As part of an effort to assess its risk exposure, Honeywell identified compliance areas ranging from anti-corruption to cybersecurity to insider trading. However, each area had its own regulatory structure and challenges, making it difficult to consistently assess exposure to risks across the business.
Eager to establish a single set of standardized metrics, Honeywell looked to the U.S. Department of Justice and its guidelines for evaluating corporate compliance programs. Honeywell borrowed these guidelines and added one of its own — digital transformation — a set of distinct measurement criteria for determining the adequacy and effectiveness of its compliance initiatives. In addition to digital transformation projects, they include audit, culture, investigations, mergers and acquisitions, policy and procedure, resources, risk assessment, third-party management, and training and internal communications.
Honeywell’s next step involved populating its assessment framework using accurate and high-quality data. Aggregating the data needed to effectively drive the risk assessment required accessing a wide range of sources and several million data points from across the organization. To start, Honeywell asked compliance area directors to complete a tailored online survey to identify their most pressing compliance issues and their perceived risks of violating industry regulations.
Honeywell also solicited responses from employees via one-on-one interviews. The comments from the surveys and interviews were captured in our technology platform EY Virtual. In addition, documents describing Honeywell’s compliance processes and procedures were analyzed within the platform and provided important information. EY subject-matter resources were another valuable asset. They collaborated with Honeywell IT teams and data source owners to determine the feasibility of extracting meaningful insights from various data sources.
After obtaining valuable and insightful data sources, Honeywell cleaned and scrubbed data sets gathered from online surveys, employee interviews and program manuals, seeking the highest levels of consistency, reliability and accuracy. And because many organizations want to compare their compliance program elements, structures and processes with those of their industry peers, the EY team augmented Honeywell’s internal data with publicly available industry data and its own wealth of perspectives from around the world.