OCEG (Open Compliance & Ethics Group) has coined the term “principled performance” to convey what happens when governance, risk and compliance are fully integrated. While this applies to corporations, in the end it must permeate the workforce. The translation goes something like this: “As you strive to meet your goals in business, just like in sports competitions, it is important not to lose sight of the rules and, of course, your personal integrity and values.”
In any business, compliance and risk management is really everyone’s concern. Typically a core group of professionals is devoted to ensuring that developing and maintaining adequate internal controls is, and will continue to be, a number one priority. Compliance, audit and risk management staff develop comprehensive programs aimed at testing compliance through such activities as periodic audits, transactional monitoring, detailed regulatory compliance reviews and quarterly compliance surveys.
Compliance and risk management professionals provide assistance when problems are discovered and work with the affected area to develop sustainable solutions through improved policies and procedures where necessary. In addition, it is common for one or more of these corporate staff areas to provide educational resources, such as online training and topical presentations upon request or when significant new legislation is passed. In banking, a good example would be the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
Mind your business
Collective past experience has demonstrated that each and every company employee must make it their business to protect against any internal actions, or system failures, which may result in negative consequences to their customers, the communities they serve, fellow employees, or the institution’s good name. Compliance and risk management cannot be practiced occasionally or strictly in conjunction with certain dates or events. Nor can they happen by accident or as an afterthought to a problem.
Corporate philosophy, simply put, must promote the notion that compliance and risk management is far too critical a job to leave for someone else to do – each and every employee has a vital role to play. Ownership of the compliance/risk management program rests with management at all levels, and the owner of a particular task is the only one who can ensure constant and daily compliance. This holds true whether the particular task is handling SEC filings, assisting a customer on the teller line, reporting quarterly results to the Board or delivering the mail.
Rewards of integrated GRC
Lasting success can only be achieved when compliance and risk management are fully integrated into all levels and aspects of the organization, making it part of every operating unit’s processes and every employee’s daily routine. This will result in early identification, monitoring and control of risk. The key is for corporations to embrace proactive internal controls and risk management philosophy.
A robust enterprise GRC solution provides the means to incorporate compliance and risk management into the way the corporation does business. Once adopted, all of the obvious benefits will materialize (loss reduction, increased efficiency and productivity, etc.) and a firm’s reputation will surely be enhanced relative to government regulatory agencies, bond rating agencies, insurers, customers and shareholders.
*NOTE: Originally published on The Principled Achiever.