You've landed that CFO spot at a high-growth, high-profile organization. You've fielded congratulations from family and close friends, and your LinkedIn email inbox is full. As you settle into that corner office, though, you have a few concerns. For a time, you might be out of your comfort zone, as a new CFO, and you need to take that into account as you set about enhancing the company's compliance strategies.
Unless it's a startup, your new company likely already has multiple approaches to compliance. Some of your previous successes might work here — compliance for some regulations, such as the Sarbanes-Oxley Act or the Generally Accepted Accounting Principles (GAAP) is largely the same across industries. However, if you are a defense contractor, for example, you'll have to get up to speed on what it takes to pass a Defense Contract Audit Agency (DCAA) audit and how to report on your small-business subcontracting unit.
Improve Upon Existing Strategies
The following are seven tips to enhance your company's existing compliance strategies:
1. Identify and Support Your Team. Make sure you're on the compliance team. The CFO is a key member — if this isn't the current perception, take advantage of your honeymoon period to make it so. Assess who else is available, from direct reports or staff reporting to line managers. According to Carlos Zarlenga, CFO of General Motors South America, "it is very hard to deliver customer compliance if you do not have a competent compliance team."
2. Identify and Reinforce Ongoing Compliance Standards Work. Reinforce your support for compliance-related standardization efforts, such as ISO 27001 (IT security) ISO 31000 (risk management), ISO 21500 (project management) and ISO 45001 (occupational health and safety). Identify overlapping or collaborative efforts with IT. Disillusionment, fatigue and pushback are not uncommon, but you may be able to revitalize languished standards efforts. Nurture now, fine-tune later.
3. Reinforce the Chief Compliance Officer Role. Duties for the chief compliance officer role include policy execution, monitoring and investigations.
4. Benchmark With Similar Enterprises. Benchmarking with neutral, publicly available information such as reporting calendars, local regulators and recent regulatory changes can be useful to firm up any issues.
5. Identify Compliance Vectors.As the new CFO at a new company, it's important to get yourself up to speed on compliance vectors that may relate to your particular industry. For instance, if you are starting at a public company, familiarize yourself with SEC and the International Financial Reporting Standards (IFRS). If your company is multinational, review the Foreign Corrupt Practices Act. Or, if your company is a defense contractor that exports products overseas, look into ITAR and Export Administration Regulations. Finally, don't forget to partner with your HR leader to understand how employment-related compliance efforts are managed and where efficiency and cost-saving opportunities may lie.
6. Identify and Utilize Compliance Software Certain firms offer helpful workflow and reporting software for compliance. You can have an evidence-based strategic impact at your organization by nurturing expert users.
7. Elevate Lessons Learned and Quality Management. Ask which compliance lessons have been learned from past work and elevate the work of quality management in compliance processes.
Step Up Your Game
As things progress with your compliance strategy enhancements, be sure to learn other facets of the business in the process. According to Gerald Kochanski, CFO of Nephros, the single biggest challenge for mid-cap CFOs is compliance. More than in the past, he said, CFOs need to move beyond simply crunching numbers.
Above all, know your limitations. Whatever enhancements to compliance strategy you contemplate, early efforts will have to be informed by and executed by team members. Before making wholesale changes, nurture existing compliance strategies in the company. Deloitte describes a stewardship role for the CFO that consists of working to "protect the vital assets of the company, ensure compliance with financial regulations, close the books correctly and communicate value and risk issues to investors and boards." Identify yourself as a steward-in-training as you reach out to what will become your compliance team and key colleagues.