Interview with Dawn Miller, Risk and Compliance Manager at Sagitec
We welcome Dawn Miller to lead Sagitec’s risk and compliance charter. Dawn graduated from Temple University and has obtained numerous risk and compliance professional certifications. She has over 25 years of experience in risk management, compliance, safety, data privacy, and emergency preparedness. Her experience includes workplace safety matters, emergency preparedness, and disaster relief, including playing a role in response to the September 11th attacks. She has held leadership roles in federal and global healthcare programs as a Director of Risk Management and Compliance and Data Privacy Officer. She has been responsible for managing HIPAA, GDPR, and data privacy requirements.
SS: Dawn, welcome to Sagitec.
DM: Thank you so much. I am very excited to be at Sagitec.
SS: Why do you think compliance is vital for organizations?
DM: Simply put, businesses cannot be successful without good compliance practices. As a practical matter, you need to create and implement proper internal controls to operate a business. Of course, companies also must comply with applicable laws and regulations.
SS: How do you establish a compliance program?
DM: In my experience, there are three building blocks to successful compliance in an organization: reliably achieving objectives, addressing uncertainty, and acting with integrity. They are Governance, Risk Management, and Compliance, which is known as GRC more commonly. Risk management is proactive; it encompasses identifying, analyzing, and responding to the organization’s vulnerabilities. Ensuring compliance is mostly reactive, where we conform to business requirements and applicable laws and regulations. Governance is how we implement risk management and compliance.
SS: Could you please elaborate on your responsibilities at Sagitec?
DM: There are five basic elements to my responsibilities:
- Develop, enhance, and maintain internal compliance policies.
- Support Sagitec management to identify and address issues related to compliance.
- Provide training to Sagitec employees concerning their duties and responsibilities toward compliance.
- Work with customers and business partners to address compliance affairs related to Sagitec’s products and services.
- Conduct internal reviews to ensure ongoing compliance with applicable laws and regulations.
SS: That’s great. Can you give us some examples of some of these compliance programs at Sagitec?
DM: Sure. The three main industries we operate in are Pension, Labor and Employment, and Managed Healthcare. These industries are all regulated by one or more governmental bodies. For example, Internal Revenue Service regulations, and sometimes regulations enforced by other governmental agencies apply to the pension industry. These industries are all subject to privacy regulations, which can include U.S. state and federal regulations and the regulations of other countries.
My team at Sagitec makes sure that we keep everyone informed of these changes and prepare them for unforeseen circumstances. Take the pandemic. We implemented many actions as part of Sagitec’s Pandemic Continuity Operations Plan to ensure minimal disruption to our business and services. This kind of preparedness only comes when the leadership team is flexible and agile and works with the organization to implement programs.
SS: What are some of the other programs you are focusing on?
DM: Sagitec is in the process of applying for certifications in areas like SOC, HITRUST, FEDRAMP which are all very important for us. It takes 3-5 years to put together a GRC program consisting of administration procedures and internal controls in all areas, and uniform documentation across all lines of business. We already have the building blocks and a ton of work done. But we are closely monitoring regulatory changes and changes in industry best practices to ensure that we stay current and continuously improve.
SS: Do you have any examples of organizations with a ‘gold standard’ in the area of GRC?
DM: You can have the best compliance programs, but if you don’t have the people who are focused on consistently ensuring they are up to date and followed, it doesn’t matter much. And I am happy to say that it is about that holistic teamwork here at Sagitec, right from the leadership to all the employees.
SS: Thank you, Dawn. I appreciate you taking the time out to share your thoughts on risk and compliance.
DM: My pleasure.
“Companies today are more vulnerable than ever before. Internal controls and new and ever-changing regulations can be overwhelming if a company doesn’t have a person or a team to ensure governance, risk, and compliance updates are in place. Regular communication between different lines of business and transparency in operations is what the Sagitec leadership team strives for every day and I am proud of the work that Dawn and her team are doing to ensure compliance at every level in the organization.” – Piyush Jain, CEO, Sagitec Solutions.