The long and bumpy road to compliance

With C-SOX looming, HR has a role to play

When it comes to the phasing in of Canada’s compliance legislation, many companies are still showing considerable resistance or say they are unsure about how to proceed. And so far there has been little in the way of revenues devoted to the cause. That’s according to a recently released study by Symantec, a Cupertino, Calif.-based infrastructure software firm, that found just 55 per cent of Canadian businesses are “mostly but not completely compliant” while 35 per cent are only partially compliant.

The survey of 215 companies was conducted before and after a Dec. 31, 2006, deadline for companies to report on investor protection processes they plan to implement in 2007. The deadline was just one of several that require publicly traded companies to comply with C-SOX (Canadian Sarbanes-Oxley) or Bill 198 legislation being phased in over four years.

Too many executives feel compliance legislation is a problem for prominent American companies, but financial errors reported by Nortel and RIM in Canada show that’s not quite the case, said Constantine Karbaliotis, senior compliance business specialist at Symantec’s Canadian head office in Toronto. The reality is everyone has to compete in international markets and rely on the confidence of investors.

But attitude continues to be a problem. In particular, small companies claim compliance is a “tremendous burden” and the focus on administrative processes does not add value to business. This kind of response is surprising considering the issue’s prominence in the U.S., said Ed Daugavietis, senior analyst at Info-Tech Research Group, which conducted the survey.

“People are used to it south of the border and are past the complaining stage. Here, people are up in arms, they say it has no revenue potential (and) it’s not contributing to business, it’s just a cost. Small companies say ‘Why should we incur costs to keep up with big Fortune 500s?’ So there’s a feeling this is unfair and there’s a state of denial.”

Furthermore, more than half (54 per cent) of companies surveyed said it is not clear how the compliance requirements can best be met, though 30 per cent said they would use existing manual processes and 16 per cent said they would use new automated processes.

On the plus side, more than two-thirds (67 per cent) said there are clearly defined “roles and responsibilities within the corporation aligned to support an efficient and effective compliance process” compared to just five per cent who said there is no group or authority responsible for compliance. However, more than one-quarter (28 per cent) said there is some conflict over the issue, though long-term direction is clear.

It’s expensive to add more people and engagement is key, along with changing the corporate culture, said Karbaliotis. Many companies don’t realize that becoming compliant is “not just a cost, it’s an opportunity to do things better and operate more efficiently. If you view it as a cost, there’s resistance.”

Employers must understand that compliance is not just one department’s responsibility since the consequences can be felt by the whole organization if there is a failure. So HR can be a great help in educating the workforce and carrying out ongoing awareness by reminding people.

Compliance should be just one part of a company’s overall standards and culture, said Gerlinde Herrmann, chair of the Human Resources Professionals Association of Ontario, and HR can play a critical role.

“To me, HR has an overarching responsibility. Certainly the finance, IT, legal departments are involved, with specific roles, but somebody has to keep the overall mandate of values, of which governance is a component,” she said.

A large majority of survey respondents were chief financial officers (80 per cent) and, not surprisingly, three-quarters of respondents said the CFO is responsible for compliance in the company, followed by a formally appointed group such as an audit committee (seven per cent), an executive (four per cent), a chief compliance officer (three per cent), the CEO (two per cent) and the IT group (one per cent).

Mike Gooley, branch manager at staffing firm Robert Half International in Toronto, said many companies are hiring the necessary staff, particularly with auditing experience, to deal with compliance issues and the trend is more towards full-time hires versus contractors and consultants. And there has been growth in inter-departmental relationships, which will mean “more people being aware of controlling issues and processes they need to go through for documentation and testing and maintaining strong and secure financial systems.”

Of course the cost of becoming compliant is a big concern. Nearly two-thirds (63 per cent) of respondents said their companies spent less than half of one per cent of revenue achieving compliance, and one-fifth of those spent nothing at all. Only seven per cent said the real cost of full compliance will represent more than 2.5 per cent of revenue.

However, Gooley said there is still a long way to go in Canada before the legislation is finalized, so it’s understandable companies are behind in investing in and implementing compliance initiatives.

“As it gets closer to deadlines, you’re going to see more money spent and activity pick up,” said Gooley.

But Karbaliotis said the numbers suggest Canadians don’t quite grasp the gravity of the situation in the design phase and companies may find they have to go back to the drawing board when it comes to the operational phase. The best approach is to start early, he said.

“If you’re purely in responsive or reactive mode, you’re not going to impress people later on,” he said.

Sarah Dobson is editor of Canadian Compensation & Benefits Reporter and Canadian Payroll Reporter, sister publications to Canadian HR Reporter. She can be reached at [email protected] .

Latest stories