This is Part One of a two-part series on how compliance must present their results to upper management and the board of directors as a return on investment.
Anyone following the mainstream media or subscribing to compliance or risk-management periodicals would be forgiven for thinking that compliance and risk management were top of mind for all boards and senior management at organizations around the world.
Indeed, it seems that almost every day there is a story about a multi-national corporation that has been investigated by a regulator and hit with massive fines and penalties.
These stories are accompanied by press releases denouncing the behavior and announcing a range of initiatives to ensure the corrupt conduct does not occur again, including the hiring of risk and compliance professionals to bolster their in-house teams.
It would seem reasonable to assume that compliance and risk professionals have limitless budgets to help their companies minimize their risks of fraud and corruption. As many of you probably know, the reverse is often true.
Many such professionals have seen their resources curtailed as organizations seek ways to reduce costs and increase returns to shareholders.
That begs the questions — if compliance is so important, why are their budgets being reduced?
In my opinion, the answer to this question is largely due to our inability to demonstrate a return on investment to management.
This is a difficult thing to do, because risk and compliance practitioners are often the victims of their own success.
We develop and implement robust control frameworks that results in low incidences of compliance failures, and thereby little action by regulators or negative press.
When management or the board looks at where costs can be trimmed, they see that there have been no major compliance-related issues, and therefore determine that the organization does not need as many resources in the compliance or risk departments.
It seems that it is only after a major compliance failure that management realizes the error of its ways and then adds more resources to the compliance function in an attempt to please the regulator and the media.
It is therefore important as compliance and risk professionals that we learn to demonstrate a return on investment to management to ensure that our programs are not cut, and that our teams are not sacrificed in the name of short-term financial gains.
Part Two of this discussion will focus on a number of initiatives that have proven successful in demonstrating the value of compliance and risk management to top management, boards and shareholders alike.
Guy Underwood is the executive chairman and founder of the RISQ Group, one of APAC’s leading providers of risk management and employment screening services. He can be reached here.