Skip to content.

Organizational culture, ESG measurement, and internal reporting practices are opportunities for improvement

PORTLAND, Ore.—September 13, 2022NAVEX, the leader in integrated risk and compliance management software, today announced the publication of its 2022 Definitive Risk and Compliance Benchmark Report. Based on a survey of over 1,100 risk and compliance (R&C) professionals from around the world, the study shows a gap between current practitioner focus and the priorities—like organizational culture, internal reporting, ESG measurement and risk assessments—that define robust, successful R&C programs today.

The resilience of R&C leaders has been put to the test in recent years as the profession adapted amid the significant, ongoing workplace shifts brought on by COVID-19 and a stream of new regulatory guidance. The study put a spotlight on the opportunity to prioritize organizational culture as a major driver of ethical behavior. When asked to indicate the importance of compliance issues to their organization, 66 percent of respondents rated regulatory compliance as being “absolutely essential.” Yet, only 39 percent rated organizational culture as “absolutely essential” or “important”. This disparity presents an opportunity for not just R&C professionals, but organizational leaders alike, to evaluate, improve and emphasize their focus on organizational culture as a gateway to strong risk and compliance programs.

The report’s other key findings include:

  • Regulators’ focus on whistleblowing and non-retaliation isn’t matched by practitioners. Across the study, respondents indicated a surprisingly low level of prioritization for enabling and protecting reporters of misconduct. While R&C practitioners have long recognized reporting as critical in detecting and addressing risks and patterns of misconduct, this year’s survey suggests the focus on internal reporting—and the predictive value of this information in identifying and mitigating risk—leaves room for improvement.
  • Risk assessments can be better leveraged. More than one-quarter of respondents (26 percent) report their organization’s risk assessment is either not current or not subject to periodic review. In addition, less than half (47 percent) said their assessments are informed by continuous access to operational data across the organization. As a result, a significant portion of organizations are missing out on the most valuable elements of these assessments.
  • Leadership’s commitment to compliance can be challenged when facing competing priorities or business objectives. Just less than half (48 percent) indicate that senior leadership and midlevel managers remained committed to compliance when faced with competing interests and/or business objectives. Despite a strong majority of respondents who said leaders encourage compliance within their organizations, the study finds that many leaders do not consistently model ethical and compliant behavior. This lack of follow-through can significantly undermine the organization’s culture and send mixed messages as to appropriate behavior.
  • R&C leaders must adapt to evolving workforce dynamics. With 95 percent of respondents indicating their organization has a plan to address post-COVID work—whether in-person, hybrid or remote—many R&C leaders will face evolving workforce dynamics as a result. For example, ensuring high-performing remote employees are not passed over for career advancement versus peers with more in-person exposure. R&C professionals will play a leadership role in molding new working models that enable a culture of ethics, trust and fairness, no matter where an employee is located.
  • While clear ESG metrics and standards are not yet established, the area is gaining attention from customers, employees, leadership and investors. More than half (56 percent) of respondents said their organization’s Environmental, Social and Governance (ESG) program has support from the CEO. About the same share (54 percent) said ESG was either “very important” or “absolutely essential” in their organization’s decision-making process. However, nearly half (48 percent) of respondents said their organization does not yet use any frameworks or standards to measure ESG factors or program performance indicating that ESG programs are still early in development.

“While risk and compliance leaders, and their organizations, have often operated under changing circumstances, those conditions and the lessons learned from them can ultimately strengthen their programs and their organizations as a whole,” said Carrie Penman, NAVEX Chief Risk & Compliance Officer. “Focusing on the importance of healthy organizational cultures and establishing strong feedback loops that embrace the voice of employees are hallmarks of mature organizations. Ethical cultures ultimately drive strong risk and compliance outcomes that benefit the business and all its stakeholders.”

To learn more, download the full report here.


NAVEX is the recognized leader in risk and compliance management software and services, empowering thousands of customers around the world to manage and mitigate risks with confidence. NAVEX’s mission is to help customers promote ethical, inclusive workplace cultures, protect their brands, and preserve the environment through sustainable business practices. For more information, visit and our blog. Follow us on Twitter and LinkedIn.