Tag: resilience

Categories
Great Women in Compliance

Great Women in Compliance: Resilience is a Muscle You Can Build

In this episode of Great Women in Compliance, Lisa Fine talks with Trish Ashman, Senior Director of Ethics & Compliance (AMEA & APAC) at Cushman & Wakefield, about resilience, integrity, and knowing when it’s time to move on.

Trish shares her journey from private practice in London to Singapore and into the Ethics and Compliance space. Trish was at Wirecard and then at Twitter, both of which had her working through two major corporate crises – the fraud at Wirecard and the ownership change at Twitter. Trish candidly shares her experiences and lessons learned from both of those roles.

At Wirecard, she stayed to support employees during the collapse, focused on fairness and doing what she could to make a difference. At Twitter, after the acquisition dramatically reshaped the company and its compliance function, she considered whether she could still meaningfully influence ethical decision-making and if this role aligned with her values.

This episode is an honest conversation about ethics and compliance as a calling, resilience as a muscle, and how these experiences shaped Trish and helped her become resilient and find a role where she would thrive.

Categories
Hill Country Hustlers

Hill Country Hustlers: Building Sweet Dreams: A Journey with Truffles and Vines

In this episode of Hill Country Hustlers Podcast, host Zachary Green talks with Brittany and Fabian Perez, owners of Truffles & Vines in Ingram, Texas. They share their inspiring journey from high school sweethearts to successful entrepreneurs, balancing family life and their dual businesses.

Brittany delves into the art of chocolate truffle making and event hosting, while Fabian discusses the intricacies of running his landscaping company, Prestige Lawn and Landscapes. They offer valuable insights on staying persistent and maintaining self-care while managing business and family responsibilities.

Key highlights:

  • Brittany and Fabian’s Background
  • Offerings at Truffles and Vines
  • Family Life and Community Involvement
  • Challenges and Resilience
  • Advice for Entrepreneurs

Resources:

Visit and Follow Truffles & Vines on:

Website

Instagram

Facebook

Categories
Blog

COSO’s Corporate Governance Framework: Component 6 – Resilience

We continue our exploration of the recently released COSO  Corporate Governance Framework (the Framework) as a Public Exposure Draft.  Today, we begin a deep dive into the six individual components with a discussion of Component 6—Resilience. In today’s volatile business climate, one thing is sure: disruption is no longer the exception; it has become the norm. Whether it’s a cybersecurity incident, regulatory upheaval, geopolitical instability, or reputational crisis, the organizations that thrive are those that can bend without breaking. That’s why Component 6 – Resilience in the COSO Corporate Governance Framework (CGF) is more than timely; it may well be foundational.

For the compliance professional, resilience isn’t just about bouncing back—it’s about designing governance systems that withstand, anticipate, and even leverage disruption. The CGF reframes resilience as an integrated model that weaves together risk management, compliance, internal control, and continuous monitoring. This final Component of the framework is where compliance moves from policy enforcement to value creation. It is where compliance becomes a partner in operational continuity, strategic foresight, and cultural durability.

What Is the Resilience Component?

COSO defines resilience as the ability to withstand disruption, adapt to change, seize opportunity, and sustain long-term value. It is not reactive firefighting but rather about proactive design. This Component is structured around four principles:

  1. Manage and Oversee Risks and Opportunities
  2. Manage Compliance Responsibilities
  3. Establish and Evaluate Internal Control
  4. Monitor Governance Effectiveness

These principles span strategic, operational, and cultural dimensions of governance, reinforcing that a single function doesn’t own resilience. It’s built collaboratively across the board, executive leadership, internal audit, risk, and yes, compliance.

Why Resilience Belongs to Compliance

Compliance has continuously operated at the intersection of policy, people, and process. But in the Framework view, compliance is a key architect of resilience. Why? Because of the following:

  • Compliance sees how risks evolve across geographies, regulations, and business lines.
  • Compliance manages escalation, remediation, and accountability processes.
  • Compliance helps define the thresholds for risk acceptance and control failure.
  • Compliance monitors ethics and behavior—early indicators of cultural cracks.
  • Compliance is a trusted communicator in times of crisis.

The Resilience Component is our invitation to lead not just to prevent harm, but to build strength.

Five Key Lessons for Compliance Professionals

Lesson 1: Governance Without Risk Integration Is Incomplete

Principle 21: Manage and Oversee Risks and Opportunities

Executive management, with board oversight, must establish a structured, dynamic risk management process that aligns strategy, performance, and risk appetite. The board must allocate oversight of risk areas across committees while maintaining integrated ownership of enterprise-level risks.

Compliance Tip: Engage with your risk management function to ensure your compliance risks, such as regulatory enforcement, third-party integrity, and misconduct, are embedded in enterprise risk registers and heatmaps. Use scenario planning to show how legal and compliance risks could disrupt strategic objectives. Partner with the CRO to lead cross-functional risk workshops that consider both downside risk and upside opportunity (e.g., entering new markets with strong compliance advantages).

Lesson 2: Compliance Is Not a Silo—It’s a System

Principle 22: Manage Compliance Responsibilities

Compliance must be embedded across the enterprise, with clear ownership, independent oversight, robust policies, and responsive change management. The CCO must have the authority, access, and independence to lead an effective compliance program that evolves with risk.

Compliance Tip: Ensure your program includes both centralized compliance (for policy and strategy) and decentralized compliance partners (within functions or geographies). Consistency is key, but so is contextualization. Build a compliance change management protocol that activates when laws shift or operations expand. This should include regulatory horizon scanning, impact assessments, stakeholder training, and updated controls. Resilience depends on staying current, not compliant with yesterday’s standards.

Lesson 3: Internal Control Is Not Just Finance—It’s Enterprise Resilience

Principle 23: Establish and Evaluate Internal Control

Internal controls must support the achievement of operational, reporting, and compliance objectives. Executive management must align controls with ethics, legal obligations, and the entity’s risk profile, and boards must oversee their design and effectiveness.

Compliance Tip: Expand your oversight of controls beyond SOX and financial reporting. Review controls around conflicts of interest, data protection, anti-corruption, and third-party oversight. Collaborate with internal audit and risk to integrate compliance controls into enterprise-wide control frameworks and control testing cycles. Use this alignment to identify duplication, streamline assurance, and enhance board visibility.

Lesson 4: Monitoring Isn’t About Activity—It’s About Insight

Principle 24: Monitor Governance Effectiveness

Governance must be continuously monitored, not just audited periodically. This includes reviewing trends, stakeholder expectations, and gaps in policy or performance. Both the board and management should receive real-time insights on culture, compliance, and risk exposure.

Compliance Tip: Build dashboards that combine hard compliance metrics (e.g., training rates, hotline activity) with qualitative indicators (e.g., engagement survey results, tone-at-the-top assessments). Present these to executive leadership as part of quarterly reporting. Lead a governance “lookback” exercise after key incidents, such as investigations, regulatory inquiries, or market shifts. What worked? What broke down? What signals were missed? This practice turns mistakes into muscle.

Lesson 5: Technology Is a Force Multiplier—Use It to Scale Resilience

COSO highlights the power of technology, like GRC systems, data analytics, and artificial intelligence, to drive smarter, faster governance. Resilience requires visibility and agility, which technology can deliver when thoughtfully deployed.

Compliance Tip: Leverage tech to automate monitoring of high-risk processes, such as gifts & hospitality, vendor onboarding, or export controls. Use exception alerts to flag potential issues before they escalate—pilot predictive analytics for culture and ethics risk. Combine internal data (e.g., survey responses, exit interviews, training patterns) with external signals (e.g., Glassdoor, whistleblower trends) to identify emerging hotspots. That’s how resilient organizations get ahead of reputation-damaging crises.

Building a Resilience-Driven Compliance Program

Use COSO’s Resilience Component as the blueprint for a more integrated, forward-looking compliance program. Here’s how to begin:

  • Risk Integration: Map compliance risks to strategic objectives and ensure alignment with ERM.
  • Compliance Ownership: Assign roles and responsibilities at all levels, with a clear reporting line to the board.
  • Controls Framework: Ensure compliance controls are part of your internal control evaluation process, not isolated.
  • Technology Enablement: Deploy automation and analytics to monitor, report, and adapt.
  • Monitoring Infrastructure: Create a system for real-time visibility and feedback across all six COSO governance components.

This is not simply about regulatory defense. It’s about strategic readiness and stakeholder trust.

What Boards Need to Hear from Compliance

Bring these messages to your next governance, audit, or risk committee meeting:

  • Resilience is the outcome of integrated governance, compliance, risk, internal control, and culture that must work together.
  • Compliance is a strategic partner in managing disruption, not just avoiding penalties.
  • The board should regularly review compliance monitoring dashboards alongside risk and financial data.
  • The compliance function must be properly resourced and independent to support resilience.
  • Resilience is not just bouncing back; it is about designing systems that do not fold under pressure.

When boards see compliance as an enabler of value, not just a cost center, they make better decisions and support stronger programs.

Final Thoughts: Resilience Is the Future of Compliance

The COSO Resilience Component confirms what many of us have been saying for years: compliance must evolve from a reactive function to a proactive pillar of enterprise stability.

Do not simply write the policy. Build the process. Don’t just monitor conduct. Predict behavior. Don’t just advise in hindsight. Prepare with foresight. Because in governance, resilience isn’t a buzzword; it is a business model. And compliance is right at the center of making it real.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.

Categories
Innovation in Compliance

The Strength Trap: When Being the Strong One Starts Breaking You – Part 2: Tactical Resilience: Mastering Stress and Self-Awareness

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this part 2 of the 3-part series, Tom Fox and Irina Alexander, founder & CEO of the Academy of MotivAction, explore tactical resilience and how awareness and self-mastery shape performance.

They use the metaphor of stress ‘driving the bus’ to highlight the various ways unmanaged stress manifests, from irritability to substance abuse and eventual burnout. Irina also distinguishes between burnout and breakdown, noting that while burnout is cumulative stress, a breakdown is a singular event. The discussion extends to the corporate world’s awareness of the costs of stress and the importance of self-awareness in improving performance and emotional well-being. Irina shares actionable steps to cultivate self-awareness and sheds light on the pitfalls of equating control with strength. She emphasizes that authentic leadership requires flexibility and adaptation. The episode concludes with a teaser for the next episode, covering emotional regulation and trust rebuilding in high-pressure situations.

Join us tomorrow, where we conclude our 3-part series by visiting with Jen Hardy on Communication, Emotional Stability & the Power of Trust.

Key highlights:

  • Understanding Stress and Burnout
  • Corporate Stress and Productivity
  • Self-Awareness and Emotional Wellbeing
  • High Performers and Burnout Indicators
  • Personal Rituals for Grounding

Resources:

Academy Of MotivAction Website

Academy Of MotivAction on LinkedIn

Jen Hardy on LinkedIn

Irina Alexander on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

X

LinkedIn

Categories
Blog

To Increase Resilience in Compliance, Engage More

If there is one thing I have learned in working with Carsten Tams, Ethical Business Architect and founder and Chief Executive Officer (CEO) of Emagence LLC, it is that one of the very top keys for a successful compliance program is employee engagement. Tams and I explored this topic in the popular podcast series, Design Thinking in Compliance. It also appears that engagement can lead to great business resiliency based upon a 2021 article in the MIT Sloan Management Review, entitled The Top 10 Findings on Resilience and Engagement, by Marcus Buckingham. After Covid 19 and the Russian invasion has changed business forever which has made business resiliency a key trait for any business, corporate function and most especially a Chief Compliance Officer (CCO) or compliance professional. That last arena is where engagement is so critical.

The author defined resilience as “the capacity of an individual to withstand, bounce back from, and work through challenging circumstances or events.” But it is also a “reactive capacity, describing how people will respond when challenges arise.” Conversely, engagement was seen as proactive state of mind. The authors defined the criteria by making such inquiries “as how clear their expectations were, whether they got to use their strengths every day, whether they felt they would be recognized for doing excellent work, and whether someone at work was encouraging them to grow.” Yet the most interesting part is the dichotomy between reactive and proactive. It is a bit like the difference in prevention and detection in a compliance program; clearly the former is preferred to stop illegal or unethical conduct so you do not have to detect it.

Not surprisingly, trust is the number 1 factor in both engagement and resilience. Astoundingly the author found “employees who said they completely trust their team leader were 14 times more likely to be fully engaged.” Moreover, those employees who completely trusted their colleagues, team leader, and senior leaders, “were 42 times more likely to be highly resilient.” The reason should seem obvious as it is certainly “easier to engage in our best work when we don’t have to expend mental resources looking over our shoulders or protecting ourselves against dysfunctional workplace practices that erode trust, like bullying or micromanaging. When it comes to building engagement and resilience, trust is everything.” [emphasis added throughout]

Teamwork is also a key factor. Although this is not something I have experienced over the past 12 years of working alone, the author found, “Those who said they are on a team were 2.6 times more likely to be fully engaged and 2.7 times more likely to be highly resilient than those who didn’t identify as team members. For millennia, humans have experienced psychological well-being only when they feel connected to and supported by a small group of people around them.” When the pandemic hit, working from home (WFH) was not new to me as I had been doing it since 2010 but even in the WFH or Hybrid Work era, most employees need to feel like they are a part of a team.

However, being or even feeling like you are a part of a team is a state of mind, not a state of place. I always feel like I am engaged with my blog posts and article readers, my podcast listeners and the greater compliance community. Based on that experience, I certainly agree with the author’s statement that “engagement and resilience are about who you work with, not where you’re working.” Moreover, he noted, “virtual workers are both more engaged and more resilient than those who are physically in an office or shared workspace… In 2020, well into the pandemic, 20% of virtual workers were fully engaged and 18% were highly resilient — a stark contrast to the 11% of fully engaged and 9% of highly resilient office-based workers during the same period. How the work is done and with whom people work are both important, but organizations can stop worrying about whether virtual work is detrimental to teamwork.” But even more than teamwork, it is about having relationships with your co-workers. The author stated, “Relationships boost resilience. Women are not more resilient than men, or vice versa… This data strongly suggests that it is much harder to summon and sustain one’s resilience when going through life alone.”

I can certainly attest that the unknown is more terrifying than change. The author found that employees “who reported five or more changes at work were 13 times more likely to be highly resilient. This suggests that we humans fear the unknown more than we fear change. Company leaders shouldn’t rush employees back to normalcy when so much of the danger inherent in this current “normalcy” remains unknown and unknowable. Instead, leaders should tell their teams specifically what changes they are making to their work and why to increase their overall level of resilience.”

These findings suggest that every CCO and compliance professional must work to lessen or even dissolve the disconnect between senior leadership and front-line workers. It is your front-line business folks who will make or break your compliance program. Getting your senior management more engaged will begin to create and establish the trust that your employees will need to show resilience in the face of the next major business location, whether it is a pandemic or military invasion. Giving employees needed clarity and specificity from leaders, not sugarcoated enthusiasm, will help drive this trust. The author ended by taking this concept a step further by stating, “Leaders need to see their employees not as “labor” but as the messy, complex, emotional beings they are — dealing with real-world human challenges, just like they are. The more that leaders can infuse these findings in their organizations’ policies and practices, the more likely we will all be to flourish, both during these difficult times and beyond.”