Tag: compliance

Categories
Daily Compliance News

Daily Compliance News: July 9, 2025, The TACO Don Caves Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top compliance stories:

  • What happens when your bot goes antisemitic? (⁠NYT⁠)
  • Spanish PM announces new ABC laws amid graft probe. (⁠Bloomberg)⁠
  • Trump pushes back on tariff dates yet again. (⁠WSJ⁠)
  • Vibe coding for compliance. (⁠WSJ⁠)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief ⁠here⁠

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 38 – Professionalism in the Unknown: Compliance Leadership Lessons from “Metamorphosis”

In the universe of corporate compliance, pressure is a constant. Whether facing a sudden investigation, navigating a crisis, or mediating high-stakes negotiations, the capacity to remain professional and ethically grounded is what separates a merely good compliance officer from a great one. Few pop culture references embody this principle more vividly than the classic Star Trek: The Original Series episode, “Metamorphosis.” Today, we dive into critical lessons for compliance professionals, each illustrated by a pivotal scene from “Metamorphosis.”

Lesson 1: Maintain Calm Objectivity—Even When You’re Under Fire

Illustrated By: Upon realizing that the Companion has hijacked their shuttle and they’re trapped on the planetoid, tensions run high.

Compliance Lesson: Professionalism in such situations demands composure and objectivity. A compliance officer’s ability to remain unflappable, not just for their own sake, but to reassure and stabilize others, is essential for effective problem-solving and ethical decision-making.

Lesson 2: Empathy and Respect Are Critical—Even for Those You Don’t Understand

Illustrated By: The crew quickly learns the Companion is an alien being beyond their understanding, communicating in ways that defy their usual protocols.

Compliance Lesson:

Professionalism requires empathy, respect, and a genuine effort to understand all perspectives, not just those that align with our own.

Lesson 3: Uphold Procedural Fairness—Even When Expediency Tempts You

Illustrated By: Desperate to return Commissioner Hedford to the Enterprise for urgent medical care, Kirk considers using force against the Companion.

Compliance Lesson: Compliance professionalism means adhering to investigative protocols, ensuring fairness for all parties, even if it slows down the process or complicates things.

Lesson 4: Ethical Decision-Making Requires Teamwork and Diverse Perspectives

Illustrated By: When initial attempts to reason with the Companion fail, Kirk doesn’t go it alone. Solution: merging Hedford’s consciousness with the Companion, which saves her life and resolves the impasse.

Compliance Lesson: Compliance professionalism is reinforced by seeking out diverse viewpoints, including legal, operational, cultural, and human.

Lesson 5: Never Lose Sight of Humanity—The “Why” Behind Compliance

Illustrated By: As the Companion merges with Commissioner Hedford, she is given a second chance at life but must remain on the planetoid.

Compliance Lesson: True professionalism and ethical compliance leadership mean never losing sight of the human element. The best compliance professionals serve not just the organization but also the individuals whose lives are impacted by their actions.

Final ComplianceLog Reflections

“Metamorphosis” stands as one of Star Trek’s most poignant explorations of transformation, not just of an alien being, but of the attitudes and perspectives of everyone involved. For compliance professionals, it serves as a powerful reminder: professionalism is not merely a matter of following procedures but of embodying the best of our values under pressure.

Maintaining objectivity, empathy, fairness, teamwork, and humanity, even in the face of the unknown, are the true hallmarks of ethical leadership in compliance. Every investigation, every high-stress moment, is an opportunity to transform not only the situation but also ourselves and our organizations.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Steadfast Under Pressure: Professionalism and Ethical Lessons from Star Trek’s “Metamorphosis”

In the universe of corporate compliance, pressure is a constant. Whether facing a sudden investigation, navigating a crisis, or mediating high-stakes negotiations, the capacity to remain professional and ethically grounded is what separates a merely good compliance officer from a great one. Few pop culture references embody this principle more vividly than the classic Star Trek: The Original Series episode, “Metamorphosis.”

Set against the backdrop of a forced landing on a remote asteroid, “Metamorphosis” finds Captain Kirk, Spock, Dr. McCoy, and Commissioner Nancy Hedford stranded by an enigmatic alien entity known as the Companion. Their struggle to survive and mediate a clash of perspectives. It provides a near-perfect parallel to the kinds of professional and ethical challenges compliance professionals routinely face during investigations and stressful situations. Today, we dive into critical lessons for compliance professionals, each illustrated by a pivotal scene from “Metamorphosis.”

Lesson 1: Maintain Calm Objectivity—Even When You’re Under Fire

Illustrated By: Upon realizing that the Companion has hijacked their shuttle and they’re trapped on the planetoid, tensions run high. Commissioner Hedford, suffering from a life-threatening illness and a rapidly fading hope for rescue, becomes increasingly distraught. Yet Kirk and Spock methodically assess their environment and resources, refusing to let panic cloud their decision-making.

Compliance Lesson:

Investigations and crises often produce high-stress, high-stakes environments where anxiety and emotion run rampant. Professionalism in such situations demands composure and objectivity. A compliance officer’s ability to remain unflappable, not just for their own sake, but to reassure and stabilize others, is essential for effective problem-solving and ethical decision-making.

Train teams in stress management and crisis communication. Develop checklists and playbooks for investigative response to minimize decision-making under duress—model calm behavior to set the tone for the entire team.

Lesson 2: Empathy and Respect Are Critical—Even for Those You Don’t Understand

Illustrated By: The crew quickly learns the Companion is an alien being beyond their understanding, communicating in ways that defy their usual protocols. Instead of responding with hostility or frustration, Kirk and Spock seek to understand the Companion’s motives, with Spock even attempting a technological “translation” to bridge the communication gap.

Compliance Lesson: During investigations or stressful encounters, it’s easy to become impatient with those who seem uncooperative or “different,” whether they’re interview subjects, whistleblowers, or business partners from unfamiliar cultures. Professionalism requires empathy, respect, and a genuine effort to understand all perspectives, not just those that align with our own.

Integrate empathy training into your compliance curriculum. Remind investigators and managers that cultural, emotional, and even technological barriers are not obstacles to ignore but invitations to connect.

Lesson 3: Uphold Procedural Fairness—Even When Expediency Tempts You

Illustrated By: Desperate to return Commissioner Hedford to the Enterprise for urgent medical care, Kirk considers using force against the Companion. However, both Spock and McCoy caution against a hasty, confrontational approach. The crew ultimately respects due process, attempting diplomacy and dialogue before resorting to more drastic measures.

Compliance Lesson: Under pressure, shortcuts can seem tempting, such as skipping interviews, overlooking evidence, or rushing conclusions for the sake of expediency. However, professionalism in compliance means adhering to investigative protocols, ensuring fairness for all parties, even if it slows down the process or complicates things.

Institute clear, step-by-step protocols for investigations, and hold teams accountable for following them. Empower compliance personnel to speak up when they see due process being sidestepped.

Lesson 4: Ethical Decision-Making Requires Teamwork and Diverse Perspectives

Illustrated By: When initial attempts to reason with the Companion fail, Kirk doesn’t go it alone. He gathers input from Spock, McCoy, and even Commissioner Hedford, blending logic, medicine, diplomacy, and personal perspective. This collective approach yields a creative solution: merging Hedford’s consciousness with the Companion, which saves her life and resolves the impasse.

Compliance Lesson: Complex investigations rarely have easy answers. Ethical professionalism is reinforced by seeking out diverse viewpoints—legal, operational, cultural, and human—ensuring a comprehensive understanding of the issues at hand. The best compliance outcomes emerge from teams that respect each member’s expertise and encourage candid dialogue.

Promote cross-functional collaboration in every investigation. Debrief as a team after each case, capturing different perspectives and lessons learned for future improvement.

Lesson 5: Never Lose Sight of Humanity—The “Why” Behind Compliance

Illustrated By: As the Companion merges with Commissioner Hedford, she is given a second chance at life but must remain on the planetoid. Kirk and his crew, despite their desire to return to the Enterprise, recognize the profound importance of personal dignity and happiness in their resolution. They leave Hedford/Companion with Cochrane, honoring the choice made for love and fulfillment.

Compliance Lesson: In the rush to resolve crises or complete investigations, it’s easy to focus on policy, rules, and process at the expense of people. But true professionalism and ethical compliance leadership mean never losing sight of the human element. The best compliance professionals serve not just the organization but also the individuals whose lives are impacted by their actions.

Balance every investigative and crisis response protocol with compassion. Regularly revisit the organization’s values and “why” behind the compliance program. Use stories and real-life examples to remind teams of the human cost and benefit of ethical professionalism.

Final ComplianceLog Reflections

“Metamorphosis” stands as one of Star Trek’s most poignant explorations of transformation, not just of an alien being, but of the attitudes and perspectives of everyone involved. For compliance professionals, it serves as a powerful reminder: professionalism is not merely a matter of following procedures but of embodying the best of our values under pressure.

Maintaining objectivity, empathy, fairness, teamwork, and humanity, even in the face of the unknown, are the true hallmarks of ethical leadership in compliance. Every investigation, every high-stress moment, is an opportunity to transform not only the situation but also ourselves and our organizations.

As you lead your team through the next compliance challenge, remember the example set by Kirk, Spock, and McCoy. Stay calm. Seek to understand. Uphold fairness. Embrace teamwork. And above all, never forget the people at the heart of every compliance story.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Internal Control Deficiencies

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with concise, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at how to deal with and report internal control deficiencies.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 37 – Corporate Governance Lessons from Star Trek’s “I, Mudd”

Who could have imagined that “I, Mudd,” a quirky, comedic episode from Star Trek: TOS, would offer valuable lessons in corporate governance? Yet, here we are, boldly going where no compliance blogger has gone before, using the misadventures of Captain Kirk and the enigmatic Harry Mudd to distill governance wisdom for modern compliance practitioners.

In this episode, “I, Mudd,” the Enterprise crew encounters Harry Mudd once more, stranded on a planet ruled by androids who are both obsessed with order and baffled by human irrationality. Mudd attempts to exploit the androids’ logic for his gain but soon finds himself captive to their strict interpretation of governance, leading Kirk and crew to intervene with creative tactics. Beneath the humor and hijinks lie critical corporate governance principles highly relevant to today’s compliance professionals.

Lesson 1: Transparency is Essential in Leadership

Illustrated By: Discovery of Harry Mudd’s True Motives and History with the Androids.

Governance Lesson. In corporate governance, transparency is equally crucial. Leaders who operate without openness risk organizational distrust, inefficiency, and dysfunction. Transparent leadership is foundational in governance; it supports robust stakeholder trust, improves organizational effectiveness, and mitigates potential scandals or compliance failures.

As compliance professionals, our role includes advocating for transparent communication channels, clear decision-making processes, and openly accessible policies and procedures. Creating a corporate culture of transparency ensures that the organization remains credible and effective in meeting both regulatory requirements and stakeholder expectations.

Lesson 2: Balance Between Structure and Flexibility

Illustrated By: The Androids’ Rigid Governance Framework. The androids in “I, Mudd” operate within an inflexible, logic-driven governance structure, incapable of handling unpredictable or irrational behavior. Their strict adherence to rules, without flexibility or situational judgment, ultimately leads to their downfall, as Kirk creatively exploits their rigidity.

Governance Lesson. This episode perfectly illustrates the need for governance structures to maintain balance. Compliance professionals must strive to find the optimal balance, developing corporate governance frameworks that are robust enough to ensure compliance while also being adaptable enough to meet the shifting regulatory and business environments.

Lesson 3: Importance of Ethical Leadership and Integrity

Illustrated By: Harry Mudd’s Attempts to Manipulate Android Governance.

Governance Lesson. This scenario resonates deeply within corporate governance. Integrity and ethical behavior must underpin all governance activities. Leaders who prioritize short-term gains over ethical conduct inevitably compromise their organization’s long-term health and credibility.

Lesson 4: Critical Thinking and Challenging Assumptions

Illustrated By: Kirk and Crew’s Strategy to Confuse the Androids with Illogical Behavior.

Governance Lesson. In a corporate context, governance systems sometimes become complacent, relying heavily on assumptions about internal controls, the effectiveness of risk management, and ethical conduct. Compliance leaders must encourage ongoing critical thinking, regularly challenging these assumptions to uncover vulnerabilities and weaknesses.

Lesson 5: The Value of Diversity and Human Insight in Governance

Illustrated By: The Androids’ Failure to Comprehend Human Nuance and Individuality.

Governance Lesson. Corporate governance similarly benefits from diverse perspectives, experiences, and insights. Organizations overly dependent on homogeneous leadership perspectives or mechanical decision-making processes become vulnerable to blind spots, groupthink, and systemic errors.

Final ComplianceLog Reflections

Who could have predicted that governance wisdom would emanate so vividly from the colorful escapades aboard the Enterprise with Harry Mudd and the androids? Yet, as compliance evangelists, we learn that corporate governance principles, such as transparency, ethical leadership, balanced structures, critical thinking, and diversity, are truly timeless.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Governing Wisely: Five Corporate Governance Lessons from Star Trek’s “I, Mudd”

Who could have imagined that “I, Mudd,” a quirky, comedic episode from Star Trek: The Original Series, would offer valuable lessons in corporate governance? Yet, here we are, boldly going where no compliance blogger has gone before, using the misadventures of Captain Kirk and the enigmatic Harry Mudd to distill governance wisdom for modern compliance practitioners.

In this episode, “I, Mudd,” the Enterprise crew encounters Harry Mudd once more, stranded on a planet ruled by androids who are both obsessed with order and baffled by human irrationality. Mudd attempts to exploit the androids’ logic for his gain but soon finds himself captive to their strict interpretation of governance, leading Kirk and crew to intervene with creative tactics. Beneath the humor and hijinks lie critical corporate governance principles highly relevant to today’s compliance professionals. Let’s dive deeper.

Lesson 1: Transparency is Essential in Leadership

Illustrated By: Discovery of Harry Mudd’s True Motives and History with the Androids.

Early in the episode, Kirk and the Enterprise crew uncover that Harry Mudd has deceived both them and the androids, presenting himself falsely to hide his questionable motives. His lack of transparency ultimately erodes trust, causing tension, conflict, and misunderstandings.

In corporate governance, transparency is equally crucial. Leaders who operate without openness risk organizational distrust, inefficiency, and dysfunction. Transparent leadership is foundational in governance—it supports robust stakeholder trust, improves organizational effectiveness, and mitigates potential scandals or compliance failures.

As compliance professionals, our role includes advocating for transparent communication channels, clear decision-making processes, and openly accessible policies and procedures. Creating a corporate culture of transparency ensures that the organization remains credible and effective in meeting both regulatory requirements and stakeholder expectations.

Lesson 2: Balance Between Structure and Flexibility

Illustrated By: The Androids’ Rigid Governance Framework. The androids in “I, Mudd” operate within an inflexible, logic-driven governance structure, incapable of handling unpredictable or irrational behavior. Their strict adherence to rules, without flexibility or situational judgment, ultimately leads to their downfall, as Kirk creatively exploits their rigidity.

This episode perfectly illustrates the need for governance structures to maintain balance. Excessively rigid controls can stifle innovation, responsiveness, and organizational resilience. Conversely, too much flexibility can lead to inconsistent decision-making and compliance vulnerabilities. Compliance professionals must strive to find the optimal balance, developing corporate governance frameworks that are robust enough to ensure compliance while also being adaptable enough to meet the shifting regulatory and business environments. A well-balanced governance approach allows organizations to respond effectively to unforeseen challenges while maintaining critical controls.

Lesson 3: Importance of Ethical Leadership and Integrity

Illustrated By: Harry Mudd’s Attempts to Manipulate Android Governance. Harry Mudd’s self-serving manipulations and attempts to exploit governance structures for personal gain represent a classic example of unethical leadership. His disregard for ethical integrity generates instability and places everyone, including himself, at risk.

This scenario resonates deeply within corporate governance. Integrity and ethical behavior must underpin all governance activities. Leaders who prioritize short-term gains over ethical conduct inevitably compromise their organization’s long-term health and credibility.

Compliance professionals play a vital role in deeply embedding ethics into an organization’s culture and governance processes. Encouraging ethical leadership, providing comprehensive ethics training, and embedding ethical considerations into all governance decisions fortifies the organization’s resilience against corruption, scandals, and regulatory scrutiny.

Lesson 4: Critical Thinking and Challenging Assumptions

Illustrated By: Kirk and Crew’s Strategy to Confuse the Androids with Illogical Behavior. Perhaps the most memorable and amusing scene in “I, Mudd” occurs when Kirk and his crew use creative, illogical behaviors to disrupt the androids’ strictly logical governance system. This tactic underscores the importance of critical thinking and challenging assumptions inherent in established governance practices.

Governance Lesson. In a corporate context, governance systems sometimes become complacent, relying heavily on assumptions about internal controls, the effectiveness of risk management, and ethical conduct. Compliance leaders must encourage ongoing critical thinking, regularly challenging these assumptions to uncover vulnerabilities and weaknesses.

Regular audits, testing governance procedures through scenario planning and tabletop exercises, and encouraging critical questioning by employees help ensure governance systems remain robust, flexible, and prepared to manage emerging threats. This proactive approach safeguards organizations from complacency-induced governance failures.

Lesson 5: The Value of Diversity and Human Insight in Governance

Illustrated By: The Androids’ Failure to Comprehend Human Nuance and Individuality. In “I, Mudd,” the androids’ governance system fails primarily because they cannot appreciate human diversity, emotional intelligence, and individuality. Their failure underscores the importance of these factors in effective governance.

Governance Lesson. Corporate governance similarly benefits from diverse perspectives, experiences, and insights. Organizations overly dependent on homogeneous leadership perspectives or mechanical decision-making processes become vulnerable to blind spots, groupthink, and systemic errors.

Compliance officers must advocate vigorously for diversity across governance committees, senior management teams, and boards. Diverse perspectives, combining analytical rigor and human insight, allow governance processes to anticipate better, understand, and manage risks, regulatory requirements, and ethical considerations. Encouraging and valuing diverse voices and fostering inclusion greatly enhances organizational decision-making and governance efficacy.

Final ComplianceLog Reflections

Who could have predicted that governance wisdom would emanate so vividly from the colorful escapades aboard the Enterprise with Harry Mudd and the androids? Yet, as compliance evangelists, we learn that corporate governance principles, such as transparency, ethical leadership, balanced structures, critical thinking, and diversity, are truly timeless.

By integrating these lessons into governance practices, compliance professionals can cultivate organizations that are capable of navigating complexities, mitigating risks, and ensuring adherence to ethical and regulatory standards. As Captain Kirk and his intrepid crew demonstrate, effective governance requires clarity, adaptability, ethical strength, critical thinking, and diverse insights—qualities indispensable for addressing today’s corporate governance challenges.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Assessing Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at how to assess your internal controls under COSO.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 36 – Crisis Management in Compliance: Lessons from Star Trek’s “Catspaw”

Today, we boldly journey into the Star Trek: TOS episode “Catspaw,” an engaging yet somewhat eerie tale, to uncover practical crisis management insights that can benefit corporate compliance practitioners. In “Catspaw,” Captain Kirk and his stalwart crew encounter alien beings who utilize illusions, fear tactics, and psychological manipulation to control the Enterprise. Today, Tom Fox outlines five specific lessons derived from key scenes in the episode and explains their relevance to the compliance profession.

Lesson 1: Understand and Define the Nature of the Crisis Clearly (Scene: Initial Loss of Crew Members)

Illustrated By: At the outset of the episode, Kirk and the Enterprise crew become concerned when an away team led by Chief Engineer Scott fails to respond. Kirk quickly recognizes the absence of communication as a genuine crisis, one that warrants immediate investigation.

Compliance Lesson: For compliance officers, clarity in defining a crisis is paramount.

Lesson 2: Avoid Being Misled by Surface Appearances or Initial Assumptions (Scene: Spooky Castle and Illusions)

Illustrated By: Kirk, Spock, and Dr. McCoy find themselves faced with a mysterious castle, complete with witches and haunting illusions, which is deliberately designed to mislead and manipulate their perceptions.

Compliance Lesson: Compliance crises similarly often come cloaked in misleading appearances. Fraud, bribery, corruption, or regulatory violations may initially seem improbable or manifest subtly, disguised by legitimate-seeming transactions or credible rationalizations.

Lesson 3: Maintain Clear, Consistent Communication Under Pressure (Scene: Communication Between the Enterprise and Kirk’s Away Team)

Illustrated By: Throughout “Catspaw,” Spock and Kirk rely heavily upon continuous, clear, and precise communications with the Enterprise.

Compliance Lesson: Clear communication is the compliance professional’s most potent tool during crises. Timely, transparent information flows across teams, departments, senior management, and external stakeholders are crucial.

Lesson 4: Foster Team Cohesion and Trust to Overcome Crisis (Scene: Crew Unity and Reliance Under Alien Manipulation)

Illustrated By: When confronted by their alien adversaries, Sylvia and Korob, who create illusions to sow division and confusion, the Enterprise crew remains steadfast, unified, and supportive.

Compliance Lesson: In compliance crises, organizational cohesion and trust are indispensable. Fear, blame, and suspicion often arise naturally during high-stress situations.

Lesson 5: Innovate and Adapt Rapidly in Response to Changing Situations (Scene: Kirk’s Recognition and Exploitation of Alien Weakness)

Illustrated By: Ultimately, Kirk identifies that the aliens, Sylvia and Korob, utilize advanced technology to create their illusions but lack practical experience with human reality.

Compliance Lesson: Compliance professionals frequently encounter novel crises that challenge standard procedures and existing playbooks. The capability to innovate and adapt quickly becomes critical.

Final ComplianceLog Reflections

Star Trek’s “Catspaw reveals, beneath its fantastical veneer, the powerfully demonstrated fundamental principles of crisis management: rapid identification and clear definition of crises, disciplined investigative rigor, effective communication, team cohesion, and strategic innovation. Compliance professionals are regularly challenged by uncertainty, disruption, and confusion, much like those faced by the Enterprise crew. Adopting and embedding these five core lessons into your compliance strategy ensures your organization is equipped to withstand and even thrive in challenging, unpredictable environments.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Throughout this season, Tom will delve into each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear.

In this episode (and for the entire month of July), we focus on the most famous Holmes novel, ‘The Hound of the Baskervilles.’ Timothy and Fiona are back to explore the key elements of the novel, connecting them with compliance themes and investigative techniques. They dissect the storyline, reveal insights, and discuss timeless lessons in rational thinking, the perils of unquestioned beliefs, and the power of meticulous observation and teamwork. Additionally, Tom invites listeners to provide feedback on the use of AI voices and offers to help those interested in starting their podcasts.

Highlights include:

  • Deep Dive into The Hound of the Baskervilles
  • The Mysterious Case Unfolds
  • Holmes’ Investigation and Revelations
  • Lessons from The Hound of the Baskervilles

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Sherlock Holmes, The Novels, with an introduction by Michael Dirda

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

COSO’s Corporate Governance Framework: Component 2-Strategy

We continue our exploration of the recently released COSO  Corporate Governance Framework (the Framework) as a Public Exposure Draft.  Today, we begin a deep dive into the six individual components with a discussion of Component 2—Strategy. This component prioritizes compliance at the forefront of value creation. This is not just about watching for missteps. It’s about enabling the entity to pursue bold goals while staying grounded in ethics, purpose, and accountability.

For compliance professionals, this is a welcome and long overdue shift. Strategy is no longer just a business conversation; it’s a strategic imperative. COSO makes it clear: strategy is governance, and governance must include compliance at every stage—from definition to execution to performance monitoring. Today, we extract five key lessons for compliance professionals ready to step into a new leadership role.

I. Strategy in the COSO CGF: What It Covers

The Strategy Component of COSO’s CGF focuses on aligning the entity’s strategic direction with its purpose, values, and long-term objectives. It’s made up of four core principles:

  1. Define Purpose and Core Values
  2. Develop and Communicate the Strategy
  3. Execute the Strategy
  4. Measure Performance Against Strategy and Adjust

These principles provide a governance framework that not only connects the board and executive management but cascades responsibility throughout the entity, from strategy rooms to front-line decision-making.

Why Strategy Matters to Compliance

For years, strategy has been seen as the exclusive domain of the CEO, CFO, and business development leaders. Compliance was invited in after the fact, to clean up, audit, or assess risks. But COSO’s framework changes the conversation.

As compliance professionals, we bring a risk-aware, ethics-focused, stakeholder-sensitive perspective to the table. In an era of ESG mandates, AI disruption, global volatility, and regulatory scrutiny, strategy without compliance is incomplete. If your compliance function is not integrated into the strategy process, you are not practicing governance; you are essentially doing damage control.

II. Five Key Lessons for Compliance Professionals

Lesson 1: Start with Purpose—Not Just Policy

Principle 7: Define Purpose and Core Values

Boards and management must define the entity’s fundamental purpose, the “why” behind the business, and articulate the core values that guide decision-making, behavior, and stakeholder relationships. These values must be embedded into operations, strategic priorities, and performance incentives.

Compliance Tip: Tie your compliance policies, training, and reporting to the entity’s purpose and values. Do not discuss rules; instead, focus on alignment. Offer to help HR and communications integrate purpose into onboarding, annual certifications, and code of conduct messaging. When purpose becomes the language of the enterprise, compliance becomes a strategic partner.

Lesson 2: Compliance Must Be at the Strategy Table

Principle 8: Develop and Communicate the Strategy

Executive management, in consultation with the board, is responsible for developing the strategic plan, which encompasses competitive positioning, market risks, stakeholder expectations, and capital allocation. Strategy development must consist of scenario planning and risk alignment to maximize long-term value.

Compliance Tip: Join strategic planning conversations early. Provide insight on regulatory trends, reputational risks, geopolitical shifts, and stakeholder concerns that could derail strategy if not addressed upfront. Offer to run a pre-mortem exercise: If this strategy fails, why will it fail? Use compliance-led facilitation to identify blind spots in the business model.

Lesson 3: Execution Is Where Ethics Live or Die

Principle 9: Execute the Strategy

Executing the strategy requires a well-defined operating model, clear accountability, aligned incentives, and integrated reporting. Middle management translates strategic goals into action, and it’s here that ethical risk often emerges.

Compliance Tip: Get involved in operational risk reviews. Ask how incentives are aligned with values. Review whether performance metrics encourage long-term thinking or shortcut-taking. Collaborate with the COO or HR to incorporate ethical conduct and risk awareness into performance evaluations and team KPIs. This helps you drive a values-based strategy from the ground up.

Lesson 4: Metrics Matter—And So Does What You Measure

Principle 10: Measure Performance Against Strategy and Adjust

Management must develop and track both financial and non-financial KPIs to assess progress against strategic goals. The board oversees these metrics and ensures that adjustments are made when results or risks shift.

Compliance Tip: Contribute to KPI development. Suggest ethical culture indicators, hotline trends, third-party risk metrics, or audit closure rates as part of strategy dashboards. Push for the inclusion of lagging and leading indicators. It’s not enough to track what went wrong. Compliance needs metrics that alert us to potential issues before they occur. Compliance analytics is your secret weapon.

Lesson 5: Agility Requires Structure—Be the Change Advisor

COSO’s Strategy Component emphasizes the need for strategic agility. This is the ability to pivot in the face of market disruptions, new risks, or regulatory change. But agility does not mean chaos. It requires disciplined change management, escalation procedures, and decision-making protocols.

Compliance Tip: Be a Governance Resource During Change. Whether it’s a reorg, a product launch, a merger, or a crisis response, help ensure that the right people are consulted, documented, and accountable. Offer a compliance impact assessment for major strategic shifts. Show how culture, third-party relationships, data privacy, or anti-bribery obligations will be affected and what the plan is to stay in control.

III. Strategy Is a Compliance Priority—Not Just a Business One

COSO’s Framework makes something crystal clear: strategy is no longer “off-limits” to compliance. The board must oversee it. Executive management must align it with the purpose. And the compliance function must embed integrity, risk foresight, and stakeholder accountability into every strategic decision. We should break the old model that treated compliance as a back-end reviewer. We are now co-pilots. COSO has provided compliance with the governance language to claim its seat at the strategy table. Now it is up to us to use it.

How to Put This Into Practice

Here are five actionable steps for compliance teams:

  1. Review your company’s strategic plan through the lens of COSO’s four strategy principles. Start by mapping your organization’s current strategic plan against the four COSO Strategy principles: defining purpose and core values, developing the strategy, executing it, and measuring performance. Ask critical questions—Does the plan reflect your core values? Are ethical risks explicitly considered? Do compliance concerns inform strategic KPIs? This exercise helps compliance professionals identify gaps where compliance can bring additional value, ensuring the organization’s long-term strategy is rooted in accountability, integrity, and transparency. It also positions compliance as a proactive contributor to governance, not a reactive afterthought.
  2. Schedule a briefing with strategy or finance leaders to explore how risk and ethics are being integrated into the process. Establish a strategic dialogue with your CFO, head of strategy, or business development leadership to understand how ethical considerations and compliance risks are being integrated into planning. Bring COSO’s Strategy principles to the table as a common framework and ask how the company’s strategic models account for reputational risk, regulatory change, and stakeholder expectations. Use this time to identify areas where compliance can provide valuable insights, such as in ESG, M&A due diligence, or geopolitical risk assessment. These conversations open doors for cross-functional collaboration and foster trust with executives as they manage high-impact decisions.
  3. Develop compliance metrics that align with strategic objectives, such as trust, resilience, and stakeholder engagement, to ensure effective management and oversight. Move beyond traditional compliance outputs (e.g., number of training sessions or hotline reports closed) and align your metrics with enterprise-level strategic outcomes. Consider how to measure ethical culture, employee trust, third-party integrity, and the entity’s overall resilience to misconduct. Develop dashboards that can be integrated into strategic performance reviews or presented to executive management and the board of directors. Metrics might include culture survey participation, average investigation time, or third-party onboarding risk ratings. When compliance shows it can measure what matters to business leaders, it becomes a strategic asset, not a regulatory cost center.
  4. Pilot a strategic compliance review for a major initiative (product launch, M&A, market expansion). Choose a significant upcoming business initiative, perhaps a new product launch, geographic expansion, or merger, and embed compliance into the project team from the start. Conduct a compliance risk assessment tailored to the initiative’s strategy, market, and operating model. Ask how data privacy, third-party risk, anti-bribery compliance, and ethical culture will be protected during execution. Create an action plan that includes clear governance checkpoints, escalation triggers, and controls. This pilot not only demonstrates the value of compliance in driving strategic success, but it also establishes a replicable model for integrating compliance into future enterprise initiatives.
  5. Educate your board on the compliance implications of COSO’s Strategy Component—especially in strategy execution and performance monitoring. Prepare a board-level briefing or an audit committee presentation that focuses on how the compliance function supports strategic execution and long-term value creation. Use COSO’s Strategy principles to show how compliance intersects with business model design, culture, risk oversight, and scenario planning. Discuss how your function contributes to measuring non-financial performance indicators and adjusting strategy considering regulatory shifts or reputational risks. Reinforce the message that compliance is a governance tool, not just a defensive mechanism. By educating the board on these dynamics, you elevate the role of compliance in strategy and support a culture of forward-looking governance.

Final Thoughts: The Future of Strategy Is Compliance-Infused

We often say that strategy sets the tone for the business. However, as compliance professionals, we now have the tools and the COSO framework to ensure that our tone is ethical, risk-aware, stakeholder-conscious, and purpose-driven. Compliance should not simply review strategy; we should all move to shape it. Bring your questions, our insights, and our integrity to the table where the most important business decisions are made. That is what governance leadership looks like. COSO just gave compliance the playbook.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.