May 2019 Covers

MAY 2019, ISSUE 3

Ask yourself, “If the policies and controls didn’t exist, how would we make sure our

In some cases, the model helps automate several manually intensive tasks, giving back time to focus on higher value work. To help reach these results, we’re looking into implementing a Governance Risk Compliance (GRC) tool. This would not only serve as a data repository, but also serve as an end-to- end risk management tool using data from different sources to drive decision making. At the end of the day, the CCO strives to prevent AT&T from being the next bad headline. So, when you think of a policy that you considered “painful” to follow, ask yourself, “If the policies and controls didn’t exist, how would we make sure our company is in the headlines for all the right reasons and not the wrong ones?”

One of the efforts of the strategy team is to help the CCO define success and effectiveness. Despite the qualitative nature of the results the CCO produces, we’ve been tasked with quantifying the CCO’s value. Our team is working on implementing a Compliance Maturity Model to help answer that question. This model consists of five levels that define success and lays out the steps required to get there. Through this model, the CCO is shifting our company from being reactive to proactive.  company is in the headlines for all the right reasons, and not the wrong ones?”