Earlier this week I had the privilege of speaking on a webinar about career security for compliance officers these days, given all the tumult of the pandemic this year and of broader business trends that have been affecting the profession for quite some time. There are a lot of hazards ahead for compliance folks but a lot of potential too, so I wanted to rehash some of that webinar here today.
It was a great discussion hosted by MentorCore, a networking group for compliance, cybersecurity, and risk management professionals. The founders Lisa Beth Lentini (former corporate compliance officer) and Dan Ayala (former corporate IT security officer) posted a recording of our conversation free to all; if you’d like to hear the full show, visit their website and have a listen.
Meanwhile, here are further thoughts on some of the big issues we discussed.
Compliance Still Relevant? You Bet
The pandemic spun compliance around, but didn’t knock the profession down. By that I mean that the pandemic has challenged effective compliance and risk management in many ways, and our jobs are more difficult — but the pandemic did not make this profession irrelevant, where our work goes away. On the contrary, the capabilities inherent in an effective compliance program are more important than ever.
For example, one core capability of audit, compliance, and risk management is performing a risk assessment. One risk you want to assess is fraud. Now imagine your company is a maker of plastic components for industrial use — and suddenly the boss switches to making face shields, to sell as PPE to state and local health agencies. The risks around vendor fraud, asset theft, and anti-kickback violations are enormous. How does the audit or compliance officer at that plastics company assess those new risks? What controls do you implement, when those risks might never have existed at the business before?
You see my point: the pandemic has transformed one traditional risk after another, into something that manifests quite differently. So we all feel like we’ve gone through the whirlwind, because we have — but there’s still compliance and risk management work to be done.
The Job Market Is Turbulent
The compliance job market is both brisk and awful at the same time. People ask my observations about the compliance job market all the time, and this is the best answer I can provide. It springs from our first point above: that the field is enduring tremendous economic turbulence right now, even as corporations’ need for compliance and risk management capability keeps increasing.
For example, I know one successful mid-career compliance officer who lost his job in March. He hit the job boards, recruiters, and LinkedIn networks hard, and within three weeks had nine leads on jobs he’d accept — legitimate leads, where the recruiters were calling him back. Those nine leads led to four interviews, which led to two serious recruitment efforts. Four months after he lost his job, he landed a new one as chief legal officer.
Yes, four months out of work feels like forever for the individual with kids, a mortgage, or grocery bills. But four months is not forever for a mid-career professional making $150,000 or more, plus bonus and other incentives. My example’s experience falls within the range of normal, from what I see.
I suspect the career challenges right now are two. First, job seekers need discipline and fortitude for a search that will likely take months. Second, you will need to connect your capabilities to a company’s needs, even if the company uses job descriptions that seem a bit hidebound. (For example, I know healthcare companies where the general counsel doesn’t understand that FCPA compliance and anti-kickback compliance are the same fundamental challenge.) You’ll need to crack those chained beliefs.
Career Evolution Is Coming
Audit, compliance, and risk are all converging. This is the big trend I see that was in motion long before the pandemic emerged, and will remain in motion after the pandemic is gone. This is the trend I’m convinced is real even though I can’t see where it will lead us.
What do I mean? As I say in the MentorCore webinar, the impetus for this trend is coming from the internal audit profession. If you ask board members what they want from audit, they inevitably say that they want better insights into emerging risks; and better use of data analytics to monitor risks and escalate concerning issues more quickly.
Now, internal audit can deliver those things. It can work more closely with business units to understand risks, and use data analytics to build algorithms that monitor those issues. Then audit can leave those risk monitoring algorithms with the business units, who can then manage risks themselves in a more automated, data-driven way.
Consider this, however: audit is helping the business units to monitor their processes, so the business units can identify and intercept aberrant activity. Compliance officers help business units guide employees to follow certain standards of conduct and avoid violations of policy and procedure.
How are those two concepts substantively different? My thesis is that audit and compliance are converging toward some middle ground of much more automated risk management.
Before the pandemic, I’d have said that the two functions will converge sometime in the coming decade. Amid the pandemic, now I wonder whether they’ll converge by, like, next April.
Think about it.