Two weeks ago Ben Heineman published a blog post about how compliance officers should co-report to the general counsel and to the chief financial officer. Roy Snell, the CEO of the Society of Corporate Compliance and Ethics, disagreed with the reporting to the general counsel. I have quoted Snell’s comment.
“Frankly, if I were the GC, I wouldn’t want this reporting relationship either. One of the main functions of the GC is to defend their company, and they are given great latitude to do so. The compliance officer is asked to defend the stakeholders of the company. They are given very little latitude. If a GC does the CO’s performance review or has hire/fire responsibility over the CO, it’s an entirely different game. If the GC has responsibility for compliance and they do not disclose information or deal with a problem properly, they are going to get hammered. Combining this function takes the GC from a position of effectiveness to having their hands tied.”
Snell wrote further from the CEO’s perspective. “If I were the CEO, I wouldn’t want this reporting relationship either. I want a vigorous compliance program; however, if I have trouble, I want someone to defend my organization vigorously. If the GC has hire/fire and annual review of the CO, this dual function just can’t operate effectively. With the two functions combined, I am either going to get a GC who is too cautious or a CO who is not cautions enough. Nobody should want this function combined. It is a recipe for disaster.”
My sympathies lie with Snell, with the same arguments applying to general counsel who manage internal audit. One problem with this conclusion and Snell’s recommendation is that CEOs can end up with too many direct reports.
Meanwhile, here are the latest posts on this blog about compliance (See my post of Sept. 9, 2010: export/import compliance; Sept. 12, 2010: what budget should include compliance expenditures; Sept. 12, 2010: pessimism and the spirit of compliance; Oct. 14, 2010: Sarbanes and required notifications to law firms; Dec. 7, 2010: ascendancy of risk control in group of honored law departments; and Dec. 7, 2010: model for staffing FCPA compliance.).