This series was written by Michael Rasmussen of GRC 20/20 in partnership with Convercent. GRC 20/20 provides insight on governance, risk management and compliance solutions through market research, benchmarking, training, and analysis.
We are at the final stage in working through a CECO SWOT Analysis to help CECOs develop their strategy in 2021 and into the future. Over the past few weeks, we looked at the STRENGTHS, WEAKNESSES, and OPPORTUNITIES of the typical CECO; this week we turn to the THREATS.
As you look to build your strategic compliance and ethics plan in 2021, it is critical to evaluate where you are now in your role, capabilities, and program, and what you need to work on to deliver the leadership and skills to achieve your goals moving forward. To achieve your strategy, it is critical to know the threats that can derail you as you strive to build the culture and integrity of the organization through a compliance and ethics management strategy.
The points below are generalizations, so you may or may not identify with them. But they are good places for discussion, learning, and interaction as the CECO prepares for the future. Here are some threats that can derail the CECO’s strategy if they are left unaddressed:
- Third party risk and compliance in which vendors, suppliers, and outsourcers expose the organization to issues of fraud, corruption, social responsibility, and compliance violations across extended business relationships.
- Keeping a changing organization in sync with changing compliance requirements. The volume of change impacting compliance is staggering. Keeping a dynamic business compliant with ever-changing laws, regulations, and enforcement actions is a huge issue for most organizations.
- Lack of competitive edge as competitors with more agile, effective, and efficient compliance programs outpace the organization in the market as it is encumbered with slow processes and reactive approaches. This stems from:
- Failure to implement adequate compliance and ethics infrastructure and architecture to monitor, mitigate, and respond to compliance and conduct risk of unethical conduct.
- Inadequate integrated GRC technology infrastructure, which reduces the quality and flow of information.
- Siloed processes and systems causing delayed reporting and inconsistent quality and reliability of risk information.
- Document-centric approaches handicap compliance reporting and relative value to the rest of the organization.
- Culture reinforcing compliance communication after an event or incident occurs, rather than proactively identifying and preventing potential problems before they occur.
Which of these elements describe threats to your compliance and ethics strategy? What would you change? What would you add to your list of threats?
Download the complete CECO SWOT Analysis today.