In today’s fast-paced business world, speed and flexibility are often thought of as the most important qualities a business can possess. It’s important to remember, along with these qualities, that businesses need to possess another quality; a culture of compliance. A failure to build a robust organization-wide culture around responsible and compliant business practices can be devastating to a business and lead to fines, legal penalties, and an erosion of trust from partners, investors, and the public.
A successful culture of compliance begins and ends with buy-in from the C-suite. The so called “tone at the top” permeates through an organization and sets the stage for the employees to perform accordingly. Corporate culture will reflect the incentive system in place. If compliance is held in high regards by the C-suite and used as a basis for incentives and rewards, then the corporate culture will mimic that expectation. A failure to institute an incentive system around compliance will encourage employees to focus on cutting corners and acting in an irresponsible, potentially dangerous manner.
The first step in this process is to perform a risk assessment and develop a risk register based on your company’s business model. You can begin by asking key executives, “What keeps you up at night?” Risks should be rated in terms of low, medium or high based on the organization current culture toward compliance, the inherent nature of the item and the organization’s internal controls around that item.
Things to consider when developing a risk assessment –
- How does the company make money?
- How do we protect our resources (physical and virtual)?
- Where are we vulnerable to loss?
- Who are our primary stakeholders?
- How do we stay ahead of the competition?
Following this risk assessment, a company must develop procedures to strengthen the internal controls around your highest risk areas and perform periodic tests to evaluate the functionality and effectiveness of those controls. Tests should cover both the process and the execution to make sure the controls are functioning as intended.
Challenge your risk register annually based on the results of your internal testing or changes in your business model and make revisions where warranted. Educate employees on the benefits of compliance and perform periodic training around higher risk areas of the operation or areas where the controls were weaker. A company needs to have a clear owner for compliance, entrusted with ensuring that compliance procedures are up-to-date and carefully adhered to. Employees should also be encouraged to report problem areas to those overseeing corporate compliance and should not fear penalties as a result. Compliance is not a one-time act but a consistent organizational focus and an integral part of the organization’s culture.
At Hampshire, along with my team, we have instilled this commitment to compliance throughout the company and across all business units from the top down. We recognize that a strong corporate culture requires both a high level of agreement on what the organizational values are and high level of emphasis from every employee on implementing those values. Each employee of Hampshire buys into this organizational mindset to ensure that the growth of Hampshire can continue in the spirit of our long-held values.