Keeping Your Company Safe: The Top 5 Corporate

Compliance Issues Trending Now

by Jennifer M. Leary @ 2011-08-11

There is certainly no shortage of significant compliance issues in today’s complex business and

regulatory environment. Our global economy has produced opportunities for growth and success

that can come with an increased need for governance, oversight and formal corporate

compliance.

The top five corporate compliance concerns trending today include:

1. Managing a dynamic ever-evolving IT environment

2. Understanding and managing corporate enterprise risk

3. Reducing the risk of tactical regulatory noncompliance

4. Understanding and managing corporate compliance in international markets

5. Managing a formal, robust corporate compliance program

While direct oversight of compliance is not the board’s responsibility from a day-to-day

operational perspective, directors have a fiduciary responsibility to shareholders and in some

cases may be held accountable for corporate misdeeds. The risk of potential personal liability

along with the desire to serve the company and its stakeholders are strong motivating factors for

executives and directors to execute and continually update robust corporate compliance

programs.

The full board and designated committees should be engaged in the oversight of activities

involving corporate compliance issues with timely and candid involvement from the CEO, CFO,

CIO, corporate counsel and CECO (chief ethics and compliance officer), as applicable. The

CECO position often includes responsibility for creating and maintaining an effective corporate

compliance program. This position regularly reports to the board with ample opportunity for

open dialog and action plans to address issues in real time.

1) Managing a dynamic ever-evolving IT environment

Digital technology allows us to communicate instantly, merge data in moments and transfer

volumes of information between multiple devices and platforms as if by sleight of hand. These

capabilities also dramatically increase the potential for security and compliance breaches due to

fraud or gaps in oversight. With an estimated 90 percent of data transmitted being digital,

corporations must manage what amounts to an ocean of data, much of it highly sensitive in

nature.

Technological advances including cloud computing and mobility have led the Securities and

Exchange Commission and other regulatory agencies to re-issue compliance standards that

address IT issues. Fortunately, the IT industry has kept pace, offering new solutions for retaining,

sorting and indexing digital data – making it possible to manage the preservation and review of

data before a company faces legal or regulatory inquiries.

These solutions can be costly and require diligence. Designated board committees should assess

the overall IT environment, its susceptibility to risk and the effectiveness of the corporation’s

policies and procedures surrounding IT. At least annually, the corporation should assess its

vulnerabilities to external and internal threats to its data and operations.

2) Understanding and managing corporate enterprise risk

People talk about enterprise risk management (ERM) as an essential and worthy concept and

then struggle to implement it. ERM means different things to different corporations, but

essentially, it can be managed much as any other high-level priority. ERM strategy involves

identifying, analyzing, monitoring and directing internal and external risk factors and leveraging

controls to significantly lower risk. Such enterprise-wide risks include, but are not limited to,

liability, compliance, financial, operational, strategic and reputation-related.

In addition to providing an overall corporate risk assessment and control environment analysis,

ERM includes adding economic and strategic value for corporate stakeholders and leveraging

opportunities created by managing risk. Anti-risk-related opportunities may include integration

of isolated activities, greater integration of IT into general operations, and cost savings through

vendor management, contract compliance, and outsourcing or co-sourcing of internal operations.

Boards may find it necessary to create a risk oversight committee for ERM. This process can be

internally driven by a chief risk officer, internal audit or the CFO.

An effective ERM process provides for enhanced focus on key risks and, if applicable, can be a

foundation for a successful internal audit plan.

3) Reducing the risk of tactical regulatory noncompliance

Regulatory compliance issues are heightened in industries such as energy, financial institutions

and health care. Understanding and adhering to industry-specific regulatory environments may

require a team of individuals with ever-expanding working knowledge of regulations, cases and

enforcement of the regulatory agencies and, in many cases, the regulators themselves.

Most companies do not commit regulatory offenses by design. However, lack of intent or

resources is no defense when it comes to legal and regulatory action taken against a corporation

and its directors as a result of compliance breaches. Boards and executives must guard against

unintentional noncompliance.

Ensure that regulatory compliance functions are internally challenged and regularly updated.

This can be a subset of an ERM program or may need to be a separate initiative.

4) Understanding and managing corporate compliance in international

markets

The international marketplace presents a world of opportunity for expansion, cost reduction and

talent acquisition. With opportunity comes risk. Corporations engaging in business overseas need

to be vigilant about contract law involving local country transactions, cultural differences in

completing transactions and employment issues, to name a few concerns.

The corporation must weigh all of the benefits and calculated risks of operating in a foreign

location. In addition to establishing the appropriate type of corporate entity from a financial and

operational standpoint, the corporation must conform to the requirements of specific local

authorities and agencies. This can be daunting and requires strong legal advice.

Taxation issues also raise compliance red flags for entities that conduct business outside the

United States. The number, variety and fluidity of tax laws, treaties and regulations leave

corporations vulnerable to foreign noncompliance related to tax that can be costly and time

consuming.

There are also risks to manage associated with visas, operations, and the safety and security of

personnel and holdings in foreign locations. Along with management, it is the board’s

responsibility to ensure that international risks are appropriately managed and monitored.

5) Managing a formal, robust corporate compliance program

Compliance programs are becoming a necessity, and corporations must ensure that compliance is

effectively analyzed and managed. According to the Association of Certified Fraud Examiners

(ACFE), asset misappropriation, financial statement fraud and corruption are primarily due to: 1)

lack of internal controls; 2) lack of management review; 3) overrides of existing controls; 4) poor

tone at the top; 5) lack of competent oversight; and 6) lack of independent checks and audits. The

ACFE has found management review of internal controls to be the overwhelming No. 1

modification of controls that organizations make in response to the discovery of fraud.

Rewards for whistleblowers and fraud hotlines, internal and surprise audits, and job rotations are

frequently cited as significant components of compliance programs that help to prevent and

detect abuses. These programs fall under the responsibility of the chief corporate officer who

also has a direct line of communication to the board.

As noted at the Rand Institute’s 2009 conference on CECOs’ perspectives of prevention and

detection of corporate misdeeds, essential features of a robust compliance and ethics program

include:

Compensation linked to compliance and ethics leadership;

Enforcement of codes of conduct and policies, including nonretaliation policies;

Professional management of the hotline and investigations;

Companywide compliance-and-ethics infrastructure and risk assessment;

Promotion and integration of compliance and ethics goals;

Effective compliance audits and training based on real-life cases; and

Direct communication between the chief compliance officer and a responsive board.

Not only is a formal program necessary, it also establishes the compliance culture of the

corporation and modifies risk-associated behavior.

In closing, corporate compliance risk is a part of every operation. And, with all outstanding

opportunities comes some degree of risk – not always negative. An emphasis on corporate

compliance within a corporation supported by an active board of directors will help create and

foster a strong corporate culture allowing continued growth and success.

The information contained herein is general in nature and is not intended, and should not be

construed, as legal, accounting, or tax advice or opinion provided by Clifton Gunderson LLP to

the reader. The reader also is cautioned that this material may not be applicable to, or suitable

for, the reader’s specific circumstances or needs, and may require consideration of non-tax and

other tax factors if any action is to be contemplated. The reader should contact his or her Clifton

Gunderson or other tax professional prior to taking any action based upon this information.

Clifton Gunderson LLP assumes no obligation to inform the reader of any changes in tax laws or

other factors that could affect information contained herein.

**********

Jennifer M. Leary, CPA, is an assurance services partner and the firm’s national practice leader

for business risk services, with Clifton Gunderson LLP in Baltimore, MD. She assists clients in

developing best practices for maintaining and enhancing internal control environments on an

enterprise level. She also provides technical guidance to clients for transactional support and

works directly with board members on financial and strategic issues in this challenging, dynamic

economic environment. She can be reached at Jennifer.Leary@cliftoncpa.com. For more

information, please visit www.cliftoncpa.com.

http://www.corporatecomplianceinsights.com/2011/keeping-your-company-safe-the-top-5-

corporate-compliance-issues-trending-now/

Tags: corporate compliance program, enterprise risk management, it compliance