When the Environmental Protection Agency announced that Volkswagen cars sold in America included a defeat device to cheat and bypass emissions testing, the entire world was stunned. It seemed inconceivable that an industry leader in such a highly regulated industry could commit such a serious crime. These cars were sold illegally and unethically, driving on roads alongside cars that complied with emissions standards as if they held to the same standard. What’s worse, they were targeted at those who were most concerned about the environment and wanted to minimize their impact, yet these drivers had the highest emissions on the road.
Balancing Compliance and Innovation
After the initial conversation around how this was possible, an even more important question arose. That is, why? Why would a company like Volkswagen be tempted to install this type of cheat device? For those within the governance, risk and compliance (GRC) space, perhaps the answer seemed immediately clear. This was an outstanding example of the challenges companies today face when working to mitigate risk, comply with regulatory standards and create a unique offering in an extremely competitive market.
Certainly, this challenge is not exclusive to the automotive industry. Any competitive market thrives from companies that challenge one another to raise the stakes in pursuit of leadership and market share. Throughout that pursuit, it remains essential for organizations to operate with regulations and risk management in mind, which presents its own set of challenges.
The Three Challenges of Obeying Regulations and Mitigating Risk
There are three major challenges pertaining to obeying regulations and mitigating risk. The first is the existence of the regulation itself. These regulations and best practices can come from many different levels—think country, state and local jurisdictions. Laws in the United States of America, such as emission standards, may vary greatly compared to those in Europe or Asia. It becomes important to have an inventory of what these different standards are, gathering them in order to be mindful of the varying regulations and requirements a company must adhere to.
The second challenge arises when a company is looking to map these laws into their policies or their statement of procedures. A foreign regulation may call for a higher level of quality and policing than a company’s native base of operations, so the company must decide what level of quality becomes their baseline. It’s important to map regulations to internal standards and procedures, using them to set internal quality metrics, which ensures a company is creating a product that is designed to comply with testing and, therefore, provide the best experience to consumers and the environment.
Finally, the third area of risk is in the lack of information gathering. For example, many regulated organizations are required to perform risk assessments, be it on an annual or ongoing basis. These assessments introduce their own challenges. They could be on an employee level, such as when an individual does not accurately report risks. On a larger scale, organizations may not have the correct data-gathering or corporate-wide policies in place to set them up for success. Statements of procedures cannot be effective if they are not set up to address the actual risks the company faces, therefore accurate reporting, and visibility into enterprise and operational risks are foundational for successful risk assessments.
Making Effective Use of Data and Customer Listening
Noncompliance is not a one-size-fits-all issue. This is an era of complex supply chains. The supply chain landscape is increasingly mobile, global, social and digital, and how well companies manage their supply chains plays a critical role in their ability to compete. To further complicate operations, consumer demands are shifting. Many consumers, especially Millennials, are seeking products from companies that make them responsibly. This is leading to retailers who pledge to use sustainable materials, create factories with reduced environmental impact or even vow to use less water in production.
Companies who do this are acting for a variety of reasons. They’re no doubt listening to their customers and realizing what it is they truly care about. Today, that happens to be social conversation and doing right by the environment. These aspects are becoming more important to customers today compared to years past and the data is there to prove it. Even better, the data is so easily available. It takes mere seconds to see what people are saying about an event, product or company on social media, and this can directly impact a brand or stock performance. For companies to be increasingly relevant and competitive, they must also think about social responsibility, being mindful of the impact their products have on the environment.
Checking All of the Boxes
The very nature of today’s competitive markets would seem to create more challenges than ever for companies looking to grow and create unique offerings. It may seem as though today’s companies may need to balance more factors than ever before, but they also have the tools and means to successfully do so. By monitoring customer demands, taking inventory of regulations across borders, and implementing intelligently designed policies and procedures, the organization can set key metrics to strive to deliver against, checking off the essential boxes and successfully mitigating risk while thriving on competition.
Sonal Sinha is the vice president of industry solutions at MetricStream Inc., a developer of enterprise-wide GRC solutions. Sinha is responsible for driving solutions and strategy for MetricStream in the consumer packaged goods, retail and technology industries. She has more than a decade of experience as a risk management, audit, advisory and compliance leader for consulting and technology companies, including Google, Visa and KPMG.