the potential technical issues, such as data, middleware, servers, and storage, allowing businesses to streamline their maintenance and support, thanks to SaaS.
PaaS: Platform as a Service
Cloud platform services, or Platform as a Service (PaaS), provide cloud components to certain software and is mainly used for applications. PaaS delivers a framework for developers that can be built upon and used to create customized applications. All servers, storage, and networking are managed by the enterprise or a third-party provider while the developers maintain management of the applications.
The delivery model of PaaS is similar to SaaS, apart from the fact that instead of delivering the software over the internet, PaaS provides a platform for software creation. This platform is delivered over the web and gives developers the freedom to concentrate on building the software without having to worry about operating systems, software updates, storage, or infrastructure. PaaS also allows businesses to design and create applications built into the PaaS with special software components.
IaaS: Infrastructure as a Service
Cloud infrastructure services, known as Infrastructure as a Service (IaaS), is composed of highly scalable and automated computer resources. IaaS is fully self-service for accessing and monitoring things like computers, networking, storage, and other services, allowing businesses to purchase resources on-demand and as-needed instead of having to buy the hardware outright.
IaaS delivers Cloud Computing infrastructure, such as servers, network, operating systems, and storage, through virtualization technology. These cloud servers are provided to the organization through a dashboard or an API, and IaaS clients have complete control over the entire infrastructure. IaaS provides the same technologies and capabilities as a traditional data center without having to physically maintain or manage it. IaaS clients can access their servers and storage directly, but it is all outsourced through a “virtual data center” in the cloud.
Unlike SaaS or PaaS, IaaS clients are responsible for managing aspects such as applications, runtime, OSes, middleware, and data. Also, providers of the IaaS manage the servers, hard drives, networking, virtualization, and storage. Some providers also offer extra services outside of the virtualization layer, such as databases or message queues.
As we can see, each cloud model offers its own specific features and functionalities, and it is crucial for businesses to understand the differences. Be its cloud-based software for storage options, a smooth platform to create customized applications, complete control over the entire infrastructure without having to physically maintain it, there is a cloud service available. No matter which option companies choose, migrating to the cloud is the future of business and technology as we know it, and it is necessary to be properly informed.