The proliferation of chief compliance officers in corporate America dates back to 2002, when Cynthia Glassman - a Securities and Exchange Commission commissioner at the time - called on companies to appoint a "corporate responsibility officer."
With all due respect to Ms. Glassman and compliance officers everywhere, there already is a chief compliance officer on the management team - the chief financial officer.
Another concern, however, is emerging in the market. While some talk about compliance and some talk about risk, nobody within the organization is bringing these disciplines together, integrating them into a holistic practice. As a result, GRC - governance, risk and compliance - means nothing to everybody or everything to nobody.
The solution for many companies may be found in the corporate governance officer.
The CGO is likely to be more valuable than the CCO simply due to the relationship between compliance and governance. Operational risk identification and mitigation are the foundations of compliance and are the basis for the controls and policies that compliance reporting executes.
Specifically, compliance processes serve as a data acquisition layer, gathering information during the testing and monitoring of controls and data.
With that foundational data layer in place, companies can begin managing risk with analytics solutions that interpret the compliance information and generate options for mitigating identified risks. Finally, governance solutions can be introduced to evaluate the available options, determining the most appropriate course of action.
The CCO's responsibilities, then, are really the chief financial officer's job. Once compliance and compliance reporting are under control, the company is in a position to better evaluate, understand and mitigate risks over time. And those capabilities blend with corporate wellness or corporate governance, which is really focused on making the most out of a business, making it more valuable after taking into account all of the risks, strategies and reporting.
That said, the chief financial officer might have a compliance officer in the company who reports to them. That compliance officer might be the head of internal audit or the vice president of finance, but the larger role combines compliance, risk and governance - in that order - to increase business value under the guidance of a governance officer.
No single technology set addresses all of the CGO's concerns.
Contrary to what some vendors, analysts and industry observers may advise, an IT GRC platform isn't a silver bullet. An IT GRC platform is great for IT issues - general computer controls, operational controls and the like. But it completely ignores business and other procedural and even philosophical issues, all of which must be combined - along with IT issues - into one corporate strategy. So while there's no single GRC technology set, there is most definitely a single, overarching GRC vision that must be driven throughout the organization.
That's why the CCO takes a backseat to the CGO.
Quite frankly, the CGO is the person with the overriding vision. The CGO is also the person who sits in the executive team's collective head, serving the needs of the chief executive officer, the chief financial officer and the chief operating officer.
In a lot of companies, those needs are being met by a committee comprising the chief information officer, the chief information security officer, the audit committee, and the board of directors, among others.
Relative to more familiar C-level positions, the CGO is still emerging in the corporation. Expect the CGO to follow a growth curve similar to the chief marketing officer, another relatively new member of the C suite.
The CMO position relieves the CEO, who is really the person in charge of corporate strategy and execution. But the CMO emerged in response to the opportunities and challenges associated with creating and applying concentrated messaging throughout the company, from sales and marketing to distribution, channel management, customer service and beyond.
Likewise, the CGO will continue to grow as more companies take advantage of their opportunity to create and apply a unified GRC vision throughout the company, and thereby improve overall value.
John H. Capobianco is president and CEO of Lumigent Technologies Inc., a provider of automated governance, risk and compliance software.
Register or login for access to this item and much more
All Accounting Today content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access