Recently, the great Roy Snell wrote a column that all new CCOs should take to heart: “Everything I Know About Compliance I Learned in Kindergarten: Just Say Yes” says CCO’s should not act as “The Department of No” rather, they should find more ways to say “Yes.” Roy is right on the money. But this also puts a spotlight on one of the most important skills a CCO can develop: judgment, or more specifically, knowing what is worth fighting for.
Of the thousands of decisions that must be made in the course of designing and implementing a meaningful compliance program to cover all of an organization’s top risks, what really matters? This is the judgment that successful CCOs develop over time through experience and observation, and working with their mentors and thought circles. It’s as if Fisher and Ury wrote a special CCO edition of their great business book “Getting to Yes,” filled with examples from our field. Now THAT would be a book worth having on every CCO’s bookshelf! Or how about 7 Habits of Highly Effective CCO’s? As the dear departed Dr. Stephen Covey would say “Begin with the end in mind!”
As Roy points out, CCO’s need to say “Yes” more often and learn to pick their battles. But part of the skill is in the “how.” How can CCOs say “Yes” more often without compromising the integrity of their program? Or in military terms, sometimes CCOs need to ask themselves: “Is this the hill I want to die on?”
I developed my own decision tree diorama on this important question the same way I did with all other critical decisions, with the help of my Giant White Board and Dr. Covey. Across the top of the board, I started by listing the critical elements of our program as currently built (easy, right off our 7 Elements slide). Then, beneath each one, the critical features that made that element effective. So for instance, under “auditing and monitoring” we included the confidential hotline, our Investigation Guidelines, and Escalation Policy – those pieces that guaranteed that the right information would consistently reach the right decision makers. Then, vertically along the left side of my GWB, I listed those features that enabled the Compliance team to do its job well: empowerment, independence, line of sight, seat at the table, and resources. These were all the “buckets” that made our program effective – as Dr. Covey would say: “Beginning with the END in mind.”
This simple infographic was always useful in helping me prioritize our resources, develop strategy, and problem solve. So that tells me that every CCO or compliance professional needs to have a similar infographic in their head to help put all their activity, decision-making and strategy into proper context. A few examples:
- Code poster – A business group is worried that a set of posters communicating some examples of the new Code of Conduct are too sophisticated for their typical team members (who are younger and less educated) and have requested a “simplified’ version.
- Analysis: An easy “Yes.” Does not negatively impact the integrity of the “Training + Communication” bucket of the program (and may even improve it!) Consider the use of a focus group to test effectiveness and consistency of messaging. A bonus effect could be a stronger relationship with management through this strong demonstration of partnering with the business, possibly leading to more “seats at the table” and increased ability to influence.
- Board Report – Prior to the delivery of your quarterly report to the Board, a powerful BU head has seen a draft paragraph implicating his division and is demanding some unilateral changes to the CCO’s narrative opinion. He has issued threats.
- Analysis: A direct, frontal assault on 3 very important “buckets” of your program: Independence, line of sight and auditing & monitoring. Three big hills do die on!
- Confidential Investigation – A powerful company exec has demanded a “briefing” on a confidential helpline case in his business unit, including the identity of the caller. He further demands that the investigation be closed.
- Analysis: Proceed with great caution because this could negatively impact two very important “buckets” of the compliance program: 1) Two key parts of the “Auditing & Monitoring” element (hotline and Investigation Guidelines which protect confidentiality) and 2) The independence of the Compliance function and CCO’s ability to oversee the integrity of this bucket. To most CCO’s, this would probably qualify as a “hill worth dying on.” It is also worth noting that an incident like this demonstrates why any effective program should include a good Board escalation policy.
This article was originally posted on the SCCE Blog.