Back to Newsroom

Risk & Compliance – Knowing and Not Acting

2016 ushered in a new year of optimism in the wake of the past recession. However, with this fresh new look on the future; business has never been faced with as much compliance requirements as in the past. From food to finance, the rules in which we conduct our operations will grow with increasing complexity. Recently the FDA is relooking at their standards which could cause ripples of increased costs through the food industry for those who are not prepared. In fact some industry giants like Wal-Mart have already placed tougher standards on their food and food packaging suppliers by requiring companies to adopt the Global Food Safety Initiative (GFSI) standards and the Safe Quality Food (SQF) program to be a supplier of Wal-Mart. At the end of 2009 the SEC launched new disclosure rule requirements about risk, compensation and corporate governance. These new rules went into effect on February 28, 2010. This along with the conversion to IFRS and XBRL reporting of financial information continually add to the burden of the CFO. The management of compliance initiatives does not need to be as arduous as they appear. More appropriately they should also not be treated as “initiatives” but should be ingrained in a systemic process in the company. Many of our larger clients have already began establishing a risk and compliance office which is staffed full-time and focuses on overall business risk and compliance as well as managing the internal audit operations. Other companies with fewer resources have established risk and compliance committees which meet quarterly and are comprised of people from across the organization as well as some external experts. These groups tackle issues from disclosure and financial risk to supply chain disruptions and health and safety issues as well as product recalls. Take for instance the food safety requirements not being adhered to in a plant and subsequently a salmonella outbreak occurs. This was the case in a Georgia based peanut butter manufacturer and a year before in tomatoes surfacing in Taco Bells. A risk and compliance team institutionalizes the evaluation of risk using a systemic process and implements controls and procedures in the process which can also be tested to mitigate the probability of an undesirable event from ever occurring. In addition to evaluating risk and implementing safe guards, the team should also have an established plan for crisis management such as a product recall or the media coverage of an unforeseen event. People are often amazed in how a large company such as Toyota performed so poorly in the managing of their product recall. A large portion of their problem and the management of their recall stem from having departmentalized operations with no one governance or risk management body over all aspects of the company. Traditional world class manufacturing best practices institute concepts like poka-yoke (“mistake proofing”), however many companies fail to apply these concepts to the areas of risk and compliance. Toyota also failed to effectively execute a crisis management plan and their communications and public relations only lagged in their actions and they seemed to always be playing catch-up in the media. An effective crisis management team as part of the Risk and Compliance function should periodically run scenarios so they are ready in case of such an unforeseen event. Risk management and compliance extends far across the company and if a business fails to recognize the need to formulize a governance structure, they could later be faced with more serious issues that could threaten the very existence of the company. For more information contact Rich Sypniewski, Managing Director at

Stay connected with us. Join our mailing list.

  • This field is for validation purposes and should be left unchanged.