Reyes, Tricia Ann M. Governance, Bus. Ethics, Risk Mgt., & Int.

Control
2BSA4A Prof. Nilo Iglesias

Discuss the purpose of establishing a compliance system.

What Compliance Is?
Compliance is the set of processes and organization uses to ensure that employees and the organization as
a whole abide by internal rules of conduct and external rules and regulations. It may include your company’s written
values, its ethics policy, the employee handbook, and policies for complying with legal obligations (like taxes and
corporate reporting). In large organizations, it may include or be housed within a general counsel’s office. In smaller
organizations, compliance tends to reside, informally, within the functions of the chief executive officer, chief financial
officer, and head of HR.
Why Compliance Is Important?
Compliance is important for at least eight reasons.

1. Compliance is part of your organization’s duties to its community and stakeholders. The first reason is most basic. If
you run a business (whether for-profit or nonprofit), you benefit from your community’s basic services. In return, you
owe duty to comply with the law. Furthermore, if you use the resources of others (investors, creditors, donors), you
need to be able to assure them that you are regulating the conduct of your employees and that you are complying
with applicable rules and regulations.
Given how obvious this first point is, it’s surprising that smaller organizations sometimes have given little
thought to the compliance function. In particular, nonprofits often act with nonchalance about regulating employee
conduct and scrupulously adhering to regulations and laws. The unstated assumption seems to be that because the
nonprofit is “doing good,” it can be lax about the way in which it does good. That assumption is profoundly risky.

2. Without a compliance function, you cannot reliably build or maintain trust with others. Trust is fostered through three
elements: (1) repeated interactions with another person; (2) honest communication with that person; and (3) following
through on commitments. Organizations cannot ensure that they are meeting element (2) or (3) unless they have
adopted rules about proper communications and proper follow through. The head of the organization can’t be
confident that others are being honest in their interactions unless the organization has adopted rules about honesty
and trained people about the importance of honesty and candor. The leader cannot be confident that people are
following through on commitments unless there are rules and norms that have been adopted and emphasized
throughout the organization.
3. If you have no compliance function, you invite reputational damage. I like to note Warren Buffett’s adage that it takes
20 years to build a reputation and about five minutes to lose one. Research shows that people want to interact with
organizations that have a reputation for honest dealings. It’s therefore no surprise that leaders consistently rank
reputational risk as their number one worry. If you are not trusted in the marketplace, customers are unlikely to work
with you. On the other hand, if you are trusted, customers will give you the benefit of the doubt. Without a strong
compliance function, however, an organization is like the blindfolded man: any step may lead to disaster.

4. Compliance helps define an organization’s “why.” In his book Start with Why, Simon Sinek explains that one can
describe an organization in three categories: what it does, how it does it, and why it does it. Sinek maintains that the
best companies focus on the “why.” “When most organizations or people think, act or communicate they do so from
the outside in, from WHAT to WHY. And for good reason – they go from the clearest thing to the fuzziest thing. We
say WHAT we do, we sometimes say HOW we do it, but we rarely say WHY we do what we do. But not the inspired
companies. Not the inspired leaders. Every single one of them, regardless of their size or their industry, thinks, acts
and communicates from the inside out.” Simon Sinek, Start with Why (2009), at 39.
The “why” of an organization drives and motivates its efforts. One crucial aspect of that “why” is the set of
values and ethical principles that guide the organization’s behavior. A compliance function leads an organization to
determine those values and ethics. It requires the organization to describe those values and ethics sufficiently that
team members understand them and will refer to them. It requires an organization to train team members on values
and ethics, and requires the organization to hold team members accountable for them. In other words, compliance
helps to define the why.

5. Compliance helps define and regulate an organization’s “how.” Continuing reference to Sinek’s work, compliance
also helps an organization define and monitor its “how.” Compliance focuses on what behaviors will and won’t be
permitted in execution of the “why.” As I have mentioned elsewhere, too many people consider compliance as an
exercise in saying no: those in charge of the rules enforce those rules to prohibit behavior.
That misconceives the central contribution of compliance. When compliance is done well, it increases
efficiency and effectiveness because employees have been trained to know, intuitively, how do their jobs and how to
reason through ambiguous situations. Thus, compliance is not designed to generate “no.” It aims for intuitive “yeses.”

6. Compliance can serve as a driver of change and innovation. Some people also view compliance as inherently
conservative. They think the purpose of compliance is to rein in conduct. Again, that’s not true. Compliance instead
can serve as a powerful tool of long-term change. If every day behavior stems from training and codes of conduct,
and codes of conduct stem from values, articulation and modification of values over time can profoundly influence
organizational behavior. In the words of system theorists, values can be a leverage point, and compliance ultimately
focuses on the driving values of an organization.
7. Compliance enhances consistency. Without a compliance function, decisions are ad hoc and made in a vacuum.
Articulated values, ethics policies, and codes of conduct provide reference points for making decisions a matter of
routine. As Peter Drucker explained, “All events but the truly unique require a generic solution. They require a rule, a
policy, a principle. Once the right principle has been developed all manifestations of the same generic situation can
be handled pragmatically; that is, by adaptation of the rule to the concrete circumstances of the case.” Peter Drucker,
The Effective Executive (2006), at 125.

8. Compliance can reduce unforced errors. I end with an important risk management concept. Unforced errors are the
most common risks to organizational performance, and compliance helps prevent unforced errors.

Too many people think about risks in terms of outside forces that can affect an organization. They worry
about crooks and scam artists, customer demands, funder and stakeholder demands, natural disasters, and broad
economic trends and forces. Yet most threats and opportunities are generated internally. This is why Drucker
emphasized that more than 90 percent of effort in even the best run organizations is waste or, worse, activity that
actually harms the organization. This is also one of the core insights of the “lean management” or Toyota Production
System revolution over the last couple of decades. Lean management seeks to make waste visible so that the
organization can improve over time. Compliance can help here, too.

Organizational waste includes disputes and human misunderstandings. A healthy compliance function can
help make that waste visible, by tracking core metrics that may show areas of underperformance and friction. It can
prevent disputes and misunderstandings.

If you are interested in creating a healthy compliance atmosphere for your organization, give us a call to
schedule a free strategy session. In the comments, please also note anything that I’ve missed in my discussion above.
As always, if you found this post useful, please share it with your connections.