How much value do you place on culture when you are working to manage your organizational risks? Deloitte’s Henry Ristuccia, in a recent article published in CFO Journal, says that since culture hasn’t traditionally been a factor in enterprise risk management practices (ERM), the role of culture in effective compliance management systems has largely been taken for granted. That has changed, especially since the release of new FCPA guidance, and its emphasis on using effective risk assessment to assign resources to the most at-risk areas.
Mr. Ristuccia believes that organizational culture is the most important aspect in doing the right thing, and while he’s happy to see progress, he points out that additional work needs doing. He believes more forward-looking organizations recognize the value of culture to the process of risk management that tone from the top is key.
Yet, developing effective compliance management systems is not something to be handled by senior managers alone. Each employee must understand ethics & compliance risk as a balance of risk activities and responsibilities. If employees become risk managers in their business units, their insight and business knowledge helps in seeing that the right thing gets done and that compliance management becomes integral to business processes and activities.
For us as a GRC solution provider, compliance management is about proactive compliance risk assessments and employee surveying. In a larger sense, it’s also about risk monitoring and “separating the meaningful information from the noise” as Ristuccia puts it, and engaging your workforce to recognize risk at face value and know what they can do to more effectively deal with it.
Risk management means striking a balance between performance, opportunities and personal responsibilities. In an ethical organization, everyone is a risk manager, and everyone should take responsibility for compliance management.
Survey Report | Key Trends in Effective Policy Management
Download this report to see the findings of a survey by The Network, where we asked organizations about the policy management systems and tools they use to make those policies more useful to their workforce and to their bottom-line strategies, along with other observations regarding best practices for policy management.