By: Patrick Quinlan
When a compliance crisis strikes your industry, it shines a spotlight on how your own company is managing its compliance risk. Newspaper reports on high-profile cases of bribery, corruption, conflicts of interest or misconduct can prompt calls from your Audit Committee Chair and other key stakeholders who will be asking anxious questions. Even if it is a competitor facing these challenges, it falls on the Chief Compliance Officer to quell concerns in the organization. Among the likely queries:
- “Could the legal and public nightmares felt by this other company happen to us?”
- “Are we legally exposed by similar unethical practices within our own company?”
- “How can we be sure we’re not?”
The CCO must have programs in place and be prepared to provide easy visibility into the most critical risk areas. This means delivering essential data and communicating a detailed picture of the risk landscape to concerned stakeholders without resulting in misunderstanding or information overload. It means giving Board members accurate reports, and fostering an understanding about risk and compliance within the Board is critical. It means giving Board members the knowledge and guidance they require to provide the necessary support and resources.
When taking that fretful phone call, the CCO’s governance, risk and compliance platform should provide a global overview of risk areas. Your risk assessment will already rank risk areas. For example, if the nature of the news-making crisis is corruption in China or bribery in Brazil, your risk assessment can help you understand if your business faces a similar crisis.
If a risk you have targeted is similar to the crisis at hand, highlight the measures you’ve already taken to keep your organization in legal compliance. These measures might include communication initiatives and training programs to ensure employees are aware of organization policies and procedures. For example, if a conflict of interest scandal is making headlines, you’ll want to demonstrate how you are requiring strictly scrutinized relationship disclosures to guard against conflicts of interest at your offices and departments nearest to the crisis. You will also want to report on how you’re promoting and managing your whistleblower hotlines, along with any responses, actionable information and outcomes.
Lastly, you should delineate your next steps to cover the immediate priorities in your recognized risk areas. Say your risk assessment has discovered pertinent employees with gaps in their completion of policy and ethics training programs. Or say a recent call to your hotline included an allegation of misconduct. Display how you are proactively addressing these situations by setting up notifications to encourage employees to catch up on missing training and by scheduling progress updates with the managers investigating those anonymous reports.
The CCO is well aware that it is crucial to the company and his career that the compliance program be measurably effective. When it comes time to present your annual report to your Audit Committee, use the information you’ve collected to show metrics-based improvement in how you’ve shored-up the organization by increasing policy and legal compliance in critical risk areas. Metrics commonly reported to the Board include compliance audits, training data, risk assessment results and hotline calls. Using this information, you’ll be able to defend and garner support for your compliance efforts with the Board, senior leadership and employees. Importantly, your reporting will meet government expectations of your organization’s legal compliance. Having a strong strategy in place will prove effective in reducing risk, protecting your organization’s good name and making sure the only headlines about you are positive ones.
An entrepreneur at heart, Patrick Quinlan has a passion and skill for building companies from the ground up. Prior to leading Convercent’s executive team, Patrick served as Chief Executive Officer of Rivet Software, another technology firm operating in the governance, risk and compliance space. In just two years, he propelled Rivet’s quarterly revenue from $240,000 to $12 million – an achievement that earned the company a #6 placement on the 2011 Inc. 500 List among software firms and a #60 listing overall. A founding partner of Nebbiolo Ventures, Patrick has also served as CEO of ServiceSelect and Delta Translation, which was successfully sold to LFI in 1999.
Patrick has been recognized by the Denver Business Journal as one of Denver’s top “Forty Under 40” leaders, and in 2011 he was named an Ernst & Young Entrepreneur of the Year finalist. Patrick has served as a board member of Youth on Record and Young Americans Center for Financial Education, the country’s only FDIC-insured bank designed with youth in mind.
While Patrick typically moves at high speeds, he still takes time to savor what matters most – friends, family and good food. He dreams of racing cars.