CCOs and Expertise in Risk Management
Chief compliance officers (CCOs) are talented professionals. As Donna Boehme always emphasizes, CCOs are subject matter experts (SMEs) in compliance risks, controls and mitigation. CCOs focus on legal and compliance risks as reflected in an organization’s Code of Conduct, ethical culture and legal requirements. In recognition of their unique role in every organization, CCOs have line of sight across the organization, independence and authority to address ethics and compliance risks.
CCOs are experts in risk management. CCOs know how to assess risks, rank risks, and ultimately mitigate risks. It is this perspective that is unique in corporate governance. So, when it comes to organizational risk management, should CCOs have a seat at the table and offer their unique talents and perspective? I answer this question with a resounding “Yes.” Yet, I fear that CCOs are often cabined or restricted in their talents.
This situation has to change. A company manages numerous risks – business risks, enterprise-wide risks, specific function risks, e.g. manufacturing, safety risks, and many other types of risks. CCOs have to be part of appropriate teams assigned to risk management protocols and operations. This is not a time for Groucho Marx’s famous line – “I would not be part of any club that would have me as a member.” Instead, CCOs have to reach out, offer assistance and perspective. By spreading its influence, CCOs can build valuable relationships that will improve both ethics and compliance and business operations.
CCOs build systems to effectively manage ethics, culture, legal and Code of Conduct risks. These same principles apply to other risk areas. A company that depends on quality assurance or mitigation of safety risks can benefit from a CCO (and his or her staff) who assist in design and implementation of safety controls, monitoring systems and risk mitigation.
I am not advocating that CCOs should take over the world (not a bad idea, however). Instead, I am suggesting that CCOs, with their unique talents and perspective, should play a role in any committee or joint effort to manage an organization’s risks. CCOs already are spread thin and additional responsibilities should be taken on only if CCOs have the time and resources to assist.
A CCO who joins an environmental risk management team is certain to add value to the team’s operations. While the CCO may not be an environmental regulation expert, a CCO can learn the important points relating to environmental risks and mitigation strategies. This is just one example where CCOs know how to apply risk concepts, rank the risks and take steps to mitigate the risks. A CCOs perspective can be invaluable to providing new ideas, approaches and innovative solutions.
One other specific example is the role that CCOs play in an enterprise wide risk assessment. This process usually is conducted annually and involves a broad examination of external and internal risks that can impact the organization. CCOs may play a role in this area but usually only with respect to legal and compliance risks.
Again, CCOs should play a role in this process. CCOs can assist in the project, develop positive relationships with business representatives and reinforce CCOs line of sight across the organization. In fairness, some CCOs already are involved in the ERM process. If not, a CCO should seek to participate in a more meaningful way then just supplying a legal and compliance risk value.
CCOs have a lot to offer organizations and have to leverage their talents to build alliances among key business functions. This is a challenge that is in every CCOs wheelhouse.