Your Risk Management Magazine
Risk management in practice: nailing compliance

Font size : + -

email print

Some companies only consider visible compliance initiatives, such as monitoring: big mistake, says Dr Len Gainsford, who provides some insights from doctoral research into regulatory compliance, compliance gaps and compliance cultureWhile most businesses aim to be profitable over time, it seems to be common ground that all business organisations need to be compliant with the law. Compliance should not be an afterthought. In areas such as occupational health and safety, the environment or taxation, compliance is a beneficial and some would say a “visible” part of the day-to-day functioning of business entities. “Deeper” benefits, which are additional to “visible” benefits, are less obvious.

Deeper benefits draw upon the values, ethical beliefs and belief systems of individuals and are achieved by directors and employees who realise that a compliant organisation is a more confident organisation. From a “deeper” perspective it is arguable that organisations are more confident, comply better and are more culturally enriched through shared director and employee learnings and understandings of compliance statements.

Stakeholders, too, may detect these “deeper”aspects of compliance in an organisation. A generally recognised business objective is to realise opportunities and to reward stakeholders for their support and involvement. Published materials from stockbrokers, ratings agencies and advisors suggest a positive feeling or up-beat mood within organisations (such as publicly listed companies) that seek to be compliant.

Such a feeling or up-beat mood may lead to outward signs of new or improved shorter-term commercial activity which is endorsed by investors and other stakeholders.

On the other hand, some business leaders see only costs and not benefits from compliance. Compliance is not seen as integral to a business. Rather, compliance becomes an additional or discretionary activity to be bolted on to meet separate but related goals such as doing the right thing or being seen to do the right thing. Any up-beat mood resulting from being compliant is largely lost to these organisations because they do not benefit from compliance being part of business performance.

Another strategy may be not whether compliance is an alternative to business performance but rather how compliance can best be used to strengthen that performance. Counter-intuitively, the more compliance bolt ons there are to business performance, the less company directors and employees are encouraged to take compliance into their own everyday performance behaviours.

It costs money to bolt on processes such as more employee monitoring or more frequent certification to improve compliance. There are many steps along the way, but when company boards and employees accept that compliance is something they need to do instinctively, they will then be able to focus on their principal responsibilities and to perform better.

The basics of language and expression used in compliance statements such as the Code of Conduct, the Code of Ethical Behaviour, the OH&S or environmental statements shown in a company annual report need to be addressed.

Most organisations need to improve the wording in these statements to further encourage director and employee behaviour and help close the “compliance gap” differences between expectations set out in compliance statements and compliance behaviour.

Entities best positioned for change seem to follow not only the short-term methods of adaptation, but also to use the “deeper” aspects of personal values and business-based ethics to produce longer-term evolutionary change in organisational structures. With a focus on longer-term compliance, such entities appear to promote sustainability through evolutionary change in preference to a succession of adaptive change steps.

Lessons learned for individuals in business entities contemplating evolutionary change are as follows. Simple and well written compliance statements, regularly tested for meaning and understanding are beneficial; organisations should involve stakeholders (such as contractors) in writing compliance statements and in addressing compliance gaps over time; compliance statements must directly reflect the values and business-based ethics of directors and employees; and the present state of organisational compliance and a state of readiness for change should be assessed and measured.

What can a business organisation do to become compliant while pursuing a commercially successful strategy? The answer is simple – the basics of language and expression used in compliance statements need to be addressed. There are five quick and easy steps to take to produce immediate benefits.

Step one is to take a quick census of the type and number of organisational compliance statements such as the Code of Conduct, the Code of Ethical Behaviour, the OH&S or Environmental statements shown in a company annual report.

This may require some forethought and planning by directors and employees to find all the relevant statements in the narrative to company reports. To narrow down the field, a good question to ask concerns the organisational policies and procedures that directors and employees actually look to when making decisions on compliance.

Have compliance statements been duly authorised by organisational leadership? How up to date are they? Have they been recently reviewed? How recently? Is it really the statements in the annual report or is it something else which is more usable, lying in hard copy on the employee’s desk or two clicks away on the company intranet? Are there other organisational compliance statements that say the same thing or are there some which seem to contradict each other? How have the relevant statements changed over time, if at all? Do employees discuss compliance statements with each other? If so, is there agreement reached or are employees left to find their own interpretations?

Step two is to understand and adjust the language and expression in compliance statements.

Ten continuous tasks here are: discover what the organisation intends to do with its compliance; express that intention in clearly enunciated words; make sure the words are correctly contextualised, with particular meaning; test that meaning with employees expected to act on compliance; adjust the words and expression in organisational compliance statements; test again the meaning with employees expected to act on compliance; measure and chart differences in outcomes between steps four (testing) and six (testing again); measure individual behaviour against meanings in compliance statements; following measurement, discuss and adjust compliance statements; and repeat steps one through ten.

Choosing words and expressions which have a particular intended meaning to directors and employees is a vitally important job. In many business organisations, this job goes largely unrecognised. It is particularly important to test meanings for employees across “baby boomer”, “X” and “Y”generations (see Risk Management Magazine December 2005/January 2006 edition).

Step three is to look at how the organisation identifies and copes with compliance gaps. Compliance gaps emerge when an organisation’s compliance regime fails by falling short of the required regulatory goals.

Some basic questions need to be asked about compliance and directors’ and employees’responses tracked. What are the director and employee compliance behaviours expected by the organisation? How are these behaviours encouraged by the organisation? Does the organisation require an “all or nothing” allegiance to a pre-determined compliance position?

Has there been involvement by stakeholders in the setting of expectations? If so, how has this taken place? As far as can be determined, how do compliance behaviours meet the expectations of regulators under the law? Have there been any recent queries from regulators? If so, how have they been handled?

Are there identifiable gaps between the organisational compliance statements and director and employee compliance behaviour? If so, how are these gaps measured? What has been done by the organisation to address compliance gaps? Has this changed over time?

Step four is to identify values and the application of business-based ethics by directors and employees.

Values are the determinants of specific attitudes and individual behaviour. Ethics is the philosophical study of the moral value of human conduct and the rules that govern it. Ethics goes beyond the law. It provides guidance for resolving moral dilemmas with a fair, correct and right solution.

Do directors and employees have guidelines on how to incorporate values and ethical understandings into decision-making processes? Are they aware of how to implement a business ethics program? Does the organisation have a system of shared meanings, or systems of beliefs and values that ultimately shape behaviour? If so, identify examples where this system or systems have been applied in the organisation.

Does the organisation promote a “system of reciprocal rights and obligations” where those responsible for compliance are able to remind each other via discourse of their rights and obligations? If so, provide examples.

Step five is to assess the rate and pace of change in the organisation and their effect on compliance.

Is the organisation responsive to regulation or regulator queries? How has this influenced changes to organisational systems and procedures? Have there been recent organisational policy and procedure changes? If so, what are they and have they led to improvements to compliance processes? How is this measured? How are compliance standards maintained in the organisation? By monitoring? By training?

Is compliance seen as a process or a series of outcomes by directors and employees in the organisation? Has this changed over time? Do directors and employees detect the adoption of values and business-based ethics in organisational compliance statements? How obvious is this to the reader of those compliance statements?

How do the following features rate in various elements of the organisation’s compliance system (e.g. corporate “whistle-blowing” policies and procedures): directors’ and employees’ beliefs and belief systems; participative culture; listening to narratives, discourse; and cooperation?

Compliance managers and others involved with organisational compliance should take steps one to five and then benchmark the results against an organisation’s existing compliance program. Steps one and two are fundamental to improving the language, expression and understanding of compliance statements. Steps three to five are designed to apply the context of compliance within the organisation and gauge its level of preparedness for change towards longer term, sustainable compliance.

My research suggests that those Australian business organisations employing both “visible” and “deeper” forms of compliance are better prepared for change. For these organisations, closing compliance gaps is not just an aspiration; it is an activity bordering on the obsessive. Business organisations which simply focus upon the “visible” forms of compliance such as monitoring can be categorised as “under achievers”. The most successful business organisations appear to be those which adopt both “visible” and “deeper” forms of compliance as integral parts of their corporate strategy and individual performance goals.

Dr Len Gainsford is director, audit and assurance, at the Department of Infrastructure in Victoria. This article is based on his doctoral research at Macquarie Graduate School of Management. For his research he analysed the compliance practices and behaviours of 32 Australian businesses, with their support and subject to commercial in-confidence disclosure requirements

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.