Benchmarking compliance efforts among companies has been one of the more prized, if elusive, ideas in corporate governance circles in the last several years. Now one professional association has shed some light on the subject.
The nonprofit Open Compliance & Ethics Group has released key findings of its 2005 Benchmarking Study, based on responses from 79 companies, including more than a dozen of the Fortune 50. Among the highlights: most companies’ compliance programs are new, most compliance programs aren’t cheap, and smaller companies outpace larger rivals at putting compliance efforts under executive rather than board control.
Just more than half of all respondents, 54 percent, said they implemented their compliance and ethics programs within the last five years. A whopping 82 percent of large corporations (those having 10,000 or more employees or more than $1 billion in annual revenue) said oversight is done by a compliance committee or some other board committee, but smaller corporations had a 50-50 split between oversight by a board committee or by an executive team. Companies reported having an average of 46 full-time employees in their compliance and ethics departments, but that number is misleading: the average at large companies is 82.1 employees, but at medium and smaller companies, the number is less than five.
Of 59 companies that responded to budget questions, the average spent on total compliance and ethics processes—including Sarbanes-Oxley, employment, safety, anti-corruption, ethics, and so forth—was about $5.8 million for every $1 billion in revenues, according to OCEG. But Chairman and Chief Executive Officer Scott Mitchell says that estimate is actually low. “Since we completed the survey, we’re revising that number upward to about $10 million per billion,” Mitchell said. “When you really look at companies’ financials, that number is higher.”
Mitchell
That’s because companies often have compliance-related costs in other areas of their business that don’t get picked up as compliance costs on first glance. For example, Mitchell says, pharmaceutical companies may have “an army” of compliance people in their sales and manufacturing functions.
Mitchell notes that SOX and financial-reporting compliance is really just “the tip of the iceberg” in costs. SOX costs are typically $1 million per $1 billion in revenue. When compared with the total cost of compliance, “While SOX is a headache … it is really only 10 percent of the total headache,” he says.
When asked if their entity suffered reputational damage in the past five years as a result of a compliance or ethics-related matter, 51 percent of companies polled said no. Among the 49 percent that answered yes, 18 percent said the reputational damage wasn’t very visible to the public (say, a government investigation was disclosed, but not generally known outside of the industry), while 16 percent said it was highly visible (problems where the organization or its executives ended up on the front page of the newspaper).
No company with a program in place for 10 years or more experienced highly visible reputational damage in the last five years, which OCEG says is a testament to the important impact the programs can have over time.
Best Practices
Based on the results of the survey, OCEG identified key trends and best practices related to compliance and ethics programs. A summary document has been made available to Compliance Week subscribers, courtesy of OCEG (see box above, right), but some of the key findings include:
Crisis Can Help The Cause.
Despite the unpleasant consequences of bad news, companies that experienced reputational damage in the past consider themselves much further along in the maturity of their compliance programs relative to their peers, today and in the future. While no company wants to experience reputational damage, OCEG says, companies that do appear to install superior programs to their peers and seem to have a higher level of future expectations for their programs.
Pay Now Or Pay Later?
Companies that have experienced reputational damage also invest three times more than their non-damaged peers in specific compliance and ethics processes. Those companies are “certainly more likely to spend more on outside counsel,” the OCEG report notes, and allocations for external legal fees at those companies increase from 28 percent to 39 percent. However, those companies don’t significantly increase—and some may decrease—other budgets associated with compliance, such as internal and external audit and internal legal budgets.
Shifting From Rules To Values.
Compliance programs are becoming more proactive and values-based, allowing companies to prevent violations before they become a crisis, OCEG notes. Most companies rate their program’s style as more reactive and rules-based, focusing more on controlling business activity to ensure it operates within legal and voluntary boundaries, and rooting out violations and their perpetrators. But, as they develop their program’s style, companies say they intend to move towards a values-based program, focused more on the principles behind rules and regulations as well as intended outcomes.
Emphasis On Skills Training.
To make their programs more proactive, OCEG says companies must provide training that focuses on more proactive disciplines. The vast majority of training for those charged with responsibility for the programs still revolves around legal compliance and reactive disciplines. Training tends to focus on areas such as Federal Sentencing Guidelines, internal audit, internal control and investigations. To move towards more proactive programs, OCEG says companies should emphasize skills such as strategy development and measurement; communications and change management; human capital management; quality management; compensation and incentives; fraud prevention; and corporate reputation-building.
Explicit Objectives = Greater Benefits.
Companies that set explicit objectives for their programs rate the benefits of those programs more highly and ascribe to them more importance than companies that don’t. OCEG says a clear incentive exists for companies to set objectives for their programs: Companies with stated objectives consider their programs 15 percent more beneficial, on average. The top-rated benefit is compliance with the law, followed by ethical culture, better reputation and loss avoidance or prevention. Still, 21 of the companies don’t explicitly state objectives for their program. While more than 80 percent of large companies set objectives, 44 percent of small ones don’t.
Collaborate And Realize More Value.
Companies can realize additional benefits and performance, OCEG says, by integrating their programs with other aspects of the enterprise and by forging good working relationships between the program and other business functions or processes. According to the findings, frequent interaction between the compliance and ethics programs and the other departments produces a program 16 percent more beneficial overall. Special attention should be given to the relationship between the compliance program and the department in charge of business strategy, since developing a productive relationship with that department generates a program that’s 24 percent more beneficial overall. By taking a “big picture” view of governance, risk management, compliance and ethics across the enterprise, Mitchell says, “organizations have an opportunity to turn an efficiency in one regulatory area and have it multiplied by 10 across the enterprise.”
Related resources and coverage—including a summary of the OCEG survey, made available exclusively to Compliance Week subscribers—can be found in the box above, right.
Editor's Note: The Open Compliance and Ethics Group is co-hosting Compliance Week's next governance symposium, to be held in Washington, D.C., June 7-9. The complete OCEG survey, which costs $495, will be made available for free to conference attendees. Click here for conference details on the event, which is sponsored by Deloitte and Touche, and the law firm of McKenna Long & Aldridge.
No comments yet