Empowering a “compliance culture”
There’s little doubt that compliance has undergone massive changes in the past decade. Gone are the days of box-ticking, form filling and general backside covering. Today, compliance professionals are spreading the word that a compliance culture is a front line defence against the growing penalties which accompany regulatory breaches.
In a 2006 judgement involving pharmaceutical firm Chemeq, the judge stated that greater penalties will be imposed on companies that neglect compliance and don’t develop a “culture of compliance”.
With Boards around the world becoming more and more accountable for an organisation’s behaviour, and increasing complexity within the regulatory and compliance environment, it is no surprise that processes to monitor compliance to Safety, Regulatory, Commercial, Governance and Risk are being subject to radical and urgent review.
Investors and shareholders appear to be willing to pay for good governance. A study of S&P 500 firms by Deutsche Bank in 2004 confirmed that organisations with strong or improving corporate governance outperformed those with poor or deteriorating governance processes by about 19% over a two-year period.
Strong internal processes, audit and IT solutions are only part of the of journey towards embedding a compliance culture. More important is business leadership. This means transparency and consistency in word and action. It is about setting and creating the rules and boundaries and managing to them – and not allowing ambiguity and uncertainty to cloud the decision making process.
Driving a culture of governance, prudent risk management and compliance across a business stretches far beyond the office of the CFO and Legal groups. Everyone in the organisation needs to understand their role and work towards embedding compliance in their daily decision making processes. Compliance and controls must be seen as “the way we do things around here”, rather that rules and regulations forced on them by “corporate”, “head office” or some other invisible hand. Fundamentally it is about achieving a move away from “compliance is Finance’s or someone else’s problem” to a view that takes a more whole of organisation approach to how investment and focus in these areas can drive an organisation’s ability to create value and drive sustainable profit.
There are a number of key aspects that need to be considered and will assist in underpinning the development of a “compliance culture” within an organisation: transparency, a strong risk management capability and the recognition by line and senior management or their role in building the culture.
The business applications and infrastructure groups within the IT department also play an important part in assisting an organisation manage risk and build the “compliance culture”. Application software today (and in our case SAP) is designed to assist in driving and reporting around process and security compliance. By marrying together an organisation-wide focus on building a “compliance culture” and underpinning it with robust variation control and reporting from within the core enterprise SAP system, an organisation is able to effectively monitor itself and potentially spot any compliance risks before they materialise into a significant issue.
When thinking about designing the SAP system to effectively monitor and assist in driving the compliance culture it is important to consider a holistic or whole of business approach. Today’s organisation is a complex web of business relationships. Factoring in expanding regulations and the compliance relationship of business partnerships (i.e. suppliers, contractors and outsourcers) is critical to achieving success and driving confidence in the system. Too often a point solution is developed for one particular regulatory or compliance process within an organisation whilst gaping holes exist in other parts of the organisation.
Leading Risk Management author Michael Rasmussen, argues that organisations that take a silo approach to compliance run the risk of unnecessary complexity, increased cost, reduced visibility and flexibility and ultimately increased organisational exposure.
Enterprise SOA principles provide a strong foundation for thinking about how to manage application and infrastructure compliance in a systematic and programmed way. By using a common architecture and set of building blocks within an organisation the potential for process compliance “holes” is significantly reduced.
Corporate analytics tools are a useful tool. Organisations using SAP’s GRC solution benefit from an integrated suite of reports and tools to monitor and manage compliance. It is also possible to use dashboard solutions from SAP and Business Objects to quickly and cost effectively build visibility of key processes and compliance points.
Finally, no thoughts on the subject of compliance would be complete without specific comment around the wave of Environmental Compliance awareness and emissions legislation that is sweeping the world.
From July 1st this year a number of Australian companies became responsible for tracking and reporting their greenhouse emissions. Over the next three years the emissions bar to trigger mandatory reporting will be systematically lowered. By 2010 the majority of Australian companies will be legally required to report their emissions. With an integrated approach to tracking, monitoring and reporting much of this process will, over time migrate towards become routine compliance reporting like payroll tax or GST filings. The reality is though, without planning and forethought, the potential for significant manual work exists.
Everyone within an organisation has a role to play in driving and building a “compliance culture” within the business. By taking a leadership position and contributing to a transparent conversation the opportunity to avoid the next Barings Bank or Enron is significantly reduced.
About the author: Stuart Dickinson is the General Manager – Consulting Australia for leading SAP consulting organisation Oxygen Business Solutions.
Grandmont, Renato; Grant, Gavin; Silva, Flavia. 'Beyond the Numbers - Corporate Governance: Implications for Investors.' Deutsche Bank, April 1, 2004.
Rasmussen, Michael; ‘2008 GRC Drivers, Trends and Market Directions’, Corporate Integrity LLC. May 2008
Related Tags: none
