NAVEX

Rubio’s Restaurants, a company with over 3,250 employees, was facing a challenge in understanding the risks that the company faced. The director of internal audit, Dennis Kreta, wanted to improve the way employees communicate their concerns to management. The company needed a compliance system that would keep employees safe and happy. Kreta knew that he needed greater insight into any possible risk issues the restaurant faced – from employment concerns to possible financial misconduct.

The city of Black Hawk, Colorado, despite having only 80 official residents, hosts 21 casinos and can accommodate up to 15,000 people during a busy weekend. This unique situation makes the city's government structure similar to that of a larger city, with multiple departments each assigned to different responsibilities. The city manager struggled to establish conformity in many of the human resources practices and training material pertaining to employees’ duties, procedures, and policies. The city also looked to protect itself from litigation stemming from a terminated employee. An additional obstacle was the lack of computer literacy among all city employees due to departments not regularly utilizing computers.

San Juan Regional Medical Center (SJRMC) was struggling with a slow and inefficient policy management process. Policies were taking up to six months to a year to pass through various levels of document owners, reviewers, approvers, and committees before becoming official. The hospital lacked a centralized system for managing policies across its seven healthcare facilities located outside of the main hospital. Additionally, many of their policies existed in a solely typewritten format, and their document management system for electronic policies did not provide reminders to update documents or possess the capability for a structured review and approval cycle.

Operating in a heavily-regulated industry can bring all kinds of challenges, especially when dealing with complex policies that regularly require updates to stay in regulatory compliance. For Don Braspenninckx, Vice President and Chief Compliance Officer at Mortgage Center, this was a challenge he was all too familiar with. Managing policies in different Word, Excel and PDF documents was creating major headaches. One regulation could touch nine separate, distinct areas of the company, so trying to disseminate information and keep it organized for all employees was a challenge.

Claims Recovery Service was struggling with managing compliance and audits due to inadequate processes. They were using manual processes such as spreadsheets, stored documents, email, and other office tools. The company had to comply with numerous financial rules and regulations, which was a time-consuming process with a high risk of missing something. They relied on documents in hundreds of file folders in multiple network drives, each with its own security permission. The company maintained a list of policies on spreadsheets and Sharepoint sites, but none of the information was linked, making it nearly impossible to update policies or even know they existed. As regulations grew more complex, customer compliance demands multiplied, and the cost of noncompliance grew steeper, it quickly became clear spreadsheets weren’t enough. The company was spending more than $500,000 a year managing compliance.

Before the YMCA of Greater Rochester implemented an employee hotline system, the organization relied on a whistleblower policy to help them encourage employees to report their concerns. But on the heels of high-profile corporate scandals in the early 2000s, the organization realized it needed to formalize its reporting process and demonstrate its commitment to transparency. With more than 3,000 employees in 17 branches, across five counties in western New York, Fernán Cepero, Chief Human Resources Officer and Chief Diversity Officer wanted to ensure that all employees had a voice and felt like they were being heard.

Kamehameha Schools, one of the world's largest charitable organizations, faced a significant challenge in ensuring the safety of its students. With a large number of staff and students, the school needed a system to promptly discover and address any issues of misconduct or potential misconduct. The school's CEO, Jack Wong, emphasized the importance of providing safe and healthy learning environments for students to flourish. To foster safety and transparency, Kamehameha decided to expand its compliance helpline to make it easy for all members of the school community, including students, parents, and staff, to report concerning behavior.

Security Health Plan was struggling with a fragmented policy management process that lacked consistency and accountability. The web-based system they were using did not fit into a workflow and did not officially collect who the writer, reviewer, or approver were or exactly when they had accomplished their step or easily see what edits were made to the policy over time. The organization also had concerns about centralization and consistency. Their processes weren’t standardized. Practices and workflows differed across business functions, creating confusion about access and ownership. There was also considerable fragmentation. Multiple departments would have procedures for dealing with a given situation housed in different places. There was a real need to combine these into a single, shared process.

Guthrie, a non-profit, multi-specialty integrated health system serving Pennsylvania and New York states, needed a way to effectively collect, assess, and act on feedback from its stakeholders. The organization wanted to ensure it was providing an environment where stakeholders, both internal and external, felt comfortable expressing their concerns. The challenge was to maintain the legacy of the organization in the pursuit of patient care while also ensuring that stakeholders felt heard and that their feedback was being acted upon.

University Health (UH) had hundreds of policies and procedures that needed to be distributed and attested to across the organization. Prior to implementing PolicyTech, UH was faced with managing hundreds of policies and procedures and tracking various documents without a centralized system to support their needed order of operations. UH is required to have standardized policies and procedures in place for the staff to follow, and continuous control over that process must start at the beginning.

ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.