LaTia C. Maxwell (latia.maxwell@moraeglobal.com) is a Senior Associate at Morae Global in Chicago, Illinois, usa.
In a global survey of more than 1,200 business leaders, 61% said that greater collaboration across functions was the key to reaching their strategic goals, even though more than half of them, 55%, reported working in silos.[1] Enterprise risk management (ERM) and corporate compliance are two silos, in particular, that could be more efficient and effective in their respective fields if they began to take a collaborative approach.
The goal of compliance is to reduce criminal wrongdoing and liability, while ERM looks at the risks associated with the operations of a corporation. Compliance focuses on the law; ERM takes a holistic approach at analyzing risks. Corporations should employ a more collaborative approach between ERM and compliance to reduce the gaps that may lead to criminal liability. By using ERM and corporate compliance in a checks-and-balances model, organizations can begin to reduce some of these gaps.
The case for collaboration
No company is immune from some form of crisis. In most organizations, however, the regulatory processes are siloed, leading to inefficiencies. ERM’s purpose is to find these inefficiencies across all risk areas and help assess the risk. ERM, however, seeks only one part of an effective program,[2] while the culture of the company must also be considered.
A compliance program also assists an organization in managing risks. An efficient compliance program collects data on liability and misconduct that can be analyzed to determine and identify risks to the organization. Knowing the risks firsthand helps organizations determine the amount of liability the company would assume with such risk and how it affects the company and its intrinsic value.
With siloed programs, the organization’s effectiveness lessens because its departments are not communicating with the others on its findings as it relates to risk, compliance, and ethics. So organizations must ask themselves, how truly effective is their compliance program and its risk-mitigation efforts if the components of the program are scattered and siloed? Do siloed programs duplicate efforts, which could be avoided altogether via collaboration?
ERM and compliance are both needed to have an effective, efficient risk management program. While ERM gets a closer look at monitoring and assessing the possibility of risk, how it affects the corporation, and how it should be handled, this same risk can also be looked at from a compliance point of view: How does the existing compliance program handle the risks identified? Does the risk impose additional threats to other sides of the organization, and how does that look? Finding opportunities for collaboration may increase the protection for the organization and improve its ethical culture by demonstrating both interdepartmental cohesiveness and the overarching goal of protecting the organization.
Despite this, there is ongoing argument over whether departmentalizing ERM and compliance is a solution. Some believe that keeping them siloed helps to alleviate any conflict or blurring of lines between a compliance officer and general counsel.[3] The argument for keeping them separate is that each department will have autonomy in their reporting and ability to detect any issues or misconduct within the organization. Another fear is that collaboration would lead to misunderstandings regarding the teams’ actual roles and responsibilities.
But research shows that there is a strong need for more collaboration, transparency, and open dialogue in the workplace:
-
39% of employees within a surveyed group believe that there isn’t enough collaboration between people in their organization.
-
86% of polled executives and employees blame a lack of collaboration or bad communication for team problems and failures.
-
Less than 50% of respondents thought their organizations effectively and honestly discussed issues with employees.[4]
Too much separation between departments hurts productivity, profitability, and interoffice cohesion.[5] ERM and compliance can each run their departments with autonomy but still collaborate on their findings to decrease inefficiencies, reduce redundancy, and close gaps that one or the other may not be aware of otherwise. That is to say, silos can still exist to some extent while demonstrating collaboration without blurring the lines and overstepping into the jurisdiction of the other department. Collaboration is not about merging the two departments, but simply having open communication about efforts and outcomes.
Supporters of keeping the departments as silos view collaboration as negative and as a risk itself,[6] so for collaboration to work, one key step is to view collaboration more positively. If the departments must remain siloed, organizations may want to consider creating a middle ground review team that serves as an independent body and includes people who have a thorough understanding of both ERM and compliance.
After each risk assessment, the compliance team can identify the risk against the current compliance standards and adjust accordingly. A thorough look at the pain points of an organization can help determine where ERM and compliance overlap and, to reduce redundancy, encourage a regular cadence between managers of both departments to discuss what they are working on.