Minutes of the Copenhagen Compliance conference (April 2013). The importance of audit committees
The question is whether the many different requirements and regulations, reduces the risk of a new crisis in the future. History shows that this is not the case when crises come and go regularly, regardless of the number of new or more GRC regulation.
Many international companies have already established Audit Committees (AC) for several years; however, the financial and credit crisis, Governance, Risk Management, Compliance, disclosures and IT security requirements demands an update, a 'second wave' or an assessment of the AC Charter, structure and practices are essential.
The AC focus has since implementation shifted away from the basic desire for companies to obtain appropriate governance controls, and toward the larger framework of maximizing the business value by improving operational GRC decision making and strategic planning.
New role for Board Committees
Another message from the conference was that audit committees should have greater involvement of compliance so that the audit committee no longer looked at the usual internal controls and other traditional accounting matters.
Yet another point at the conference was that compliance should be anchored higher up in the organization ie. the Audit Committee and the Board of Directors. Compliance should be seen as a central element in the company's risk management and not just seen as a annoying cost center. The challenge must be that the company will have to comply with the many new requirements, but in a more efficient way in order to achieve a competitive advantage
As the exponentially growing number of regulatory laws and standards produced by both public and semi-public organizations, increased pressure on employees Compliance Department. The business and managers responsible for compliance to the requirements have to find a way to communicate the approach, reasons and rationality to the entire organization. This applies in a particular degree to the financial services that have an independent compliance officer to help the company and its board to keep track of the many new rules that are followed in the wake of the financial crisis.
From cost to profit center
The bottom line is that we humans have a tendency to forget crises. It is not many years since the IT bubble burst. In the words of Georg Wilhelm Friedrich Hegel, who once said; We learn from history that we do not learn from history. A telling example is Enron fraud scandal in the United States, which led to a veritable flood of new scandals and regulations include additional requirements on internal controls. It came with the adoption of the SOX Act, costing companies millions of usd and at the same time limiting their actions and opportunities.
The key question is what the company gets out of the GRC processes and how to get value out of the internal controls and compliance staff. How organizations can reduces the risk of losing their reputation of being 'best in class' or the imposition of substantial fines from the oversight authorities? This concept often is the case when Compliance efforts continue to be an administrative cost center.
Therefore, the recommendation from the Audit Committee conference was in fact to transform the compliance (GRC function) into a profit center. This is done by devising procedures that ensure that the GRC value is not reduced, just to provide safeguards against the possibility of heavy fines in cartel cases or product liability. Other Compliance activities are clearly focused on bribery, expensive lawsuits for sexual harassment, fraud or other illegal conducts. Currently income taxes, transfer pricing cases and money laundering issues in relation to the banks seem to on top of the Compliance list.
Three lines of Defence
In other words, understand the enterprise approach that Copenhagen Compliance conferences has been preaching for 7 years. The company must defend itself against sudden surprises for failure in processes, technology or people that only should reach the competition. Organized and integrated compliance activities gain additional competitive advantages. Perhaps the initial costs and attention can be daunting however the long term benefits will exceed the cost.
Taking into consideration the number of new GRC laws and regulations that is expected to grow for many many years (unfortunately) to come, so the company's conditions are becoming increasingly complex and this leads to an increased risk of making errors. Compliance In other words, a vital instrument in the company's management toolbox, which should be incorporated in the board level and plan. However, do not forget the tone-at-the-middle.
Prof. Caspar Rose of CBS was a speaker at the conference and has contributed to this article.