No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

How Compliance Can Empower the Business to Manage Risk

Compliance Leaders Must Shift Risk Ownership to Business Units

by Brian Lee
April 1, 2019
in Compliance, Featured, Risk
hand erasing "risk" on a chalkboard

Compliance professionals still “own” too many risks that business units could manage more effectively. Gartner’s Brian Lee discusses one solution: moving ownership of compliance risks closer to their sources.

It’s a time of enormous change for organizations of every type. Gartner’s 2018 survey of CEOs shows that CEOs, who have been focused on growth for years, are now prioritizing firm plans to deliver it — plans that involve IT-related transformation and new corporate structures and cultures.

Over half the CEOs say their organizations are actively engaged in strategic digital transformation efforts. This development has greatly expanded the list of responsibilities (which often require technical expertise) for compliance professionals at a time when there is a notable talent shortage in key areas.

In this context, most compliance functions simply will not have the resources to act as policy enforcers or to identify and manage all the regulations and risks involved in the new digital direction of their organization. Ensuring high levels of compliance in an organization now requires building the right culture and equipping each business unit with the tools and confidence to manage some of its own risks directly.

Clarify Risk Management Roles and Responsibilities

The process of empowering the wider business to take greater ownership of risks begins with establishing a clear understanding of roles and responsibilities. In a 2018 survey of almost 5,000 employees, however, Gartner found a lack of consensus about risk management responsibilities (see Table 1).


Identification of Compliance Risks Assessment of Compliance Risks Mitigation of Compliance Risks
Front-Line Employees 22% 6% 6%
Managers 18% 29% 21%
Compliance Program 17% 26% 25%
Audit Program 5% 8% 10%
Other Assurance Functions 4% 5% 7%
C-Suite 3% 4% 5%
Organization as a Whole 21% 11% 14%
Other/Don’t Know/Not Sure/None 12% 12% 13%

Number of respondents = 4,930
Due to rounding, percentages do not add up to 100% precisely
Source: Gartner 2018 Employee Risk Ownership Assessment Survey

Table 1. Function or Group Primarily Responsible for Risk Management Activities


This survey not only reflects varied approaches to managing risk in different organizations, but also broad uncertainty about who should own and manage compliance risk on a day-to-day basis. To enable the process of shifting more risk responsibility to the wider business, compliance leaders should begin by developing frameworks that identify the individual roles that should be responsible for managing key compliance risks and mitigation efforts and tailoring them to each business unit. Often it is advisable to create a linear chain of responsibility to ensure end-to-end risk mitigation and accountability with fewer stakeholders.

A critical roadblock here is that very few employees are likely to fully embrace owning and mitigating risks that they do not feel prepared to handle. So, going no further than simply clarifying risk ownership, front-line employees tend to revert to a reporting role and push responsibility on to their managers or to compliance staff. And so the original problem recurs – namely that the compliance function is fundamentally under-resourced to directly manage every risk in the business effectively.

Provide Tools and Resources to Enable Ownership

To empower the wider business to own and mitigate business risk, compliance leaders must address the fact that fewer than half the employees surveyed for Gartner’s 2018 employee risk ownership assessment felt they could act on their own to reduce compliance risks without seriously disrupting their work. Moreover, more than half (57 percent) say they cannot easily obtain tools and resources to address compliance risks in their day-to-day work.

Many compliance organizations already provide such tools, but the survey data suggests they are not having the desired effect. This could be for several reasons. They could be too general to be relevant in specific business unit contexts. They may be overly complex and legalistic, which deters use by those without legal expertise. Most likely, though, they are simply prescribing actions for the business to take as opposed to helping the business make decisions about the risks themselves.

To help ensure the compliance team’s efforts are exerting a wide influence on the business, it helps to think in terms of democratizing resources. This means placing the compliance team’s tools, reports and data in the hands of employees to enable them to undertake more complex and nonstandard decision-making. It also involves teaching employees how to manage risks on their own, rather than relying on the compliance team to provide every answer. This means setting up or improving self-service resources and, crucially, making them simpler and more relevant to employees’ day-to-day decisions.

In conclusion, compliance leaders must move away from the role of policy enforcer and instead become more attuned to coordinating business processes to ensure compliance. Rather than continue simply as a function that owns and manages all risks and regulations, the business goal here is to transform the compliance function so that it works in partnership with the business to enable new business strategies. Business units should feel that compliance support for their decisions is “baked into” their everyday processes in ways they understand and can act on.


Previous Post

Institutional Investors Turn Up Pressure on Companies to Embrace Diversity

Next Post

New Tech and Other Tools to Navigate a Changing Regulatory Risk Landscape

Brian Lee

Brian Lee

Brian Lee is an experienced lawyer and Managing Vice President at Gartner, where he leads research focused on turning compliance and privacy departments into high-performing business units. Gartner is a research and advisory company headquartered in Stamford, Connecticut. Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions.

Related Posts

growth what next

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

by Jey Purushotham
January 25, 2023

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

frayed_white

New Year, Same ESG Challenges: Overstretched Boards Face Barrage of Global Regulation

by Helle Bank Jorgensen
January 25, 2023

Global economic uncertainty notwithstanding, 2023 is certain to bring a host of emerging risks for board directors to navigate. One...

doj sign front

4 Practical Tips for Complying With Monaco Memo

by Jennifer Kennedy Park
January 25, 2023

Preparing for expectations under the Monaco memo is easier said than done, but Jennifer Kennedy Park, an expert in white-collar...

Next Post
New Tech and Other Tools to Navigate a Changing Regulatory Risk Landscape

New Tech and Other Tools to Navigate a Changing Regulatory Risk Landscape

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT