Avoiding Silos: Bringing Together the Key Compliance Players
One of my favorite SNL skits from years ago was John Belushi as Henry Kissing, singing “Getting to Know You” with his arms around Menachem Begin and Yasser Arafat – a true classic. The same can be said for the compliance world – “Getting to Know You” is an absolute must for five important corporate functions.
Continuing with my obsession to define an “effective” ethics and compliance program, there are certain prerequisites – or another way to say it, there are certain requirements that if not present, you know you are looking at an ethics and compliance program that is not “effective,” almost by definition.
An effective ethics and compliance program is dependent on collaboration and cooperation among five major functions. Without these five functions working cooperatively, a CCO is facing a real challenge – a missing link, and I don’t’ mean Curly Q Link (one of my personal heroes).
The CCOs’ natural allies and partners are fairly obvious because they are dependent on functions that closely correlate with their operations. Here is the roster of a CCO’s 4 natural partners:
Legal: The General Counsel and the CCO are natural allies, partners in te effort to bring about the goal of an ethics and compliance program: to promote an ethical culture, and to prevent and detect code and legal violations. They should be close working partners in the effort. Legal defines the rules of the road; CCOs put in place systems to manage, monitor and ensure that company actors and partners stay within the lines of the road as defined by the General Counsel.
Internal Audit: The CCO and IA have so much in common and so much to gain from each other. The IA usually conducts risk assessments as part of the IA’s planning process – where should the IA conduct audits? What type of audits should the IA conduct? The CCO is a natural ally to this process and is an important source of information and planning. The CCO may depend on the IA to conduct compliance audits at the same time that the IA conducts a full financial audit – that requires planning, training and close coordination. Further, as the IA learns information from the audit process, the CCO needs to take such information, inform the measurement and monitoring of risks, and use such information to plan improvements to the ethics and compliance program.
Human Resources: A CCO without HR is an empty ethics and compliance program. HR is on the front lines of over 80 percent of complaints received on a hotline, HR manages the entry and exit of employees, including training, certifications, and exit interviews, and HR can provide valuable information on whistleblower issues, identifying potential whistleblowers and their concerns. All of these issues are hot buttons for CCOs, and HR has to play a partnership role with the CCO.
Procurement/Vendors & Suppliers: The supply side of the equation is important as CCOs recognize the importance of managing the company’s supply chain risks. Procurement officials are practical, natural planners and consistent supporters of due diligence requirements for vendors/suppliers. More importantly, they often p[lan a critical role in the onboarding and oversight of invoices from third-party agents, distributors and consultants – as such, they are a frontline manager of third-party risks. They usually create their own due diligence process and are more than happy to modify those inquiries to address specific risks such as corruption, AMP/TPP and other concerns in the supply chain.
Hopefully, at this point you are nodding you head (not to fall asleep but in agreement). On the ground and in the practical world of compliance, everyone knows these players are critical to the ethics and compliance function. These functions, if missing, can be devastating to an ethics and compliance program. Almost by definition, the absence of any one or multiple number of these players means that an ethics and compliance program is suffering from silos.
An ethics and compliance program with silos reflects the absence of collaboration and creates risks that an issue may be missed, which can mushroom into a real compliance threat.