Carrie Penman

Chief Risk & Compliance Officer

NAVEX

As one of the earliest ethics officers in the industry, Carrie Penman previously served four years as deputy director of the Ethics and Compliance Officer Association, now ECI. A scientist by training, she developed and directed the first corporate-wide global ethics program at Westinghouse Electric Corporation between 1994 and 1999. Carrie now leads NAVEX’s risk management processes and oversees its internal ethics and compliance program.

Carrie has extensive client-facing risk and compliance consulting experience, including more than 15 years as an adviser to boards and executive teams. Carrie was awarded the inaugural Lifetime Achievement Award for Excellence in Compliance 2020 by Compliance Week magazine. In 2017, she received the ECI’s Carol R. Marshall Award for Innovation in Corporate Ethics for an extensive career contributing to the advancement of the ethics and compliance field worldwide.

Articles by the author

2 Jul 2025 Carrie Penman
Watch Out for Hoax Reports to Your Hotline
This article discusses what to do about a rise in hoax reporting and how to handle suspected fraudulent reports to your internal hotline.
Read more
3 Apr 2025 Carrie Penman
Risk Assessment – The Most Important and Least Understood Component of an Effective GRC Program
This article, a chapter from the 2025 Top 10 Trends in Risk & Compliance discusses the importance of risk assessment and most common challenges.
Read more
2 Jan 2025 Carrie Penman
Compliance Program Response to the Incoming Trump Administration
How should my compliance program prepare for the Trump administration? This post by Carrie Penman delivers guidance to help prepare for the changes to come.
Read more
22 Nov 2024 Carrie Penman
Two Individuals Distorted the SEC Office of the Whistleblower Report – and Not Just This Year
This year’s SEC Office of the Whistleblower Report yielded some unexpected results – this article delves into what the bombshell revelations mean for internal and external reporting.
Read more
16 Jul 2024 Carrie Penman
Unintended Consequences: Do Case Closure Time KPIs Influence Compliance Program Effectiveness?
Do you feel that performance metrics to close cases in a certain number of days negatively influences the substantiation rate? If that question has you shifting uncomfortably in your seat, you’re not alone.
Read more
20 Feb 2024 Carrie Penman
Risk & Compliance as a Strategic Imperative for the Board
Each year, NAVEX releases the Top 10 Trends in Risk and Compliance eBook. This post is one of the articles, " Risk & Compliance as a Strategic Imperative for the Board.”
Read more
21 Nov 2023 Carrie Penman
SEC Office of the Whistleblower Annual Report to Congress – 3 Things You Need to Know
On November 14, 2023 the Securities and Exchange Commission (SEC) released its annual Office of the Whistleblower Report to Congress for fiscal year 2023. This post discusses the key findings and compares SEC report to NAVEX reporting data.
Read more
13 Feb 2023 Carrie Penman
The Whistleblower Landscape – Reporting Trend Changes May Compel Organizations to Reassess Their Programs
Each year, NAVEX publishes the Top 10 Trends in Risk and Compliance. This publication features trends and predictions for the year to come and features contributions from experts in the industry. This article discusses trends in whistleblowing and how these trends should influence how organizations think about their whistleblowing programs and processes.
Read more
13 Sep 2022 Carrie Penman
Executive Summary: 2022 Risk and Compliance Survey Benchmark Report
NAVEX is excited to release the 2022 Risk and Compliance Benchmark Report. This post is the executive summary of the report, summarizing survey results from over 1,100 compliance professionals regarding the state of their programs and trends in the profession.
Read more
17 Nov 2021 Carrie Penman
The SEC’s Record Whistleblower Reporting and Payouts Is a Wake-up Call for Organizations and Their Internal Reporting Systems
On November 15th, the Securities and Exchange Commission (SEC) Office of the Whistleblower (OWB) released its 2021 Annual Report to Congress that reports staggering statistics for FY 2021 and should sound warning bells for organizations’ and their internal reporting systems.
Read more
14 Oct 2021 Carrie Penman
Misinformation, Misrepresentation and Miscalculations: The True Cost of Misguided Academic Field Research (Hoax Reports) on Company Internal Reporting Systems
This summer, a series of anonymous (and suspicious) allegations of collusion, accounting fraud and kickbacks started showing up in executive inboxes and online reporting systems. We learned these reports were fictitious and issued from a single source – and it wasn’t the first time this has happened.
Read more
4 Aug 2021 Mary Bennett
New Benchmark Report Reveals Key Risk & Compliance Insights
The 2021 Definitive Risk & Compliance Benchmark has just been released, and it is full of new findings to help R&C programs assess, compare and improve on their practices and procedures. Learn about how the last year has impacted program priorities, performance and more.
Read more
16 Jul 2021 Carrie Penman
Watch Out for Hoax Reports to Your Hotline
Whether filed via email or through an online reporting and case management system, fictitious reports can pose a heightened IT security threat. Here are four recommended steps to take if you receive a suspected hoax report through your case management system.
Read more
17 May 2021 Carrie Penman
Incident Management in 2021: Growth, Variation & Volatility
NAVEX Global’s 2021 Incident Management Benchmark Report validated what many compliance professionals suspected – the impact of the events of the past year on workplace culture will be felt for years to come.
Read more
19 Nov 2020 Carrie Penman
From Compliance to Risk Management to Better Performance
Strong corporate compliance goes hand-in-glove with strong enterprise risk management. That’s the theory, anyway. Here’s how 2020 guidance published by COSO and the SCCE helps compliance and risk officers put that theory into practice.
Read more
30 Jul 2020 Carrie Penman
We Need to Preserve and Protect Whistleblowing in This Time of Challenge
National Whistleblowing Day 2020 is a great time to revisit your company’s process for protecting this critical role: how the data is handled, and how the whistleblower’s identity is protected, by a resilient system. CCO Carrie Penman had this to say in 2019.
Read more
27 Jul 2020 Carrie Penman
DOJ Guidance: Establish an Effective Compliance Program - and Prove it with Data
NAVEX Global’s Chief Risk & Compliance Officer, Carrie Penman, shares her observations about how the DOJ’s new guidance will further elevate the role of compliance professionals and impact the profession going forward.
Read more
7 Jul 2020 Carrie Penman
6 Tips to Go From Disaster Recovery to Business Continuity Planning
Most organizations weren’t prepared with a business continuity plan to help them get through the pandemic. So when COVID-19 hit, the most companies could do was dust off their disaster recovery plans and react. Here are 6 ways to be proactive and shift from disaster mode to a business continuity plan.
Read more
27 Apr 2020 Carrie Penman
Relationships are Important, Now More than Ever
It’s times like these that we realize how meaningful our relationships are to our well-being and health. As the COVID-19 crisis continues, we must continue to rely on each other for strength and support. At NAVEX Global, and with this in mind, we keep the following guidance front and center as we navigate this trying time.
Read more
21 Apr 2020 Carrie Penman
After COVID-19, Where Was the Board?
COVID-19 is testing every part of a corporation, including the board of directors. But what are the board’s responsibilities during this crisis? It’s a question that directors should understand clearly and quickly — because after the pandemic ends, investors sifting through the significant financial losses will start asking the inevitable question: “Where was the board?”
Read more