corporate compliance insights article
DESCRIPTION
Posted with permission from CorporateComplianceInsights.comTRANSCRIPT
Keeping Your Company Safe: The Top 5 Corporate
Compliance Issues Trending Now
by Jennifer M. Leary @ 2011-08-11
There is certainly no shortage of significant compliance issues in today’s complex business and
regulatory environment. Our global economy has produced opportunities for growth and success
that can come with an increased need for governance, oversight and formal corporate
compliance.
The top five corporate compliance concerns trending today include:
1. Managing a dynamic ever-evolving IT environment
2. Understanding and managing corporate enterprise risk
3. Reducing the risk of tactical regulatory noncompliance
4. Understanding and managing corporate compliance in international markets
5. Managing a formal, robust corporate compliance program
While direct oversight of compliance is not the board’s responsibility from a day-to-day
operational perspective, directors have a fiduciary responsibility to shareholders and in some
cases may be held accountable for corporate misdeeds. The risk of potential personal liability
along with the desire to serve the company and its stakeholders are strong motivating factors for
executives and directors to execute and continually update robust corporate compliance
programs.
The full board and designated committees should be engaged in the oversight of activities
involving corporate compliance issues with timely and candid involvement from the CEO, CFO,
CIO, corporate counsel and CECO (chief ethics and compliance officer), as applicable. The
CECO position often includes responsibility for creating and maintaining an effective corporate
compliance program. This position regularly reports to the board with ample opportunity for
open dialog and action plans to address issues in real time.
1) Managing a dynamic ever-evolving IT environment
Digital technology allows us to communicate instantly, merge data in moments and transfer
volumes of information between multiple devices and platforms as if by sleight of hand. These
capabilities also dramatically increase the potential for security and compliance breaches due to
fraud or gaps in oversight. With an estimated 90 percent of data transmitted being digital,
corporations must manage what amounts to an ocean of data, much of it highly sensitive in
nature.
Technological advances including cloud computing and mobility have led the Securities and
Exchange Commission and other regulatory agencies to re-issue compliance standards that
address IT issues. Fortunately, the IT industry has kept pace, offering new solutions for retaining,
sorting and indexing digital data – making it possible to manage the preservation and review of
data before a company faces legal or regulatory inquiries.
These solutions can be costly and require diligence. Designated board committees should assess
the overall IT environment, its susceptibility to risk and the effectiveness of the corporation’s
policies and procedures surrounding IT. At least annually, the corporation should assess its
vulnerabilities to external and internal threats to its data and operations.
2) Understanding and managing corporate enterprise risk
People talk about enterprise risk management (ERM) as an essential and worthy concept and
then struggle to implement it. ERM means different things to different corporations, but
essentially, it can be managed much as any other high-level priority. ERM strategy involves
identifying, analyzing, monitoring and directing internal and external risk factors and leveraging
controls to significantly lower risk. Such enterprise-wide risks include, but are not limited to,
liability, compliance, financial, operational, strategic and reputation-related.
In addition to providing an overall corporate risk assessment and control environment analysis,
ERM includes adding economic and strategic value for corporate stakeholders and leveraging
opportunities created by managing risk. Anti-risk-related opportunities may include integration
of isolated activities, greater integration of IT into general operations, and cost savings through
vendor management, contract compliance, and outsourcing or co-sourcing of internal operations.
Boards may find it necessary to create a risk oversight committee for ERM. This process can be
internally driven by a chief risk officer, internal audit or the CFO.
An effective ERM process provides for enhanced focus on key risks and, if applicable, can be a
foundation for a successful internal audit plan.
3) Reducing the risk of tactical regulatory noncompliance
Regulatory compliance issues are heightened in industries such as energy, financial institutions
and health care. Understanding and adhering to industry-specific regulatory environments may
require a team of individuals with ever-expanding working knowledge of regulations, cases and
enforcement of the regulatory agencies and, in many cases, the regulators themselves.
Most companies do not commit regulatory offenses by design. However, lack of intent or
resources is no defense when it comes to legal and regulatory action taken against a corporation
and its directors as a result of compliance breaches. Boards and executives must guard against
unintentional noncompliance.
Ensure that regulatory compliance functions are internally challenged and regularly updated.
This can be a subset of an ERM program or may need to be a separate initiative.
4) Understanding and managing corporate compliance in international
markets
The international marketplace presents a world of opportunity for expansion, cost reduction and
talent acquisition. With opportunity comes risk. Corporations engaging in business overseas need
to be vigilant about contract law involving local country transactions, cultural differences in
completing transactions and employment issues, to name a few concerns.
The corporation must weigh all of the benefits and calculated risks of operating in a foreign
location. In addition to establishing the appropriate type of corporate entity from a financial and
operational standpoint, the corporation must conform to the requirements of specific local
authorities and agencies. This can be daunting and requires strong legal advice.
Taxation issues also raise compliance red flags for entities that conduct business outside the
United States. The number, variety and fluidity of tax laws, treaties and regulations leave
corporations vulnerable to foreign noncompliance related to tax that can be costly and time
consuming.
There are also risks to manage associated with visas, operations, and the safety and security of
personnel and holdings in foreign locations. Along with management, it is the board’s
responsibility to ensure that international risks are appropriately managed and monitored.
5) Managing a formal, robust corporate compliance program
Compliance programs are becoming a necessity, and corporations must ensure that compliance is
effectively analyzed and managed. According to the Association of Certified Fraud Examiners
(ACFE), asset misappropriation, financial statement fraud and corruption are primarily due to: 1)
lack of internal controls; 2) lack of management review; 3) overrides of existing controls; 4) poor
tone at the top; 5) lack of competent oversight; and 6) lack of independent checks and audits. The
ACFE has found management review of internal controls to be the overwhelming No. 1
modification of controls that organizations make in response to the discovery of fraud.
Rewards for whistleblowers and fraud hotlines, internal and surprise audits, and job rotations are
frequently cited as significant components of compliance programs that help to prevent and
detect abuses. These programs fall under the responsibility of the chief corporate officer who
also has a direct line of communication to the board.
As noted at the Rand Institute’s 2009 conference on CECOs’ perspectives of prevention and
detection of corporate misdeeds, essential features of a robust compliance and ethics program
include:
Compensation linked to compliance and ethics leadership;
Enforcement of codes of conduct and policies, including nonretaliation policies;
Professional management of the hotline and investigations;
Companywide compliance-and-ethics infrastructure and risk assessment;
Promotion and integration of compliance and ethics goals;
Effective compliance audits and training based on real-life cases; and
Direct communication between the chief compliance officer and a responsive board.
Not only is a formal program necessary, it also establishes the compliance culture of the
corporation and modifies risk-associated behavior.
In closing, corporate compliance risk is a part of every operation. And, with all outstanding
opportunities comes some degree of risk – not always negative. An emphasis on corporate
compliance within a corporation supported by an active board of directors will help create and
foster a strong corporate culture allowing continued growth and success.
The information contained herein is general in nature and is not intended, and should not be
construed, as legal, accounting, or tax advice or opinion provided by Clifton Gunderson LLP to
the reader. The reader also is cautioned that this material may not be applicable to, or suitable
for, the reader’s specific circumstances or needs, and may require consideration of non-tax and
other tax factors if any action is to be contemplated. The reader should contact his or her Clifton
Gunderson or other tax professional prior to taking any action based upon this information.
Clifton Gunderson LLP assumes no obligation to inform the reader of any changes in tax laws or
other factors that could affect information contained herein.
**********
Jennifer M. Leary, CPA, is an assurance services partner and the firm’s national practice leader
for business risk services, with Clifton Gunderson LLP in Baltimore, MD. She assists clients in
developing best practices for maintaining and enhancing internal control environments on an
enterprise level. She also provides technical guidance to clients for transactional support and
works directly with board members on financial and strategic issues in this challenging, dynamic
economic environment. She can be reached at [email protected]. For more
information, please visit www.cliftoncpa.com.
http://www.corporatecomplianceinsights.com/2011/keeping-your-company-safe-the-top-5-
corporate-compliance-issues-trending-now/
Tags: corporate compliance program, enterprise risk management, it compliance