The Network GRC Blog
Who Should the CECO Report To?
June 03 2012
Cindy Knezevich, VP, Marketing Operations, The Network
We just wrapped up our May survey – Who do you think the Chief Ethics & Compliance Officer should report to? – and the results and commentary were really quite fascinating. There of course isn’t a one-size-fits-all answer to this question. The role itself is changing as organizations expand and as compliance issues evolve. br> br>
In full disclosure, the survey wasn’t intended to make any grand conclusions about compliance executives. For our purposes, we made it a simple multiple-choice survey: should the CECO report to a) the CEO; b) the general counsel; c) the Board; or d) or to both the CEO and the GC. The quick takeaway is that respondents called it pretty even between the Board and the CEO. The intent of the survey, however – and at this we succeeded – was to spark some lively conversation on the topic.
In our experience, different business types and those from varying industries refer to the compliance role in different ways. While “chief compliance officer” is the generic title, ethics is definitely part of the mix. Smaller or private organizations may not have a standalone audit committee or even a GC, and in some segments, the compliance role may be more tightly aligned with regulatory issues. In some cases, compliance comes under the province of the CFO (although that is less and less the case).
Laura Merten, chief compliance officer at Walgreen’s, makes a great point about the hierarchy as well as the duties of the CECO in a recent Ethikos article (“Evolution of the Chief Ethics and Compliance Officer’s Role”). Merten, speaking at Ethisphere’s Global Ethics Summit last March, reminded us that in the pharmaceuticals industry, the government mandates that the CECO must report to the CEO, “on the same level as the CFO and general counsel.” Another participant at the summit pointed out that in finance, the CECO typical reports to the general counsel and that by doing so, compliance stands to gain a little more muscle when reporting to other execs and the Board, because any issues take on a legal perspective.
Along with posting the survey on our website, we also posted it on LinkedIn’s Society of Corporate Compliance and Ethics (SCCE) forum, and there we received some great feedback and insight.
The most discussed opinion was that the CECO should report to the Board of Directors or an independent function such as an audit committee. Stuart Pierson, a partner at Troutman Sanders, emphasized that compliance should retain a level of independence, with strong ties to legal and the chief executive. But, he says, “that uncomfortably mixes the CCO’s roles between advising and advocating for the company on the one hand, while acting and thinking independently, on other.” Taking a slightly opposing viewpoint, Dan Sweeney, director of the Institute for Enterprise Ethics at the University of Denver and a guest blogger for The Network’s GRC Blog, said that “the board of directors cannot manage a compliance program, or any other business function. The CCO must report to an officer of the corporation so that the program can be adequately managed.”
Central to the discussion and our findings is how best to make the CECO role as effective as possible. Just how a CECO goes about communicating to senior execs, the GC and/or the Board brings up the additional considerations of independent reporting, escalation, oversight, etc. Like Merten says about CECOs, “we’re like firefighters,” and no doubt there will be more blazes to battle.
BLOG: Are You “Doing Compliance”? May 15, 2012
BLOG: Disclosure and Compliance. April 17 2012
ARTICLE: Empowering Compliance Officers: The Key to an Effective Compliance Program. Michael Volkov. Corporate Compliance Insights. June 1, 2012
POPULAR COMPLIANCE TOPICS
THE NETWORK BLOGROLL
- GRC 20/20
- FCPA Blog
- FCPA Professor Blog
- FCPA Compliance and Ethics Blog
- HR Bartender
- Meet the Boss
- The GRC Group Blog
- Forrester GRC Security & Risk Blog
- Marks on Governance
- The Business Ethics Blog
- UKAB Blog
- Privacy & Security Matters
- Hunton & Williams Privacy and Information Security Law Blog
- Corruption, Crime & Compliance Blog (M. Volkov)
- Ruderfinn Ethics Blog
- Corporate Compliance Insights
- WSJ Corruption Currents