Doing more with less
The “mood in the middle” of an organization is crucial for the success of any company’s compliance program. So, what happens when that middle is undergoing radical transformation?
That question has been on my mind since a recent Wall Street Journal article examining how corporations are thinning the ranks of their middle managers – either cutting the number of managers outright (anywhere from 5 to 30 percent, depending on the company), or just not hiring new managers as the overall workforce grows.
The theory behind the cutbacks is that by reducing the number of middle managers, remaining employees will be more empowered to make decisions and act quickly; therefore the whole organization will be more agile and innovative, and more able to maneuver in today’s complicated business environment.
Whether that question ultimately proves true is above a compliance officer’s pay grade. Instead, we should ponder three more immediate questions.
- What would fewer middle managers mean for the policies, controls and approvals you oversee?
- How do you continue to foster a speak-up culture when most employees want to speak to their direct managers, but those direct managers might now be fewer in number?
- What other levers would you need to pull for risk assessment and remediation, if fewer middle managers can give practical advice on what makes sense?
Let’s take each issue in turn.
Strains on policies, controls and approvals
Corporations use policies to address all sorts of issues: gifts and entertainment spending, conflicts of interest, hiring and promotion practices, and more. If your organization goes through a wave of manager cutbacks, first assess whether your policies and approval processes still make sense.
For example, you might have a policy that large vendor contracts (say, $50,000 or more) must be approved by two local managers – but if your company thinned the ranks to only one manager per location, you’ll need some way to detect that gap and adjust your approval process accordingly.
Along similar lines, manager cutbacks could create new conflicts of interest. Perhaps the vendor you hired is romantically involved with vice president A, so you assigned oversight of the vendor to vice president B – but vice president B is gone, and oversight defaults back to vice president A. A conflict of interest now exists.
Neither of the above examples are particularly difficult to solve, if the compliance team knows these control failures now exist.
That’s the real challenge here. Compliance teams need visibility into how policies and approval processes map to specific controls – ideally, how they map to specific manager roles – and whether those chains of command no longer work due to manager cutbacks.
Robust policy management capabilities, plus close collaboration with HR teams, will get you there. You can identify which policies need adjustment, or which relationships that weren’t conflicts of interest before are conflicts now.
Then you can either introduce compensating controls (“That vendor relationship will now be overseen by vice president C”) or overhaul a policy altogether (“Two-signature approvals will only be necessary for contracts worth $150,000 or more”).
Policy Management Software | PolicyTech
NAVEX One Policy & Procedure Management software is a centralized solution that automates policy creation, approvals, distribution, attestations and tracking.
Risks to a strong speak-up culture
Compliance officers must also ponder how fewer middle managers might affect your speak-up culture.
After all, most employees want to speak up about issues they see in the workplace, but historically their preferred method is to speak to their manager. If you have fewer middle managers, several implications arise.
First, the managers who remain will have larger teams of employees to supervise. That means less time available for speak-up issues, assuming an employee feels comfortable approaching a (potentially new) manager.
Or you might have more senior managers in charge of larger teams. Even if that senior manager has the time to handle speak-up issues and wants to lead with ethics and care, they might simply not understand the issue or how it should be handled.
Compliance officers will have two challenges here.
First, you’ll need to help managers so they can still field employee issues even in a more hectic and overworked environment. That might take the form of new training for them, or simplifying procedures they use to pass along compliance concerns they hear about to you. You might also need to offer subject-specific training to senior managers with new or larger teams, so they understand the allegations they hear from their employees.
Second, think about how to encourage greater use of the whistleblower hotline, since that might be the only viable option for employees when they have fewer managers to approach directly. For example, you might want to launch a new messaging campaign about the availability of the hotline; or even upgrade the technology to make intake more user-friendly and interactive.
Whistleblowing Software & Solutions
Ensure regulatory compliance, engage your people and build trust in your reputation with NAVEX One reporting and whistleblowing solutions.
Risk assessments and remediation
Risk assessments and remediation work could become more difficult, too. A good risk assessment understands how the business operates, and remediation plans respect how the business operates. When fewer managers are around to provide their perspective, both tasks get harder for the compliance team.
So, compliance officers will need to think about new ways to keep their risk assessments sharp and remediation measures sensible. For example, they might need to work more closely with business analysts or internal audit teams and test remediation measures more rigorously.
Maybe you try even more innovative ideas, such as crowd-sourcing ideas for new business controls with employees; or asking artificial intelligence tools to examine your new workflow ideas and find as many holes as possible. Then go back to the remediation drawing board.
The truth is that thinning the ranks of middle managers will affect your compliance program – but you can adjust your program to address that new fact of life.
It will require fresh thinking about how to reach employees, and how risks and controls flow within your organization; and a helping of new technology probably won’t hurt either. No matter how many managers your organization does or doesn’t have, its compliance needs march on.
An all-in-one solution streamlines risk and compliance management
Whether your organization is thinning the ranks in management or is fully staffed and supported, the NAVEX One GRC platform streamlines everything from policy management and training to report intake and disclosures.
GRC Software Platform for Complete Confidence | NAVEX One®
The NAVEX One GRC platform provides a 360-degree view of your people, third parties and processes for a complete risk and compliance solution.
