Executives who subscribe to our weekly newsletter know that they can reach us toll-free to help track down governance research and data. Specifically, the phone number provides access to our research department, which exists solely to help our paying subscribers find anything they need: governance policies, cascading certification forms, their institutional investors' proxy voting guidelines, old Harvey Pitt columns, publicly disclosed employment agreements, SOX 404 cost surveys, and a variety of other governance and regulatory minutiae.
So the phone is usually ringing off the hook. And tracking those queries over time has been fascinating.
For example, two years ago, most of the callers were seeking answers to two questions: (1) What are the requirements related to any number of Sarbanes-Oxley mandates? and (2) What are governance and securities experts recommending regarding those same mandates?
In other words: What are we supposed to do, and how do experts recommend we proceed? Clearly, that reflected the fact that the regulatory changes were coming quickly; companies were seeking basic information about the new regulations and their implications.
But that's changing.
Most executives responsible for compliance, governance, ethics and risk know what they have to do at this point, and have in fact already done it.
But one critical piece of the equation is still missing: comparables.
And therein lies the source of most the recent call volume to our research department: comps. Now that policies have been codified, procedures have been implemented, and disclosures have been, well, disclosed, companies want to know what their peers are doing. And they should.
The only problem is that nobody has ubiquitous comparables. Sure, we've got some data at Compliance Week, and there are lots of excellent firms that can run numbers for you, but no one has attempted to truly analyze how the "compliance" function at public companies compares in regard to organizational size, budget, reporting structure, internal control framework adoption, training regimen, program evaluation methodology, and other critical areas.
Until now.
Last month, the Open Compliance and Ethics Group, a nonprofit that is focused on providing universal guidelines for integrated compliance and ethics programs, announced that it would administer an extensive benchmarking study regarding governance, compliance and ethics programs.
Analyzing over 125 attributes, including organizational structure, processes, program metrics, and planning and budgeting information, the survey aims to help companies truly understand how they compare.
Scott Mitchell, the president and CEO of OCEG, recently told me, "Our goal is to really dig into the details of governance, compliance and ethics management—to go way beyond the two-minute and 10-question flash survey."
And I hope they do, because it's desperately needed.
For example, how many non-financial services companies have chief compliance officers, and to whom do they typically report? Are compliance and ethics program objectives typically mapped to organizational objectives?
What "programs," in fact, do most CCOs oversee? Are they glorified ethics trainers, or are they overseeing securities and financial compliance?
These questions aren't just academic: Compliance programs and departments are all over the map. We know that as fact, because we speak with CCOs every week, most of them on-the-record.
For example, Cendant's CCO—who is also the SVP legal—told us he is focused intensely on a company-wide platform dubbed "Business Records and Information Management System."
At Trump Hotels, the compliance chief is a former internal auditor who was "hired solely for the Sarbanes-Oxley review."
Sunoco has a CCO, but it also has a chief governance officer (click here for a Q&A with Sunoco's governance officer)
who reports to the general counsel. The CCO oversees the code of conduct and whistleblower provisions, but there's often overlap. "We play that by ear," says the CGO.
At The Interpublic Group, the whistleblower hotline and even internal audit roll up under the chief risk officer.
At Petco, there's "vice president, internal audit, asset protection and ethics officer."
Ryder's chief compliance and ethics officer is heavily involved in privacy issues, and is a former partner with the labor and employment practice of law firm Morgan, Lewis.
The vice president of corporate compliance at United Parcel Service was most recently the human resources organizational development manager.
And the corporate governance officer at Ingersoll-Rand is responsible for all matters relating to corporate governance, but SOX 404 is not on his plate "in a detailed sense."
Like I said: all over the map.
So what are the comps? Who is responsible for compliance and ethics programs at public companies? How much time do they spend on benchmarking and ROI vs. budgeting and risk assessment? How much money did they spend in 2004, and what will they spend in Œ05? What do their training programs cover? How is the whistleblower hotline being utilized? How much is the CCO being paid?
These are critical questions to answer, as they can help companies understand where they stand, and how they compare. The answers will also help boards make decisions that are better informed on a peer-to-peer basis, and will help institutional investors evaluate programs within the context of industry standards.
And empirically, I know they need to be answered, because we've been getting the calls.
Compliance Week is a partner with the OCEG on this benchmarking study, and—like you—we look forward to seeing the results. To participate or get details, use the link in the box above, right.
No comments yet