“Let me tell you what really drives me crazy,” the compliance officer on the other end of the phone told me. We were speaking the other week, chatting about possible ideas for the Compliance Week 2013 conference.
Well, sure you can tell me what drives you crazy, I said, but pick one subject and focus on that—we're talking about compliance, after all, and otherwise the conversation could last all week.
“It's the e-discovery,” my compliance officer friend told me. “Whenever we're in litigation or under investigation”—which is all the time for this particular business, a Fortune 50 company—“I'm getting requests to submit all the information we have on a subject. And I'm supposed to say with confidence that, yes, here it is, this is everything we have? Are you nuts? As soon as I say that, I find out that we've got a computer server in Peoria somewhere with more information that nobody knew about, and then I have to disclose that after the fact, and now it's a mess. I can never say with confidence that I've turned over all the data about anything, so we settle.”
In one form or another, I hear this complaint regularly: that compliance departments cannot achieve the visibility into corporate operations that they need if they're to do their jobs effectively. Once upon a time, when we were still mired in a more paper-centric world, the complaint was that other business departments never took compliance seriously. Now (mostly) everyone does, but in the data-centric world, nobody really knows the full scope of what's going on at the business anyway.
My friend above was voicing frustrations about litigation and regulatory probes, but in truth the problem is much larger than that. You want to vet all your third parties for anti-corruption risk? That's a great idea, but it presumes that you always know who all your third parties are. Trying to monitor employee compliance with a policy against cloud computing services? Excellent, assuming you can always know when someone stores company data on the cloud, which you can't. I could pick any number of other compliance risks—whistleblower retaliation, financial reporting, product marketing, more—and the dilemma would remain. Today's primary challenge for compliance, risk, and audit executives is visibility into what's going on.
To that end, for the first time ever we will have a theme at Compliance Week 2013: “Seeing all the data.” In as many ways as we can, in as many sessions as we can, we're going to be talking about transparency and visibility into corporate operations. Sometimes we're going to apply that theme literally, such as our sessions about mapping out data for privacy compliance or performing due diligence. Sometimes we'll apply it more conceptually, as with our session on breaking down silos for better enterprise risk management, or the session about conducting a global ethics assessment or assessing the risks of “Big Data.” We'll talk about processes to gain better visibility, and also tools or personnel structures, too.
The conference will still have plenty of other sessions that don't fall strictly within our “Seeing All the Data” theme: an update on Foreign Corrupt Practices Act enforcement, sessions on collaborating with other departments, and more breakout sessions with industry regulators than we've ever had before, to name a few; Compliance Week will never drop an important topic simply because it doesn't fit with a theme. Still, we'd all be foolish to ignore the most pressing issue in corporate compliance today, which the lack of visibility most certainly is.
(That said, if you know any other pressing issues that we're not addressing yet, let me know so we can add them to our agenda. And as always, any compliance executives willing to speak about any of our issues should contact me as well; we're always looking for volunteers to share their wisdom. Email me at firstname.lastname@example.org.)
Our early-bird pricing is $1,545 for individuals, $1,495 per person for groups. The discount window is open until Jan. 31, so register now!