Tag: compliance

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 43 – In the Shadow of Doubt: Lessons from Star Trek’s “Wolf in the Fold”

Every compliance professional, sooner or later, must confront the uncomfortable truth that sometimes the system gets it wrong. Whether due to circumstantial evidence, unconscious bias, or institutional inertia, there are moments when the innocent stand accused and the integrity of the investigative process itself is on trial. Star Trek: The Original Series’ “Wolf in the Fold” is a cautionary tale about just such a scenario, offering invaluable insights for anyone who cares about justice, fairness, and the reputation of their organization. Today, we explore the investigative and fairness lessons compliance professionals can glean from this classic Star Trek whodunit.

Lesson 1: Presume Innocence—Don’t Rush to Judgment

Illustrated By: After the first murder, all evidence seems to point to Scotty. He’s found with the victim, holding a knife, but claims to have no memory of the incident. The local authorities and some Enterprise personnel are quick to suspect him due to the seemingly damning circumstances.

Compliance Lesson: A foundational principle of any fair investigative process is the presumption of innocence. It’s easy to rush to judgment when circumstantial evidence piles up, especially under pressure from leadership or regulators. But professionalism and institutional integrity require that we suspend bias and keep our minds open until the facts are thoroughly explored.

Bake the presumption of innocence into your investigative policies and training. Remind every team member and stakeholder that even the most “obvious” cases demand impartial investigation. Document early assumptions and check for bias throughout the inquiry.

Lesson 2: Avoid Tunnel Vision—Expand the Investigative Lens

Illustrated By: As more murders occur and Scotty continues to be in the wrong place at the wrong time, suspicion remains fixed on him. However, Spock and Kirk resist the urge to focus solely on their friend. They consider alternate explanations, explore technical anomalies, and even question the possibility of non-human involvement.

Compliance Lesson: Tunnel vision is a persistent risk in any investigation, especially when a plausible suspect fits the facts. True institutional fairness demands that compliance professionals look beyond the immediate and obvious, systematically considering alternative scenarios and other suspects.

Develop “red team” protocols or assign a “devil’s advocate” role in major investigations to challenge prevailing theories deliberately. Require documentation of all hypotheses considered and make alternate scenario analysis part of your standard investigative checklist.

Lesson 3: Leverage Expertise and Technology—But Don’t Abdicate Human Judgment

Illustrated By: Kirk and Spock seek help from Sybo, the Argelian empath, and use the Enterprise computer to analyze the evidence, eventually exposing the supernatural entity Redjac as the true culprit. However, they do not blindly trust the results. Kirk and Spock synthesize the technological findings with their reasoning, refusing to let the investigation be dictated by technology alone.

Compliance Lesson: While data analytics, forensics, and investigative technology are powerful tools, they are not infallible. Technology should augment, not replace, the judgment of experienced investigators. Relying solely on computer output or external expertise without human analysis can lead to catastrophic mistakes, especially in nuanced, high-stakes cases.

Balance the use of forensic technology with critical thinking and seasoned judgment. Always validate technological findings with multiple sources, and require human review before making conclusions. Foster a culture where “computer says so” is never an excuse for poor process.

Lesson 4: Champion Institutional Justice—Even When It’s Uncomfortable

Illustrated By: The Argelian prefect, Jaris, is pressured to resolve the case swiftly due to local customs and a desire to preserve order. Kirk, however, insists that the process be fair and thorough, even at the risk of offending local sensibilities or extending the investigation. He appeals to both Argelian law and Federation principles, ensuring that institutional justice, not expediency, prevails.

Compliance Lesson: Institutional justice means doing what’s right, not just what’s easy or convenient. The pressure to resolve allegations quickly to satisfy regulators, shareholders, or media can be immense. But caving to expediency undermines fairness, risks wrongful discipline, and erodes long-term trust in the compliance function.

Institute explicit policies prioritizing fairness over speed in investigations. Communicate to leadership that thoroughness is a core compliance value. Protect investigators from undue pressure to deliver quick “results” at the expense of real justice.

Lesson 5: Transparent Communication Restores Trust

Illustrated By:

When Redjac is finally exposed and Scotty’s innocence is proven, Kirk doesn’t just close the case and move on. He explains the whole sequence of events to both the Argelian authorities and his crew, restoring Scotty’s reputation and demonstrating that the investigative process, however difficult, was ultimately fair and transparent.

Compliance Lesson: When someone is wrongfully accused, it isn’t enough to quietly correct the record. Institutional fairness requires public restoration and clear communication about what happened, how the mistake was identified, and what steps will be taken to prevent recurrence. Transparency is about accountability, but it’s also about healing wounds and rebuilding organizational trust.

Develop protocols for communicating exonerations and corrective actions to all relevant stakeholders. Where privacy allows, share lessons learned broadly, emphasizing the organization’s commitment to justice and fairness. Make it clear that the compliance function values both truth and reputation.

Final ComplianceLog Reflections

“Wolf in the Fold” reminds us that even the most rigorous institutions are vulnerable to error, especially under stress, bias, or pressure. For compliance professionals, the episode is a touchstone for the values that must guide every investigation: presumption of innocence, investigative rigor, openness to alternative theories, balanced use of technology, commitment to institutional justice, and, above all, transparent communication.

Wrongful accusations are more than a risk; they are a litmus test for the soul of an organization’s compliance program. The real victory isn’t just exonerating the innocent, but demonstrating to every employee, stakeholder, and regulator that fairness and justice are not negotiable.

So, the next time you face a difficult case or feel the pressure to resolve an issue quickly, remember the lesson of Scotty and the Argelians. Take the time, expand your lens, leverage every resource, and communicate your findings with integrity. In doing so, you’ll ensure that your compliance program isn’t just a set of rules but a living embodiment of the principles of justice and fairness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

In the Shadow of Doubt: Institutional Fairness and Institutional Justice Lessons from Star Trek’s “Wolf in the Fold”

Every compliance professional, sooner or later, must confront the uncomfortable truth that sometimes the system gets it wrong. Whether due to circumstantial evidence, unconscious bias, or institutional inertia, there are moments when the innocent stand accused and the integrity of the investigative process itself is on trial. Star Trek: The Original Series’ “Wolf in the Fold” is a cautionary tale about just such a scenario, offering invaluable insights for anyone who cares about justice, fairness, and the reputation of their organization.

The episode places Chief Engineer Montgomery Scott (“Scotty”) in the center of a series of brutal murders on Argelius II. Despite the mounting evidence against him, the real story is about how Captain Kirk, Mr. Spock, Dr. McCoy, and the Argelian authorities pursue the truth—and how easily institutional justice can go astray.

Let’s explore the investigative and fairness lessons compliance professionals can glean from this classic Star Trek whodunit.

Lesson 1: Presume Innocence—Don’t Rush to Judgment

Illustrated By: After the first murder, all evidence seems to point to Scotty. He’s found with the victim, holding a knife, but claims to have no memory of the incident. The local authorities and some Enterprise personnel are quick to suspect him due to the seemingly damning circumstances.

Compliance Lesson: A foundational principle of any fair investigative process is the presumption of innocence. It’s easy to rush to judgment when circumstantial evidence piles up, especially under pressure from leadership or regulators. But professionalism and institutional integrity require that we suspend bias and keep our minds open until the facts are thoroughly explored.

Bake the presumption of innocence into your investigative policies and training. Remind every team member and stakeholder that even the most “obvious” cases demand impartial investigation. Document early assumptions and check for bias throughout the inquiry.

Lesson 2: Avoid Tunnel Vision—Expand the Investigative Lens

Illustrated By: As more murders occur and Scotty continues to be in the wrong place at the wrong time, suspicion remains fixed on him. However, Spock and Kirk resist the urge to focus solely on their friend. They consider alternate explanations, explore technical anomalies, and even question the possibility of non-human involvement.

Compliance Lesson: Tunnel vision is a persistent risk in any investigation, especially when a plausible suspect fits the facts. True institutional fairness demands that compliance professionals look beyond the immediate and obvious, systematically considering alternative scenarios and other suspects.

Develop “red team” protocols or assign a “devil’s advocate” role in major investigations to challenge prevailing theories deliberately. Require documentation of all hypotheses considered and make alternate scenario analysis part of your standard investigative checklist.

Lesson 3: Leverage Expertise and Technology—But Don’t Abdicate Human Judgment

Illustrated By: Kirk and Spock seek help from Sybo, the Argelian empath, and use the Enterprise computer to analyze the evidence, eventually exposing the supernatural entity Redjac as the true culprit. However, they do not blindly trust the results. Kirk and Spock synthesize the technological findings with their reasoning, refusing to let the investigation be dictated by technology alone.

Compliance Lesson: While data analytics, forensics, and investigative technology are powerful tools, they are not infallible. Technology should augment, not replace, the judgment of experienced investigators. Relying solely on computer output or external expertise without human analysis can lead to catastrophic mistakes, especially in nuanced, high-stakes cases.

Balance the use of forensic technology with critical thinking and seasoned judgment. Always validate technological findings with multiple sources, and require human review before making conclusions. Foster a culture where “computer says so” is never an excuse for poor process.

Lesson 4: Champion Institutional Justice—Even When It’s Uncomfortable

Illustrated By: The Argelian prefect, Jaris, is pressured to resolve the case swiftly due to local customs and a desire to preserve order. Kirk, however, insists that the process be fair and thorough, even at the risk of offending local sensibilities or extending the investigation. He appeals to both Argelian law and Federation principles, ensuring that institutional justice, not expediency, prevails.

Compliance Lesson: Institutional justice means doing what’s right, not just what’s easy or convenient. The pressure to resolve allegations quickly to satisfy regulators, shareholders, or media can be immense. But caving to expediency undermines fairness, risks wrongful discipline, and erodes long-term trust in the compliance function.

Institute explicit policies prioritizing fairness over speed in investigations. Communicate to leadership that thoroughness is a core compliance value. Protect investigators from undue pressure to deliver quick “results” at the expense of real justice.

Lesson 5: Transparent Communication Restores Trust

Illustrated By:

When Redjac is finally exposed and Scotty’s innocence is proven, Kirk doesn’t just close the case and move on. He explains the whole sequence of events to both the Argelian authorities and his crew, restoring Scotty’s reputation and demonstrating that the investigative process, however difficult, was ultimately fair and transparent.

Compliance Lesson: When someone is wrongfully accused, it isn’t enough to quietly correct the record. Institutional fairness requires public restoration and clear communication about what happened, how the mistake was identified, and what steps will be taken to prevent recurrence. Transparency is about accountability, but it’s also about healing wounds and rebuilding organizational trust.

Develop protocols for communicating exonerations and corrective actions to all relevant stakeholders. Where privacy allows, share lessons learned broadly, emphasizing the organization’s commitment to justice and fairness. Make it clear that the compliance function values both truth and reputation.

Final ComplianceLog Reflections

“Wolf in the Fold” reminds us that even the most rigorous institutions are vulnerable to error, especially under stress, bias, or pressure. For compliance professionals, the episode is a touchstone for the values that must guide every investigation: presumption of innocence, investigative rigor, openness to alternative theories, balanced use of technology, commitment to institutional justice, and, above all, transparent communication.

Wrongful accusations are more than a risk; they are a litmus test for the soul of an organization’s compliance program. The real victory isn’t just exonerating the innocent, but demonstrating to every employee, stakeholder, and regulator that fairness and justice are not negotiable.

So, the next time you face a difficult case or feel the pressure to resolve an issue quickly, remember the lesson of Scotty and the Argelians. Take the time, expand your lens, leverage every resource, and communicate your findings with integrity. In doing so, you’ll ensure that your compliance program isn’t just a set of rules but a living embodiment of the principles of justice and fairness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

COSO’s Corporate Governance Framework: What It Means for Compliance

For decades, COSO has been the gold standard in internal controls and enterprise risk management. But with the release of its new Corporate Governance Framework (CGF), now open as a Public Exposure Draft, COSO has thrown down the gauntlet to the compliance profession. This isn’t just a governance checklist. It is a call to action: step up, shape governance, and lead your organization into the future.

After exploring each of the six CGF Components in depth, I wanted to conclude this series by bringing it all together. What does the new COSO framework mean for compliance professionals? How should you adjust your strategy, your conversations with the board, and your daily work? Here are the big lessons and the practical next steps.

1. The Big Picture: A New Era for Governance and Compliance

The COSO CGF is a principles-based, integrated system designed to make governance everyone’s business, not just the sole responsibility of a Board of Directors. The six Components—Oversight, Strategy, Culture, People, Communication, and Resilience, each include key Principles with practical Points of Focus and leading-edge considerations. This is not a compliance framework by name, but it is a governance framework that places compliance at the heart of value creation, accountability, and enterprise resilience.

Compliance Takeaway: The CGF is arriving at a moment of regulatory complexity, stakeholder activism, and reputational volatility. Boards and management face evolving risks from AI, cyber, and ESG while being held to standards of transparency and trust by investors, employees, and society itself. If you’re a compliance leader, COSO just handed you the blueprint for embedding compliance deeper than ever before.

2. Oversight: Compliance’s Seat at the Table

Effective governance starts with the board, but it extends through management to every level of the organization. Oversight is about structure, independence, and accountability across board composition, executive delegation, and shareholder engagement. Do not be a bystander in governance; be a builder. Propose committee enhancements, brief leadership on independence and risk, and ensure compliance is on the board’s standing agenda. Your role is to clarify escalation protocols, support board effectiveness, and ensure oversight extends beyond mere numbers to encompass culture and ethical tone.

Compliance Takeaway: Start benchmarking your BOD structure and practices against COSO’s principles. Bring data to governance discussions and push for compliance metrics and risk topics to be regular board agenda items.

3. Strategy: From Afterthought to Co-Pilot

Strategy is no longer a C-suite sandbox. COSO makes clear: the board must oversee strategy, management must align it with purpose, and compliance must be at the table from planning to performance review. Step into the strategic conversation early. Embed compliance considerations into scenario planning, risk assessment, and incentive design. Move beyond being a “fixer” after decisions are made. You are now a co-pilot in shaping resilient, risk-aware, and stakeholder-driven strategy.

Compliance Takeaway: Map your organization’s strategic plan to the four COSO strategy principles: purpose, development, execution, and measurement. Create or enhance compliance dashboards with ethical and cultural KPIs, and ensure the board is briefed on them.

4. Culture: From Soft Topic to Measurable Mandate

Culture is not simply a poster on the wall; rather, it is how people behave when nobody is watching. The CGF calls for boards to own culture oversight, with management embedding values in every business process, from hiring to crisis response. Culture is now measurable, manageable, and mission-critical. Create culture dashboards, integrate ethics into leadership assessments, and bring employee sentiment to the board. Remember, misaligned culture leads to misconduct, and compliance has the data to prove it.

Compliance Takeaway: Launch a culture governance program with clear metrics (hotline use, training engagement, exit interview themes). Schedule regular board updates and recommend third-party culture assessments every few years.

5. People: Talent Is Governance in Action

People make or break both strategy and culture. COSO’s People Component focuses on workforce planning, succession, compensation, and development, with the board responsible for oversight of the front line—partner with HR on leadership development, succession planning, and ethics in incentives. Review onboarding and offboarding for compliance moments of truth, and advocate for ethics questions in performance reviews. Do not simply check the HR box; bring a compliance risk lens to every talent conversation.

Compliance Takeaway: Review how people-related risks (succession gaps, compensation misalignment) are addressed in board and committee agendas. Propose ethics- and compliance-driven enhancements to talent processes, and pilot 360-degree reviews for key leaders.

6. Communication: Governance’s Nervous System

Communication is not simply about reporting; rather, it is the way governance breathes. The CGF emphasizes trustworthy data, technology enablement, escalation protocols, and stakeholder engagement. Ensure your GRC systems provide real-time, accurate insights. If your compliance program runs on spreadsheets, it’s time for an upgrade. Push for integrated platforms, streamlined reporting, and regular “lookback” exercises after incidents.

Compliance Takeaway: Lead a review of your communication tools and escalation pathways. Bring technology-enabled dashboards to executive and board meetings, combining compliance, risk, and culture indicators for holistic governance oversight.

7. Resilience: From Compliance Cost Center to Value Enabler

Resilience is the ability to anticipate, withstand, and adapt to disruption. The Resilience Component weaves together risk, compliance, internal control, and continuous monitoring and positions compliance as a pillar of enterprise stability. Expand your oversight of internal controls beyond financials—leverage technology to automate high-risk monitoring. Lead post-incident reviews that turn mistakes into governance muscle. Compliance is not just about “bouncing back” from crisis; it is about building systems that don’t break in the first place.

Compliance Takeaway: Map compliance risks to strategic objectives and ensure alignment with enterprise risk management (ERM). Use predictive analytics to flag emerging cultural or ethical risks and brief the board on how compliance is driving not just compliance but resilience.

What Makes COSO’s CGF Different—and What You Should Do Now

Cross-functional by design. Each Component connects with others—culture shapes strategy, people enable resilience, and communication powers oversight.

Principle-based, not prescriptive. The framework is adaptable across industries and geographies. It is not about ticking boxes but building a system that fits your organization.

Tech-forward and future-focused. AI, data, and technology are built in from the start, not an afterthought.

Final Takeaways for Compliance Professionals:

  • Engage early and often: Do not wait for the board to call you. Proactively map your program to the CGF’s Components.
  • Benchmark and build: Use the framework as a lens to spot gaps, propose improvements, and advocate for compliance in new domains (talent, tech, ESG).
  • Educate and evangelize: Socialize the CGF across the C-suite, HR, IT, and risk. Make compliance the bridge that connects governance with value creation.

Closing Thoughts: A Call to Action

The new COSO Corporate Governance Framework is a leadership manual for the modern compliance professional. It challenges us to see compliance as more than defense; it is the engine of long-term value, trust, and resilience.

If you are ready to move from risk mitigator to governance architect, COSO just handed you the playbook. Now’s the time to roll up your sleeves, engage with the board, and help build a governance system that will stand the test of disruption, scrutiny, and change.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 42 – Objectivity Under Fire: What “Obsession” Teaches Compliance Leaders

In the world of corporate compliance, the most challenging issues are often not the ones found in policies and procedures but the ones that hit close to home. When an investigation, a potential violation, or a risk becomes personal, even the most seasoned compliance professionals can struggle to maintain objectivity, leadership, and ethical clarity.

No episode of Star Trek: The Original Series captures this dilemma more powerfully than “Obsession.” Today, we have five key leadership lessons for compliance professionals, each illustrated by a scene from this classic episode.

Lesson 1: The Danger of Letting Past Failures Drive Present Decisions

Illustrated By:  Early in “Obsession,” Captain Kirk becomes fixated on the mysterious cloud-creature, which he encountered as a young officer. He blames himself for not destroying it years ago, feeling responsible for the deaths of his former crewmates. This guilt clouds his judgment and causes him to pursue the creature at the expense of his current mission and crew.

Compliance Lesson: It is natural for past failures or unresolved issues to haunt compliance professionals, whether it is a missed red flag, a mishandled investigation, or a colleague’s misconduct that slipped through the cracks. However, leadership means acknowledging these feelings without letting them dictate current actions. Fixating on the past can compromise your objectivity, impair decision-making, and erode team trust.

Create a structured debrief process after investigations and audits, encouraging candid discussions of lessons learned—but draw a clear line between healthy reflection and self-blame. If you notice yourself or a colleague ruminating on a past failure, seek outside perspective from a mentor or coach.

Lesson 2: Beware of Conflicts Between Personal Motivations and Organizational Mission

Illustrated By: The pursuit of the creature leads him to override the advice of Spock and McCoy, risking a critical rendezvous with the USS Yorktown, which is carrying vital medical supplies. His vendetta threatens to derail the Enterprise’s primary mission and put others at risk.

Compliance Lesson: Personal motivations, even those rooted in a sense of justice or accountability, can create conflicts with the organization’s broader mission. For compliance leaders, it’s essential to recognize when personal feelings, loyalties, or ambitions are at odds with what’s best for the company, stakeholders, or compliance program as a whole.

Regularly revisit your program’s core mission and values. Before making significant decisions, pause to ask: “Am I doing this for the right reasons? Is this truly about compliance and ethics, or is my agenda creeping in?” Encourage a culture of peer challenge, where team members can safely question each other’s motivations in high-stakes situations.

Lesson 3: Listen to Your Team—Even When You Disagree

Illustrated By: Throughout the episode, Spock, McCoy, and other crew members challenge Kirk’s judgment, pointing out the risks of his obsession. Kirk initially rebuffs their advice, convinced that only he understands the threat. It is only when he finally listens to his officers that he can devise an effective plan to confront the creature.

Compliance Lesson: Leadership in compliance is not about always being right; rather, it is about fostering a culture where diverse perspectives are welcomed, especially when an issue becomes personal. Leaders must actively seek and value dissenting opinions and be open to changing course based on credible advice, even if it stings.

During high-stress or personal cases, explicitly ask your team for feedback and alternative viewpoints. Consider creating “devil’s advocate” roles in investigations and setting ground rules that ensure even junior team members can raise concerns without fear of reprisal.

Lesson 4: Maintain Professional Distance—Don’t Let Emotions Overwhelm Ethics

Illustrated By: Kirk’s obsession nearly leads him to take unnecessary risks, endangering himself and his crew. His emotional investment clouds his judgment, and he pushes past reasonable boundaries in pursuit of what he believes is justice. Only when he regains his professional composure does he successfully lead his crew to resolve the crisis.

Compliance Lesson: When issues become personal, whether due to relationships, past failures, or high stakes, it is easy for emotions to override ethics and professionalism. Compliance leaders must learn to recognize when they are too close to a situation and take deliberate steps to regain perspective.

Build time for reflection into your workflow, especially during emotionally charged investigations. When possible, delegate or recuse yourself from cases where you cannot maintain impartiality. Seek support from trusted colleagues or external advisors to help you keep perspective and objectivity.

Lesson 5: The Power of Accountability—Owning Up to Mistakes and Moving Forward

Illustrated By: At the episode’s conclusion, Kirk reflects on his actions with McCoy, admitting that his personal feelings clouded his judgment and nearly led to disaster. He doesn’t make excuses but owns up to his mistakes and takes the lessons to heart, recommitting himself to his duty as captain.

Compliance Lesson: True leadership is not about perfection, but about accountability. When personal issues intrude and mistakes are made, the best compliance leaders acknowledge their errors, communicate them transparently, and model a commitment to continuous improvement. This builds credibility, trust, and resilience within the team and across the organization.

Foster a culture of accountability at all levels. After challenging cases, hold post-mortems to identify both successes and failures, and publicly recognize leaders and team members who model accountability. Use mistakes as learning opportunities, not sources of shame.

Final ComplianceLog Reflections

“Obsession” stands as a reminder that even the best leaders are vulnerable when the stakes become personal. But it also shows the power of self-awareness, teamwork, and accountability to bring us back to our best selves. For compliance professionals, the message is clear: We must learn to recognize when our history, emotions, or motivations are shaping our decisions; then pause, reflect, and act by our values and mission.

By encouraging diverse viewpoints, maintaining professional boundaries, and owning our mistakes, we can transform moments of personal challenge into opportunities for growth and organizational strength. That is the essence of ethical leadership in compliance.

So, as you navigate your next difficult investigation or compliance challenge, especially the one that hits close to home, remember Kirk’s journey. Do not shy away from what is personal. Embrace it, learn from it, and lead with courage, humility, and integrity.

  Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

When Compliance Gets Personal: Leadership Lessons from Star Trek’s “Obsession”

In the world of corporate compliance, the most challenging issues are often not the ones found in policies and procedures but the ones that hit close to home. When an investigation, a potential violation, or a risk becomes personal, even the most seasoned compliance professionals can struggle to maintain objectivity, leadership, and ethical clarity.

No episode of Star Trek: The Original Series captures this dilemma more powerfully than “Obsession.” Captain Kirk finds himself battling a deadly cloud-like creature that once decimated his former crew. His pursuit becomes a personal vendetta, blurring the lines between duty and obsession. For compliance professionals, “Obsession” offers a vivid cautionary tale about the dangers and the growth opportunities when leadership gets personal.

Here are five key leadership lessons for compliance professionals, each illustrated by a scene from this classic episode.

Lesson 1: The Danger of Letting Past Failures Drive Present Decisions

Illustrated By:  Early in “Obsession,” Captain Kirk becomes fixated on the mysterious cloud-creature, which he encountered as a young officer. He blames himself for not destroying it years ago, feeling responsible for the deaths of his former crewmates. This guilt clouds his judgment and causes him to pursue the creature at the expense of his current mission and crew.

Compliance Lesson: It is natural for past failures or unresolved issues to haunt compliance professionals, whether it is a missed red flag, a mishandled investigation, or a colleague’s misconduct that slipped through the cracks. However, leadership means acknowledging these feelings without letting them dictate current actions. Fixating on the past can compromise your objectivity, impair decision-making, and erode team trust.

Create a structured debrief process after investigations and audits, encouraging candid discussions of lessons learned—but draw a clear line between healthy reflection and self-blame. If you notice yourself or a colleague ruminating on a past failure, seek outside perspective from a mentor or coach.

Lesson 2: Beware of Conflicts Between Personal Motivations and Organizational Mission

Illustrated By: The pursuit of the creature leads him to override the advice of Spock and McCoy, risking a critical rendezvous with the USS Yorktown, which is carrying vital medical supplies. His vendetta threatens to derail the Enterprise’s primary mission and put others at risk.

Compliance Lesson: Personal motivations, even those rooted in a sense of justice or accountability, can create conflicts with the organization’s broader mission. For compliance leaders, it’s essential to recognize when personal feelings, loyalties, or ambitions are at odds with what’s best for the company, stakeholders, or compliance program as a whole.

Regularly revisit your program’s core mission and values. Before making significant decisions, pause to ask: “Am I doing this for the right reasons? Is this truly about compliance and ethics, or is my agenda creeping in?” Encourage a culture of peer challenge, where team members can safely question each other’s motivations in high-stakes situations.

Lesson 3: Listen to Your Team—Even When You Disagree

Illustrated By: Throughout the episode, Spock, McCoy, and other crew members challenge Kirk’s judgment, pointing out the risks of his obsession. Kirk initially rebuffs their advice, convinced that only he understands the threat. It is only when he finally listens to his officers that he can devise an effective plan to confront the creature.

Compliance Lesson: Leadership in compliance is not about always being right; rather, it is about fostering a culture where diverse perspectives are welcomed, especially when an issue becomes personal. Leaders must actively seek and value dissenting opinions and be open to changing course based on credible advice, even if it stings.

During high-stress or personal cases, explicitly ask your team for feedback and alternative viewpoints. Consider creating “devil’s advocate” roles in investigations and setting ground rules that ensure even junior team members can raise concerns without fear of reprisal.

Lesson 4: Maintain Professional Distance—Don’t Let Emotions Overwhelm Ethics

Illustrated By: Kirk’s obsession nearly leads him to take unnecessary risks, endangering himself and his crew. His emotional investment clouds his judgment, and he pushes past reasonable boundaries in pursuit of what he believes is justice. Only when he regains his professional composure does he successfully lead his crew to resolve the crisis.

Compliance Lesson: When issues become personal, whether due to relationships, past failures, or high stakes, it is easy for emotions to override ethics and professionalism. Compliance leaders must learn to recognize when they are too close to a situation and take deliberate steps to regain perspective.

Build time for reflection into your workflow, especially during emotionally charged investigations. When possible, delegate or recuse yourself from cases where you cannot maintain impartiality. Seek support from trusted colleagues or external advisors to help you keep perspective and objectivity.

Lesson 5: The Power of Accountability—Owning Up to Mistakes and Moving Forward

Illustrated By: At the episode’s conclusion, Kirk reflects on his actions with McCoy, admitting that his personal feelings clouded his judgment and nearly led to disaster. He doesn’t make excuses but owns up to his mistakes and takes the lessons to heart, recommitting himself to his duty as captain.

Compliance Lesson: True leadership is not about perfection, but about accountability. When personal issues intrude and mistakes are made, the best compliance leaders acknowledge their errors, communicate them transparently, and model a commitment to continuous improvement. This builds credibility, trust, and resilience within the team and across the organization.

Foster a culture of accountability at all levels. After challenging cases, hold post-mortems to identify both successes and failures, and publicly recognize leaders and team members who model accountability. Use mistakes as learning opportunities, not sources of shame.

Final ComplianceLog Reflections

“Obsession” stands as a reminder that even the best leaders are vulnerable when the stakes become personal. But it also shows the power of self-awareness, teamwork, and accountability to bring us back to our best selves. For compliance professionals, the message is clear: We must learn to recognize when our history, emotions, or motivations are shaping our decisions; then pause, reflect, and act by our values and mission.

By encouraging diverse viewpoints, maintaining professional boundaries, and owning our mistakes, we can transform moments of personal challenge into opportunities for growth and organizational strength. That is the essence of ethical leadership in compliance.

So, as you navigate your next difficult investigation or compliance challenge, especially the one that hits close to home, remember Kirk’s journey. Do not shy away from what is personal. Embrace it, learn from it, and lead with courage, humility, and integrity.

  Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 41 – Duty Over Ego: Leadership Change in “The Deadly Years”

If you have spent any time in leadership, especially in compliance or corporate governance, you know that one of the most gut-wrenching duties is addressing a colleague who can no longer fulfill their responsibilities. Today, we step onto the bridge and examine five ethical lessons for compliance professionals faced with these hard but necessary transitions. Each lesson is illustrated by a specific scene from “The Deadly Years.”

Lesson 1: Recognize the Signs—Objectivity Must Trump Sentiment

Illustrated By:  Early in the episode, the landing party is exposed to a form of radiation that accelerates aging. Captain Kirk, Spock, Scotty, and others quickly show signs of physical and cognitive decline. Kirk, in particular, becomes forgetful and indecisive, missing important details and even failing to recall security procedures.

Compliance Lessons: The first ethical responsibility is to recognize, without sentiment or denial, when a colleague can no longer perform. Whether due to age, health, burnout, or changing business demands, the signs must be identified early, not ignored out of deference to history or personal loyalty.

Implement regular, objective performance reviews and peer assessments. Train managers to look for early indicators of declining performance, especially in high-stress or high-responsibility roles, and provide pathways for safe, supportive reporting.

Lesson 2: Prioritize Mission and Stakeholders—Not Individual Status

Illustrated By:  As Kirk’s abilities deteriorate, the safety of the Enterprise is jeopardized. He hesitates during a Romulan encounter and issues conflicting orders, putting the crew at risk. Spock and Dr. McCoy discuss his decline, acknowledging their concern for their friend but focusing on the danger to the mission.

Compliance Lesson: An organization’s purpose, stakeholders, and people must come before individual egos or career legacies. Ethical leadership means putting the mission first, even when that requires difficult conversations or unpopular actions. This is especially critical in compliance, where risks can have enterprise-wide impacts.

Make mission-driven decision-making a core value in your compliance program. Regularly communicate that the integrity of the enterprise outweighs personal status. Ensure that all leaders, from the C-suite to middle management, understand that their primary obligation is to the organization and its stakeholders.

Lesson 3: Fair, Transparent Processes Protect All Involved

Illustrated By: When the decline in Kirk’s performance can no longer be denied, Spock and Dr. McCoy convene a competency hearing. The tribunal includes multiple voices and follows Starfleet protocol, providing Kirk with a chance to respond and present evidence on his behalf.

Compliance Lesson: No transition or removal, no matter how justified, should be handled arbitrarily or in secret. Transparent, fair, and standardized processes ensure that all parties are treated with dignity and the organization’s decisions are defensible. Above all is dignity. This approach also protects against accusations of favoritism, discrimination, or retaliation.

Document and publish clear protocols for performance-related transitions. Involve impartial parties in any review. Make sure employees understand their rights, the procedures, and the grounds on which decisions are made.

Lesson 4: Compassion Matters—Even When Delivering Hard News

Illustrated By: After the tribunal, Kirk is relieved of command. The process is formal, but the crew treats Kirk with respect and compassion, recognizing his service and the pain of the moment. No one revels in the transition or diminishes Kirk’s contributions.

Compliance Lesson: Delivering tough messages, especially about the need to move on, can be done with empathy and grace. Recognizing the individual’s service, offering support, and helping with a dignified transition isn’t just “nice”; rather, it should be seen as an ethically necessary. How you handle these moments sets the tone for your organization’s values and can even inspire long-term loyalty and goodwill.

Train managers and HR in compassionate communication. Offer support such as career counseling, retirement planning, or mental health resources to those transitioning. Celebrate achievements and acknowledge contributions, even as you move forward.

Lesson 5: The Right Transition Can Save the Mission

Illustrated By:  With Kirk relieved, Commodore Stocker takes command but quickly demonstrates a lack of field experience, putting the ship in further jeopardy. Meanwhile, Dr. McCoy and Spock race against time to find a cure for the aging disease. Once Kirk is restored to health, he returns to command, draws on his experience and instincts, and saves the Enterprise from destruction.

Compliance Lesson: Transitioning a colleague should never be punitive or personal; it’s about restoring the organization to its highest level of functioning. Sometimes, this means moving a leader aside temporarily until they can return or helping someone find a better fit for their abilities. The right person, in the proper role, at the right time, is critical for compliance and organizational health.

Build flexibility into your transition policies. Consider temporary reassignments, sabbaticals, or other options before a final separation. Always keep the focus on what’s best for the mission, the team, and the individual.

Final ComplianceLog Reflections

No compliance professional relishes the moment when a valued colleague must be asked to step aside. But “The Deadly Years” reminds us that the greatest danger lies not in transition, but in denial, sentimentality, or failure to act. As Kirk, Spock, and McCoy demonstrate, the hard path, handled with fairness, transparency, dignity, and compassion, is always the ethical path.

For compliance professionals, this means being vigilant for declining performance, putting mission first, insisting on fair and transparent processes, and consistently delivering hard news with empathy. It also means recognizing that transition is sometimes temporary and, with the proper support, colleagues can return, renewed and ready for new challenges.

As organizations face the “deadly years” of rapid change, new risks, and mounting expectations, may we all steer our ships with courage, wisdom, and integrity, ensuring that the right people are at the helm, for the good of all.

 Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The Hardest Command: Ethical Transitions and “The Deadly Years” for Compliance Professionals

Suppose you have spent any time in leadership, especially in compliance or corporate governance. In that case, you know that one of the most gut-wrenching duties is addressing a colleague who can no longer fulfill their responsibilities. Loyalty, empathy, and organizational needs collide in these moments. Few pop culture stories tackle this theme with more clarity and drama than Star Trek: The Original Series episode “The Deadly Years.” Here, the Enterprise crew confronts rapid aging, physical decline, and, most significantly, the consequences when a leader cannot perform.

Today, we step onto the bridge and examine five ethical lessons for compliance professionals faced with these hard but necessary transitions. Each lesson is illustrated by a specific scene from “The Deadly Years.”

Lesson 1: Recognize the Signs—Objectivity Must Trump Sentiment

Illustrated By:  Early in the episode, the landing party is exposed to a form of radiation that accelerates aging. Captain Kirk, Spock, Scotty, and others quickly show signs of physical and cognitive decline. Kirk, in particular, becomes forgetful and indecisive, missing important details and even failing to recall security procedures.

Compliance Lessons: The first ethical responsibility is to recognize, without sentiment or denial, when a colleague can no longer perform. Whether due to age, health, burnout, or changing business demands, the signs must be identified early, not ignored out of deference to history or personal loyalty.

Implement regular, objective performance reviews and peer assessments. Train managers to look for early indicators of declining performance, especially in high-stress or high-responsibility roles, and provide pathways for safe, supportive reporting.

Lesson 2: Prioritize Mission and Stakeholders—Not Individual Status

Illustrated By:  As Kirk’s abilities deteriorate, the safety of the Enterprise is jeopardized. He hesitates during a Romulan encounter and issues conflicting orders, putting the crew at risk. Spock and Dr. McCoy discuss his decline, acknowledging their concern for their friend but focusing on the danger to the mission.

Compliance Lesson: An organization’s purpose, stakeholders, and people must come before individual egos or career legacies. Ethical leadership means putting the mission first, even when that requires difficult conversations or unpopular actions. This is especially critical in compliance, where risks can have enterprise-wide impacts.

Make mission-driven decision-making a core value in your compliance program. Regularly communicate that the integrity of the enterprise outweighs personal status. Ensure that all leaders, from the C-suite to middle management, understand that their primary obligation is to the organization and its stakeholders.

Lesson 3: Fair, Transparent Processes Protect All Involved

Illustrated By: When the decline in Kirk’s performance can no longer be denied, Spock and Dr. McCoy convene a competency hearing. The tribunal includes multiple voices and follows Starfleet protocol, providing Kirk with a chance to respond and present evidence on his behalf.

Compliance Lesson: No transition or removal, no matter how justified, should be handled arbitrarily or in secret. Transparent, fair, and standardized processes ensure that all parties are treated with dignity and the organization’s decisions are defensible. Above all is dignity. This approach also protects against accusations of favoritism, discrimination, or retaliation.

Document and publish clear protocols for performance-related transitions. Involve impartial parties in any review. Make sure employees understand their rights, the procedures, and the grounds on which decisions are made.

Lesson 4: Compassion Matters—Even When Delivering Hard News

Illustrated By: After the tribunal, Kirk is relieved of command. The process is formal, but the crew treats Kirk with respect and compassion, recognizing his service and the pain of the moment. No one revels in the transition or diminishes Kirk’s contributions.

Compliance Lesson: Delivering tough messages, especially about the need to move on, can be done with empathy and grace. Recognizing the individual’s service, offering support, and helping with a dignified transition isn’t just “nice”; rather, it should be seen as an ethically necessary. How you handle these moments sets the tone for your organization’s values and can even inspire long-term loyalty and goodwill.

Train managers and HR in compassionate communication. Offer support such as career counseling, retirement planning, or mental health resources to those transitioning. Celebrate achievements and acknowledge contributions, even as you move forward.

Lesson 5: The Right Transition Can Save the Mission

Illustrated By:  With Kirk relieved, Commodore Stocker takes command but quickly demonstrates a lack of field experience, putting the ship in further jeopardy. Meanwhile, Dr. McCoy and Spock race against time to find a cure for the aging disease. Once Kirk is restored to health, he returns to command, draws on his experience and instincts, and saves the Enterprise from destruction.

Compliance Lesson: Transitioning a colleague should never be punitive or personal; it’s about restoring the organization to its highest level of functioning. Sometimes, this means moving a leader aside temporarily until they can return or helping someone find a better fit for their abilities. The right person, in the proper role, at the right time, is critical for compliance and organizational health.

Build flexibility into your transition policies. Consider temporary reassignments, sabbaticals, or other options before a final separation. Always keep the focus on what’s best for the mission, the team, and the individual.

Final ComplianceLog Reflections

No compliance professional relishes the moment when a valued colleague must be asked to step aside. But “The Deadly Years” reminds us that the greatest danger lies not in transition, but in denial, sentimentality, or failure to act. As Kirk, Spock, and McCoy demonstrate, the hard path, handled with fairness, transparency, dignity, and compassion, is always the ethical path.

For compliance professionals, this means being vigilant for declining performance, putting mission first, insisting on fair and transparent processes, and consistently delivering hard news with empathy. It also means recognizing that transition is sometimes temporary and, with the proper support, colleagues can return, renewed and ready for new challenges.

As organizations face the “deadly years” of rapid change, new risks, and mounting expectations, may we all steer our ships with courage, wisdom, and integrity, ensuring that the right people are at the helm, for the good of all.

 Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Design-Centric Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at design-centric controls that lay the groundwork for effective internal controls.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 40 – Prime Directive Decisions: Ethics in Action from Star Trek’s “Friday’s Child”

Star Trek has always been about more than adventure. It is often a mirror for our ethical challenges, especially for those tasked with steering organizations through the tricky space of corporate compliance. The original series episode “Friday’s Child” offers a compelling look at negotiation, trust, and ethics under fire. While set on the distant planet Capella IV, the dilemmas faced by Captain Kirk and his crew echo those in today’s boardrooms and compliance departments. Today, we set our phasers to “learn” and beam down five ethical lessons for compliance professionals, each tied to a defining scene from this classic episode.

Lesson 1: Respect Local Customs—Even When They Conflict With Your Own Values

Illustrated By: Upon arrival on Capella IV, Kirk and his landing party encounter the fiercely traditional Capellan society. The Capellans’ customs, particularly their views on leadership and the role of women, are in stark contrast to those of the Federation. Kirk and Dr. McCoy are forced to tread carefully, knowing that any misstep could lead to violence or destroy negotiations.

Compliance Lesson: Operating globally means working in environments where local laws and customs may clash with your organization’s values or home-country regulations. Compliance professionals must develop cultural intelligence and adapt without compromising core ethical standards. Kirk’s diplomacy demonstrates the importance of engaging with local practices respectfully, seeking understanding before judgment.

Provide training for teams working abroad, focusing on cultural sensitivity and practical ways to address conflicts between local customs and organizational policies. Create protocols for escalating issues when legal or ethical lines are at risk of being crossed.

Lesson 2: Integrity in Negotiation Is Non-Negotiable

Illustrated By: As the Federation seeks mining rights on Capella IV, the Klingons arrive to negotiate with the Capellans, bringing duplicity and manipulation. The Klingon emissary, Kras, offers bribes and deceit, but Kirk insists on transparency—even when it puts the mission at risk.

Compliance Lesson: Negotiations, whether with third parties or regulators, test ethical boundaries. While competitors may take shortcuts or resort to unethical tactics, a compliance-driven organization must prioritize integrity. Kirk’s refusal to engage in deception sets a tone of ethical leadership that earns the grudging respect of the Capellans.

Embed ethics in your negotiation strategy. Establish clear boundaries and a code of conduct for employees and third parties, making it clear that winning at any cost is not acceptable. Regularly audit negotiations for compliance with both law and company values.

Lesson 3: Protect the Vulnerable—Even When It’s Not Easy

Illustrated By: After the assassination of Akaar, the Capellan leader, his pregnant widow, Eleen, becomes the target of violence. Federation protocol would have Kirk and his team withdraw, but McCoy and Kirk insist on protecting Eleen and her unborn child, risking their safety and the mission.

Compliance Lesson: Organizations must safeguard those in vulnerable positions—whether whistleblowers, employees facing retaliation, or communities impacted by business decisions. The true ethical test is what you do when protecting the vulnerable is inconvenient, costly, or unpopular.

Establish robust whistleblower protection programs, anti-retaliation measures, and processes for identifying at-risk individuals or groups. Make it clear that ethical obligations to protect the vulnerable are not optional, but a core part of your compliance mission.

Lesson 4: Ethical Courage Means Making Unpopular Decisions

Illustrated By: When Eleen, following Capellan law, insists that she does not want her child, McCoy faces a stark ethical dilemma. He risks offending her and violating local tradition by insisting on the child’s birth, believing it to be in her and the child’s best interests. Ultimately, his actions save both Eleen and her child, who becomes the new heir.

Compliance Lesson: There are moments when ethical behavior demands standing alone, challenging consensus, or confronting deeply ingrained practices. McCoy’s “tough love” illustrates the courage required to make the right decision, even when it’s not the popular one.

Lesson 5: Transparency and Communication Build Trust in Crisis

Illustrated By: As Kirk, Spock, McCoy, and Eleen flee from the Capellans and Klingons, success depends on clear, honest communication. Kirk keeps his crew and even Eleen informed at every stage, which allows them to adapt quickly and survive the dangers they face together.

Compliance Lesson: During crises, be it a compliance investigation, regulatory challenge, or public scandal, transparency and timely communication are critical. Hiding information, even with good intentions, breeds suspicion and undermines trust. Kirk’s example shows that open communication is not a luxury but a necessity, especially under pressure.

Prepare crisis communication protocols in advance. Train leaders to communicate openly, honestly, and quickly during emergencies. Ensure employees know how, when, and where to report issues, and how updates will be provided as matters evolve.

Final ComplianceLog Reflections

“Friday’s Child” may be set on a planet of warriors, but its ethical lessons are universal. For compliance professionals, the episode is a case study in what it means to lead ethically when stakes are high, the rules are unclear, and the path is fraught with danger.

From respecting local customs to standing up for the vulnerable, even at great personal or professional cost, the crew of the Enterprise demonstrates that ethics is not a luxury, but the core of mission success. The compliance officer’s role is not unlike Kirk’s: to navigate complexity, negotiate with integrity, protect those at risk, summon courage in the face of unpopularity, and build trust through transparency.

In a world where every new market brings new challenges and every crisis tests our character, “Friday’s Child” offers this timeless guidance: set your course by your values, and let ethical leadership be your prime directive.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

COSO’s Corporate Governance Framework: Component 6 – Resilience

We continue our exploration of the recently released COSO  Corporate Governance Framework (the Framework) as a Public Exposure Draft.  Today, we begin a deep dive into the six individual components with a discussion of Component 6—Resilience. In today’s volatile business climate, one thing is sure: disruption is no longer the exception; it has become the norm. Whether it’s a cybersecurity incident, regulatory upheaval, geopolitical instability, or reputational crisis, the organizations that thrive are those that can bend without breaking. That’s why Component 6 – Resilience in the COSO Corporate Governance Framework (CGF) is more than timely; it may well be foundational.

For the compliance professional, resilience isn’t just about bouncing back—it’s about designing governance systems that withstand, anticipate, and even leverage disruption. The CGF reframes resilience as an integrated model that weaves together risk management, compliance, internal control, and continuous monitoring. This final Component of the framework is where compliance moves from policy enforcement to value creation. It is where compliance becomes a partner in operational continuity, strategic foresight, and cultural durability.

What Is the Resilience Component?

COSO defines resilience as the ability to withstand disruption, adapt to change, seize opportunity, and sustain long-term value. It is not reactive firefighting but rather about proactive design. This Component is structured around four principles:

  1. Manage and Oversee Risks and Opportunities
  2. Manage Compliance Responsibilities
  3. Establish and Evaluate Internal Control
  4. Monitor Governance Effectiveness

These principles span strategic, operational, and cultural dimensions of governance, reinforcing that a single function doesn’t own resilience. It’s built collaboratively across the board, executive leadership, internal audit, risk, and yes, compliance.

Why Resilience Belongs to Compliance

Compliance has continuously operated at the intersection of policy, people, and process. But in the Framework view, compliance is a key architect of resilience. Why? Because of the following:

  • Compliance sees how risks evolve across geographies, regulations, and business lines.
  • Compliance manages escalation, remediation, and accountability processes.
  • Compliance helps define the thresholds for risk acceptance and control failure.
  • Compliance monitors ethics and behavior—early indicators of cultural cracks.
  • Compliance is a trusted communicator in times of crisis.

The Resilience Component is our invitation to lead not just to prevent harm, but to build strength.

Five Key Lessons for Compliance Professionals

Lesson 1: Governance Without Risk Integration Is Incomplete

Principle 21: Manage and Oversee Risks and Opportunities

Executive management, with board oversight, must establish a structured, dynamic risk management process that aligns strategy, performance, and risk appetite. The board must allocate oversight of risk areas across committees while maintaining integrated ownership of enterprise-level risks.

Compliance Tip: Engage with your risk management function to ensure your compliance risks, such as regulatory enforcement, third-party integrity, and misconduct, are embedded in enterprise risk registers and heatmaps. Use scenario planning to show how legal and compliance risks could disrupt strategic objectives. Partner with the CRO to lead cross-functional risk workshops that consider both downside risk and upside opportunity (e.g., entering new markets with strong compliance advantages).

Lesson 2: Compliance Is Not a Silo—It’s a System

Principle 22: Manage Compliance Responsibilities

Compliance must be embedded across the enterprise, with clear ownership, independent oversight, robust policies, and responsive change management. The CCO must have the authority, access, and independence to lead an effective compliance program that evolves with risk.

Compliance Tip: Ensure your program includes both centralized compliance (for policy and strategy) and decentralized compliance partners (within functions or geographies). Consistency is key, but so is contextualization. Build a compliance change management protocol that activates when laws shift or operations expand. This should include regulatory horizon scanning, impact assessments, stakeholder training, and updated controls. Resilience depends on staying current, not compliant with yesterday’s standards.

Lesson 3: Internal Control Is Not Just Finance—It’s Enterprise Resilience

Principle 23: Establish and Evaluate Internal Control

Internal controls must support the achievement of operational, reporting, and compliance objectives. Executive management must align controls with ethics, legal obligations, and the entity’s risk profile, and boards must oversee their design and effectiveness.

Compliance Tip: Expand your oversight of controls beyond SOX and financial reporting. Review controls around conflicts of interest, data protection, anti-corruption, and third-party oversight. Collaborate with internal audit and risk to integrate compliance controls into enterprise-wide control frameworks and control testing cycles. Use this alignment to identify duplication, streamline assurance, and enhance board visibility.

Lesson 4: Monitoring Isn’t About Activity—It’s About Insight

Principle 24: Monitor Governance Effectiveness

Governance must be continuously monitored, not just audited periodically. This includes reviewing trends, stakeholder expectations, and gaps in policy or performance. Both the board and management should receive real-time insights on culture, compliance, and risk exposure.

Compliance Tip: Build dashboards that combine hard compliance metrics (e.g., training rates, hotline activity) with qualitative indicators (e.g., engagement survey results, tone-at-the-top assessments). Present these to executive leadership as part of quarterly reporting. Lead a governance “lookback” exercise after key incidents, such as investigations, regulatory inquiries, or market shifts. What worked? What broke down? What signals were missed? This practice turns mistakes into muscle.

Lesson 5: Technology Is a Force Multiplier—Use It to Scale Resilience

COSO highlights the power of technology, like GRC systems, data analytics, and artificial intelligence, to drive smarter, faster governance. Resilience requires visibility and agility, which technology can deliver when thoughtfully deployed.

Compliance Tip: Leverage tech to automate monitoring of high-risk processes, such as gifts & hospitality, vendor onboarding, or export controls. Use exception alerts to flag potential issues before they escalate—pilot predictive analytics for culture and ethics risk. Combine internal data (e.g., survey responses, exit interviews, training patterns) with external signals (e.g., Glassdoor, whistleblower trends) to identify emerging hotspots. That’s how resilient organizations get ahead of reputation-damaging crises.

Building a Resilience-Driven Compliance Program

Use COSO’s Resilience Component as the blueprint for a more integrated, forward-looking compliance program. Here’s how to begin:

  • Risk Integration: Map compliance risks to strategic objectives and ensure alignment with ERM.
  • Compliance Ownership: Assign roles and responsibilities at all levels, with a clear reporting line to the board.
  • Controls Framework: Ensure compliance controls are part of your internal control evaluation process, not isolated.
  • Technology Enablement: Deploy automation and analytics to monitor, report, and adapt.
  • Monitoring Infrastructure: Create a system for real-time visibility and feedback across all six COSO governance components.

This is not simply about regulatory defense. It’s about strategic readiness and stakeholder trust.

What Boards Need to Hear from Compliance

Bring these messages to your next governance, audit, or risk committee meeting:

  • Resilience is the outcome of integrated governance, compliance, risk, internal control, and culture that must work together.
  • Compliance is a strategic partner in managing disruption, not just avoiding penalties.
  • The board should regularly review compliance monitoring dashboards alongside risk and financial data.
  • The compliance function must be properly resourced and independent to support resilience.
  • Resilience is not just bouncing back; it is about designing systems that do not fold under pressure.

When boards see compliance as an enabler of value, not just a cost center, they make better decisions and support stronger programs.

Final Thoughts: Resilience Is the Future of Compliance

The COSO Resilience Component confirms what many of us have been saying for years: compliance must evolve from a reactive function to a proactive pillar of enterprise stability.

Do not simply write the policy. Build the process. Don’t just monitor conduct. Predict behavior. Don’t just advise in hindsight. Prepare with foresight. Because in governance, resilience isn’t a buzzword; it is a business model. And compliance is right at the center of making it real.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.