March 8, 2011

Evaluating Your GRC Program’s Effectiveness

Last week I traveled to Houston to be a part of the SCCE’s 2011 Utilities, Energy Compliance & Ethics Conference. While there, I was fortunate to host a panel discussion with three great compliance professionals representing Schlumberger, ConocoPhillips and Chesapeake Energy for an audience of compliance professionals in the energy industry. During our presentation and following discussion, I was able to electronically survey the audience to learn where they stood on the questions we were discussing as a panel.

Four questions were asked. Each was designed to capture a general understanding from the utilities & energy audience’s perspective and was not intended to be statistically relevant. What we anonymously collected was a frank internal perspective on how they view their current GRC programs.

The multiple choice questions and results are as follows:

Where do you believe your company’s compliance program is in terms of maturity and effectiveness?

No one in the room believed that they had an “optimized” program and most considered their program “a work in progress.”

What drives your desire to assess your program’s overall effectiveness?

While the operational and regulatory risks represented the majority of thoughts in the room, it was great to see 22% of the audience acknowledge that a well-functioning GRC program is, simply, good for business.

What is the biggest hurdle you faced, or are facing, while developing your compliance program?

Tracking consistently with recent surveys I’ve read regarding GRC funding availability in 2011 the lack of “financial support” was not considered a significant hurdle. The “lack of resources” was presented as a combination of “people, process & technology” available to the compliance organization. When the survey results were shown, I asked if “organizational complexity” was a new problem and learned that keeping abreast of employee count, geographies served, number of business units and sub-contractors utilized has long been the most daunting task for this audience.

How are you currently managing your compliance matters?

No real surprises here. This information tracks with several of the recent surveys that state more than 50% of compliance professional operate with off the shelf, or limited tools, to manage their compliance programs.

As the discussion continued, a number of people in the audience engaged with the panel around other GRC-related concerns. They included the transition of the Federal Energy Regulatory Commission (FERC) from regulatory agency to enforcement agency as well as the continued expansion (and conflicts) of global regulatory mandates. FERC concerns are not limited to energy and utility organizations, as most regulatory agencies have moved to an enforcement model. Both concerns underscore the need for a comprehensive compliance program that transcends traditional Enterprise Risk Management (ERM). Successful programs allow organizations to broadly collect and analyze data on their current state of affairs. I have been evangelizing transparency into operational risk events for the past five years because working from the actual risks you face versus the perceived risk you think you might face not only illustrates an effective risk and compliance program, it is simply good for business.

If you had been in the audience in Houston, how would you have respond to the survey about your organization’s compliance program effectiveness?


0 Responses to "Evaluating Your GRC Program’s Effectiveness"

Post a Comment

About Me

David Childers
of EthicsPoint

View David Childer's profile on LinkedIn contact david Email Me

Favorite Quotes:

Ronald Reagan
There are no easy answers, but there are simple answers. We must have the courage to do what we know is morally right.

John Quincy Adams
If your actions inspire others to dream more, learn more, do more and become more, you are a leader.

We are what we repeatedly do. Excellence, therefore, is not an act but a habit.

Ray Kroc
The quality of a leader is reflected in the standards they set for themselves.

John Maxwell
The first step to leadership is servanthood.