Chief compliance officers are always looking for ways to maintain a productive relationship with the board, which isn’t easy considering all the issues both sides are trying to manage in a compressed amount of time. So today we have a podcast and column devoted to the subject.
The podcast is a conversation I had with Joel Katz, a long-time chief ethics and compliance officer who spent the last several months talking with corporate board directors about their relationship with CCOs. You can hear our full conversation (15 minutes long) at the top of this post. I have a few observations of my own, below.
Why address this subject in the first place? Because CCOs and corporate boards both say a strong relationship is important to corporate governance — yet the contours of what that relationship should look like are vague at best.
For example, we have no set of best practices about what CCOs should report to the board. Heck, we don’t even have consensus on which committee of the board CCOs should report into. There is a tremendous range of possible relationships, which means CCOs and boards must work hard to identify the right one for their specific organization.
The question isn’t so much about demonstrating value, because few board directors dismiss the compliance function any longer as unimportant. The question is more about how to find the right structure so that compliance risk in all its forms can be addressed effectively.
So what are board directors thinking about when they ponder these issues? Where can CCOs help them the most?
Board Oversight Ain’t Easy
Most of the board directors Katz met were audit committee members. Most CCOs report to the audit committee. What’s striking is that both sides know this isn’t necessarily the ideal reporting relationship, but it’s the one most organizations have, and that’s not going to change any time soon. So what can compliance officers do to make the most of that relationship?
For example, one audit committee member told Katz that the execution of compliance is “scattered over a million miles” of the enterprise, across many different business functions. “Compliance is big, and it’s not a single-headed monster,” this director said.
That’s a valid point. First, it raises practical challenges about reporting. How would you, the chief compliance officer, actually round up information about ethics and compliance that’s scattered over a million miles of your corporate enterprise? How would you put all that into a concise report that audit committees can digest?
A separate, greater challenge for compliance officers is how you can help audit committees remain focused on the most important issues. Katz talked about that, too. It’s easy for audit committees to wander down rabbit holes of corporate governance, because so many potential issues could distract them — but that comes at the expense of missing the bigger picture.
So how can the compliance officer help the audit committee to understand what is most important for them to know in their oversight role?
For example, it isn’t necessarily important for the audit committee to know how many complaints come into the whistleblower hotline. It’s important for the audit committee to understand how hotline calls are assessed and triaged, so the audit committee has confidence in the escalation procedures the company uses. It’s important for the committee to see trends in calls over time: issues raised, locations of calls, and so forth.
That’s how compliance officers can help audit committees be better overseers of the compliance function, even if the audit committee isn’t a perfect fit. (By the way, several months ago Katz contributed a guest column to Radical Compliance about the pros and cons of establishing a dedicated compliance committee on the board.)
Work on Trust
Another idea that struck me as I listened to Katz: perhaps the CCO’s most important relationship is with the audit committee chair directly, rather than time spent with the audit committee in formal meetings.
After all, when audit committees oversee the compliance function, many of them place compliance as the last item on the agenda — after long, intense review of other financial reporting issues. So everybody’s brain is fried from wading through accounting updates that can run as long as a Russian novel, and compliance doesn’t get the attention it deserves. “It’s a fair point, and a fair criticism of audit committees,” as Katz said.
We can’t even fault audit committees for that dynamic, since financial reporting always had to be their top priority. But they still always want to be aware of a regulatory compliance issue when it truly requires their attention.
So perhaps the best step a compliance officer can take is to cultivate a solid working relationship with the audit committee chair; that is, to build personal familiarity and trust. Then when you do call him or her to say, “Yep, this needs the committee’s attention,” you’ll get it.
The most valuable currency a compliance officer has is the ability to get other executives’ attention — not to write a great report; not to conduct a killer investigation; not even to have top placement on the agenda. Those things can all come to nothing if the board or the C-suite don’t see themselves as partners trying to help the CCO advance your program.
So a sense of partnership and trust, that you can use when it matters, is more important than an extra 15 minutes every quarterly board meeting.
Those are some of my thoughts, and the podcast covers much more. Give it a listen, and then drop me a line at [email protected] to tell me what we got right, what we missed, and what else we should talk about.