General Counsel as Chief Assurance Executive
Among the many corporate roles General Counsel are asked to play—lawyer, corporate advisor, crisis manager, etc.—Chief Assurance Executive is rapidly rising to the top of the list.
December 01, 2017 at 11:07 AM
6 minute read
With the continued proliferation of global regulations and increased public scrutiny of corporate behavior, assurance functions are on the rise. Companies have made significant investments in assurance programs (e.g., compliance, information security, quality) and control systems. A conservative estimate of the median company's total assurance budget is 1.4 percent of total revenue (and that figure does not account for corporate spend on consultants, external audit, or assurance-related IT systems). These investments are made to identify and manage the operational, compliance and reputational risks that affect an enterprise's financial results and brand value.
Unfortunately, despite these investments, legal and other assurance executives feel no more capable of managing risks today than they did a decade ago. Why? As risks have multiplied, companies have created an uncoordinated tangle of assurance mandates and requirements that overlap between teams and don't recognize interconnectedness of risk and process. As a result, boards lack visibility into corporate risks, business leaders are risk averse and employees struggle to get work done while navigating compliance requirements.
General Counsel often oversee or have visibility into multiple corporate assurance functions. For example, according to CEB, now Gartner, 70 percent of corporate compliance and ethics, 41 percent of regulatory/government affairs and 34 percent of data privacy functions report into Legal, and this doesn't account for integration of compliance and privacy with legal). Moreover, 21 percent of enterprise risk management and 9 percent in internal audit departments report into Legal
Today, General Counsel aren't just the head of a legal department, but also leaders of corporate assurance. A role they must start embodying. General Counsel have authority, incentive and interest to align the increasing number of assurance programs and business requirements, and more seamlessly manage risk while reducing business drag.
How Siloed Assurance Harms Growth
As corporate profits shift to idea-intensive sectors, companies need to move quickly into fast-growing markets. CEB, now Gartner research has found the biggest differentiator of efficient growth companies—that is, those companies who increased their earnings by expanding both revenue and profit margin—is their ability to allocate capital to bigger, riskier growth bets. For example, their R&D portfolios are disproportionately slanted toward transformational innovation, their M&A deals are 40 percent larger on average as a percent of revenue and they are faster are reintroducing capital expenditure through the business cycle. But uncoordinated risk management functions slow decision-making and create unintentional “growth anchors” even as they fail to create a clear picture of corporate risk. Assurance leaders must manage the rapidly changing nature of risk in full view of operational realities and in support of productivity demands and corporate strategy.
Aligned Assurance
To combat slow decision-making and failure to provide a holistic view of risk, General Counsel should champion and drive aligned assurance.
A working definition of aligned assurance is organizing and coordinating processes across functional boundaries to maximize operating efficiency while first, managing risk and governance within company's risk appetite and second, providing holistic visibility and assurance to the board, regulators and customers. Implemented correctly, the system accomplishes the goals of corporate assurance—providing assurance, visibility and intelligence—while limiting the direct and indirect costs of doing so. Aligned assurance consists of four key components:
Component 1: Integrated Risk Management Framework. A common understanding of the company's risk universe, risk ratings, rules for oversight ownership and guidelines for when new risks are added to the framework.
Component 2: Shared Work and Information. Rather than buying or creating new systems and surveys to manage risks, leading companies use existing data sets to obtain that intelligence. Sharing risk information from these data sets across teams helps all assurance functions understand the risk environment and supports mutual conclusions about risk and resource allocation. Taking it one step further, assurance functions can coordinate a schedule of on-site reviews and use each other's work to avoid duplicating efforts.
Component 3: Activity and Control Rationalization. Coordinated assurance requires processes for reducing duplicative activities. This includes collecting only vital risk information and avoiding repetition of questionnaires and assessments. If two teams must collect the same information, they should ensure the data definitions and metrics of separate surveys are consistent and business leaders do not receive multiple requests at the same time.
Component 4: Coordinate Risk Reporting. Assurance partners should coordinate when they deliver risk reports to management and the Board and ensure that the reports tell a cohesive story. The timing of reports should also support corporate decision-making and annual planning cycles whenever possible.
How to Get Started With Aligned Assurance
Working toward more integrated assurance isn't easy, and to do it right takes effort—in fact, only 10 percent of assurance leaders believe their company's risk management functions are fully aligned. But, it's not impossible. To get started, General Counsel should consider the following:
- Establish goals and structure — Coordinated assurance requires clear goals, structure and commitment. Each part of the team needs to agree on a project's scope and objectives, and one person must be appointed to lead the integrated effort.
- Build processes and trust across assurance functions — Each assurance function has specific concerns and needs that they can't (or won't be willing to) easily sacrifice to create a more streamlined corporate process. The functions need to work together to create a set of governing rules that ensure everyone that their concerns won't be neglected while working toward better synchronization and alignment.
- Creating a Roadmap — Once goals, structure and trust have been built, the real work of coordination can begin. By sharing activity schedules, calendars and risk reporting dates, assurance partners can begin to identify where gaps, duplication and natural alignment exist.
Conclusion
The increase in cross-functional regulations and interconnected processes requires a more coordinated approach to risk management. Among the many corporate roles General Counsel are asked to play—lawyer, corporate advisor, crisis manager, etc.—Chief Assurance Executive is rapidly rising to the top of the list. It is only by transitioning towards a more integrated approach that legal departments will be able to enable appropriate growth bets, support business at necessary speed and reduce operational friction that limits corporate productivity.
Abbott Martin is a legal research leader at CEB, now Gartner, a research and advisory company headquartered in Stamford, Conn.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
AI Disclosures Under the Spotlight: SEC Expectations for Year-End Filings
5 minute read
A Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute read
Three Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Trending Stories
- 1Advance Auto Parts Hires GC Who Climbed From Bottom to Top of Lowe's Legal Department
- 2Judge Rules Georgia Railroad Can Seize Land as Landowners Vow to Fight
- 3On the Move and After Hours: Einhorn Barbarito; Gibbons; Greenbaum Rowe; Pro Bono Partnership
- 4On The Move: Squire Patton Boggs, Akerman Among Four Firms Adding Atlanta Partners
- 5Is the Collateral Order Doctrine About to Have a 'Brat Summer'?
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
