Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

CCOs Take Note: It’s the Culture, Stupid

by Michael Volkov
July 21, 2014
in Governance
CCOs Take Note: It’s the Culture, Stupid

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.

If CCOs are really ready to take the reins and assume a real role in the C-Suite, they need to develop more mature measurements and reports for senior management and the Board of Directors. We have all seen the color-coded reports with bar charts on numbers and types of complaints and number of managers and employees who have been trained, certified or taken a blood oath to the code of conduct.

All of this is well and good, but it is time for CCOs to wake up and ask themselves some important questions about their role and what they are doing. Let me see if I can help.

What is the most important “asset” the CCO is responsible for?

If you do not get it yet, try this multiple-choice question:

What is the most effective strategy to reduce ethics and compliance risks?

  1. Fear
  2. Begging
  3. Creating a culture of ethics and compliance
  4. None of the above

I am sorry to use sarcasm, but the point should be clear. The most important responsibility of an ethics and compliance officer is to create and/or manage the company’s culture of ethics. I know this seems obvious, but for some reason CCOs are happier measuring things that are tangible, and they love multicolored presentations.

The time for change is now. CCOs need to change the focus of their presentations and message. CCOs should always start with two categories of information.

First, the CCO should report on the company’s culture and message. They need to report on an annual culture survey. If an annual enterprise-wide survey has not been conducted, they need to conduct targeted surveys that measure culture in specific offices, regions, units or even third parties.  A CCO should have at least one measure of culture to report to senior management and the Board for each quarter.

CCOs have to get creative here and monitor and report on the state of the company’s culture. If the message is getting through, senior management and the Board have to know. If the message is not getting through, then senior management and the Board needs to know that immediately.

Depending on the survey results, together the CCO, senior management and the Board have to decide how to improve the company’s culture and how to make sure the message is being communicated.

Second, the CCO has to report on significant risks and how those risks are being addressed. Depending on the business, the CCO may be responsible for several functions, including: (1) internal investigations, (2) third-party management and (3) ethics and compliance program auditing.

Given these responsibilities, CCOs need to inform senior management and the Board about the ongoing internal investigations and a specific report on those significant investigations that may warrant senior management and/or Board attention.

In addition, CCOs need to keep senior management and the Board informed of third-party risk management and how the CCO is mitigating such risks. This discussion should be kept very general and only require specific explanations for serious problems or risks.

Finally, the CCO has to bring to the Board’s attention any significant auditing results or patterns and practices that may warrant senior management and/or Board attention.

After a CCO finishes reporting on those three categories of information, then (and only then) would I recommend that a CCO report on the company’s complaint profile, with a special focus on specific trends by region, business units or products or services. Too often a macro review of complaints is worthless to assessing the compliance function.

Only after all of this is reported can the CCO talk about the number of managers and employees who have been trained or who need to be trained. I do not mean to diminish the importance of training, but there are more important issues that need to be discussed.

Whew! I feel much better getting this off my chest. I thought we were all on the same page and I was shocked to learn that CCOs have been sticking to the old reporting pattern of colored charts and bar graphs reflecting a strategy that can only be described as “measuring what is easy to measure.”


Tags: corporate governance
Previous Post

No Sex Please, We’re British: More from GSK in China

Next Post

LRN 306 – Planning Ahead: Building Strong Ethics & Compliance Programs for the Future

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

green plant growing on glass jar with coins

The Rise of ESG In Response to Investor Demand

February 19, 2021
illustration of executive standing center stage with team in silhouette behind him

COVID-19: Navigating the “CEO Moment”

January 13, 2021
clipboard with silver bow and new year's resolutions list on blue background

New Year’s Resolutions for the Board in 2021

January 11, 2021
PwC: Board Effectiveness – A Survey of the C-Suite

PwC: Board Effectiveness – A Survey of the C-Suite

December 28, 2020
Next Post
LRN 306 – Planning Ahead: Building Strong Ethics & Compliance Programs for the Future

LRN 306 - Planning Ahead: Building Strong Ethics & Compliance Programs for the Future

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights