Allocating Your Compliance Budget for Maximum Impact

Security on tight budget

Get expert advice to funnel your time and money into the areas that provide the best return

Convincing management that ethics and compliance programs are important enough to warrant funding is a tough task. But even when funding is secured, the volume of compliance issues makes it hard to determine what areas need attention the most.

Compliance means different things to different people, and challenges for every company are different, depending on the industry, says Ed Sattar, CEO of, a company that specializes in online compliance, risk and training solutions.

“To some people, compliance means brand management and to some people it means reputation management,” says Sattar. “To some people it means pain, to some people it means quality and to some it means conformity,” he says.

What Does Compliance Mean to You?

Determining what compliance means to your company and industry is the first step in getting your program on the right track, whether you are starting it or refocusing it.

“Different industries are experiencing different types of compliance challenges,” says Sattar. “So, for example, if you’re in long-term care, it’s a subgroup of health care. In health care there’s something called ‘quality indicator surveys’ that Medicare has enforced to ensure the skilled nursing facilities are doing things in a certain way,” he says.

Lessons Learned from Companies Caught in the Act

This guide explores 13 lessons learned from mistakes at Verizon, Xerox, Ford and more. Download now to avoid making the same mistakes.

Download Free Guide
Depending on your industry, there may be labor law compliance issues, Dodd-Frank challenges or sustainability issues, says Sattar. “To some people compliance and risk starts from the supply chain. There may be ethical risks and behaviors in the supply chain because margins are eroding,” he says.


Pick Your Battles

One of the biggest challenges with overhauling or creating an ethics and compliance program is that “many people don’t know what they don’t know,” says Sattar. They may have a budget but need to know where to use it, he says.

A thorough assessment needs to be done to identify the areas of risk, which can include:

  • Operational risk
  • Cultural risk
  • Human resources risk
  • Labor law risk
  • Environmental health and safety risk
  • Sustainability risk
  • Information security risk

Even if compliance officers think they know where the compliance gaps are, they can’t be sure until they do an assessment, says Sattar.

“Let the people tell you where the gaps are,” he advises. And even after the assessment is complete and the report outlines the areas that need attention, a compliance officer may still need expert advice on what to do next.

Sattar gives an example of a company that does an HR survey to find out whether people think they are being fairly compensated on a scale of one to ten, with ten being favorable. “The company gets a four; not everyone thinks they are being fairly compensated,” he says. Management may decide to allocate a lot of resources to lifting that index, but doesn’t really don’t know if it’s the right thing to do. No matter how much effort they put in, they may never be able to lift that index. They may need expert advice to help decide what levers to pull and why.

“An expert may say: no matter how much you put into this, in my 20 years of experience you’ll never be able to lift that index,” says Sattar. So it’s important to make sure you are concentrating on the right areas and not wasting time and money trying to change things that can’t be changed.

“You focus on things that matter the most and things that you can really impact,” says Sattar. And those things will be different for every company.


Managing Editor

Ask me a question

Article Published October 24, 2011

Article Tags: