Last week I traveled to Houston to be a part of the SCCE’s 2011 Utilities, Energy Compliance & Ethics Conference. While there, I was fortunate to host a panel discussion with three great compliance professionals representing Schlumberger, ConocoPhillips and Chesapeake Energy for an audience of compliance professionals in the energy industry. During our presentation and following discussion, I was able to electronically survey the audience to learn where they stood on the questions we were discussing as a panel.
Four questions were asked. Each was designed to capture a general understanding from the utilities & energy audience’s perspective and was not intended to be statistically relevant. What we anonymously collected was a frank internal perspective on how they view their current GRC programs.
The multiple choice questions and results are as follows:
Where do you believe your company’s compliance program is in terms of maturity and effectiveness?
While the operational and regulatory risks represented the majority of thoughts in the room, it was great to see 22% of the audience acknowledge that a well-functioning GRC program is, simply, good for business.
What is the biggest hurdle you faced, or are facing, while developing your compliance program?
Tracking consistently with recent surveys I’ve read regarding GRC funding availability in 2011 the lack of “financial support” was not considered a significant hurdle. The “lack of resources” was presented as a combination of “people, process & technology” available to the compliance organization. When the survey results were shown, I asked if “organizational complexity” was a new problem and learned that keeping abreast of employee count, geographies served, number of business units and sub-contractors utilized has long been the most daunting task for this audience.
How are you currently managing your compliance matters?
No real surprises here. This information tracks with several of the recent surveys that state more than 50% of compliance professional operate with off the shelf, or limited tools, to manage their compliance programs.
As the discussion continued, a number of people in the audience engaged with the panel around other GRC-related concerns. They included the transition of the Federal Energy Regulatory Commission (FERC) from regulatory agency to enforcement agency as well as the continued expansion (and conflicts) of global regulatory mandates. FERC concerns are not limited to energy and utility organizations, as most regulatory agencies have moved to an enforcement model. Both concerns underscore the need for a comprehensive compliance program that transcends traditional Enterprise Risk Management (ERM). Successful programs allow organizations to broadly collect and analyze data on their current state of affairs. I have been evangelizing transparency into operational risk events for the past five years because working from the actual risks you face versus the perceived risk you think you might face not only illustrates an effective risk and compliance program, it is simply good for business.
If you had been in the audience in Houston, how would you have respond to the survey about your organization’s compliance program effectiveness?