On September 18, 2014, InsideCounsel magazine held a corporate counsel conference to facilitate discussions on current legal issues.  In sessions on governance and compliance, industry experts addressed the current top challenges that in-house attorneys face when managing enterprise risk. 

  • Cybersecurity is no longer just a “technology” issue.  It has become a business and legal issue.  Compliance and management personnel must be trained and informed on the impact that cybersecurity risks present to the business.  Companies must have a business response, not just a technical response, prepared for when something goes wrong.  The question is not “whether” a cybersecurity issue will arise, but when.
  • A sophisticated approach to enterprise risk will involve a deeper analysis of the financial and business risk involved in responding to issues.  The key is to engage the business stakeholders, educate them on the legal and compliance risks, and understand the business.  An in-house attorney’s job is to provide the legal and regulatory framework for the issue and figure out how to build the company’s operations around those issues in order to help the business move forward in a way that will not create undue financial risk.
  • Companies should be prepared to address COSO’s (Committee of Sponsoring Organizations of the Treadway Commission) new 2013 framework for the Sarbanes-Oxley (SOX) Section 404 compliance requirements.  Companies should assess their internal control systems over external financial reporting periodically in order to identify opportunities to improve efficiency and effectiveness.
  • As many professionals in the workforce begin to retire, companies must prepare to address director and executive management recruitment and succession planning.  This consideration is also important to set the “tone” at the top for the company’s culture.
  • Executive pay and compensation have become important governance issues.  This issue has emerged given the economic environment of recent years and demands by investors and shareholders.  Investors are holding companies accountable and responsible for company profitability, compliance, and responsiveness to operations problems.

Companies grapple with regulatory and enforcement actions, privacy and cybersecurity, FCPA and anti-corruption, the False Claims Act, executive pay issues, and more.  But appropriate enterprise risk management systems and controls will put any company in a position to address them in the current environment.