The next Compliance Week executive roundtable will happen in Dallas next month, and the topic could not be more timely as companies put the final touches on their 2015 budget plans: how to structure compliance and governance functions at a large enterprise.
By that, I mean how compliance officers work with other senior executives to build “good governance”—that harmonious cooperation among compliance, internal audit, investigations, privacy, legal, and other departments, which sounds so great at a conceptual level but remains so elusive here in the real world. How do you decide which departments handle what tasks? Who reports into whom? What types of organization endanger independence? How do you look at all of that with your CEO and the board and finally decide, yes, we have our act together?
The roundtable itself will happen the morning of Thursday, Nov. 6, in downtown Dallas. Compliance executives who would like to attend, please e-mail me at mkelly@complianceweek.com and we can provide further details. Our roundtables are restricted to in-house corporate compliance executives only, to foster good peer-to-peer exchange. Admission is free, the conversation is excellent, and we provide a networking breakfast to start.
The idea for this roundtable first came to me over the summer, when a compliance officer asked me how often I’ve heard of a company consolidating compliance and audit into one function, rolling into an “office of governance” that ultimately answers to the legal counsel. “Is that something that happens a lot?” the person asked. “Is it a good idea?”
I was wary as I heard this person describe the arrangement. Yes, I said, treating compliance as one element of a governance function can work, and I’ve seen it work well. But I’ve also seen companies restructure strong compliance and audit departments as a cost-cutting measure, and that usually suggests the tone at the top is not a vibrant and disciplined as a compliance officer would hope. And all these maneuvers get to the more fundamental question of what a compliance department’s purpose is supposed to be these days: to fulfill obedience to law and regulation, or to help a company achieve smarter, more sustainable and resilient growth?
Into which camp this person’s company fell, I’m wasn’t quite sure—but I knew we had a good idea for a roundtable.
I’m also especially pleased that Boeing has offered to sponsor this roundtable, since it is one example of a large enterprise that consolidated all its governance functions—trade compliance, internal audit, investigations, ethics, and more—into one Office of Internal Governance and made that approach work. Diana Sands, Boeing’s head of internal governance, will co-host the roundtable with us.
Boeing is an immense and sprawling operation these days, with huge portions of business coming from overseas operations. As a defense contractor, its bribery and trade compliance risks are high. As a business with $86 billion in annual revenue, its audit and internal control challenges are complex. Boeing also spends plenty of time worrying about ethics and culture overseas, since employees there will ultimately play critical roles running the business in the future. So I look forward to hearing Sands explain how she keeps governance moving forward in a unified manner there, with so many cats to herd along.
All that being said, I worry about the pressures on compliance and audit leaders at other companies. On one side, we’ve now had Sarbanes-Oxley compliance as a fact of corporate life for 10 years. CEOs and CFOs—especially those who rose to the top after those first painful years of SOX circa 2005—will be tempted to wonder whether SOX compliance has become enough of a routine process that it can be outsourced or streamlined. On another side, we have the new COSO framework for internal controls bearing down on compliance departments this year, a profound change that could prompt some senior leaders to ask questions about structure and process.
And then there’s always that pesky matter of the economy: good in some ways, not good enough in many others. For too many businesses, cutting costs is still a faster way to hit profit targets than investing in growth. Administration and overhead are always prime targets for cutting, and many CEOs see compliance and audit as administration. How can a compliance officer counter that short-sighted argument? How can you demonstrate the value of an effective compliance operation, and place it within the broader need for good governance? And, yes, when does it make sense to integrate compliance, audit, and other related functions?
If you’ll be in the Dallas area on Nov. 6, drop me a line and let’s get some answers.
No comments yet