It is generally believed that the world’s single best selling toy is the Rubik’s Cube, invented in 1974 by the Hungarian Ernő Rubik. Although it was initially believed that Rubik’s Cube was built as a teaching tool to help his students understand 3D objects, the inventor has said his purpose was solving the structural problem of moving the parts independently without the entire mechanism falling apart. Further, even he did not realize he had created a puzzle until the first time he scrambled his new Cube and then tried to restore it. The cube made its international debut in 1980 and the rest, as they say, is history.
I thought about Rubik and his famous (and for me – very frustrating) Cube when I read a recent article in Adam Bryant’s New York Times (NYT) Corner Office column where he interviewed Liz Pearce, Chief Executive Officer (CEO) of LiquidPlanner, a project management software firm. Pearce said that leadership is like a Rubik’s Cube in that you have to put all the pieces together. I thought that was a very apt analogy for a Chief Compliance Officer (CCO) or compliance practitioner because there are so many moving parts in the job of any compliance professional.
Pearce said, “When you’re running a start-up, you have this finite set of resources, and you have this huge goal. So you look at all the angles, and twist things this way and that as you’re thinking, “What if we did it this way?”” But more than simply the technical side of a Rubik’s Cube analysis, Pearce also talked about the people part of the equation. She said, “And every new employee who comes in is like Christmas morning. What are they going to bring to the table? What do they know that can help us? How can we help them?”
This certainly comes into play when working with other corporate functions to assist in the doing of compliance in an organization. For instance, Human Resources (HR) can be a key asset in your compliance program. HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.
Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the ‘Document, Document, and Document’ portion of your compliance program.
Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.
Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be included in each audit. Further, compliance risks can also be evaluated during this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.
A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert (SME) so you can turn to them for any of your compliance program requirements, which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.
Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If your company uses SAP and you make an acquisition of an entity that does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.
Pearce also had another insight that is not often discussed. It is that as a CCO or even compliance professional, if not held to a higher standard, you are certainly watched more closely. As Pearce put it, “I’ve had light-bulb moments when I realized I have to be really thoughtful about what I ask for and how I ask for it, because people are watching and listening closely, and caring in a way that they didn’t when I didn’t have this title. That’s always been a little bit uncomfortable for me. I don’t have this grand image of myself. I’m just like everybody else.” Roy Snell and Donna Boehme are probably two of the leading advocates about how the CCO or compliance practitioner should carry himself or herself, not simply to do the right thing, but to stand as an advocate for telling the whole story. This is far different from the role of a corporate legal department or any other corporate department. Just as Pearce realized as a leader she had to be more thoughtful, I think as a compliance professional, you should be mindful of this as well.
When I initially went to an in-house legal position, I was amazed at the depth and quality of the challenge. You had to factor in state law, US federal law, usually a foreign law (or two) and then, of course, internal company policies. I described it as a three-dimensional chessboard with any one move affecting the rest of the board. The same is true for the compliance function, but only more so. I find the Rubik’s Cube of leadership to be an apt metaphor for the compliance function as well.
[View source.]
