While companies are getting better at compliance, compliance professionals need to take a more active role in securing the support of Boards and management
While legal compliance continues to be of increasing concern to company Boards and management across Australia and abroad, only one in five professionals use their CEO to promote their firm’s compliance activities, according to recent research.
The annual Blake Dawson Risk & Compliance survey for 2010 also found that 60 per cent of professionals indicated that a lack of time was a constraint in delivering an effective compliance program, as was inadequate budget (31 per cent), staff resistance (23 per cent) and compliance compromises on the part of management (18 per cent).
Martin Tolar, CEO of The Australasian Compliance Institute (ACI), noted in the survey report that all four of these statistics indicate issues in terms of resourcing, culture and tone from management, which can be tied back to the first few principles contained within the Australia/New Zealand compliance standard (AS/NZ 3806).
“By ensuring the correct tone is set by the governing body in respect to compliance responsibilities, organisations would be more likely to receive adequate financial resources regarding compliance, ensure that all levels of staff embrace the program and not impede it, and ensure that all staff have adequate time to effectively execute the compliance program successfully,” he said.
A further 55 per cent of survey respondents, made up mostly of compliance, legal and risk professionals, indicated all staff within their organisation received compliance training. This figure is of significant concern, according to Tolar, “as without the proper training of all staff members, organisations will find it very difficult to create a holistic compliance culture, where all employees understand what their responsibilities are, and how best to execute these responsibilities when discharging their duties”.
James Field, director of CompliSpace, said the biggest challenge for most compliance professionals is to be taken seriously. To do this, he said they need to educate directors and executive management to understand that investing in governance, risk and compliance (GRC) is the key to sustainability and building shareholder value over the medium- to long-term.
“Too many organisations continue to play lip service to GRC issues. The quality of risk management programs, in particular, remains a huge concern given that many organisations are stating publicly that they have implemented risk management programs when in reality they have not,” he said.
“As financial services litigation continues to grow at a pace I suspect that many organisations (and their executives and directors) will leave themselves exposed to misleading and deceptive conduct claims arising from their GRC disclosure.”
Field, who has more than 20 years’ experience in the design and implementation of enterprise corporate governance programs, said that directors and executives first need to truly believe in the value of GRC.
“If those at the top are non-believers present a compelling business case. If that doesn’t work get a new job,” he said.
Where there is a will for change, however, Field recommended investing in an appropriate GRC technology platform, as “paper-based systems and excel spreadsheets don’t work, and throwing people at the problem is not the answer. There are a wide range of technology platforms now available, at reasonable cost, that will allow GRC tasks to be managed efficiently across an enterprise,” he said.
“Finally if you have invested in a GRC technology platform, focus on getting meaningful reports to the Board quickly, even if they don’t cover everything you think should be covered. Once Board members get a taste of quality risk and compliance reports they are usually more than happy to invest more into the GRC process.”
News