“ Risk is like fire: If the board it will help you, if not controlled it will rise up and destroy you.”
– Theodore Roosevelt, the hero War and 26 US President
(Note the author: This is the first of a series of articles on the steps of a Chief Compliance Officer can. And should be taken to Success in the role)
Background :. I got in line company over 18 years ago with the establishment of compliance. However, back then in early 1990, compliance was not a term of art, nor practice it is today. When we started this case, we did not know what to call it. At first we called Management Internal Controls (MIC), the name represented a risk management decision function owned company. Later we changed the name to risk and ultimately Compliance and Risk Management.
During these years, I had a number of titles including MIC Officer, Risk Officer and Director of Compliance and Risk Officer. Today, almost 20 years later, it seems every company has a compliance function headed by the Chief Compliance Officer (CCO). The function has general liability companies, business laws and regulations, risks and issues. It extends to all parts of the business including office, front-end and back-end tasks, systems, sales, marketing, product development, as well as some financial functions (usually controls required by the Sarbanes-Oxley).
Being new CCO and the need to establish a new risk function can be a daunting task. But it creates the opportunity to bring excellence in the business and be a key player in leading the company to success. While there is no formula that guarantees the success of the CCO, there are steps that can be taken that will be spent to get the desired results
Step 1 :. Create a “right” Culture
primarily to the success of the CCO is the creation of the “right” culture. What is the right culture? As can be demonstrated by this example:
You’re driving a car down the street toward the intersection. As you approach the intersection, the traffic light turns from green to red. What do you do? You come to the intersection and you stop. You wait until the light turns green again, and then proceed through. Why do not you pull up to the intersection and look all ways for cars or a cop and if none is available, then continue on through? Culture is the reason.
More action to stop and wait for the green light is second nature. You responds without thinking. Why? Culture is the reason.
culture is impetuous to follow the rules. The “right” culture, one works with honesty, integrity and high ethics. Further, such behavior is natural and is made without much thought.
Without the “right” culture, the traffic light example, we had the streets of chaos and / or need a cop on every corner to prevent or catch those who choose to continue through. Society can not function, or live under a system of chaos. Nor do we want or we can afford a cop on every street corner.
The same applies to business. We want officers and employees to act with integrity, honesty and high ethics. We want them to behave in accordance with it, not necessarily because we have controls in place, but because the culture fosters and only accepts such behavior. We want them to behave in this way and another character. They should not have to think about it to know the correct action.
personal responsibility for the actions of people must be the essence of the “right” culture. Compliance should not have a cop on every milestone in operation. It would cost too much and that’s the end, would fail. So CCO will work to build a culture of “doing the right thing” is expected from all officers and employees. Consequently, behaving badly must be punished and the right behavior should be rewarded.
(However, it is important to note that while personal responsibility is a fundamental “right” culture, CCO can not work with Blind Faith. The system of internal control should include detection element so that those who violate culture is defined. It will be much more about the “right” of internal controls in Part 2 of this series.)
A word about the tone at the top. To succeed tone from the top will be the one that communicates and supports the “right” culture. A zero tolerance standard must be clear with the words of senior leader and plans. However, the right tone from the top can not alone create the “right” culture. There are many steps and activities that CCO will accept to create, foster and maintain a culture that leads to doing things right the first time, all the time.
So how does CCO build the required culture? Here are some simple and practical actions
actions and steps to build a “right” Culture
-. Get buy in at all levels of the business. Participation is required not only from management, but from all levels and all employees. The CCO should, in cooperation with all; not just senior managers.
– laws so that everyone is comfortable coming to compliance, not only to report violations, but most importantly to seek advice and guidance. The CCO should be proactive in offering advice and solutions. It expects better already provided up front where new strategies, sales, etc., are planned and planned. The CCO should be seen as part of a solution that supports the company’s goal.
– Consequently, the CCO should make every effort to say “yes”. When the law prohibits “Yes,” CCO has to say no. But CCO should look and offer options and other options for the company.
– Develop, communicate, train, etc., standards, rules, policies, expectations, out of action and the man
– Be easy to do business with. The CCO should be easy and accessible
Act with speed. act fast. The CCO does not slow the company down; view the “Cog.”
No doubt, go with all laws, regulations and policies are primarily responsible for the CCO. Environmental zero tolerance for absolute risk should be the case without exception. Beyond that, the CCO should include adequate risk appetite and risk mitigation process to manage the inherent risks. Such a culture and environment that ensures compliance with all mandatory laws, rules, regulations, standards policy, and internal standards such as policies and procedures, protocols, etc. And it provides the internal control system where risk is that information front and was in furtherance of success
(Note: Absolute risks are laws, regulations, policies are clear; violations should never be tolerated inherent risks may or may not happen in compatible cultures, are monitoring … designed and built to control and reduce the inherent risk.)
Creating the “right” culture is an important role for the CCO. It will require a lot of work. But without a culture where honesty and integrity are the criteria a CCO will not succeed. Reaching the “right” culture will not in itself guarantee success, but it will at least put you 70-75% of the way there
Next up :. Step 2 – Structure of internal control