Allocating Your Compliance Budget for Maximum Impact

Get expert advice to funnel your time and money into the areas that provide the best return

Posted by Dawn Lomer in Ethics & Compliance on October 24th, 2011

Convincing management that ethics and compliance programs are important enough to warrant funding is a tough task. But even when funding is secured, the volume of compliance issues makes it hard to determine what areas need attention the most.

Compliance means different things to different people, and challenges for every company are different, depending on the industry, says Ed Sattar, CEO of, a company that specializes in online compliance, risk and training solutions.

“To some people, compliance means brand management and to some people it means reputation management,” says Sattar. “To some people it means pain, to some people it means quality and to some it means conformity,” he says.

What Does Compliance Mean to You?

Determining what compliance means to your company and industry is the first step in getting your program on the right track, whether you are starting it or refocusing it.

“Different industries are experiencing different types of compliance challenges,” says Sattar. “So, for example, if you’re in long-term care, it’s a subgroup of health care. In health care there’s something called ‘quality indicator surveys’ that Medicare has enforced to ensure the skilled nursing facilities are doing things in a certain way,” he says.

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Depending on your industry, there may be labor law compliance issues, Dodd-Frank challenges or sustainability issues, says Sattar. “To some people compliance and risk starts from the supply chain. There may be ethical risks and behaviors in the supply chain because margins are eroding,” he says.


Pick Your Battles

One of the biggest challenges with overhauling or creating an ethics and compliance program is that “many people don’t know what they don’t know,” says Sattar. They may have a budget but need to know where to use it, he says.

A thorough assessment needs to be done to identify the areas of risk, which can include:

  • Operational risk
  • Cultural risk
  • Human resources risk
  • Labor law risk
  • Environmental health and safety risk
  • Sustainability risk
  • Information security risk

Even if compliance officers think they know where the compliance gaps are, they can’t be sure until they do an assessment, says Sattar.

“Let the people tell you where the gaps are,” he advises. And even after the assessment is complete and the report outlines the areas that need attention, a compliance officer may still need expert advice on what to do next.

Sattar gives an example of a company that does an HR survey to find out whether people think they are being fairly compensated on a scale of one to ten, with ten being favorable. “The company gets a four; not everyone thinks they are being fairly compensated,” he says. Management may decide to allocate a lot of resources to lifting that index, but doesn’t really don’t know if it’s the right thing to do. No matter how much effort they put in, they may never be able to lift that index. They may need expert advice to help decide what levers to pull and why.

“An expert may say: no matter how much you put into this, in my 20 years of experience you’ll never be able to lift that index,” says Sattar. So it’s important to make sure you are concentrating on the right areas and not wasting time and money trying to change things that can’t be changed.

“You focus on things that matter the most and things that you can really impact,” says Sattar. And those things will be different for every company.

Dawn Lomer
Dawn Lomer

Managing Editor

Dawn Lomer is the managing editor at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.