Skip to content

Webinar summary and Q&A: How Transurban built its best-in-class compliance program.

In this webinar, GRC 20/20 risk and compliance expert Michael Rasmussen, and toll road operator Transurban Group's Head of Compliance Tracie Heyward, explore best practice in compliance and compliance management with a focus on Transurban’s award-winning compliance transformation project.

Register now and watch the webinar on demand:

Register now

Navigating chaos for a winning compliance strategy

Michael Rasmussen starts by describing the present-day corporate environment as a state of 'navigating chaos.' With changes constantly happening in legal regulations, business processes, technology, and human resources, companies are prone to compliance mishaps due to employees' lack of awareness, unapplied controls, and policy overlaps, especially after mergers or acquisitions.

The modern organisation extends beyond brick-and-mortar structures and traditional employees to include vendors, service providers, consultants, and various other third parties, further complicating compliance. Amid all these complexities compliance is more than just checking boxes; it is about doing the right thing and maintaining the organisation's integrity.

Compliance problems in modern organisations are systemic, interconnected, and interdependent. As an example, he illustrates how COVID-19, which started as a health and safety risk, triggered cascading compliance risks in privacy, information security, bribery, corruption, fraud, and modern slavery.

To navigate this complex and interconnected risk environment, organisations must be able to see both the individual risks and their interconnectedness. Neglecting small compliance issues can lead to significant compliance exposures, similar to how small changes in a biological ecosystem can have massive effects.

Previously, compliance was managed in a fragmented manner across different departments. However, the future of compliance lies in a unified and integrated approach, managed through a unified platform, allowing organisations to spend less time on administrative tasks and focus more on improving compliance.

Michael suggests rebranding the Chief Ethics and Compliance Officer as the Chief Integrity Officer, who would be responsible for maintaining the integrity of the organisation amidst a litigious and highly regulated world. This requires aligning attitudes, behaviours, and corporate culture with compliance obligations to avoid the creation of a deceptive facade.

Too many of today’s compliance programs resemble the Winchester Mystery House, a poorly planned mansion with many useless features, designed by different 'builders', without a comprehensive plan. A successful compliance strategy should have robust policies, an engaged Chief Ethics and Compliance Officer, an efficient compliance committee, and strong compliance management processes.

The future of compliance management lies in leveraging technology to enhance efficiency and effectiveness. The right technology should be user-friendly, cost-effective, adaptable, scalable, and capable of providing robust analytics. It must be based around a compliance strategy that’s aligned to an organisation's current state and future plans.

Implementing Transurban's award-winning system

Tracie Heyward joins the discussion, sharing her experience of managing compliance at Transurban Group, a global toll road operator with operations across Australia, the United States, and Canada.

Tracie faced multiple challenges, including an outdated software system, complex reporting structures, and jurisdiction-specific regulations. The user experience was also a concern, leading to low engagement.

In response to these challenges, Tracie established a project team, sought feedback from all areas of the business, and created a user acceptance group for real user experience. This approach led to improved engagement and helped Transurban win the 2023 Best in Class GRC Award for Compliance and Ethics Management for medium enterprises.

Transurban's transformation resulted in valuable data insights, accountability of leadership for compliance, user-friendly compliance questions, integrated ethical business practice registers, and an overall more engaged user base. The central technological change was the implementation of Protecht ERM, which tracks over 9000 obligations from various documents, allowing effective management of regulatory requirements.

Tracie highlights some key benefits provided by the system:

  1. Understanding user needs: Tracie highlighted the importance of deeply understanding what improvements need to be made by focusing on user needs and their pain points. This will guide the transformation journey effectively.
  2. Planning for the future: When working out requirements for the new system or procedures, it's essential not just to consider the current needs but also have a future-oriented perspective. Anticipating what you may need or want to include in the future can help build a more robust and forward-thinking compliance program.
  3. Integration: While discussing compliance training data, Tracie highlighted that their data was not integrated into their main system but checked for compliance separately. This underscores the importance of considering how various components of your compliance program will interact and integrate, and whether it makes sense for all parts to be integrated or for some to be handled separately but in coordination.
  4. Encouraging uptake of compliance: Making compliance part of everyone's daily job responsibilities can help increase engagement and uptake. At Transurban, every employee has a risk and compliance KPI. Training and easy access to the compliance team also help in fostering a compliance culture.
  5. Top-down accountability: Tracie emphasised the importance of accountability from the top down in promoting compliance. When executives are held accountable and are actively engaged in compliance, it tends to influence the entire business positively.
  6. Healthy competition: In a unique approach to fostering compliance, Transurban uses a reporting system that allows executives to see compliance activities in other areas. This creates a form of positive pressure, as each executive wants their area to be the best-performing, fostering a stronger compliance culture.

Audience Q&A

In the Q&A session of the webinar, the audience posed questions to Tracie and Michael:

An audience member, Tracey, asked Tracie about the duration and challenges of the transformation journey.

Tracie responded that the process lasted roughly from March to December of a single year, taking about 6-8 months in total. The biggest challenges were identifying what they needed to do to improve, understanding user needs, and considering future objectives during the process. Once they had established these requirements, the transformation seemed relatively seamless to her.

Julian asked Tracie how Transurban integrates its compliance training data.

Tracie responded that their compliance training is managed via a separate system called Workday, but it is checked for compliance through their main system.

The last question, posed by Pankaj, asked how to increase the uptake of compliance and overcome the perception of it as a mere box-ticking exercise.

Tracie replied that at Transurban, every employee has a risk and compliance Key Performance Indicator (KPI) to adhere to, making compliance a part of their daily responsibilities. Training is provided, and there is an accessible method to interact with the compliance team. The accountability from the top down, with executives also responsible for compliance, pushes this behaviour through the business. The reporting system also provides a competitive aspect, as executives can see what's happening in other areas and aspire to perform best.

Conclusions and next steps for your organisation

Watch the whole webinar to see GRC Pundit Michael Rasmussen setting the compliance landscape in detailed context, followed by the full discussion between Michael and Transurban’s Tracie Heyward on Transurban’s needs and the system they built. Protecht’s Matthew Bayliss joins Michael and Tracie for the Q&A at the end of the session.

Register now and watch the webinar on demand:

Register now


With Protecht ERM’s compliance solution, you can gain comprehensive insights and drive staff engagement to protect your organisation from fines, damage to your reputation and legal action.

Find out more about Protecht ERM and compliance:

Find out more

About the author

For over 20 years, Protecht has redefined the way people think about risk management with the most complete, cutting-edge and cost-effective solutions. We help companies increase performance and achieve strategic objectives through better understanding, monitoring and management of risk.