Compliance And Risk Management In Today's Business World
Dave Yarin is a compliance and risk management consultant to senior management and directors of large and mid-size companies, and author of the soon to be published book, Fair Warning – The Information Within.
Yarin follows and researches news stories regarding ignored warnings that lead to bad business outcomes, along with the social psychology theories that explain why these warnings were ignored.
This week, Yarin shared with me insights into compliance and risk management, his forthcoming book, and leadership.
Q and A with Dave Yarin
1. How does a compliance and risk management consultant help senior managers of large and mid-size companies?
Yarin: There are two approaches; ideally proactive but also reactive when necessary. Proactively, a compliance and risk management consultant helps companies to set up world-class compliance programs that help to mitigate risk by ensuring oversight of the compliance function, educating employees, creating and updating written standards, investigating reports of non-compliance, and implementing auditing/monitoring activities.
When an instance of non-compliance has already occurred, a compliance and risk management consultant can help the company to investigate the matter and assess liability, advise on appropriate responses and mitigation steps, and work with the company and legal counsel if necessary in litigation support and/or in communicating with third-parties such as the government who may be investigating the matter.
Compliance and risk management consultants can also work with companies to assist with due diligence in acquisition transactions.
2. What is the typical engagement length of time with a company?
Yarin: They vary. I've worked with companies on short-term engagements that may last a few months - for example in helping to strengthen a compliance program, or for several years when there is a government investigation or when serving as a monitor or advisor pursuant to a government settlement agreement.
3. After your engagement is done, who typically at a company is the person to act or lead action in response to a warning?
Yarin: Typically, the Chief Compliance Officer, often in connection with legal counsel, is the person who leads action in response to a warning. Given this part of the Chief Compliance Officer's role, it's critical that his or her function be independent of other functions within the company (e.g. finance) so that he or she can investigate and respond to the warning thoroughly and appropriately.
4. What is an example of an ignored warning that led to a bad business outcome?
Yarin: Let's take the recent experience with General Motors as an example. They had multiple warnings within the company for several years that they were using a defective switch within cars that could lead to terrible outcomes, yet they didn't act until it was too late, particularly for the individuals who died or were injured in car accidents resulting from the faulty switch. If you review the chronology and details of the matter, it becomes clear that the reasons for the lack of response to these warnings goes well beyond merely financial pressures.
5. What is the most prevalent reason warnings are ignored?
Yarin: The most prevalent reason that warnings are ignored is that unfortunately, it's part of human nature that we're "hard-wired" to either ignore warnings or not act on them. Social psychology offers multiple reasons and support for why this is the case. Look at the social psychology called "the normalization of deviance." It basically tells us that if we engage in an activity or allow an activity to continue that we know may have a bad outcome, yet initially one doesn't occur, we're lulled into a false sense of security on this activity and will stop listening to warnings about it. It's at the heart of many of the most newsworthy disasters and bad outcomes that have occurred in the business world and elsewhere. It's almost as though we're "playing with the odds" until something bad happens.
Another tendency is for individuals and companies to over-focus on one item (e.g. sales, growth) at the expense of other areas (e.g. safety, quality). The good news is that if companies recognize this aspect of human nature, they can incorporate activities into their business that can help to both listen to and respond appropriately to credible warnings.
6. What prompted you to write your forthcoming book, Fair Warning?
Yarin: I remember back when the Space Shuttle Challenger exploded in 1986, and being horrified not only by the loss of the 7 astronauts, but also to learn that in the months that followed, an engineer at Morton Thiokol was warning his supervisors and NASA about the very problem that caused the shuttle to explode, yet nobody acted upon his warnings, despite his credentials and data that he presented. That story always stuck with me, but I'd see the same thing happen again and again; the Bernie Madoff ponzi scheme, the explosion of BP's oil rig in the Gulf of Mexico...and I searched for a reason why fair warnings continued to be ignored. Eventually, I came upon the social psychology theories that provided a deeper explanation to why this occurs.
7. Why does one not hear much about your type of consulting?
Yarin: I believe companies have woken up to compliance and risk management consulting. Historically, businesses may have mistakenly viewed it as a cost with no ROI, but in today's highly-regulated world, and with the risks to companies constantly growing and changing, there is an increased appreciation of what good compliance consulting can offer to help a company.
8. Do you provide on-site speaking at companies interested in compliance and risk management?
9. When will your book be published?
Yarin: I hope to have it published within the coming year.