I have always found this to be an
interesting topic. Attorneys believe they understand the law and therefore
should be compliance officers. CPAs believe they understand auditing and
processes and controls and therefore make the best compliance officers.
Operational people believe they understand the workings of the business and can
communicate most effectively and therefore make the best compliance officers.
HR people believe that compliance is basically a people function and therefore,
they are best suited. Who is right?
Obviously, the CPA is. (Full
disclosure, I am a CPA.) Actually, they all are, but this is not a cop out
article. I actually have a proposed solution. Each discipline (and a few more) adds
an important perspective to the compliance solution for an organization. Before
settling on an answer, I would ask yourself two questions.
1.
What are
your organization's most important risks?
Name the top five risks that could imperil your organization from an enterprise
value or legal risk perspective. Don't just focus on the risks that you
understand, are easiest to control or are focused on employee theft or misbehavior.
I find it hilarious how many significant compliance efforts are expended on
employees that expose the organization to relatively little risk of
non-compliance. (I also find it hilarious how many people use the phrase
"compliance risk". Really? The risk is created by complying? You
better try a new plan, then!)
2.
What are
your organization's strengths and weaknesses?
Are you a strong sales organization? If so, I bet your regulatory and legal
function is weak. Are you a strong HR organization? You could be operationally
challenged. Strong accounting and finance function? Weak sales organization.
The most important word I ever learned in economics was TANSTAAFL. This was
taught to me in macroeconomics by a professor by the name of Tony Spiva. It means
"there ain't no such thing as a free lunch". Organizational strengths
in one area typically lead to weaknesses in another.
The compliance officer's background
should be directed at your organization's most important risks and fill the gap
created by your organization's weaknesses. That is the simple first step- but
not the only one. You see, all the aforementioned backgrounds are important to
the compliance function. So it is important for the compliance officer to be
surrounded by complementary skillsets. Have you ever done a DISC profile? This
is a personality study that classifies you as a D (dominant), I (inducement), S
(Submission), and C (Compliance). The point of the exercise is that you are
more effective in accomplishing tasks when you have a diverse team of
personalities working together as opposed to people who think just like you.
The same thing is true on a compliance team. Surround yourself with people who
have the skills that you don't.
Now I am not going to kid you. I
think that the marriage of legal and auditing skills are critical to compliance
success. If you try that combination in a sales-oriented culture without some
sales-oriented compliance professionals, you will surely have a tough time
delivering the message. The tree will fall in the forest, but nobody will be
there to hear it!
To recap, in choosing your CCO,
· Assess organizational risks
· Assess organizational strengths and weaknesses
· Supplement the CCO with a diverse team.
No comments:
Post a Comment