Companies seeking to embed compliance risk management into both their strategy and everyday operations should set the right tone at the top, assess their compliance and ethics risks in collaboration with other risk functions, and build governance and oversight structures that effectively monitor regulatory matters, an annual report on compliance prepared by professional services firm PricewaterhouseCoopers recommended.

Released on September 14, the findings of the report on the state of compliance are based on a survey of more than 800 global executives, most of whom are legal counsel or compliance officers. The survey showed that while 98% of the executives surveyed believe that their company’s senior leaders are committed to compliance and ethics, 55% reported that senior leaders provide only ad hoc program oversight or delegate most compliance and ethics oversight activities. In addition, just 48% of respondents reported that their organization assesses its “tone at the top,” or whether executives consistently communicate and model a commitment to compliance and ethics; and only 36% of respondents indicated that compliance officers are inherently integrated into or play a key role in strategic planning.

Moreover, while 77% of the executives surveyed reported that there is an enterprise risk management (ERM) process at their organizations, and 88% of these respondents said that the ERM process covers compliance and ethics-related risks; just 54% of these respondents indicated that the framework their company uses for compliance and ethics risk assessment aligns with the framework it uses for its ERM process, and another 54% reported that they needed to conduct at least some additional compliance and ethics-specific risk assessment activities in order to fully address their organizations’ compliance and ethics risks.

The report’s authors further noted that although compliance and ethics teams rely heavily on the top of the organization when conducting risk assessment activities, they may be neglecting to obtain valuable information from middle management and rank-and-file employees: while majorities of the executives surveyed indicated that their organization includes interviews with management (59%) and/or board/management input (55%) in their compliance and ethics risk assessment process, only 21% said their company includes employee surveys.

The survey also asked respondents about how their company’s reporting structure supports its compliance and ethics oversight responsibilities and accountabilities. While nearly two-thirds (65%) of respondents indicated that an audit committee oversees most compliance and ethics programs at the board level, just 20% said that their company’s board of directors had formed a separate, stand-alone compliance/ethics committee to provide oversight of the compliance and ethics program. However, 72% reported that their company has a dedicated business unit or business area compliance officers.

From Benefit Trends Newsletter, Volume 59, Issue 10

The information contained in this newsletter is for general use, and while we believe all information to be reliable and accurate, it is important to remember individual situations may be entirely different. The information provided is not written or intended as tax or legal advice and may not be relied on for purposes of avoiding any Federal tax penalties. Individuals are encouraged to seek advice from their own tax or legal counsel. This newsletter is written and published by Liberty Publishing, Inc., Beverly, MA. Copyright © 2016 Liberty Publishing, Inc. All rights reserved.