There is a new CIO in town . . . the Chief Ethics and Compliance Officer (CECO). This is not to replace the Chief Information Officer, but the CECO is an executive focused on the organization’s integrity being the Chief Integrity Officer.
Back in 1992, I remember being in the backcountry of Montana hiking with some friends. I was carrying with me my longbow (yes, I love all things medieval, and the English longbow has long been an interest to me). We were on top of this rock overlooking a small mountain lake. Across the lake, there was an old tree that had fallen into the water. I looked over at my friends and stated I would shoot an arrow across the lake and hit that log in the water. They laughed at me; it was a long shot, not one of those point the arrow at the target shots, but one of those shoot the arrow up into the air with an arch to get the distance needed to hit the target shots. I pulled my bow back and let the arrow fly. It flew gracefully in an arch and landed to embed itself in the log in the water across the lake.
Back in 2004, I made another shot. I stated that the CECO is mislabeled, that the role of compliance and ethics is beyond checkboxes and compliance but is the bastion of the organization’s integrity. I stated back then that the CECO should be renamed the CIO, the Chief Integrity Officer. The shot was fired high, and it arched over the years to land solidly in 2021.
The role of the CECO is changing, and it is for good. This role continues to move out of legal to become its own executive function focused on compliance and ethics. As it grows and establishes itself, it is focused more and more on the organization’s integrity, particularly as it is this role that is leading ESG – environmental, social, and governance – strategies for the organization.
Integrity is a mirror revealing the truth about an individual or a corporation. It involves walking the talk — not just talking it.
On a personal level, integrity is measured by what an individual does and does not do when no one is looking. Do they hold to their values, beliefs, and ethics? Or do they compromise and do the opposite of what they believe is right?
Integrity is the same at the corporate level. Does the organization’s reality reflect what is stated in corporate reports, filings, ESG statements, regulatory compliance, and stakeholder communications? Does the organization walk its talk or just talk a talk?
Integrity is violated when corporate policies and procedures are thrown out the window in the quest for personal or corporate gain. From an organization’s perspective, personal and corporate integrity are two sides of the same coin. In order for a corporation to have integrity, it must have an ethical environment with employees and business partners willing to follow and enforce corporate culture, policies, and procedures. From an individual’s perspective, an employee or partner wants to make sure they are working with a corporation aimed at doing the right thing and is in sync with their values and beliefs.
Consider the words of Aristotle . . .
We are what we repeatedly do. Excellence then is not an act but a habit.Aristotle
Integrity itself is not something that is written on paper, but something that is lived and breathed in the organization. Integrity is a mirror reflecting what the organization truly is. Or does it communicate and portray to the world something that really does not exist?
The role of the CECO is becoming firmly rooted in establishing, maintaining, and monitoring the integrity of the organization. What it commits to in values, ethics, code of conduct, policies, regulatory obligations, contractual commitments . . . is it a reality that the organization lives and operates by. It is the role of the CECO to monitor and ensure corporate/organization integrity. In the 2021 era of ESG, this role of being the Chief Integrity Officer is more critical than ever and is fundamentally evolving and changing the role of the CECO.
I have mentioned in previous posts that it is a good thing that the CECO comes out of legal to be an operationally functional department that has a direct line of communication to the board of directors and senior executives. In my idealistic view of the world, it is also critical that this role also not get buried in risk management. Integrity is critical to today’s modern organization. This role and function provide a balance to the forces of risk management that keep the organization on the track of integrity.
Here are some of the resources I have published on compliance and ethics management that can assist readers in developing an organization of integrity and the role of a Chief Integrity Officer . . .
- ESG is about to ROCK the Third-Party Risk World
- Where Should Compliance & Ethics Report?
- Improving Your Organizations Policy Management Capability
- Is Your Organization Lawful Good or Chaotic Evil?
- Delivering ESG in GRC
- The Principles of Effective Policy Management
- Why Policies Matter
- 2021: An Integrated Focus on Business Integrity & Resiliency
- Lessons Learned in Compliance Management in 2020
- Next-Generation Policy Management: Collaborative Accountability
- How to Tie a Compliance & Ethics Bow Tie
- Agile and Integrated Compliance: Managing Compliance in Dynamic Business
- Next Generation Corporate Compliance & Ethics Architecture
- Compliance & Ethics is Rapidly Evolving