3 Things CEOs Need To Know About Compliance Culture
As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several negative effects on a company including loss of customers, fines and a lack of trust among current customers or prospects.
Despite being at the top, many CEOs aren’t aware of their company’s compliance needs, or if they have a compliance program in place, they aren’t aware of its progress or its inner workings.
Research by the Ponemon Institute found only 20 percent of security and compliance executives say that “they frequently communicate with executive management about potential cyber-attacks or threats against the organization.”
So, as a CEO, how can you make sure you’re aware of your company’s compliance needs and ensure the compliance certifications your organization requires are met and maintained?
Here’s what you need to know to meet your company’s security and compliance needs.
1. Be Aware of Cyber Threats
You know any disruption to your information systems can have huge impacts on your operations, reputation and more. To protect your organization, the Department of Homeland Security several measures:
- Ask questions. You should ask the following about your company’s cyber risks:
- What is the current level and business impact of cyber risks to our company? How do we plan to address identified risks?
- How is executive leadership informed about the current level and business impact of cyber risks to our company?
- How comprehensive is our cyber incident response plan? How often is the plan tested? - Have cyber security discussions with your leadership team. You should regularly communicate with those on your team responsible for managing cyber risks. This will allow you to be aware of threats and give you a set time to meet and strategize with your leadership team.
- Coordinate response planning across the company. Having early response actions in place can help limit or prevent possible damage in the event of an incident.
2. Keep Policies Up-to-Date and Communicate the Updates
Make sure your company’s policies and procedures are reviewed periodically and up-to-date to account for any new laws or requirements. Also, periodically communicate these updated policies and procedures to employees. Employees should understand and be aware of their responsibilities for compliance. . [LINK to culture of compliance post]
3. Foster an Environment of Ethics and Compliance
Succeeding at compliance entails more than just having policies and procedures in place. Periodic training is essential to not only communicate the policies but also the risks to the organization. Employees should understand how their actions influence others, how to identify potential incidents and how to report them. Provide managers the training and resources they need to foster connections among those who report to them, and require leadership to take responsibility for compliance.
As CEO you not only need to be aware of your company’s compliance requirements, and cyber threats, you also need to provide a culture to make compliance commonplace. By providing effective guidance, enforcing policies and procedures, being aware of monitoring, having open lines of communication and more, you can ensure your company meets all of its compliance requirements.
About DEBBIE ZALLER
Debbie Zaller is Chief Operating Officer at Schellman. Debbie is responsible for maintaining and driving operational results and executing the firm's strategic goals. Debbie oversees all daily operations of the firm while spearheading the development, communication and implementation of effective growth strategies and processes. Debbie has over 21 years of IT compliance and attestation experience. Debbie led the firm's Midwest, Southeast, and Northeast regions along with the national service lines of SOC 2 and Privacy service lines as Managing Principal before assuming the position of COO in 2021. Debbie holds a Master of Accounting degree from the University of Florida. She is a Certified Public Accountant, Certified Information Privacy Professional/United States, Certified Data Privacy Solutions Engineer, Certified Information Systems Security Professional, Certified Information Systems Auditor, and Certified Cloud Security Knowledge. She is currently an AICPA-approved and nationally listed SOC Specialist and speaker on various privacy topics. Debbie was on the AICPA Task Force for the Advanced SOC for Certification Exam, was a member of the Florida Institute of Certified Public Accountants Board of Governors and served on the Finance and Office Advisory Committee.