September 13, 2018
September 13, 2018
Contributor: Jackie Wiles
Employees empowered to own compliance risk are far more likely to identify and act on risks. Heres how to guide less and empower more.
Sixty-six percent of CEOs expect business model change in the next three years — largely to avoid being “Amazoned” by a new entrant. As organizations change the way they operate, generate revenue and create value for their customers, new compliance risks are emerging — presenting a challenge to compliance, which must identify, assess and mitigate risks like those tied to fundamentally new technologies (e.g., artificial intelligence) and processes.
In today’s disruptive, transformative business environment, compliance-led risk management can’t keep up, but compliance still owns many of the risks that could be managed more effectively and efficiently if owned by business units. Currently, business units are the primary owner of only two of the 25 top compliance risks.
Compliance programs often try to build business ownership of risk by prioritizing risks for the business to address, prescribing specific mitigation actions and monitoring the business’s progress. This hands-on guidance undermines business ownership of risk, reduces the likelihood the business will act on risk and reduces the confidence of employees in managing risks.
“The key to creating meaningful ownership of risk is empowering employees to make decisions about risks themselves,” says Christina Hertzler, practice leader at Gartner. “Empowered employees are significantly more likely to identify and act on compliance risks and are more confident in their ability to manage risks on their own. They are also more likely to overperform against individual, team and enterprise objectives.”
Empowerment translates into greater business ownership of risk because:
However, more than half of all employees don’t feel empowered to manage risks and they tend to be concentrated into pockets of the organization, including mid-level managers, older employees, and those with less than five or more than 20 years of tenure. Region and industry have no consistent impact on empowerment, but the less empowered tend to work in larger companies, in communications, research and development, or quality functions.
More specifically, compliance rarely equips the business to act on risk. One in three employees believe they lack guidance from compliance and ethics on how to take action to address compliance risk. Only 45% of employees believe they can act on their own to reduce compliance risks without seriously disrupting their work processes. Fifty-seven percent of employees say they can’t easily obtain tools and resources needed to address compliance risks.
Read more: 6 Ways Compliance Can Build Data Analytics Skills
To feel empowered, employees must understand their role in acting on risk, feel able to act on risks and feel responsible for risk management. Compliance and ethics leaders therefore need to do three things:
Learn more:Advancing Integrity in the Workplace
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
How corporate changes will impact compliance by 2020
*Note that some documents may not be available to all Gartner clients.