Case Study

— [ERM & INTERNAL CONTROLS}

S H O P T A L K

The Foundation of Good Compliance & Governance

During our latest roundtable, hosted w ith Boeing, executives from American Airlines, AT&T, and elsewhere discussed strategies for building an effective structure for compliance to flourish

R ig h t: P a n e lis ts a t th e re c e n t C o m p lia n c e W e e k /B o e in g fo ru m on

c o rp o ra te g o v e rn a n c e .

B y J o e M o n t

Every company is unique, and its compliance program must be too if it has any chance of working well, but there are still some common aspects

that most high-functioning compliance and governance programs share.

Compliance and governance can’t just be wedged into existing functions and reporting lines; integration must be care­ fully engineered so it effectively meshes with business lines and a wide variety of departments, from internal audit to HR, IT, and finance. At the same time, compli­ ance must have the independence it needs to surface concerns, play a lead role in in­ vestigations, and influence culture.

Those dual interests were an underly­ ing theme at the latest Compliance Week executive roundtable, co-hosted with Boeing Co. in Dallas in November. Com­ pliance executives from a wide range of industries and companies, including Boe­ ing, GE Capital, AT&T, Dr Pepper Snap- pie, and American Airlines, shared strat­ egies on structuring and organizing the compliance function. They all weighed in on what compliance and governance means to their organizations and how it flows through to various reporting lines.

“We all struggle with and debate over where should all these different functions sit—compliance, enterprise risk manage­ ment, audit, enterprise information gov­ ernance, and corporate governance,” said Judy Carter, vice president for compliance and audit for BNSF Railway. “There are so many common goals that run through each of these functions. The objective is to structure your organization so you can effectively leverage all of these efforts.

Roundtable participants agreed that compliance officers tend to wear sev­ eral hats and that it’s not always easy to move among the many different neces­ sary roles. Staying on top of everything can be a challenge and as businesses grow or evolve, complications are even more pronounced.

Eric Hinton, senior director of ethics and compliance for 7-Eleven, said his goal is to bring order to “pieces of compliance that live in a lot of different places.” “We can improve that by consolidating and ra­ tionalizing it and making it more coherent across the enterprise,” he said.

Within the corporation, effective in­ teraction with other areas is a concern that Doug Cotton, managing director of American Airlines’ business ethics and

compliance program had in common with other roundtable participants. Compli­ ance oversight raises a thorny issue: “How far do we push without having them think we are trying to take over.”

Buy-in from executive leadership alone doesn’t necessarily make that effort any easier. “We get really good tone from the top and have really good policies. The struggle is making sure everybody un­ derstands those policies,” Eric Bowman, chief compliance officer for Darling In­ ternational, said.

Diana Sands, senior vice president for the Office of Internal Governance at Boe­ ing, described compliance at the aerospace giant as a journey. What originated as a response and enforcement function now has a “vision around enabling company performance.” The important question: “Can we gain a competitive advantage if we do it more effectively and efficiently?”

In her role, Sands oversees Boeing’s compliance and ethics program. She is re­ sponsible for ethics, trade controls, com­ pliance risk management, and the team of professionals who comprise internal audit. “In the beginning, it was all about setting up the appropriate structure and rules,” she said. “What we have evolved

46 WWW.COMPLIANCEWEEK.COM >>8 8 8 .5 1 9 .9 2 0 0 DECEMBER 2014

to is being an integrated business partner, a function that provides centralized and focused expertise in the field and is also integrated with the businesses.” By bring­ ing multiple interests to the same table, the goal is to foster a seamless sharing of information among stakeholders, she said.

Talking the W alk

W hile proper care and feeding is nec­essary to get company leadership to work toward the same goal as the compli­ ance team, tone at the middle may require just as much finesse. “The bigger chal­ lenge is in the middle,” one participant said. The diplomatic task at hand is to not have them thinking that compliance “is questioning their own judgment, ethics, or professionalism.” “You are not really trying to do that, but there is that percep­ tion,” he added.

Expectations must be reasonable. “You have to also exercise good judgment,” one participant said. “You can’t turn over ev­ ery pebble on the beach or chase every rabbit.” Success depends upon having credibility throughout the business units and displaying a “willingness to hear what their key risks are, rather than just assuming on your own.”

Improving the perception of compli­ ance-avoiding the view that its role is to be a police officer for the organization or, that old cliche, it is the “Department of No,”—was presented as an ongoing battle. What is the best way to create an alternate perception, as a partner and facilitator for the business?

“We have to really know the business and help the business units understand the compliance risks; that is where we can help,” Sands said of intra-company out­ reach.

“Every dollar spent on remediation is a dollar the business can’t spend on innova­ tion,” agreed William Gordon, associate general counsel for Hercules Offshore. “At the same time, a strong compliance program can improve the quality of the business and deliver a sustained return on investment.”

U n ify in g Factors

Another important aspect of effective compliance and governance func­

tions is that they work well with related functions, such as legal, audit, and HR. It is important to understand how various functions operate within their own sphere of influence. “There are just a lot of dif­ ferences in terms of approach,” one par­ ticipant said. “Auditors and accountants are going to want to follow the book and follow COSO to a ‘T.’ Lawyers are more

procedurally oriented.” “No matter what, compliance organi­

zations need to work closely with their functional partners,” Sands said. "In- house counsel, HR, finance, and other subject matter experts are important team players. In all my groups there are law­ yers and other functions tied in,” she ex­ plained. “To be effective, it’s important to

OVERHEARD AT THE ROUNDTABLE

"To be effective, it's important to be cross-functionally integrated and well-embedded in the business processes."

Diana Sands, Boeing

We all struggle with and debate over where should all these different functions sit— compliance, enterprise risk management, audit, enterprise information governance, and corporate governance. There are so many common goals that run through each of these functions. The objective is to structure your organization so you can effectively leverage all of these efforts."

Judy Carter, BNSF Railway

"Every dollar spent on remediation is a dollar the business can't spend on innovation. At the same time, a strong compliance program can improve the quality of the busi­ ness and deliver a sustained return on investment."

William Gordon, Hercules Offshore

"We get really good tone from the top and have really good policies. The struggle is making sure everybody understands those policies."

Eric Bowman, Darling International

"We have a quarterly compliance meeting where we bring lots of people together who don't report up to the CCO. You have HR there and audit, safety, security, cus­ toms, and environmental. We get all sorts of people together who don't normally talk so they can share ideas."

Doug Cotton, American Airlines

"Our goal is to bring order to pieces of compliance that live in a lot of different places. We can improve that by consolidating and rationalizing it and making it more coherent across the enterprise."

Eric Hinton, 7-Eleven

DECEMBER 2014 WWW.COMPLIANCEWEEK.COM» 8 8 8 . 5 1 9 .9 2 0 0 47

— [ERM & INTERNAL CONTROLS}

Above: Forum participants discuss their concerns about and strategies for crafting an effective compliance and governance program.

be cross-functionally integrated and well- embedded in the business processes.”

The unifying factor, what all ultimate­ ly puts them on the same team, is risk. “One of the synergies taking place in the governance space is the ability for compli­ ance, legal, and internal audit to approach challenges from a consistent risk perspec­ tive,” says Steve Koslow, chief ethics and compliance officer for CUNA Mutual Fund Group. “With greater communica­ tion and a common framework for risk analysis these areas can better coordinate the services they provide. If everybody is looking through the same risk lens, risk prioritization becomes an effective means for allocating limited business area re­ sources.”

“We have a quarterly compliance meet­ ing where we bring lots of people together who don’t report up to the CCO,” Cot­ ton said. “You have HR there and audit, safety, security, customs, and environ­ mental. We get all sorts of people together who don’t normally talk so they can share ideas.”

“I often find I’m called upon to be the one putting focus to all those lenses,” Bowman said of his role. “I can speak

legal, I can speak accounting, and I can speak HR.”

Optics M atte r

A world-class compliance function doesn’t only just function well, it can also demonstrate that effectiveness. Faced with an investigation or government in­

quiry, a company cannot just describe its compliance efforts, it must document them. That proof of concept is an effort that extends company-wide. “We may be doing everything right, but we need to demonstrate that we are doing everything right,” it was observed.

Ultimately, no matter the structure or who reports where, “The end game for compliance and auditing is exactly the same,” Carter said. “Each function may get there very differently, but they have the same ultimate goal. Risk is never completely eliminated from any business model, but both functions work to reduce risk as much as possible and minimize po­ tential exposure.” ■

"If everybody is looking through the same risk lens, risk prioritization becomes an effective means for allocating limited business resources."

Steve Koslow, Chief Ethics & Compliance Officer, CUNA Mutual Fund Group

P A R T IC IP A N T S

These panelists participated in the Nov. 6 Compliance Week & Boeing roundtable on structuring compliance and ethics.

Candice Aaron Chief Compliance Officer,

Equipment & Commercial Division,

General Electric

Jennifer Armstrong Enterprise Compliance &

Ethics Director, State Farm

Insurance Cos.

Susan Bounds Director-Corp.

Compliance, AT&T

Eric Bowman Chief Compliance Officer,

Darling International

Judy Carter VP, Compliance

& Audit, BNSF Railway Co.

Doug Cotton Managing Director,

Business Ethics & Compliance Program,

American Airlines

48 WWW.COMPLIANCEWEEK.COM » 8 8 8 .5 1 9 .9 2 0 0 DECEMBER 2014

Boeing's Diana Sands discussed the evolution to "integrated business partner."

Speaking at right: Susan Bounds, director of corporate compliance for AT&T; at left, Candice Aaron, chief compliance officer at GE.

At left, William Gordon of Hercules Offshore; CUNA Mutual's Steve Koslow (center); far right is Doug Cotton of American Airlines.

Art Swanson, assistant general counsel for Dr Pepper Snapple Group, spoke about the differences in approach. Judy Carter of BNSF Railway is at right.

William Gordon Associate General

Counsel, Hercules Offshore Inc.

Eric Hinton Sr. Director of Ethics

& Compliance, 7-Eleven

Steve Koslow Chief Ethics &

Compliance Officer, CUNA Mutual

Diana Sands SVP, Office of Internal

Governance, The Boeing Co.

Art Swanson VP, Assistant General

Counsel, Dr Pepper Snapple Group

Graham Vanhegan Deputy General Counsel,

Corporate, Chief Compliance Officer,

ConocoPhillips

DECEMBER 2014 WWW.COMPLIANCEWEEK.COM » 888 . 519.9200 49

Copyright of Compliance Week is the property of Wilmington Group plc and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.