Enterprise risk management and corporate compliance work better together

LaTia C. Maxwell

LaTia C. Maxwell

By LaTia C. Maxwell

LaTia C. Maxwell (latia.maxwell@moraeglobal.com) is a Senior Associate at Morae Global in Chicago, Illinois, usa.

In a global survey of more than 1,200 business leaders, 61% said that greater collaboration across functions was the key to reaching their strategic goals, even though more than half of them, 55%, reported working in silos.[1] Enterprise risk management (ERM) and corporate compliance are two silos, in particular, that could be more efficient and effective in their respective fields if they began to take a collaborative approach.

The goal of compliance is to reduce criminal wrongdoing and liability, while ERM looks at the risks associated with the operations of a corporation. Compliance focuses on the law; ERM takes a holistic approach at analyzing risks. Corporations should employ a more collaborative approach between ERM and compliance to reduce the gaps that may lead to criminal liability. By using ERM and corporate compliance in a checks-and-balances model, organizations can begin to reduce some of these gaps.

The case for collaboration

No company is immune from some form of crisis. In most organizations, however, the regulatory processes are siloed, leading to inefficiencies. ERM’s purpose is to find these inefficiencies across all risk areas and help assess the risk. ERM, however, seeks only one part of an effective program,[2] while the culture of the company must also be considered.

A compliance program also assists an organization in managing risks. An efficient compliance program collects data on liability and misconduct that can be analyzed to determine and identify risks to the organization. Knowing the risks firsthand helps organizations determine the amount of liability the company would assume with such risk and how it affects the company and its intrinsic value.

With siloed programs, the organization’s effectiveness lessens because its departments are not communicating with the others on its findings as it relates to risk, compliance, and ethics. So organizations must ask themselves, how truly effective is their compliance program and its risk-mitigation efforts if the components of the program are scattered and siloed? Do siloed programs duplicate efforts, which could be avoided altogether via collaboration?

ERM and compliance are both needed to have an effective, efficient risk management program. While ERM gets a closer look at monitoring and assessing the possibility of risk, how it affects the corporation, and how it should be handled, this same risk can also be looked at from a compliance point of view: How does the existing compliance program handle the risks identified? Does the risk impose additional threats to other sides of the organization, and how does that look? Finding opportunities for collaboration may increase the protection for the organization and improve its ethical culture by demonstrating both interdepartmental cohesiveness and the overarching goal of protecting the organization.

Despite this, there is ongoing argument over whether departmentalizing ERM and compliance is a solution. Some believe that keeping them siloed helps to alleviate any conflict or blurring of lines between a compliance officer and general counsel.[3] The argument for keeping them separate is that each department will have autonomy in their reporting and ability to detect any issues or misconduct within the organization. Another fear is that collaboration would lead to misunderstandings regarding the teams’ actual roles and responsibilities.

But research shows that there is a strong need for more collaboration, transparency, and open dialogue in the workplace:

  • 39% of employees within a surveyed group believe that there isn’t enough collaboration between people in their organization.

  • 86% of polled executives and employees blame a lack of collaboration or bad communication for team problems and failures.

  • Less than 50% of respondents thought their organizations effectively and honestly discussed issues with employees.[4]

Too much separation between departments hurts productivity, profitability, and interoffice cohesion.[5] ERM and compliance can each run their departments with autonomy but still collaborate on their findings to decrease inefficiencies, reduce redundancy, and close gaps that one or the other may not be aware of otherwise. That is to say, silos can still exist to some extent while demonstrating collaboration without blurring the lines and overstepping into the jurisdiction of the other department. Collaboration is not about merging the two departments, but simply having open communication about efforts and outcomes.

Supporters of keeping the departments as silos view collaboration as negative and as a risk itself,[6] so for collaboration to work, one key step is to view collaboration more positively. If the departments must remain siloed, organizations may want to consider creating a middle ground review team that serves as an independent body and includes people who have a thorough understanding of both ERM and compliance.

After each risk assessment, the compliance team can identify the risk against the current compliance standards and adjust accordingly. A thorough look at the pain points of an organization can help determine where ERM and compliance overlap and, to reduce redundancy, encourage a regular cadence between managers of both departments to discuss what they are working on.

This document is only available to members. Please log in or become a member.
Become a Member Login
 

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings