(Note - this post is written for compliance officers by Spark Compliance Consulting's CEO, Kristy Grant-Hart)
Do you need a compliance program evaluation? And if so, should it be done by an outside party? It can be scary to allow an outsider to perform an assessment. I know this first hand – when I was in-house, I remember being deeply uncomfortable when we brought in the evaluators. Would the assessor say my program was terrible, which would embarrass me or make me look bad? Would they say everything was great, when I knew there were unresolved problems, and then management wouldn’t hear my requests for more resources? Was it worth subjecting myself and the program to a review?
The short answer is yes, it was not only worth it, my program benefitted for years to come. Here are four reasons why that’s true:
No. 1: Program Evaluations are Expected Under Regulatory Guidelines
Make no mistake, the Federal Sentencing Guidelines say that to companies need to “evaluate periodically the effectiveness of the organization's compliance and ethics program.” Likewise, ISO 37001 requires auditing of the anti-bribery program on a regular basis. Obtaining and maintaining certification requires it.
There’s good reason regulators expect program reviews, because you can’t improve without them. Why is it critical to have an external reviewer? Because…
No. 2: You Can’t Effectively Audit Your Own Work
The number one rule of auditing is that you can’t audit your own work. Why? Because there’s an inherent conflict of interest. Of course, you think your compliance program is done to a good standard – or at least the best you could do with the resources you were given. But how can you say that without getting defensive? The truth is, you can’t audit your own work effectively. There will always be blind spots, and having an outside party performing the evaluation means that you will get an objective view of what’s working and what isn’t.
No. 3: Your View is Limited
I’ve performed many, many evaluations and assessments of compliance programs. In doing so, I’ve seen that many compliance officers have a deeply limited view. It’s not their fault – they only see their own program in-depth, while an outside party will have a much broader view, having worked with companies across the world and across numerous industries. One company I evaluated had such a thorough due diligence process that it was destroying the company’s ability to do business effectively. They were proud of the program of course- but as it wasn’t proportionate to the risk they faced, there were definitely ways to improve efficiency.
Another company I assessed thought that their program was totally managing the risks they faced, which they categorized so narrowly that they didn’t realize they were not complying with their European business-related obligations under the UK Modern Slavery Act and EU General Data Protection Regulation. You don’t know what you don’t know, but an outsider can help you to learn.
No. 4: Confirm What You Already Know
While it can be extremely frustrating, the truth is that management frequently believes outside expertise more than internal expertise. Alan Weiss, the author of, The Consulting Bible, tells the story of an engagement he had where the HR team hired him to do an assessment. He was concerned that he’d come up with the exact same recommendations that HR had already given to management. To his shock, the HR team was delighted, as his voice confirmed what they already knew, and allowed them to make a stronger case for the resources they needed.
The same is true in compliance. Getting outside confirmation that you really do need more people to do an effective job, and that other companies your size and in your industry have more people and resources than you do means that management is more likely to give you what you need.
In addition, when a company pays for outside advice, it’s more likely to listen to it, as it has invested a substantial amount of money to obtain the advice. This can only work in your favor as a compliance officer.
Getting an outside evaluation lets you know exactly where you stand. It can also help your management to see what you’re doing well, and where you need more resources. A good external evaluator can also give you crucial recommendations to make your program more efficient and effective. Outside evaluations can be scary, but it’s worth pushing past the fear to make your program the best it can be.