Frank Lopez’s recent Compliance Week guest column, “Tips for Mitigating Whistleblower Risk,” (March 3, 2009) provided a good overview of whistleblower policy, as well as some excellent suggestions for improving the anonymous hotline reporting process overall. It also got me thinking about the importance of moving beyond the hotline, and beyond business-as-usual reporting on risk- and compliance-related incidents.
What companies should strive for is an enterprise-wide framework for mitigating the risk of non-compliance within the full range of regulations and corporate standards. That’s certainly an issue for my company, at least. Cognizant Technology Solutions is one of the world’s largest IT services providers with extensive operations around the world, and we must be doubly cautious when it comes to privacy, security, and compliance. We work intimately with our clients on a broad range of projects, through which our employees often have access to confidential information, intellectual property, and proprietary data and systems.
