At SCCE’s virtual Compliance in Smaller Organizations conference, I had the opportunity to give a presentation, together with Dianne Koval, focusing on how to build an efficient compliance program in a small organization.[1] I was pleased to share my experience; this topic sparked interest in many people who face the challenge of being the only compliance officer within their organization or a small team.
Following July’s presentation, I present in this article some useful practical guidelines for successfully managing this role within a small organization.
First, it is important not to panic if you have been asked to be your organization’s compliance officer and do not have experience. The management has proposed you for this job because they trust you will do it well, so do not be daunted!
You can carry out this role with ease at first and consequently create a strong ethical culture in your organization. The reward will come at a point when you realize the importance of ethics and compliance.
First step: The learning phase
This phase will help you execute your job efficiently and should not be underestimated or minimized. It involves obtaining the knowledge necessary to prepare the risk-mapping of your organization, which should be your next step.
Ethics and compliance training
You need to know what the role involves and be as knowledgeable as possible regarding everything necessary to build and implement an adequate compliance program in your organization.
Receiving comprehensive training is the first step, and many options are available at a reasonable cost through law firms, professional associations, SCCE, and academic organizations. It is important to note that you may need to invest a significant amount of time depending on the sectors and jurisdictions where your organization operates.
Learning about your organization
This learning process will be easier if you are already working for the organization in a different role.
Having said that, you need now to identify and evaluate your organization’s third parties, business activities, and/or processes from a compliance perspective. Very useful sources of information can be internal reports of the organization and publicly available reports regarding sanctions imposed on similar activities or organizations.
Talk with colleagues who work in business development, procurement, operations, finance, and human resources—do not only focus on management. Start from the bottom of the organization and observe how your colleagues work, such as the internal processes they follow, their interactions with third parties, etc. People generally enjoy talking about their work. A compliance officer must be able to interface easily, not only with internal staff at all levels but also with outside authorities.