DIGITAL COMPLIANCE AND RISK ASSESSMENT: DID THE FIELD OF PERFORMANCE IMPROVEMENT MISS THE PLOT?

We are living in a complex world—a world coming out of a pandemic, a globalized economy, constant generation of data, disruptions caused by technology, digital transformations, changing business models, and more. In these fast-paced, turbulent waters, what takes precedence for an organization? What is deemed fundamental if the organization is to have an eye toward sustained growth? During the pandemic, organizations even outside of highly regulated industries witnessed increased regulation and enforcement where integrity became a critical driver for ethical business.

At its core, compliance is geared to detecting and stopping unlawful behavior within an organization and all those representing the organization, such as employees, administrators, executives, freelancers, and agents. Organizational compliance and ethics, when done right, fosters a culture of trust, responsibility, and honesty; allows conformance to guidelines of ethical and legal conduct; removes objectionable and illegal practices; and reduces or eliminates risks to the financial credibility of the organization. Thus, the implication of organizational compliance is to follow the rules, laws, guidance, and procedures.

The current demands of a globalized economy with an evolving risk landscape have put undue pressure on organizations across industries to meet the highest standards of compliance. Compliance to legal and regulatory standards is becoming increasingly complex and time-consuming. As organizations undertake compliance initiatives to compete in the changing landscape, it has led to silos as various compliance initiatives operate independently of one another, resulting in duplication of efforts, greater costs, redundancy in solutions, and increased levels of risk. For an organization to achieve a comprehensive and integrated understanding of its exposure to risk, it has become critical to have a centralized repository that allows for integrated compliance reporting. This means that the complex compliance landscape today requires a comprehensive, holistic assessment of compliance risk that includes integrating disparate sources of data, identifying trends, and quantifying organization-specific risks.

THE DIGITAL COMPLIANCE LANDSCAPE

But why seek to understand compliance, and why now? During the pandemic, although businesses underwent temporary or permanent closures, organizations such as BigBasket faced a data breach in March 2021 in which 20 million customers' data were hacked, and Twitter faced a data breach in January 2020. In December 2020, the California Consumer Privacy Act was introduced to empower Californians to have more control over shared data. In September 2020, the government of Brazil introduced the Brazilian General Data Protection Law to protect 140 million internet users' private data. Under these regulations, organizations face unprecedented pressure to process an individual's data securely without violating the law (Fortune Business Insights, 2022).

With a valuation of USD 40.84 billion in 2021, the global enterprise governance, risk, and market size is projected to expand at a compound annual growth rate of 14% from 2022 to 2030 (Grand View Research, 2018). In addition, 43% of banking executives cited compliance as their top concern for 2022 (BankingDive, 2022).

The rapid advancement and penetration of digital technology within organizations has encouraged business leaders to optimize digital transformation in order to streamline operations, strengthen customer relations, expand business, and so on (Balasubramanian, 2022). This implies that certain business functions, such as sales, supply chain concerns, directly affect profit and loss. In addition, these functions are actively engaged with capturing the return on investment generated by the digital transformation. This means that compliance and internal audit personnel are often not tuned in and may not be aware of the speed and scope of digitization in motion within the organization (Balasubramanian, 2022).

Anne Madden, senior vice president and general counsel for Honeywell International, stated: “Given the ever-increasing volume and complexity of data generated across many different compliance dimensions globally, it is critically important for us to have a digitally enhanced and data-driven solution designed to provide actionable insights that are tangible and meaningful” (as cited in Jama & Osinski, 2022, p. 1).

CASE IN POINT: INSIGHTS FROM HONEYWELL INTERNATIONAL

Honeywell International is a multinational conglomerate, a diversified manufacturing and technology company with four business segments in aerospace, building technologies, performance materials and technologies, and safety and productivity solutions. Honeywell collaborated with EY Forensics to develop a robust compliance program (MIT SMR, 2022).

First, the organization identified the key areas of compliance, ranging from anticorruption and cybersecurity to insider trading. However, because each area had its own regulatory structure and challenges, it was difficult to assess the company's risk exposure. Honeywell therefore borrowed from the U.S. Department of Justice and its guidelines to evaluate its corporate compliance programs (Jama & Osinski, 2022).

Next, after identifying the various compliance areas, Honeywell focused on aggregating the data by accessing its sources and data points from across the organization. This resulted in a risk assessment that relied on more than 40,000 data points to analyze fully integrated external and internal sources of data, which enabled the organization to assign ratings on 10 distinct measurement criteria in the form of a scorecard. The data on the digital scorecard are consumable and actionable across levels and business groups, which allows the company's executives to obtain quick summaries of compliance efforts and track progress, while allowing data analysts to take deeper dives into the results and perform exploratory tasks (Jama & Osinski, 2022).

At Honeywell International, the scorecards not only provide insight into the effectiveness of compliance programs but also allow stakeholders to flag areas in need of improvement. These dashboards have led to enhanced communication and allow for comparative analysis of the organization's progress across key performance criteria (Jama & Osinski, 2022).

THE PERFORMANCE IMPROVEMENT LENS

Developing a comprehensive lens for viewing performance improvement enables companies to ask—and answer—the following critical questions:

• What, where, and how does our understanding of discrepancies in performance contribute to the domain of forensic and integrity services?

• How does our systemic understanding of performance problems and opportunities lead to refined and new controls that help mitigate risks?

• How do we ensure that, with the advancement of digital transformation in compliance and risk assessment, our performance improvement initiatives are on par, comprehensive, and seamless with the needs of the organization?

• In spite of our claims around the systemic understanding of performance improvement, why is our practice not spearheading critical initiatives in comprehensive and integrated compliance and risk assessment?