Chief Compliance Officers can add value to their organizations in many ways — but are they at liberty to do so? Michael Volkov suggests it’s time to give these multi-talented professionals more room to roam.
Chief compliance officers are talented professionals. As Donna Boehme always emphasizes, CCOs are subject matter experts in compliance risks, controls and mitigation. They focus on legal and compliance risks as reflected in an organization’s code of conduct, ethical culture and legal requirements. In recognition of their unique role in every organization, CCOs have line of sight across the organization, independence and authority to address ethics and compliance risks.
CCOs are experts in risk management. They know how to assess risks, rank risks and ultimately mitigate risks. It is this perspective that is unique in corporate governance. So, when it comes to organizational risk management, should CCOs have a seat at the table and offer their unique talents and perspective? I answer this question with a resounding “yes,” yet I fear that CCOs are often cabined or restricted in their talents.
Why CCOs Need a Seat at the Table
This situation has to change. A company manages numerous risks – business risks, enterprise-wide risks, specific function risks (e.g., manufacturing and safety risks) and many other varieties. CCOs have to be part of appropriate teams assigned to risk management protocols and operations. This is not a time for Groucho Marx’s famous line, “I would not be part of any club that would have me as a member.” Instead, these officers have to reach out to offer assistance and perspective. By spreading their influence, CCOs can build valuable relationships that will improve ethics, compliance and business operations.
CCOs build systems to effectively manage ethics, culture, legal and code-of-conduct risks. These same principles apply to other risk areas as well. A company that depends on quality assurance or mitigation of safety risks can benefit from a CCO (and his or her staff) who assist in designing and implementing safety controls, monitoring systems and risk mitigation.
I am not advocating that CCOs should take over the world (not a bad idea, however). Instead, I am suggesting that CCOs, with their unique talents and perspective, should play a role in any committee or joint effort to manage an organization’s risks. That said, CCOs already are spread thin, and additional responsibilities should be taken on only if they have the time and resources to assist.
A CCO who joins an environmental risk management team is certain to add value to the team’s operations. While the CCO may not be an environmental regulation expert, they can learn the important points relating to environmental risks and mitigation strategies. This is just one example where CCOs know how to apply risk concepts, rank the risks and take steps to mitigate the risks. Their perspective can be invaluable to providing new ideas, approaches and innovative solutions.
One other specific example is the role CCOs play in an enterprise-wide risk assessment. This process usually is conducted annually and involves a broad examination of external and internal risks that can impact the organization. (CCOs may play a role in this area, but usually only with respect to legal and compliance risks.) Again, CCOs should play a role in this process. CCOs can assist in the project, develop positive relationships with business representatives and reinforce the CCO’s line of sight across the organization. In fairness, some CCOs already are involved in the ERM process. When that’s not the case, the CCO should seek to participate in a more meaningful way then just supplying a legal and compliance risk value.
CCOs have a lot to offer organizations and have to leverage their talents to build alliances among key business functions. This is a challenge that is in every CCO’s wheelhouse.
This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.