CIOReview | | 9 MAY 2023those cases, it may be helpful to look at the way legal requests are scored to determine how to value risk mitigation.When looking at how to open the lines of communication, consider how each function communicates within itself and with other parts of the organization. If there is a regular intra-department meeting, invite the other department to give a short talk or presentation. A lunch and learn to treat the other department is a great way to start. Compliance may already have recurring calls with the lines of business to provide regulatory updates; extend the invitation to key IT personnel. Regular IT department meetings may yield valuable updates for compliance, such as vendor changes, new software, and new facilities.Compliance should also be open to alternative technical solutions proposed by IT - if it ultimately meets the goal or resolves the issue, don't let perfect be the enemy of good. One example of this is the Bill of Lading document generated by ERP systems. It is common for multiple departments to request specific language or data elements be included on the BOL, but there is only so much room on the page. Rather than doubling down on the exact language being on the BOL, consider if the language could be shortened, if a reference to a full policy could be used instead, or if there is another shipping document where the language could be included (the commercial invoice, packing list, etc.)While IT certainly has greater expertise in technology overall, compliance may have more direct knowledge and experience with technology specific to their field, such as Global Trade Management (GTM) software. Most ERP systems are not designed to handle international trade. Some organizations manage this by creating custom transactions and documents in the standard ERP, some rely on manual processes with spreadsheets, but more and more organizations are turning to GTM solutions. If the organization is considering creating custom code to meet trade compliance requirements, it is worth evaluating GTM options. Compliance likely is more familiar with the current landscape of GTM providers to look at, but it is critical for both IT and Compliance to be involved in the selection process. Compliance will be able to evaluate how well the solution meets their regulatory and process needs, while IT can review how well the solution will interface with existing systems and make a realistic estimate of the time and cost involved in implementation.In multinational organizations, IT may frequently be asked to provide hardware and software to company locations in other countries. Proactively working with compliance can prevent shipping delays and added costs. Some countries require import permits for certain items; shipping the goods without the required permits often results in seizure and forfeiture of the items. Compliance can review the import and export restrictions in advance to ensure the goods arrive successfully.Compliance can also help IT with training and cybersecurity. Because training is often required under various regulations, compliance typically has a formal training program with tailored content for the organization. With the rising need for cybersecurity programs and certifications, compliance can assist IT with creating and delivering cybersecurity training; this may even be a compliance requirement as well, if the department handles data privacy, transportation security, or government contracts compliance.As two critical departments with expert technical knowledge, Compliance and IT provide value to the organization by protecting its assets and reputation while facilitating business. IT can help further the Compliance department's goals through systems solutions for automation, standardization, and monitoring. Compliance can be a trusted partner to IT by assisting with training, cybersecurity, and inter-company hardware and software shipments. By respecting each other's expertise and communicating openly and regularly, Compliance and IT can find creative solutions to today's most pressing business risks. With the rising need for cybersecurity programs and certifications, compliance can assist IT with creating and delivering cybersecurity training
< Page 8 | Page 10 >