stateofcompliance

PwC State of Compliance 2015 Survey: Moving beyond the baseline to gain a competitive edge pwc.com/us/stateofcompliance October 1, 2015 With you to...
Author: Milo Waters
24 downloads 0 Views 855KB Size
PwC State of Compliance 2015 Survey: Moving beyond the baseline to gain a competitive edge pwc.com/us/stateofcompliance

October 1, 2015

With you today

Insert pic here

Gary McDonald Director [email protected] 703-918-6002

Insert pic here

PwC

Will Maher Director [email protected] 703-677-6818

2

Agenda

About the state of compliance 2015 Survey

Moving beyond the baseline: Themes

Key findings

Questions

PwC

3

About the State of Compliance 2015 Survey

PwC

4

About the State of Compliance 2015 Survey • Fifth annual survey

• Over 1,000 participants • Senior executives with responsibility for compliance — Includes Chief Compliance Officers, Chief Risk Officers, Chief Legal Counsel and Chief Audit Executives — US and non-US-based companies — Representing over 20 industries — Companies with revenues ranging from $25B

• Survey aimed at: — Exploring how organizations have developed their compliance functions — Better understanding how compliance functions manage the increasing demands of numerous stakeholders — Determining how compliance organizations are positioning themselves for the future PwC

5

Moving beyond the baseline: Themes

PwC

6

Moving beyond the baseline

• Baseline compliance remains job one for compliance officers, but must be supported with compliance knowledge and skills up-and-down government contracting organizations • The regulatory environment continues to get more complex with demands expanding across all sectors such as the areas of cyber security and internal actor threats • However, our data suggests compliance functions have experienced only incremental change

• CEOs see the impact of regulatory compliance on achievement of business objectives as a big concern as issues or allegations can be costly, disruptive, damage the organization’s reputation, and interfere with obtaining new work -- all impacting competitiveness! • Now is the time for CCOs to raise their profile and leverage the compliance function to gain a competitive edge PwC

7

The challenges are even larger for government contractors given the highly regulated environment in which they operate, and specific compliance risks associated with: • The False Claims Act and the multitude of actions that can lead to allegations of a FCA violation • Defective Pricing and the human actions or omissions that could conflict with a certification • Department of Labor regulations and additional requirements for contractors, the Office of Federal Contractor Compliance Programs and corresponding risks • Contract Specific Requirements associated with performance, delivery, quality, environmental, health or safety • Government Auditors seeking out instances of fraud or wrong doing • Whistleblowers proceedings present special challenges

PwC

8

5 themes from PwC’s State of Compliance 2015 Survey

1

The compliance function should actively participate in the setting of corporate strategy, such as managing risks of business change.

2

Owners of compliance obligations should be aware of what “compliance” entails across the organization as well as understanding the scope of their own responsibilities.

3

The compliance function should collaborate with business owners of compliance obligations.

4

Compliance leaders should evaluate and potentially re-imagine the identity of their function, especially if it has fallen behind.

5

Compliance officers should explore ways to increase operational efficiency and effectiveness.

PwC

9

Key findings

PwC

10

Theme 1: The compliance function should actively participate in the setting of corporate strategy

78%

of CEOs are concerned about overregulation

50%

PwC

38%

of CEOs expect to increase headcount

of CCOs saw an increase in staffing, while 36% saw no change and 8% saw a decrease

11

Turning to the CCO for help in guiding corporate strategy

How is the Chief Compliance Officer/Corporate Compliance function engaged in the development and implementation of your organization’s business strategy?

As part of the annual business strategy development meetings

35%

Assists in the implementation 18% of business strategy once decisions are made

PwC

Addresses issues that arise after business strategy is implemented

15%

Is not involved in developing or implementing business strategy

17%

Only about one-third of CCOs or compliance functions are involved in strategy development meetings, and almost 20% play no role in strategy development or implementation.

12

For government contractors, areas of strategic change that can frequently benefit from compliance management insights include: • Entering new service areas or customers that may require new processes/systems, specialized skills, quality capabilities and/or certifications • Acquiring a business and risks associated with: • Conducting adequate acquisition compliance due diligence to: • Identify and understand legacy and potential future compliance risks • Mitigate those that can me managed and understand probabilities and potential impacts of those that cannot

• Managing new service areas or capabilities • Post-transaction integration and change management, such as training on new procedures and the ethics and compliance program

PwC

13

Theme 2: Owners of compliance obligations should be aware of what “compliance” entails across the organization as well as understanding the scope of their own responsibilities

PwC

14

Questions for you to consider:

• Does your organization have a complete framework and system of compliance processes with: • Assigned ownership of compliance responsibilities, • Execution capabilities, • Oversight/monitoring, and • Assurance … for all relevant risks? • If you do, is it all working?

PwC

15

CCOs should know how their organizations manages all compliance obligations and issues throughout the company Does the Corporate Compliance function have direct, primary “ownership” or accountability for each of the following at your organization? Direct ownership

PwC

Code of Conduct

86%

Ethics Program and Controls

84%

FCPA/ Anti-bribery and Anti-corruption

76%

Investigations

71%

Hotline

68%

Compliance Audit

68%

Policy Process Management

63%

Privacy and Data Protection

60%

Third Party/Vendor Compliance

52%

Records Retention

49%

Enterprise Risk Management

43%

Export compliance

32%

Internal Audit

31%

Import/ Customs Compliance

29%

16

Theme 3: The compliance function should collaborate with business owners of compliance obligations

The compliance function should develop a framework to help the business manage compliance issues. The framework is an effective tool that CCOs can use to engage with business peers throughout the organization.

PwC

17

Collaboration means being visible, accessible, approachable, and engaged with others throughout the organization. • Collaboration is and effective tool to combat communication gaps that occur naturally in organizations • While active collaboration may be more difficult in some environments than others, questions to ask include: • Do you or your staff get time out of meetings and other work load to “walk the floor”? • Do you get to know many employees and the process and compliance owners? • Do you recognize needs and provide tactical advise and guidance on compliance matters? • Do you communicate fluidly with SMEs that are essential to maintaining compliance? • Are employees comfortable with bringing or discussing concerns directly with you (e.g., sooner rather than later)? PwC

18

Top of mind risks are not usually the purview of CCOs Select your top 3 areas in terms of future perceived level of compliance-related risk to your business over the next 5 years (i.e. to 2020)? 2015 Data security Privacy and confidentiality Industry-specific regulations Bribery/corruption Supplier/vendor/third-party compliance Conflicts of interest Fraud Consumer protection Regulatory quality Money laundering Business continuity Intellectual property Employment and labor compliance Import-export controls/trade compliance Government contracting Safety/environmental Records management Fair competition/Anti-trust Corporate social responsibility Social media Insider trading Ethical sourcing Physical security PwC

2014 Industry-specific regulations Privacy and confidentiality Strategic risk Bribery/Corruption Conflicts of interest Fraud Regulatory quality Security Business continuity Supplier compliance Intellectual property Consumer protection Import-export controls/trade compliance Money laundering Safety/Environmental Government contracting Fair competition/Anti-trust Corporate social responsibility Ethical sourcing Employment labor compliance Social media Records management Insider trading

31%

47%

27% 24% 24% 22% 17% 14% 12% 12% 12% 8% 8% 8% 7% 6% 6% 6% 5% 4% 4% 3% 2% 1%

26% 20% 16% 16% 16% 16% 15% 12% 11% 11% 11% 10% 10% 9% 9% 8% 8% 7% 7% 7% 6% 5%

19

Theme 4: Compliance leaders should evaluate and potentially re-imagine the identity of their function Does your organization have a named Chief Compliance Officer/Chief Ethics and Compliance Officer?

To whom does your Chief Compliance Officer of Chief Ethics and Compliance Officer report? 31%

General Counsel/ Legal

1%

24%

26%

Chief Executive Officer Board of directors/ Audit Committee

Yes

No

8%

Chief Risk Officer

76%

Don't know

21%

Chief Audit Executive

2%

Chief Financial Officer

2%

48%

Who functions as your organization’s compliance officer? Respondents who do not have a named CCO or CECO but who do have someone else who functions in this role

PwC

10%

6%

6%

5%

5%

5%

4%

4%

3%

2%

1%

1%

20

0%

Questions to consider in imagining the future of your compliance function: • Will it be reactive focusing on limiting damage and recovering from noncompliances or allegations - or Proactive, building and/or maintaining a capable prevention focused program with processes, compliance ownership and subject matter expertise where it matters? • Are you addressing a limited number of high risk areas - or • Using a risk register to assign coverage and ownership on a broader basis (e.g., moderate risks)?

PwC

21

Theme 5: Compliance officers should explore ways to increase operational efficiency and effectiveness

Does your Chief Compliance Officer/ Corporate Compliance function actively measure compliance cost to your organization?

What elements does your Corporate Compliance function consider to help define aggregate compliance cost when determining budgets or articulating program value?

24%

41%

35% Yes

PwC

No

Direct operating costs Compliance-related initiatives Systems and tools Third party (e.g. contingent workers, contractors, consulting fees) Indirect operating costs Direct cost of non-compliance Other Don’t know

74% 69% 57% 55% 51% 36% 2% 12%

Don't know

22

The cost of compliance may not always be well understood, and attempts to increase efficiency and effectiveness may be relative in nature • Is the cost of non-compliances or allegations of non-compliances determined, such as: • Investigations • Proceedings • Outside counsel, consultants and experts • Penalties • Opportunity losses • Reputational damage… • Cost avoidance and elimination of redundancies are the key areas for efficiency and effectiveness gains.

PwC

23

5 ways to move the compliance function forward

1

Actively express an interest in participating in strategy decisions, and proactively articulate to the CEO the strategic value that compliance can deliver.

2

Review the strategic plan and develop ideas for addressing new or unusual compliance risks, or leveraging them to gain competitive advantage.

3

Forge close relationships with key business leaders throughout the company and offer insights to help the business identify and mitigate risks related to compliance issues.

4

Define (or redefine) the scope of compliance across the organization and build partnerships with compliance owners within the business to ensure that all issues are being managed effectively.

5

Implement efficiency initiatives to improve the effectiveness of the compliance function and reduce compliance-related costs.

PwC

24

Questions

???

PwC

25

Biographies Gary McDonald As a Director in PwC’s Government Contracts Practice, Gary advises government contracting clients across industries on strategic and operational capability improvements to enhance competitiveness and manage risks. With over 20 years of experience working and consulting in the aerospace and government contracting industries, Gary's primary focus is in the areas of government contractor performance improvement and compliance with Federal Acquisition Regulation (FAR), government Cost Accounting Standards (CAS), and other contract requirements. Engagement activities frequently include performing comprehensive organizational performance reviews and needs assessments, compliance assessment, strategic planning, business process improvement, organizational restructuring/realignment and operational capability development. He utilizes his knowledge of competitive industry practices and cost structures to drive compliance, financial and operations improvements. Gary supports various parties involved in government contractor business transactions, including bid due diligence, posttransaction operations structuring and planning, and mergers, acquisitions and carve-out implementation support. Gary provides due diligence support for government contractor business transactions such as target contract risk identification and assessment. Gary previously managed government contract compliance operations for a major professional services firm, including Contracts Management, Finance, Proposal Development and Risk Management. He has managed IT operations for a division of an aerospace and defense contractor, including government contract compliance and reporting applications. He also has over 14 years of experience in space flight hardware development and large contract program management in support of NASA scientific missions. Gary holds a B.S. in Engineering from Lehigh University and a M.B.A. in Finance from The George Washington University. He is a member of the National Defense Industries Association, Public Services Council and the Society for Human Resources Management.

PwC

26

Biographies Will Maher Will Maher is a Washington-Metro based Director in PwC's Governance, Risk, and Compliance practice. Will has over 15 years of experience within the A&D industry. Beginning his career at a Big 4 and then moving to industry for the last eight years, Will brings a balanced understanding of value and client service delivery to our customers. While in industry, Will held several different roles within, Internal Audit, Government Compliance, Financial Planning and the Financial Close Process. Will’s background with a top defense contractor has given him a good understanding of a broad range of relevant concerns of our customers. Will has a strong internal controls background with specific focus on the Foreign Corrupt Practices Act, program management, and U.S. Government regulations. Will holds a B.S in Business from American University and an M.B.A from the University of Maryland. He is a Certified Fraud Examiner (CFE).

PwC

27

Thank you!

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the United States member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

PwC

28