Categories
Hill Country Hustlers

Hill Country Hustlers: From Oaxaca to Hill Country: Jorge Salinas’ Journey in Youth Soccer Coaching

In this episode of the Hill Country Hustlers podcast, host Zachary Green interviews Jorge Salinas, an entrepreneur and youth soccer coach. Originally from Oaxaca, Mexico, Jorge shares his journey from immigrating to the United States with his mother to settling in the Hill Country and eventually thriving as a soccer coach. Despite numerous challenges and setbacks, Jorge highlights the importance of perseverance, community support, and staying true to one’s passion. He discusses the development of Vida Es Futbol, his soccer training program, and the significance of indoor soccer in youth development. The conversation emphasizes the importance of honesty, effective communication, and their impact on children’s lives as key elements of success.

Key highlights:

  • Inspirational Journey Highlights
  • Coaching & Leadership Impact
  • Family, Faith & Values
  • Community Building & Legacy
  • Overcoming Odds & Taking Initiative

Resources:

Zach Green on LinkedIn

Jorge Salinas on LinkedIn

Categories
Blog

COSO’s Corporate Governance Framework: Component 4 – People

We continue our exploration of the recently released COSO  Corporate Governance Framework (the Framework) as a Public Exposure Draft.  Today, we begin a deep dive into the six individual components with a discussion of Component 4—People. It was allegedly Warren Buffett who coined the phrase Culture eats strategy for breakfast. But let me tell you something else that’s equally true: people make or break both. In Component 4, the focus is squarely on people: how we attract, develop, compensate, and ultimately hold them accountable for creating long-term value.

This is a vital message for compliance professionals. Why? Because the most sophisticated compliance program on paper won’t protect your organization if the wrong people are making the wrong decisions for the wrong reasons. Compliance is not about abstract rules; it is about human behavior. And COSO’s People Component brings that reality home.

The framework outlines how boards and executive leadership must take responsibility for aligning people, systems, hiring, training, leadership development, compensation, and succession planning with the entity’s purpose, culture, and strategy. In other words, governance doesn’t end at the boardroom door; it extends to the front line.

Today, we break down COSO’s guidance and explore five key lessons for compliance professionals ready to lead on the people side of governance.

What Is the People Component?

COSO’s CGF defines the People Component as the foundational element that ensures the right individuals are in the right roles, with the proper support, and aligned to the right objectives. This component contains three key principles:

  1. Deploy People Strategy and Succession Planning
  2. Manage People and Compensation
  3. Drive Performance and Development

From the board to the front line, these principles focus on accountability, integrity, ethical leadership, and performance through the lens of talent governance.

Why This Matters to Compliance

This component affirms what we in compliance have always known: talent decisions are, in fact, ethical decisions. Incentives shape behavior. Leadership shapes tone. And people’s strategy shapes resilience.

For compliance professionals, the People Component is a golden opportunity to build bridges with HR, executive management, and the board. It empowers us to bring our risk lens to hiring, our ethics lens to incentives, and our accountability lens to performance management.

Five Key Lessons for Compliance Professionals

Lesson 1: People Strategy Is a Governance Issue—Be Part of the Planning Table

Principle 14: Deploy People Strategy and Succession Planning

Executive management must align people strategy with business goals, assessing future workforce needs, talent gaps, and leadership succession. The board provides oversight to ensure that the right talent is in place to deliver strategic objectives in an ethical and effective manner.

Compliance Tip: Partner with HR to understand how workforce planning encompasses compliance-critical roles, including data privacy, risk management, internal audit, and ESG. Ask how your company identifies future leaders who can model ethical conduct and resilience. Propose a compliance risk overlay in succession planning. Ask: “If this person moves into a high-impact role, do they have a track record of integrity and sound judgment under pressure? ”Build that into leadership assessments.

Lesson 2: Compensation Drives Behavior—So Monitor It Carefully

Principle 15: Manage People and Compensation

The board and executive management must ensure that compensation structures reward long-term value creation and ethical behavior, not just short-term results. This includes executive compensation, employee incentives, and total rewards strategies that align with core values.

Compliance Tip: Request visibility into compensation metrics, especially for sales, finance, and procurement teams. If employees are being rewarded solely based on volume or cost savings, that could signal a misalignment with ethical standards. Collaborate with HR and the compensation committee to include compliance and ethics indicators in bonus calculations. Consider investigation outcomes, training compliance, audit results, and peer feedback on values-based behavior.

Lesson 3: Onboarding and Offboarding Are Compliance Moments of Truth

The People Component makes it clear: onboarding and offboarding are governance checkpoints. Onboarding is your chance to set expectations. Offboarding is your last opportunity to capture lessons and protect integrity.

Compliance Tip: Work with HR to ensure onboarding includes live ethics training, culture orientation, and clear escalation procedures. Offboarding should include structured exit interviews with questions on pressure, misconduct, and retaliation risks. Review offboarding data for red flags. If high-performing employees are leaving due to ethical concerns or if leaders with compliance histories are going quietly, you need to escalate those patterns to leadership and the board.

Lesson 4: Performance Reviews Must Reflect How Results Are Achieved—Not Just What Is Achieved

Principle 16: Drive Performance and Development

The board and executive management are responsible for performance systems that reflect both outcomes and behaviors. Reviews must consider how goals were achieved in an ethical, collaborative, and aligned manner with core values.

Compliance Tip: Request that HR include ethics-based questions in performance reviews. For example: “Does this employee act as a role model for integrity? ” or “Does this person raise concerns appropriately? Pilot a 360-degree review process for leaders that includes peer, subordinate, and compliance input on tone, transparency, and trustworthiness. Utilize these results in succession planning and leadership development initiatives.

Lesson 5: Development Programs Must Include Ethics, Governance, and Risk Awareness

Too often, leadership development focuses on financial acumen and strategy but remains silent on ethics, oversight, and compliance. COSO advocates for executive and board education that enhances governance throughout the organization.

Compliance Tip: Offer to design or co-lead development sessions on ethical decision-making, speak-up culture, conflicts of interest, and stakeholder trust. Focus not just on what leaders should do, but on how they should think. Ask the board to adopt a continuing education policy that includes topics related to compliance and ethics. Bring in external experts, regulators, or thought leaders in ethics to refresh perspectives and address emerging risks.

Compliance’s Role in Talent Governance

Compliance professionals are not necessarily HR specialists, but they are the stewards of ethical risk, organizational culture, and accountability. COSO’s People Component gives us a clear lane to add value in three ways:

  1. Risk insight: Help assess where people-related risks are most concentrated, such as in high-pressure sales, international expansion, and acquisitions.
  2. Behavioral analytics: Use data to flag misaligned incentives, weak training completion, or trends in misconduct.
  3. Governance alignment: Support the board in aligning people, systems, and ethics with strategy and long-term value creation.

By engaging early and often in talent conversations, compliance can prevent misconduct, protect stakeholders, and promote resilience.

Educating the Board on People Governance

Bring these insights to your next board or audit committee session:

  • Governance includes oversight of people, not just policies.
  • Talent gaps in ethics, risk, or leadership can derail strategy execution.
  • The board must understand how people systems align with values.
  • Compliance can help assess whether compensation, performance, and succession planning are risk-aligned.

When boards connect people’s decisions to governance outcomes, compliance moves from operational support to strategic leadership.

Final Thoughts: People Are Governance in Action

Compliance is no longer just about controls. It is about character at every level of the organization. COSO’s People Component recognizes that the fundamental drivers of governance are people: directors who ask the hard questions, managers who model ethical behavior, and employees who speak up when something doesn’t feel right.

In the spirit of the Compliance Evangelist: Use this component to engage deeply with the human side of your organization. Help your company build a workforce that not only follows the rules but also embodies its values. That should be your legacy.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.

Categories
SBR - Authors' Podcast

SBR-Authors Podcast: A Journey Through Memoir, Technology, and Grief with Tony Stewart

Welcome to the SBR-Authors Podcast! In this podcast series, host Tom Fox visits with authors in the compliance arena and beyond. In this episode, Tom Fox interviews Tony Stewart, an author, filmmaker, technologist, and memoirist, about his book ‘Carrying the Tiger.’

Stewart shares his extensive professional background, which began as a filmmaker and transitioned into software development and business consulting, culminating in his retirement. He delves deep into the personal inspiration for his memoir, driven by his wife Lynn’s battle with stage four non-smoking lung cancer and the emotional and organic evolution of their journey. Stewart also discusses the process of writing and editing his story, the concept of emotional resiliency, and the profound lessons of acceptance, grief, and grace he learned. The episode also explores Stewart’s perspective on storytelling across different media, his collaboration with PR by the Book, and his efforts to share his story to help others.

Key highlights:

  • Tony Stewart’s Professional Journey
  • The Inspiration Behind ‘Carrying the Tiger
  • Writing and Editing the Memoir
  • Lessons in Emotional Resiliency
  • Experiencing and Understanding Grief
  • Dying with Grace
  • The Art of Storytelling
  • Publishing and Promotion Journey

Resources:

Tony Stewart at PR by the Book

Carrying the Tiger on Amazon

Tony Stewart Website

PR by the Book Website

Follow Tony Stewart on:

Instagram

Facebook

LinkedIn

Substack

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Internal Control Deficiencies

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with concise, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at how to deal with and report internal control deficiencies.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 37 – Corporate Governance Lessons from Star Trek’s “I, Mudd”

Who could have imagined that “I, Mudd,” a quirky, comedic episode from Star Trek: TOS, would offer valuable lessons in corporate governance? Yet, here we are, boldly going where no compliance blogger has gone before, using the misadventures of Captain Kirk and the enigmatic Harry Mudd to distill governance wisdom for modern compliance practitioners.

In this episode, “I, Mudd,” the Enterprise crew encounters Harry Mudd once more, stranded on a planet ruled by androids who are both obsessed with order and baffled by human irrationality. Mudd attempts to exploit the androids’ logic for his gain but soon finds himself captive to their strict interpretation of governance, leading Kirk and crew to intervene with creative tactics. Beneath the humor and hijinks lie critical corporate governance principles highly relevant to today’s compliance professionals.

Lesson 1: Transparency is Essential in Leadership

Illustrated By: Discovery of Harry Mudd’s True Motives and History with the Androids.

Governance Lesson. In corporate governance, transparency is equally crucial. Leaders who operate without openness risk organizational distrust, inefficiency, and dysfunction. Transparent leadership is foundational in governance; it supports robust stakeholder trust, improves organizational effectiveness, and mitigates potential scandals or compliance failures.

As compliance professionals, our role includes advocating for transparent communication channels, clear decision-making processes, and openly accessible policies and procedures. Creating a corporate culture of transparency ensures that the organization remains credible and effective in meeting both regulatory requirements and stakeholder expectations.

Lesson 2: Balance Between Structure and Flexibility

Illustrated By: The Androids’ Rigid Governance Framework. The androids in “I, Mudd” operate within an inflexible, logic-driven governance structure, incapable of handling unpredictable or irrational behavior. Their strict adherence to rules, without flexibility or situational judgment, ultimately leads to their downfall, as Kirk creatively exploits their rigidity.

Governance Lesson. This episode perfectly illustrates the need for governance structures to maintain balance. Compliance professionals must strive to find the optimal balance, developing corporate governance frameworks that are robust enough to ensure compliance while also being adaptable enough to meet the shifting regulatory and business environments.

Lesson 3: Importance of Ethical Leadership and Integrity

Illustrated By: Harry Mudd’s Attempts to Manipulate Android Governance.

Governance Lesson. This scenario resonates deeply within corporate governance. Integrity and ethical behavior must underpin all governance activities. Leaders who prioritize short-term gains over ethical conduct inevitably compromise their organization’s long-term health and credibility.

Lesson 4: Critical Thinking and Challenging Assumptions

Illustrated By: Kirk and Crew’s Strategy to Confuse the Androids with Illogical Behavior.

Governance Lesson. In a corporate context, governance systems sometimes become complacent, relying heavily on assumptions about internal controls, the effectiveness of risk management, and ethical conduct. Compliance leaders must encourage ongoing critical thinking, regularly challenging these assumptions to uncover vulnerabilities and weaknesses.

Lesson 5: The Value of Diversity and Human Insight in Governance

Illustrated By: The Androids’ Failure to Comprehend Human Nuance and Individuality.

Governance Lesson. Corporate governance similarly benefits from diverse perspectives, experiences, and insights. Organizations overly dependent on homogeneous leadership perspectives or mechanical decision-making processes become vulnerable to blind spots, groupthink, and systemic errors.

Final ComplianceLog Reflections

Who could have predicted that governance wisdom would emanate so vividly from the colorful escapades aboard the Enterprise with Harry Mudd and the androids? Yet, as compliance evangelists, we learn that corporate governance principles, such as transparency, ethical leadership, balanced structures, critical thinking, and diversity, are truly timeless.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Innovation in Compliance

Innovation in Compliance: Maximizing LinkedIn for Personal and Professional Branding with Carol Kaemmerer

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with Carol Kaemmerer, a renowned executive branding expert and author of ‘LinkedIn for the Savvy Executive.’

Carol shares her professional journey, from marketing communications expert to LinkedIn branding specialist. They discuss the significance of LinkedIn in today’s digital landscape, focusing on its role in establishing a professional brand, the importance of a deliberate and cohesive personal brand, and effective strategies for leveraging LinkedIn’s digital presence. Carol also elaborates on her five-point LinkedIn Brilliance Framework and the ‘rule of three’ to enhance clarity and retention of personal branding messages. This insightful conversation highlights how professionals, particularly young graduates and executives, can utilize LinkedIn to improve their careers and individual brands.

Key highlights:

  • The Power of LinkedIn for Branding
  • Personal Branding for Young Professionals
  • LinkedIn as a Professional Storefront
  • The Rule of Three for Effective Messaging
  • Maximizing LinkedIn’s Digital Real Estate
  • The LinkedIn Brilliance Framework

Resources:

Carol Kaemmerer on  LinkedIn

Carol Kaemmerer Website

 Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Word of the Week

Word of the Week with Kenneth O’Neal – Tomorrow and Finding Hope in the Face of Tragedy

Each week, Kenneth O’Neal discusses a word that describes a principle or value of the Qualities of Success. We suggest that you incorporate the Word of the Week into your thoughts, deeds, and actions. You might currently possess the quality and desire to develop it to a higher level. You could replace a bad habit with a good habit. Write an action step and use it daily to produce the quality in your life. In this episode, Kenneth discusses the word –Tomorrow.

In this episode, Rick and Kenneth have a very somber Monday morning following a tragic weekend. They reflect on the word ‘tomorrow’ as a symbol of hope amidst grief, referencing Psalm 30:5. Kenneth O’Neill delivers a poignant message about mourning, remembrance, and the transformative power of hope. The conversation explores the importance of honoring those lost by living with intention, compassion, and courage. There is also gratitude expressed for the community’s response and assistance during the tragedy, highlighting the importance of being one’s best self to build a better future.

Key highlights:

  • Reflecting on a Tragic Weekend
  • Word of the Week: Tomorrow
  • Honoring the Lost and Finding Hope
  • The Importance of Tomorrow

Resources:

KRONEAL Consulting

Categories
Daily Compliance News

Daily Compliance News: July 8, 2025, The Learning on the Job Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top compliance stories:

  • Learning on the job is getting harder. (FT)
  • FT Ed Board weighs in on BCG scandal. (FT)
  • Leaders need to get behind AI, or else. (Business Insider)
  • The Netherlands is behind in ABC efforts. (NL Times)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Blog

Governing Wisely: Five Corporate Governance Lessons from Star Trek’s “I, Mudd”

Who could have imagined that “I, Mudd,” a quirky, comedic episode from Star Trek: The Original Series, would offer valuable lessons in corporate governance? Yet, here we are, boldly going where no compliance blogger has gone before, using the misadventures of Captain Kirk and the enigmatic Harry Mudd to distill governance wisdom for modern compliance practitioners.

In this episode, “I, Mudd,” the Enterprise crew encounters Harry Mudd once more, stranded on a planet ruled by androids who are both obsessed with order and baffled by human irrationality. Mudd attempts to exploit the androids’ logic for his gain but soon finds himself captive to their strict interpretation of governance, leading Kirk and crew to intervene with creative tactics. Beneath the humor and hijinks lie critical corporate governance principles highly relevant to today’s compliance professionals. Let’s dive deeper.

Lesson 1: Transparency is Essential in Leadership

Illustrated By: Discovery of Harry Mudd’s True Motives and History with the Androids.

Early in the episode, Kirk and the Enterprise crew uncover that Harry Mudd has deceived both them and the androids, presenting himself falsely to hide his questionable motives. His lack of transparency ultimately erodes trust, causing tension, conflict, and misunderstandings.

In corporate governance, transparency is equally crucial. Leaders who operate without openness risk organizational distrust, inefficiency, and dysfunction. Transparent leadership is foundational in governance—it supports robust stakeholder trust, improves organizational effectiveness, and mitigates potential scandals or compliance failures.

As compliance professionals, our role includes advocating for transparent communication channels, clear decision-making processes, and openly accessible policies and procedures. Creating a corporate culture of transparency ensures that the organization remains credible and effective in meeting both regulatory requirements and stakeholder expectations.

Lesson 2: Balance Between Structure and Flexibility

Illustrated By: The Androids’ Rigid Governance Framework. The androids in “I, Mudd” operate within an inflexible, logic-driven governance structure, incapable of handling unpredictable or irrational behavior. Their strict adherence to rules, without flexibility or situational judgment, ultimately leads to their downfall, as Kirk creatively exploits their rigidity.

This episode perfectly illustrates the need for governance structures to maintain balance. Excessively rigid controls can stifle innovation, responsiveness, and organizational resilience. Conversely, too much flexibility can lead to inconsistent decision-making and compliance vulnerabilities. Compliance professionals must strive to find the optimal balance, developing corporate governance frameworks that are robust enough to ensure compliance while also being adaptable enough to meet the shifting regulatory and business environments. A well-balanced governance approach allows organizations to respond effectively to unforeseen challenges while maintaining critical controls.

Lesson 3: Importance of Ethical Leadership and Integrity

Illustrated By: Harry Mudd’s Attempts to Manipulate Android Governance. Harry Mudd’s self-serving manipulations and attempts to exploit governance structures for personal gain represent a classic example of unethical leadership. His disregard for ethical integrity generates instability and places everyone, including himself, at risk.

This scenario resonates deeply within corporate governance. Integrity and ethical behavior must underpin all governance activities. Leaders who prioritize short-term gains over ethical conduct inevitably compromise their organization’s long-term health and credibility.

Compliance professionals play a vital role in deeply embedding ethics into an organization’s culture and governance processes. Encouraging ethical leadership, providing comprehensive ethics training, and embedding ethical considerations into all governance decisions fortifies the organization’s resilience against corruption, scandals, and regulatory scrutiny.

Lesson 4: Critical Thinking and Challenging Assumptions

Illustrated By: Kirk and Crew’s Strategy to Confuse the Androids with Illogical Behavior. Perhaps the most memorable and amusing scene in “I, Mudd” occurs when Kirk and his crew use creative, illogical behaviors to disrupt the androids’ strictly logical governance system. This tactic underscores the importance of critical thinking and challenging assumptions inherent in established governance practices.

Governance Lesson. In a corporate context, governance systems sometimes become complacent, relying heavily on assumptions about internal controls, the effectiveness of risk management, and ethical conduct. Compliance leaders must encourage ongoing critical thinking, regularly challenging these assumptions to uncover vulnerabilities and weaknesses.

Regular audits, testing governance procedures through scenario planning and tabletop exercises, and encouraging critical questioning by employees help ensure governance systems remain robust, flexible, and prepared to manage emerging threats. This proactive approach safeguards organizations from complacency-induced governance failures.

Lesson 5: The Value of Diversity and Human Insight in Governance

Illustrated By: The Androids’ Failure to Comprehend Human Nuance and Individuality. In “I, Mudd,” the androids’ governance system fails primarily because they cannot appreciate human diversity, emotional intelligence, and individuality. Their failure underscores the importance of these factors in effective governance.

Governance Lesson. Corporate governance similarly benefits from diverse perspectives, experiences, and insights. Organizations overly dependent on homogeneous leadership perspectives or mechanical decision-making processes become vulnerable to blind spots, groupthink, and systemic errors.

Compliance officers must advocate vigorously for diversity across governance committees, senior management teams, and boards. Diverse perspectives, combining analytical rigor and human insight, allow governance processes to anticipate better, understand, and manage risks, regulatory requirements, and ethical considerations. Encouraging and valuing diverse voices and fostering inclusion greatly enhances organizational decision-making and governance efficacy.

Final ComplianceLog Reflections

Who could have predicted that governance wisdom would emanate so vividly from the colorful escapades aboard the Enterprise with Harry Mudd and the androids? Yet, as compliance evangelists, we learn that corporate governance principles, such as transparency, ethical leadership, balanced structures, critical thinking, and diversity, are truly timeless.

By integrating these lessons into governance practices, compliance professionals can cultivate organizations that are capable of navigating complexities, mitigating risks, and ensuring adherence to ethical and regulatory standards. As Captain Kirk and his intrepid crew demonstrate, effective governance requires clarity, adaptability, ethical strength, critical thinking, and diverse insights—qualities indispensable for addressing today’s corporate governance challenges.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

COSO’s Corporate Governance Framework: Component 3 – Culture

We continue our exploration of the recently released COSO Corporate Governance Framework (the Framework) as a Public Exposure Draft. Today, we begin a deep dive into the six individual components with a discussion of Component 3—Culture. When discussing corporate culture, we often do so in vague, inspirational terms. However, in Component 3 – Culture, the Framework culture is positioned as a measurable, manageable, and mission-critical governance function. For compliance professionals, this is not just validating; it is moving to a mandate.

In today’s risk environment, culture should not be a soft topic. Properly viewed, it is a leading indicator of whether your organization can weather disruption, comply with complex regulations, and maintain trust with stakeholders. COSO’s culture guidance transforms tone at the top into governance in action. It links behaviors to strategy, values to risk, and leadership to accountability.

What Is Culture in the COSO Framework?

COSO defines culture as “the set of shared values, attitudes, and behaviors shaped by leadership that influence how individuals act with integrity, make decisions, and respond to risk.” It is not a slogan, but how people behave when no one is watching.

The Culture Component is built around three core principles:

  1. Establish and Model Culture and Behaviors
  2. Promote Ethics, Respect, and Open Communication
  3. Assess and Adapt Culture

These principles emphasize that culture is dynamic and strategic, rather than passive or peripheral. It must be designed, led, measured, and, when necessary, corrected.

Why Culture Belongs to Compliance

Culture has long been a central component of compliance. But COSO now gives it a governance home—under the board’s oversight and executive leadership’s execution. Compliance leaders are uniquely positioned to monitor, assess, and influence culture in real time, across all levels of the organization.

Culture impacts:

  • How decisions are made.
  • Whether employees speak up;
  • How misconduct is handled.
  • Whether the strategy is executed ethically, and
  • Whether compliance programs are seen as check-the-box or mission-critical.

With COSO’s Culture Component in hand, the compliance function has the playbook, and the board has the responsibility to govern culture as seriously as they govern financial controls.

III. Five Key Lessons for Compliance Professionals

Lesson 1: Culture Starts at the Board—Help Them Set the Tone and Model the Way

Principle 11: Establish and Model Culture and Behaviors

Boards and executive management must define the desired culture and model expected behaviors in alignment with purpose, values, and strategy. They must actively reinforce ethical norms through actions, decisions, and communications.

Compliance Tip: Offer directors a quarterly culture dashboard that includes whistleblower activity, employee sentiment, training engagement, and ethics concerns. Use anonymized narratives to make the data more relatable and human. Collaborate with your board chair or lead independent director to include ethics and culture in the annual board assessment. If board behaviors contradict stated values, it’s your role to surface that constructively.

Lesson 2: Promote Ethics and Psychological Safety—So People Speak Up Before the Headlines

Principle 12: Promote Ethics, Respect, and Open Communication

Executive management, with board oversight, must foster an environment of ethical behavior, respect for diversity of thought, and open communication at all levels of the organization. This includes codes of conduct, anti-retaliation protections, and speaking-up programs.

Compliance Tip: Go beyond the hotline. Create structured opportunities for employees to raise concerns in a safe and low-friction manner, such as listening sessions, surveys, or informal feedback channels. Use data to prove psychological safety gaps. If your hotline volume is too low, if anonymous feedback is not being received, or if exit interviews reveal unspoken concerns, bring this to the board’s attention and recommend action.

Lesson 3: Culture Is Built into Systems—Integrate It into Business Processes

COSO makes it clear: culture is operational. It is not just about the value posters on the wall. It must be embedded in hiring practices, incentive structures, performance reviews, vendor relationships, and even crisis response plans.

Compliance Tip: Partner with HR and operations to integrate ethical behavior into job descriptions, bonus structures, and leadership assessments. Help managers understand how their daily decisions influence and shape the organizational culture. Audit your incentive systems. If employees are being rewarded for outcomes that conflict with your values, such as cutting corners to meet targets, that should be an evident and loud red flag. Share these insights with leadership and propose alignment strategies to enhance their effectiveness.

Lesson 4: Assess Culture with the Same Rigor as Financial Controls

Principle 13: Assess and Adapt Culture

Boards and executives must continuously monitor culture through both qualitative and quantitative means, like surveys, exit interviews, focus groups, and misconduct trends. They must use this insight to adjust behaviors, policies, and communications.

Compliance Tip: Develop a culture scorecard that blends hard metrics (e.g., hotline use, turnover, audit findings) with soft indicators (e.g., pulse survey sentiment, values alignment). Share it regularly with senior leadership and the board. Recommend a third-party cultural assessment every 2–3 years. A fresh outside perspective can validate internal findings or reveal misalignment between what leaders think the culture is and what employees experience.

Lesson 5: Culture Must Adapt in Crisis—So Plan Ahead

COSO acknowledges that culture is stress-tested in times of disruption, be it a cyber breach, executive misconduct, acquisition, or societal crisis. The Culture Component encourages entities to integrate cultural expectations into their change management and crisis response processes.

Compliance Tip: Collaborate with risk and crisis teams to develop culture-aligned responses in your business continuity or crisis management playbooks. This includes messaging protocols, decision-making principles, and escalation thresholds. After any major incident, conduct a post-crisis culture audit. Ask: Did we live our values? Were our responses timely, ethical, and transparent? Feed those insights into board reporting and future crisis planning.

Building a Culture Governance Program: Where Compliance Leads

To bring COSO’s Culture Component to life, compliance professionals should spearhead a culture governance program that includes:

  • Clear definitions of desired behaviors linked to purpose and values
  • Measurement tools (dashboards, surveys, listening posts, audits)
  • Accountability mechanisms (ownership in performance reviews, board oversight)
  • Responsive feedback loops to adjust based on data and stakeholder input
  • Ethics-based training that evolves with risk and reality

This program should be integrated into your ERM process, strategic reviews, and board governance cycle, rather than being siloed off as “compliance only.”

What Boards Need to Hear from Compliance

Bring these messages to your next board or audit committee meeting:

  • Culture is a governance issue, not just a management function.
  • Misaligned culture leads to misconduct, regulatory failure, and reputational damage.
  • Compliance has real-time data on how values are being lived or violated.
  • Boards must monitor culture as a key component of enterprise risk and strategy.
  • Tone at the top must be modeled, not just messaged.

When directors understand this, they begin to treat culture metrics with the same gravity as revenue forecasts or audit findings.

Final Thoughts: Culture Is Compliance’s Moment to Lead

In the world of governance, culture is where compliance and leadership intersect. COSO’s Framework not only endorses this idea, but it also institutionalizes it. If culture determines how strategy is executed, how risks are mitigated, and how stakeholders perceive your organization, then compliance is not merely a monitor; rather, it is a culture architect. So step up. Utilize the COSO Culture Component to foster ethical leadership, safeguard long-term value, and ensure that your organization not only talks the talk but also walks the walk.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.