When the Going Gets Tough, the Tough Get Control
Managing Internal Controls and Corporate Governance with Fewer Resources
During challenging economic times, one of the first casualties is often governance and compliance. As leaders make the tough decisions about who to let go and who to keep, it can be tempting to cut overhead by reducing resources in all areas of the organization, including ambassadors of compliance. And as a result, many companies are forced to do more with less, even as the level of effort and cost of compliance continues to rise in order to meet regulatory expectations.
If the prospect sounds dismal, it is. But it doesn’t have to be. With a clear understanding of the risks, and with proper planning to address those risks, it’s possible to make the hard choices that are necessary in a downturn – and still accomplish critical activities to maintain internal controls that enable compliance. To succeed in striking this careful balance, it’s critical to be aware of the underlying issues and contributing factors, as well as the actions to take to reduce risk.
What leads to compliance risk?
Compliance risk emerges and grows when challenging circumstances combine with a lack of understanding of the consequences of a company’s actions. Placing an increased emphasis on revenue when a company is in deep economic trouble isn’t necessarily a bad thing. However, doing so without regard for the possible consequences can lead to real trouble. It’s important to recognize that the pressure to perform could lead people to cut corners so they can close a deal – fully aware that in the process they failed to follow due diligence and compliance measures to protect the organization’s interests.
Similarly, yielding to economic pressures by reducing the workforce isn’t the problem; it’s how the workforce gets reduced that’s the issue – for example, when a company cuts staff without an adequate understanding of the extent of that team’s responsibility. Such an approach can leave the department with inadequate resources to handle ongoing workloads, or without the proper cross-training for remaining staff to do the work that was being performed by those who got laid off. The people who are left then begin to cut corners on controls, creating the very real possibility that something will eventually fall through the cracks and give rise to serious compliance issues.
The restructuring that often comes with layoffs can also set up people for failure. For instance, they may no longer know who to ask for help if they’re having trouble meeting their job responsibilities – especially when more work or unfamiliar tasks are being sent their way due to workforce reductions. Fearful of losing their jobs, they may try to just figure it out themselves; when that doesn’t work, they may rationalize whatever they do (or don’t do) next.
The dangers of rationalization
“We’re doing the best we can with what we’ve got.” “It’s more important to get the deals done that keep the doors open.” “No one can do the same amount of work with half the staff.” When times are tough, there are always plenty of ways for people to rationalize cutting corners in governance and compliance. And, while all those things people tell themselves may very well be true, they won’t go very far with company management or regulators who don’t care whether people tried their best, only whether they fulfilled their commitment to compliance.
Rationalization, whether on the part of management or staff, is a major contributing factor to the “it’s just impossible” mentality that often pervades companies in crisis when it comes to managing controls. That mentality prevents people from giving governance the critical attention necessary during a difficult time. But with the right attitude and information, action is possible – and it consists of five straightforward steps.
5 steps to take during challenges times:
1. Anticipate changes
If your company is contemplating layoffs, it’s important to anticipate and plan for the changes that will ensue. How many people will have to be cut? What areas will that affect? What’s the timeline for these changes? Identify business, technology and compliance activities that will be affected, and seriously consider implementing a change management program to navigate through the details.
2. Understand job responsibilities
To minimize the impact of layoffs, it’s critical to understand the responsibilities associated with various jobs. Knowing each individual’s daily job responsibilities makes it easier to determine the impact of layoffs. Understanding workflows, material resources, supervisor responsibilities and key activities supporting compliance is also critical to being prepared for change.
3. Set priorities
Prioritizing tasks is the first step toward determining what absolutely must be done and how to do it. If some priority tasks are going to be reassigned due to layoffs, think about what training may be needed to ensure a smooth transition. Or take the opportunity to consider whether there are better ways to do things – if, for example, automation might help alleviate some of the burden.
4. Communicate clearly
Communicating top management’s commitment to integrity is vital to creating an environment in which people treat governance as a priority. It’s easier to say “I’m just going to cut corners this one time,” if no one at the top is saying anything to discourage it. Other important messages to communicate include changes in personnel responsibilities and, for external audiences, changes in contacts.
5. Build in monitoring
Monitoring helps ensure that all daily tasks and supporting governance roles are taking place as they should. In addition, introducing metrics and tracking mechanisms makes it easy to see when governance-related goals and milestones are being achieved.
A culture of integrity is critical to maintaining governance and compliance in a volatile climate; such a culture can decline rapidly when companies fail to prepare for change. In the face of such a failure, people who still have jobs related to controls and governance may no longer know what their responsibilities are or how to handle them – and management may be ill-prepared to give them guidance. It’s easy in these circumstances to rationalize poor performance and let things slide. A better choice, though, is to follow the steps described here and lay the groundwork for a well-governed, compliant organization, even in the toughest business climate.
If you need some outside help, Bridgepoint Consulting has a team of industry experts who can help you navigate the complexities of governance and compliance. We provide advisory services to help companies of all sizes solve complex challenges and support a broad range of organizational transformation services. Learn more about our comprehensive Risk & Compliance services here.
You may also like:
- Best Practices for Reducing Third-Party Risk Through Vendor SOC Reports
- Cybersecurity – Where does your data go at night
Follow us on Twitter and LinkedIn for the latest insights, best practices and resources to help grow and manage your business.
By Jeanne Metz
Jeanne has managed the successful implementation of many internal audits and Sarbanes-Oxley 404 compliance projects. Her organized and efficient execution of compliance work has given her experience in analyzing, remediating deficiencies, and testing financial processes.