Compliance officers need to think about fraud and misconduct risks all the time, which means you need to talk to others in your organization about exactly how those risks might happen – but what’s the right way for you to do that? What’s the right way to get colleagues talking about how fraud and compliance risks might happen?
That question has been on my mind thanks to a conversation I recently had with a long-time forensics investigator and compliance adviser. We were chatting about how to assess and understand fraud risks, and the idea of brainstorming sessions came up. You know the drill: the compliance officer gathers a few other leaders from the first and second lines of defense, and people start spitballing ideas of exactly how a compliance violation or fraud scheme might happen at your business.
Brainstorming sessions can be helpful, my friend said, but they do have their limits. For example, some people might dominate the conversation, while others are either too hesitant or too disinterested to speak up. Or someone might raise a feasible idea and then someone else dismisses it, and your previously robust conversation shuts down. Or maybe you have the bad luck to schedule your brainstorming session on a low-energy day and the whole thing flops.
His preferred method is that the compliance officer talk with other business function leaders one at a time. That lets you defuse skepticism about your motives, build a rapport, and perhaps even get some useful insights about the company’s risks.
One can see the sense in that idea. Running an effective brainstorming session isn’t easy; the session leader (that would be you) must be able to coax people into speaking up without fear of sounding dumb, guide a potentially chaotic conversation in useful directions, and referee any interpersonal conflicts that might arise with a deft, diplomatic touch. Those are hard skills for anyone to develop – and if you have a few bad outings while you’re developing those chops, you could both miss important risks and get a reputation as the company time waster.
One-on-one brainstorming
Meanwhile, one-on-one conversations with business function leaders can go in much more nuanced, productive directions. For example, you could ask the assistant manager of sales how someone might commit vendor fraud, and see what they say. If the assistant manager gives vivid and specific ideas, and you’ve cultivated a sense of trust in the conversation so far, you might be able to leap to the potentially critical question: “Are we still talking hypothetically here?”
A moment like that isn’t likely to come up in a group brainstorming session.
A series of one-on-one conversations also helps the compliance officer to ask more intelligent questions, since you can bring the insights you gain from past interviews into the next one.
For example, you might start with the heads of risk management or shared services functions, such as the head of IT security or the chief procurement officer. You could ask them about how basic business processes work, such as patching ERP software or sourcing new vendors.
Then you could go to operations leaders in the first line and you’d be able to ask them more precise questions about how employees might potentially game the system for frauds or compliance violations. You’d have more street cred with your broad knowledge of how processes are supposed to work, which could persuade first line folks to tell you how the processes actually work.
Plus, as any professional investigator can attest, personal rapport matters. It helps to look people in the eye when they speak, and let them see that you’re listening. You can slow down conversations to take your time, make judgments about follow-up questions, and the like. That’s going to be far more helpful than frantically jotting down rapid-fire ideas on a whiteboard.
A two-stage approach
I don’t want to abandon the idea of brainstorming sessions completely. When done right, they very much are useful and productive. For example, somebody might fire off one fragment of a good idea, and somebody else in the room might respond with another fragment that lets you piece together the whole insight. Sometimes brainstorming sessions can even be downright fun, and build a sense of trust among the whole group.
So, what about running a series of one-on-one conversations first, and then hosting a brainstorming session?
That’s a big ask of other executives’ time, but consider the potential benefits. You’ll already have a sense of what issues weigh on peoples’ minds, so you can ask questions that guide them to speak up. For example, “Let’s talk about improper vendor authorization; how likely is it that this particular thing might happen?” and then mention some concern someone has already told you.
Yes, you’ll need to craft your questions carefully so you don’t accidentally out someone who has told you something in confidence. Yes, you’ll still need to be humble and self-effacing on one hand to win people over; and be an engaging conversation leader to get everyone talking. None of this is easy.
But if you approach brainstorming the right way, you might have more enthusiasm for rooting out compliance and fraud risks than you ever expected.
Looking for more resources designed to support your role as a compliance officer? We thought so, and we have you covered here: