No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The CCO’s Role Keeps Expanding. These 4 Models Can Help Bring Order to the Chaos.

CCOs Have Never Been a Greater Asset to their Organizations, and They Have Never Had More on Their Plate.

by Chris Audet
September 28, 2021
in Compliance
Piles of paper clips illustrate concepts of order and chaos.

Analytics or automation alone don’t stand a chance of helping any CCO deal with every challenge they face. In a business world filled with growing demands, these leaders need to personify no fewer than four different models, or postures, argues Chris Audet.

Chief Compliance Officers (CCOs) can be forgiven for feeling as if they are being pulled in multiple directions at once. Their checklists have expanded in every direction, from new and evolving regulatory requirements, to business model transformation, enforcing health and safety protocols and monitoring ESG metrics while maintaining a strong corporate culture in oftentimes 100 percent virtual settings.

The solutions up to this point have pointed in the correct direction, but they are often myopic or one-dimensional. We frequently hear that CCOs must work to gain more business influence. We also hear that CCOs need to not only be technologically fluent, but also champion analytics. While these singular solutions are helpful, they are far from comprehensive. And when reviewing the varied number of demands on the CCO’s office, it was never likely that one singular posture or area of focus would be enough to meet them.

In some recent Gartner research, we started with the basic idea that the CCO would need to play more than one role in the organization. Which role would depend on the stakeholder they are engaging with, the technical nature of the challenge or threat and the communication style needed to effectively deliver durable corporate policy.

Below we’ll look at why an expanded and empowered CCO is more important than ever before, the current climate of corporate culture in the pandemic era and the new and varied challenges the CCO’s office is facing. Finally, we’ll outline the four models, or postures, the modern CCO must assume in managing today’s compliance mandate.

A Culture of Compliance (Under Threat)

Before assessing the new responsibilities facing the CCO and their team, we should look at what stakeholders have always expected from the CCO role: leading and maintaining a strong culture of compliance. Gartner survey data shows that 86 percent of business leaders expect the CCO to drive a strong corporate culture.

This has never been more challenging for CCOs amid a dislocation in the physical workforce that makes promoting a culture of integrity from the top all the more difficult. New and different kinds of employee misconduct may proliferate in a full-time remote work setting, while benchmarking annual performance in the shadow of the pandemic makes consistent metrics reporting all the more challenging.

“We frequently hear that CCOs must work to gain more business influence. We also hear that CCOs need to not only be technologically fluent, but also champion analytics. While these singular solutions are helpful, they are far from comprehensive. And when reviewing the varied number of demands on the CCO’s office, it was never likely that one singular posture or area of focus would be enough to meet them.”

This foundational role has become even more critical as the costs of noncompliance have risen. Just in the month of September, we have seen the second largest GDPR fine levied in history, with a potential price tag of more than $265 million. In the U.S., it seems clear that new regime changes at the SEC, FTC and other regulatory bodies will shift toward a more aggressive regulatory posture, as well as increasing state-oriented regulations such as the CCPA.

And data privacy is just one of the many spheres CCOs are asked to monitor. It is not hyperbole to state that the CCO has never been more important to overall corporate success and maintaining (or in some cases, rebuilding) a strong culture of compliance.

The New Compliance Mandate

Quite aside from the pandemic-related challenges of prolonged business model disruption, hybrid working, vaccine mandates and huge employee attrition, CCOs are also being tasked with improving how they deliver guidance to the business. As the number of regulatory, risk and embedded compliance challenges proliferate, so has the amount of associated assurance functions and reporting. Perhaps the highest level of risk for a COO today comes from “compliance fatigue” among stakeholders and front-line employees.

The CCO is increasingly tasked with leading an “aligned assurance” function, where compliance, audit, ERM and other assurance functions have clear lines of ownership and communication to better streamline and elevate the most important organizational risk information up to the C-suite and board in a timely fashion. Beyond simply coordinating within the assurance functions, CCOs also need to communicate with business leaders of all kinds, who may have differing views on the importance of a particular risk factor of new initiative.

The role itself is also expanding: CCOs are now also expected to manage the next generation of organizational mandates, including ESG, CSR and DEI initiatives, which organizations are increasingly evaluated on by investors, the media and their own diverse set of stakeholders.

Perhaps these challenges and new responsibilities would be more manageable if compliance was expecting a commensurate raise in resources. Unfortunately, according to Gartner’s latest compliance spend data, this is not the case. Spending on compliance appears to have plateaued in 2020, with the median headcount for full-time compliance staff actually decreasing between 2017 and 2020 from 12 full-time employees to 10.

The Multifaceted CCO

With growing challenges materializing from all directions and resourcing flat or even declining, it’s no wonder that a CCO can’t be great at just one facet of their role. Increasingly technological capabilities, while important in meeting the challenge, cannot alone fill all the gaps. The CCO must sharpen their skills in advocating for additional resources from the business, be a master communicator both within and beyond the assurance functions and continue to find creative ways to steward culture and ethics in an unusual environment that may never fully return to what they previously appreciated as “normal.”

Therefore, Gartner has introduced a new framework for the modern CCO that incorporates and helps them visualize four main roles embedded in their position. Depending on the business context, a CCO will likely feel comfortable aligning to one of these models, but they must be aware of the need to “flex” among the other three when the situation arises.

These flexible roles provide the CCO with the best chance of being able to meet the challenges coming from a variety of different and essential business contexts:

The “Strategic Business Advisor” CCO

This CCO model focuses on providing compliance advice that influences and strengthens an organization’s strategic direction. This type of CCO seeks out a clear understanding of business objectives, proactively advises leadership on compliance risks associated with business growth and provides their own guidance based on clear metrics that will influence an organization’s strategic direction. Organizations rely on this type of CCO when going through business model changes, launching a digital transformation or entering new markets.

The “Culture and Ethics Steward” CCO

This CCO model promotes a strong corporate compliance culture to build shared accountability and influence business direction. Specifically, these CCOs focus on reinforcing the organization’s culture in a changing environment and creating policies and communications that maximize transparency and minimize employee misconduct. This has been most critical in organizations facing rapid change and is especially pertinent to newly hybrid or fully remote work environments.

The “Tech and Analytics Champion” CCO

This CCO model focuses on supporting technology initiatives to improve risk mitigation outcomes and functional effectiveness and promote technical skills development function-wide. This model emphasizes a growing adoption of analytics, automation and artificial intelligence (AI) to augment the capabilities of their staff. This type of CCO recognizes an opportunity to provide complementary risk information within organizations that rely on data to understand potential risk trends and implement new risk management initiatives. This is also a critical role for CCOs to assume when faced with resource-pressed staff or who face the need to do more with less.

The “Aligned Assurance” CCO

This working model focuses on establishing strong partnerships throughout assurance functions with clearly enumerated risk ownership, accountability and reporting roles. While operating in this role, the CCO addresses concerns related to “stakeholder assurance fatigue” and allows for a comprehensive and consolidated view of risks that threaten the organization. This role is most pertinent in organizations that have siloed assurance functions that run multiple reports.

Conclusion

There is no way to sugarcoat the challenges faced by CCOs at a time when they have never been more important to the health of an organization and its culture. By reevaluating their mandate and embracing the need to pivot among different roles depending on the context with which they are faced, the CCO has a fighting chance to meet today’s demands.


Previous Post

The European Union Digital Services Act – Are You in Scope?

Next Post

LogicGate Introduces Risk Cloud Quantify to Put Assessments in Terms of Real Dollars

Chris Audet

Chris Audet

Chris Audet is a Senior Research Director within Gartner’s Assurance Practice. He is an experienced researcher and advisor across legal and compliance leader initiatives. In his current role, he is the primary research director for compliance leaders, covering topics that include compliance program management, corporate ethics and integrity culture and risk management. Prior to joining Gartner, Chris served general counsel and in-house legal departments in the legal resources department and large law department of the Association of Corporate Counsel.

Related Posts

risk reporting concepts

The ‘So What?’ Problem With Board Risk Reporting

by Jim DeLoach
June 24, 2025

10 modern principles for transforming risk communication from compliance exercise to strategic dialogue in uncertain times

board of directors meeting table

Before You Say Yes to That Board Seat: A Director’s Due Diligence Checklist

by Chase Cole and Sidney Edgar
June 24, 2025

Public company directors face scrutiny from Wall Street, Congress, the SEC and beyond — comprehensive preparation is essential for business...

slippery slope ice mountain

The Slippery Slope & Your Culture of Integrity

by Mary Shirley
June 23, 2025

Small transgressions and unanswered questions create pathways to major misconduct — and compliance teams need strategies beyond punishment

low battery on iphone warning

Ethics Fatigue: The Burnout That’s Putting Your Organization at Risk

by Nick Gallo
June 20, 2025

The psychology behind why ethics professionals are exhausted and what companies risk when they let it go unchecked

Next Post
cloud with ladder to it and caution sign symbol

LogicGate Introduces Risk Cloud Quantify to Put Assessments in Terms of Real Dollars

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights