Subscribe to our weekly Blog Digest

ACL Insider
ACL Insider
Like it? Share it! Facebooktwittergoogle_pluslinkedin

If you haven’t seen this new enterprise risk management case study video with global technology company Equinix, take three and a half minutes and watch it now! This is the path to risk maturity. This visionary group is redefining teamwork, with an enterprise risk management program that is successfully shared across finance, legal, compliance and internal audit. And, they make it look easy.

So, how did they do it?

We recently sat down with Equinix’s VP of Finance, Rod Verhulp, and Sr. Manager of the GRC Program Office – Legal, Nilisha Agrawal, to get their advice on how they built a business case for an enterprise GRC platform—and how they got other departments and executives on board. They share insights on how Equinix created a common risk language, assigned executive ownership for each key risk, united stakeholders across the enterprise and much more!

Tell us about your vision for enterprise governance, risk management and compliance?

Rod VerhulpEvery company is different and it’s not one size fits all. So from a GRC and an ERM perspective, it’s not one size fits all. I think you have to tailor it to how the board sees risk, and then the whole GRC program, how your executive team sees it. And I think you have to tailor it accordingly and create a language within the company that resonates.

How did you get executive buy-in for an enterprise risk management platform?

RodWe knew when we put together the GRC Committee that we needed executive air cover, so we reached out to several of our executives asking if they would be our executive sponsors. So we have our CFO, our head of Legal Counsel and then also our COO. Those are our executive sponsors. Very powerful people in the company, very well respected.

We didn’t want to be dominated in one particular area. A lot of times that can be Legal and/or Finance, so as we grow we keep adding members—having that wide range, having that wide perspective.

How do you get other departments to buy into your vision for a shared GRC platform?

Nilisha AgrawalWe went to different departments with ideas that could help them, and at the same time showing how ACL has helped us. We asked them how they perform their controls manually, and we automated those for them. And they said, “Wow, instead of taking a whole week to perform this control, it’ll be an hour.” And so when they started seeing that, they were already bought in.

For compliance and internal audit, it’s a win-win if other departments start using it. Because then you can start relying on their work; you can audit easily, faster, get more information.

When we met the Fixed Assets Department we said, “We want to understand your process and we want to know where your pain points are.” And when they saw the benefit, they really wanted to partner with the team to come up with a solution.

Once we come up with a solution we don’t just say, “Okay, we’re going to run these analytics for you and send them to you.” We trained them in being able to do that. Because then it’s a sustainable process. I mean, I haven’t added anybody to my team. It’s because I partnered with business and empowered them to be able to automate their own processes and controls, and look at more information than they were.

RodWhat do you want to be? What impact do you want to have? What’s your value proposition? I think that’s really important so let’s frame it appropriately. I’ve seen different companies try and be all things to all people and make it too comprehensive.

How did you deal with any resistance or hesitation?

NilishaThere are technology teams at ACL that can answer questions about how the data is secure in the Cloud, and many, many other questions. So it’s advisable in the beginning to set up a technology call where both the technology teams can talk to each other and answer questions.

So I think upfront if there’s some legwork done in the compliance area, then both teams get comfortable that the data will be secure.

Rod: At first they were resistant to this, the whole program. But then once they saw the ease of this and then broke it down so granularly through the system, then the feedback was, “This is really good. It helps us focus on the areas we need to really highlight.”

Watch the interview here:

Want to learn how Equinix manages enterprise risk? Check out this case study.