Building an effective compliance program can be difficult. As stated in an earlier post, “Knowing you need to create an effective compliance program is one thing. Knowing HOW is entirely another.”
The first element of building an effective compliance program is high level oversight and leadership commitment. In a nutshell, an effective compliance & ethics programs must designate leaders to oversee the implementation and operation of the compliance & ethics program.
There are four critical components need in creating effective high level oversight, they include:
1. Board, Board Audit Committee and CEO – “Tone at the Top”
This concept was best expressed in an article that was originally published in the Online Wall Street Journal Risk and Compliance section on June 7, 2013:
“Never before has the role of board members been so important to organizations and investors. With many boards stretched beyond capacity trying to meet stakeholder needs and compliance requirements, board members must provide strategic leadership, stewardship and governance.
Effective governance requires a proactive, focused state of mind on the part of directors, the CEO and management, all of whom must be committed to business success through maintenance of the highest standards of responsibility and ethics.
2. The Chief Compliance Officer (CCO)
This position is arguably the most in-demand role today; and yet, the most misunderstood. Roy Snell, CEO of SCCE and HCCA was asked by the online Risk and Compliance Journal: “What are the top skills needed to be a good compliance officer?”
Snell: “Because compliance is not about the law, it is about following the law, administrative skills are the most important. Collaboration, negotiation, motivation, communication. Enron, Tyco, Penn State show us we don’t have a problem finding the problems and understanding the law, we have a problem following the law. So, the ability to convince leadership to do the right thing—aka administrative skills—is the skill the greatest compliance professionals have.”
Below is a list of some key roles for the CCO:
- Oversees implementation of the Compliance & Ethics’ Program (C&EP)
- Provides high-level scorecard of annual C&EP performance to Board and Audit Committees
- Internal resource/expert for the compliance program elements and implementation
- Chairs the C&EP Steering Committee
- Promotes the C&EP – awareness is key
- Applies Lean principles to eliminate duplicative audits
3. Compliance & Ethics Steering Committe
The committee is made up of cross-functional senior leaders and is key in driving the following initiatives:
- Promotes & maintains integrity of C&EP
- Key ambassadors to the C&EP
- Provides the resources and owns areas of compliance activity
- Participates in annual enterprise risk assessment
The November 2013 issue of Compliance and Ethics Professional Magazine offers the following best practices when building an effective compliance committee:
- “The compliance committee should have clear, written charter that sets out the functionality, goals, and parameters of the group.
- The CCO should chair a committee of her peers—senior level officers in a position to make decisions and marshal resources.
- The compliance committee should be periodically reviewed for effectiveness and adjusted as necessary to meet the stated goals of the charter.”
~Donna Boehme, Principal of Compliance Strategists LLC and former Chief Compliance and Ethics Officer for two leading multinationals.
The sub-committees support high-risk areas of compliance and are comprised of employees who are SMEs who report to the leaders of the compliance committee. They are responsible for executing the compliance program work plan and helping cast a broader net by engaging and incorporating the program further into operations. Since the sub-committees report to the compliance committee, best practices are to ensure the chairperson or at least one sub-committee member is also on the compliance committee.
An example of a sub-committee is an audit sub-committee that is not only positioned to respond to external audits but also conducts internal audits to support gaps previously identified and/or planning where areas need to be tested.
In our next Compliance Corner blog post, we will take a detailed look at Risk Assessment.