Contact a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
Build Your Compliance Roadmap
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Contact a Specialist

«  View All Posts

Getting Middle Management On Board with Your Compliance Culture Blog Feature
ANDY CARTER

By: ANDY CARTER

Print/Save as PDF

Getting Middle Management On Board with Your Compliance Culture

Compliance and Certification

Promoting a culture of ethics and compliance is a fundamental component to the success of any organization. Although sometimes difficult to realize, the actual benefit of an ethics and compliance program exists in its ability to reinforce good decision making and ultimately steer us away from trouble. After all, just one mistake can leave you on the wrong side of the law, not to mention the financial drain and damage it can have on your company’s reputation. To create a culture that values ethics and compliance, we must realize a critical component: the buy-in. Simply put, everyone in the organization needs to be on board with the program.

From the C-suite and upper management to middle management, veteran employees and entry-level staff, ethics and compliance extends to all levels of the organization, affecting every person and department. A single person’s decision to disregard his or her commitment diminishes the integrity of the pyramid and increases the risk of nonconformity in every department below.

Positioned at the center, middle management weighs in as one of the most important players in maintaining the strength of an ethics and compliance program. They are typically the segment most unaware of how powerful their influence is on the organization. A majority of employees look to their direct manager for guidance and will base at least part of their opinion of workplace ethics on the actions of that manager. We can all think back to a time when a former supervisor said or did something that still sticks with us today. Whether good or bad, odds are the memory we recall is not particularly significant. Maybe it was a joke they told, a compliment they gave, or perhaps the way they responded to a problem. The point here is that even the smallest decisions made by middle management can have a lasting impact. If middle managers don’t consistently apply an ethical approach, employees will be quick to take note and more likely to follow suit.

The Potential Problem

Many issues regarding the involvement of middle management stem from their relationship with executive-level leaders. For example, feelings that upper management place too much focus on achieving material goals related to financials, sales, and cost controls may create the assumption that soft goals like ethics and compliance are expendable instead of reaching the more quantifiable goals. Unless these soft goals are reinforced by executive-level leaders as meaningful and rewarding, middle management may view the existence of these goals as a formality and not of any real importance.

Communication is Key

Reliable communication between employees, middle management, and top-level executives is one of the most important aspects of creating and maintaining a compliance culture. If employees feel they cannot voice concerns to middle management or likewise if middle management is discouraged from speaking with upper-level executives, the entire company will find it incredibly difficult, if not impossible to identify and promptly address compliance gaps.

It is imperative that upper and middle management work together to create an environment that champions communication, i.e. a workplace where employees feel comfortable expressing concerns and ideas, and managers are exceptional listeners.

To rectify the disconnect between executive leaders and middle management while inspiring middle management to get more involved with the creation and implementation of the organization’s compliance culture, both parties must take ownership of the following responsibilities:

  • Communicate regularly (with each other and employees) about compliance with ethical goals, the value of those goals, and specific expectations.
  • Lead by example and often speak about remaining compliant.
  • Listen (executives to middle management, and middle management to employees); ask managers and employees directly about their challenges with compliance and welcome their opinions, suggestions, or concerns.
  • Discuss how compliance initiatives will impact particular groups of people and why compliance is important.
  • Be transparent about how ethical values and compliance influence management decisions.
  • Anticipate ethical issues before they arise and be able to recognize them immediately when they occur.
  • Encourage questions when ethical action is unclear.
  • Provide consistent and general guidance regarding how ethical values apply to dilemmas.
  • Delegate resolutions.
  • Incorporate compliance in middle management performance reviews.
  • Create opportunities for middle management to work with peers on resolving issues.

The Grand Takeaway

Executive-level leaders and middle management must demonstrate the importance of placing equal value on financial and ethical goals. They must also be willing to lead by example, explicitly discuss expectations, and make themselves available to answer questions, as well as coach and mentor others.

See below how Iron Mountain embraced their culture of compliance for multiple assessments throughout their organization:

Iron Mountain Case Study

 

About ANDY CARTER

Andy Carter is a Senior Manager with Schellman. Andy has experience in IT attestation, audit and compliance – including Service Organization Control (SOC), Sarbanes -Oxley (SOX), and Regulation AB reporting.

Schellman

4010 W Boy Scout Boulevard, Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S. 1.813.288.8833

Services
Industries
Resources
Company

© SchellmanPrivacy PolicyTerms

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.