Best practices: organizational structure that supports compliance; Traditional organizational structure is crumbling under the weight of ever-increasing regulations that drive greater accountability and transparency. Smart companies are on the forefront of building new and improved structures that support and enhance this new compliance environment, and best practices are emerging.

AuthorAtkinson, Joe

Regulatory changes have caused a tectonic shifting of the organizational landscape in companies around the world. Traditional working relationships that define who is responsible for what have also shifted. New mandates--such as the Sarbanes-Oxley Act, Canada's Bill 198, Basel II, the Health Insurance Portability and Accountability Act (HIPAA) and the European Union's Data Protection Directive, to name but a few--require companies to integrate compliance into their organizational structures in an effort to increase transparency, accountability and responsiveness to key stakeholders.

Sarbanes-Oxley, more than any other regulation, has created this upheaval. Publicly traded companies that must comply with the sweeping U.S. law continue to review their organizational structures to determine the best framework for supporting ongoing compliance efforts. Even some private businesses, while technically unaffected by such regulations, are revisiting their organizational design to comply with the changing regulatory scene.

This strategic activity helps them develop more clearly defined compliance policies, procedures and roles; more timely compliance, resulting in fewer financial penalties; greater understanding among employees of expected compliance roles and behavior, as well as the consequences of noncompliance, and better communication about compliance risks and mitigation tactics.

While some companies--particularly non-accelerated filers still working toward first-year compliance with Sarbanes-Oxley Section 404--may still be considering how they will structure the compliance function going forward, others have already made changes, and some successful models for compliance are emerging.

To truly be considered a "best practice," a practice would need to have a great deal of history and consensus from many users that a particular idea or initiative supports the pattern of change needed to improve a business process. While still quite early in the process, some patterns for effective structures are emerging.

What follows are several best practices that some companies have found to be beneficial in adapting to the new regulatory environment. These are in the areas of: centralizing or decentralizing the compliance function; accountability structure; compliance-related roles and responsibilities; ethics and compliance training.

Determine the degree to which the compliance function will be centralized or decentralized

Many companies grappling with the first year of Sarbanes Oxley 404 compliance simply did what they believed they had to do to meet the requirements. For most companies, the process was neither orderly nor ideal. Now, these organizations have stepped back, evaluated what worked and what didn't and are focusing on how they can institutionalize and sustain their compliance programs. This transitional stage may be described as moving from "project to process."

To establish a truly sustainable compliance model, not just for 404 but for the range of compliance challenges facing organizations today, companies must decide on the optimal organizational structure to support the work flow, risk controls and communication necessary for effective governance. A well-defined compliance program allows companies to appropriately prioritize activities and ensures that executive-level management has the resources needed to meet requirements.

A fundamental decision in designing a framework that bolsters compliance is whether to adopt a centralized or decentralized model. A company's size, industry, geographic dispersion and business complexity determine which...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT