As much as compliance officers dream of unlimited staff and funding, the reality is that compliance departments often face the challenge of managing complex global risks with inadequate resources.
A recent Control Risks survey found that 28 percent of large companies with more than 10,000 employees have compliance teams of just one to five people. The statistics are even worse for smaller companies.
But don’t panic. You have more help than you realize.
In the absence of a robust compliance budget, companies need to be creative about enlisting other departments to help manage and monitor compliance. Can the accounting department serve as your eyes? Can internal audit serve as your ears? A small but strong and nimble compliance team with a solid understanding of the company’s risk profile can cascade compliance responsibility throughout the organization by weaving disparate resources into a cooperative and highly effective team.
Below are examples of existing company resources potentially available to augment the compliance function:
Accounting. Train and empower your accounting department to serve as final gatekeepers when it comes to identifying questionable transactions. The accounting function has visibility into all of the company’s transactional activity, and, with proper training, this team is uniquely positioned to identify and escalate potential issues. For most companies, the general compliance training provided to employees across the organization is not sufficiently tailored for this purpose. Accounting employee “gatekeepers” require more function-specific examples and scenarios, covering the variety of transactions they might encounter, as well as the appropriate response to take when an issue arises. Additionally, accounting needs to be put in a position where it is adequately independent from the business, has the authority to challenge transactions, and is given explicit job requirements to do so.
Internal audit. Internal audit conducts regular and independent reviews of company operations; why not incorporate compliance components into routine internal audit work stream? Whether you seek access to accounting data, existing knowledge of internal policies and procedures, or insights into past controls gaps and remediation efforts, the internal audit department already possesses a solid core of information and experience that is valuable to any compliance department looking to enhance its monitoring capabilities. With some customization to work plans and specialized training, internal audit can serve as a key compliance ally.
Procurement. It is no secret that third-party risk management is at the core of any compliance program. Procurement is the one department in an organization that typically serves as a repository and control point for all third-party interactions. Procurement departments need to evolve from performing a purely transactional business function (e.g., obtaining goods at the best possible price) to playing the role of a vital compliance partner. With proper support, such as developing adequate procedures, compliance responsibilities and function-specific compliance training, procurement can serve as a key control point within the organization for the early identification and mitigation of third-party risks. Procurement also can partner with compliance on other related compliance program aspects, such as diligence screening, training and monitoring for third parties.
Technology. Another way to increase your compliance coverage without a significant financial investment is to implement data analytics solutions. From a reactive standpoint, effectively leveraging data can empower compliance departments to efficiently triage and risk assess potential compliance violations, ensuring that investigative resources are being allocated to the highest-risk issues. Proactively, data analytics can serve as a powerful tool for monitoring adherence to company policies and identifying potentially problematic transactions, trends or employee behaviors before these become serious issues.
Data analytics are powerful in theory. In practice, however, compliance departments often face a challenge due to a lack of data skillsets within the team of lawyers, paralegals and compliance experts. As with accounting, internal audit or procurement resources, data analysis employee “experts” often exist elsewhere within the business—for example, those responsible for pricing, operations, sales, marketing or other analysts whose skillsets can be easily adapted for a compliance-related purpose.
The best option is always to obtain additional dedicated resources, but for some compliance officers, this is not a possibility. By creatively leveraging existing internal resources, companies can effectively navigate today’s heightened global risk environment, however modest their compliance budgets may be.
Kiersten Archer is a Director within Controls Risks’ Compliance, Forensics and Intelligence practice in the Americas region. She specializes in bribery and fraud investigations, compliance risk assessments and the development of best-practice anti-corruption compliance programs. She has also worked on global risk assessments, SEC and DOJ enforcement-driven investigations, and monitorships in numerous global jurisdictions.
Paul Dudzinski is a Director within Control Risks’ Compliance, Forensics and Intelligence practice, based in Washington, DC. Paul’s professional experience has focused on complex corporate investigations involving allegations of fraud, corruption, internal controls, and books and records violations. He has conducted engagements in the United States, Asia, Africa, the Middle East, Latin America and Europe.