Respondents Felt Commitment to Programmes Wavered When Faced with Competing Business Objectives
PORTLAND, Ore., August 3, 2021 – NAVEX Global®, the leader in integrated risk and compliance management solutions, today announced the release of its 2021 Definitive Risk and Compliance Benchmark Report. Based on a survey of over 1,000 risk and compliance professionals, the study indicates that, while senior leaders and managers are supportive of compliance overall, their support wavers in situations with conflicting interests or business objectives.
Performance through the pandemic got high marks by respondents. Separately, those surveyed had a more nuanced view of leadership support. They felt positive about executive commitment overall, with nearly three-fourths (71%) saying their senior leaders demonstrated a commitment to compliance. However, when asked if those same leaders persisted in that commitment when faced with competing interests or business objectives, far fewer (46%) agreed. Management levels saw an even wider gap in these results with 75% showing a commitment in general, but only 38% persisting in the face of competing interests or business objectives.
“These responses are the clearest examples yet of the need for strong, consistent, demonstrable and unwavering support of compliance objectives from organisational leadership,” said Carrie Penman, Chief Risk and Compliance Officer, NAVEX Global. “These findings highlight the potential impact of significant organisational pressure to meet objectives on the behaviors of both senior and line leaders and the potential damage to an organisation’s culture when these types of mixed messages are delivered. Noting that these questions are sourced from the U.S. Department of Justice’s Evaluation of Corporate Compliance programmes means they are the same questions prosecutors could be asking in the event of a compliance failure.”
The study also yielded several notable results regarding the COVID-19 pandemic’s effect on compliance programme priorities and workplace culture. Overall, it found many organisations had successfully navigated the pandemic, though it found room for improvement in some key areas.
The COVID-19 pandemic was a defining factor for many risk and compliance programmes over the last year. Although it did not significantly disrupt programme performance, it did make developing and implementing remote workplace policies a top concern. Updating or creating a business continuity plan also became a top priority; 80% of respondents who had a business continuity plan in place said it helped mitigate the pandemic’s impact.
“As organisations emerge from the pandemic, risk and compliance professionals must have the top-down support and adequate resources needed to address their programme’s evolving risk-based priorities,” Penman said. “It’s clear from our ongoing studies that programmes are maturing and becoming increasingly sophisticated, but with that must come the staffing and funding needed to ensure progress continues. This is especially important in areas like data analysis which allow for making more informed business decisions.”
The survey also found the pandemic had relatively little impact on workplace culture. Half of those surveyed said the transition to work-from-home environments had no net impact on workplace culture, with the other half just as likely to say it improved culture as they were to say otherwise. It is notable that non-managers were significantly less likely than management to feel there was a negative cultural impact.
When it comes to integrated risk management, most respondents indicated that their governance, risk and compliance capabilities are at least partially integrated, with only 16% of respondents reporting their risk management practices are siloed with no plans to integrate.
Despite clear recognition of the need to manage risks holistically, no one role has emerged as the clear leader for this integration. Respondents were divided on who manages their risk integration strategy—among the positions named were Chief Risk Officer (17%), Chief Compliance Officer (13%) and even the CEO (12%) among several other positions and titles. However, advanced R&C programmes were significantly more likely to have a Chief Risk and Compliance officer, placing compliance and risk management under a single role.
This year’s survey also inquired about Environmental, Social and Governance (ESG) programmes. Surprisingly, while ESG support from the top is high, with 69% of respondents reporting CEO support, only a third say their ESG program has dedicated personnel or budget. Respondents also indicated that ESG programmes are the least automated, with only a quarter indicating they used purpose-built solutions for program administration.
Additional key findings include:
One-third of respondents indicated their organisation experienced a data privacy/cybersecurity breach during the previous year.
Most respondents felt their risk and compliance programmes are under-resourced in both staffing and funding:
- Only a third (34%) of respondents rated their access to staffing and funding as “good” to “great.”
- However, existing risk and compliance staff is well qualified and well trained; two-thirds (69%) of respondents say their risk and compliance personnel have appropriate experience and qualifications.
Risk and compliance professionals are getting better at obtaining data and utilizing technology:
- 61% of programmes surveyed use purpose-built solutions to automate at least one element of their risk and compliance program.
- Over half (54%) of respondents rated their access to operational data across the enterprise as “good” to “great.”
- However, only a minority of programmes use the data they glean to measure, monitor, assess and allocate resources.
Nearly half (49%) of compliance programmes track diversity metrics and 56% of respondents indicate they intend to provide diversity and inclusion training within the next three years.
To learn more about the NAVEX Global 2021 Definitive Risk and Compliance Benchmark Report, join NAVEX Global’s webinar on Tuesday, August 3 at 10:00am PT, which will offer a summary discussion of the report and insight that will help CCOs and other programme managers see how their efforts stack up against peers and more.
About NAVEX Global
NAVEX Global is the worldwide leader in integrated risk and compliance management software and services. Our solutions are trusted by thousands of customers around the globe to help them manage risk, address complex regulatory requirements, build corporate ESG programmes and foster ethical workplace cultures. For more information, visit NAVEX Global’s website and our Risk & Compliance Matters blog. Follow us on Twitter and LinkedIn.