General Counsel as Chief Assurance Executive
Among the many corporate roles General Counsel are asked to play—lawyer, corporate advisor, crisis manager, etc.—Chief Assurance Executive is rapidly rising to the top of the list.
December 01, 2017 at 11:07 AM
6 minute read
With the continued proliferation of global regulations and increased public scrutiny of corporate behavior, assurance functions are on the rise. Companies have made significant investments in assurance programs (e.g., compliance, information security, quality) and control systems. A conservative estimate of the median company's total assurance budget is 1.4 percent of total revenue (and that figure does not account for corporate spend on consultants, external audit, or assurance-related IT systems). These investments are made to identify and manage the operational, compliance and reputational risks that affect an enterprise's financial results and brand value.
Unfortunately, despite these investments, legal and other assurance executives feel no more capable of managing risks today than they did a decade ago. Why? As risks have multiplied, companies have created an uncoordinated tangle of assurance mandates and requirements that overlap between teams and don't recognize interconnectedness of risk and process. As a result, boards lack visibility into corporate risks, business leaders are risk averse and employees struggle to get work done while navigating compliance requirements.
General Counsel often oversee or have visibility into multiple corporate assurance functions. For example, according to CEB, now Gartner, 70 percent of corporate compliance and ethics, 41 percent of regulatory/government affairs and 34 percent of data privacy functions report into Legal, and this doesn't account for integration of compliance and privacy with legal). Moreover, 21 percent of enterprise risk management and 9 percent in internal audit departments report into Legal
Today, General Counsel aren't just the head of a legal department, but also leaders of corporate assurance. A role they must start embodying. General Counsel have authority, incentive and interest to align the increasing number of assurance programs and business requirements, and more seamlessly manage risk while reducing business drag.
|How Siloed Assurance Harms Growth
As corporate profits shift to idea-intensive sectors, companies need to move quickly into fast-growing markets. CEB, now Gartner research has found the biggest differentiator of efficient growth companies—that is, those companies who increased their earnings by expanding both revenue and profit margin—is their ability to allocate capital to bigger, riskier growth bets. For example, their R&D portfolios are disproportionately slanted toward transformational innovation, their M&A deals are 40 percent larger on average as a percent of revenue and they are faster are reintroducing capital expenditure through the business cycle. But uncoordinated risk management functions slow decision-making and create unintentional “growth anchors” even as they fail to create a clear picture of corporate risk. Assurance leaders must manage the rapidly changing nature of risk in full view of operational realities and in support of productivity demands and corporate strategy.
|Aligned Assurance
To combat slow decision-making and failure to provide a holistic view of risk, General Counsel should champion and drive aligned assurance.
A working definition of aligned assurance is organizing and coordinating processes across functional boundaries to maximize operating efficiency while first, managing risk and governance within company's risk appetite and second, providing holistic visibility and assurance to the board, regulators and customers. Implemented correctly, the system accomplishes the goals of corporate assurance—providing assurance, visibility and intelligence—while limiting the direct and indirect costs of doing so. Aligned assurance consists of four key components:
Component 1: Integrated Risk Management Framework. A common understanding of the company's risk universe, risk ratings, rules for oversight ownership and guidelines for when new risks are added to the framework.
Component 2: Shared Work and Information. Rather than buying or creating new systems and surveys to manage risks, leading companies use existing data sets to obtain that intelligence. Sharing risk information from these data sets across teams helps all assurance functions understand the risk environment and supports mutual conclusions about risk and resource allocation. Taking it one step further, assurance functions can coordinate a schedule of on-site reviews and use each other's work to avoid duplicating efforts.
Component 3: Activity and Control Rationalization. Coordinated assurance requires processes for reducing duplicative activities. This includes collecting only vital risk information and avoiding repetition of questionnaires and assessments. If two teams must collect the same information, they should ensure the data definitions and metrics of separate surveys are consistent and business leaders do not receive multiple requests at the same time.
Component 4: Coordinate Risk Reporting. Assurance partners should coordinate when they deliver risk reports to management and the Board and ensure that the reports tell a cohesive story. The timing of reports should also support corporate decision-making and annual planning cycles whenever possible.
|How to Get Started With Aligned Assurance
Working toward more integrated assurance isn't easy, and to do it right takes effort—in fact, only 10 percent of assurance leaders believe their company's risk management functions are fully aligned. But, it's not impossible. To get started, General Counsel should consider the following:
- Establish goals and structure — Coordinated assurance requires clear goals, structure and commitment. Each part of the team needs to agree on a project's scope and objectives, and one person must be appointed to lead the integrated effort.
- Build processes and trust across assurance functions — Each assurance function has specific concerns and needs that they can't (or won't be willing to) easily sacrifice to create a more streamlined corporate process. The functions need to work together to create a set of governing rules that ensure everyone that their concerns won't be neglected while working toward better synchronization and alignment.
- Creating a Roadmap — Once goals, structure and trust have been built, the real work of coordination can begin. By sharing activity schedules, calendars and risk reporting dates, assurance partners can begin to identify where gaps, duplication and natural alignment exist.
Conclusion
The increase in cross-functional regulations and interconnected processes requires a more coordinated approach to risk management. Among the many corporate roles General Counsel are asked to play—lawyer, corporate advisor, crisis manager, etc.—Chief Assurance Executive is rapidly rising to the top of the list. It is only by transitioning towards a more integrated approach that legal departments will be able to enable appropriate growth bets, support business at necessary speed and reduce operational friction that limits corporate productivity.
Abbott Martin is a legal research leader at CEB, now Gartner, a research and advisory company headquartered in Stamford, Conn.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
A Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute read
Three Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
