Global Journal of Management and Business Research, A: Administration and Management, Volume 23 Issue 10

Sustainable Compliance Programs in Complex Organizations Paul Klumpes Global Journal of Management and Business Research ( A ) XXIII Issue X Version I Year 2023 1 © 2023 Global Journals Author: e-mail: pjmk@business.aau.dk Keywords : complexity theory, sustainable compliance, internal controls, information governance. I. I ntroduction he Enron, WorldCom scandals have proved a watershed in the area of compliance and governance (Benston, 2006). The scandals provided an additional impetus for increased scrutiny and oversight on the management of these organizations, to improve investor’s confidence in the sustainability of regulatory compliance programs and broader corporate risk management policies. Consequently, regulatory authorities and governments in both Europe and the US subsequently formulated various regulations to enhance governance (via increased transparency in financial reporting and disclosure). This issue is particularly pertinent to European firms that choose to list their securities in US markets, as they are subject to the enhanced reporting and risk management monitoring requirements of the Sarbanes Oxley Act, 2002 (hereinafter, ‘SOX’). A number of consultancy firms (e.g. McKinsey, 2017; NetIQ, 2019; MicroFocus, 2019) have alerted firms to the challenges that complex organizations face in order to develop a compliance program to meet the increasing complexity and scope of the post-SOX regulatory environment. These issues are particularly relevant for multinational firms that are subject to a complex array of regulations, as they seek to develop a ‘Sustainable Compliance Program’. Such issues seem to be particularly relevant to financial firms, and to those adopting big data technologies in both sales and service provision. Moreover, institutional environments such as the UK have further explicated standards for enhanced corporate risk governance (e.g. the UK Revised Corporate Code, 2015). While the Post-Enron, SOX regulations that firms have to comply with have been heavily criticised (e.g., Benston, 2006) and their cost implementations, the implications for the quality and integrity of internal control departments that presumably are responsible to monitor their effectiveness, has received relatively little attention. The impact of SOX on cross-listed firms is well researched as well, as evidenced by Litvak (2007), Bianconi et al. (2013), and Arping and Sautner (2013). However, none of these studies considered the broader inter-connections between corporate effectiveness in implementing these regulations, and their broader connections with corporate risk management and information governance policies. For example, Damania et al. (2004) find that firms are able to evade compliance with regulations in countries with relatively higher levels of corruption, while Jiang et al. (2015) propose a consistency and compliance checker framework to ensure regulatory compliance which is validated by a case study of customs declaration. Moreover, such issues have largely been ignored by the currently dominant “agency paradigm” of corporate governance theory that is primarily concerned with the importance of the “top down” primacy role of shareholders and stock markets in solving corporate governance problems (e.g. Jensen and Meckling, 1976; Jensen, 1983, 1998), as presumed by prior literature reviews of the relationship between internal control departments and governance (e.g. Gramling et al. 2004, Carcello et al. 2011). By contrast, the “bottom up” implications associated with the effectiveness of individuals and business units charged with implementing regulatory compliance programs upon which complex organisations increasingly rely, has been largely ignored. Goergen (2012) draws on insights from complexity theory to examine the inter-relationships between the entire corporate governance ‘eco-system’ various other stakeholders and gatekeepers, such as auditors, regulators and internal compliance units. The purpose of this paper is to examine both demand and supply side ‘influencers’ that affect the operational effectiveness of compliance program management (SOX in particular) within organizations. T Abstract- I identify and test the empirical implications of complexity theory to investigate the effectiveness of the firm’s risk management program in monitoring compliance program activity. I provide a direct link between the quality of Business Regulatory Compliance Unit (which executes and oversees the compliance program implementation) and the overall risk management quality of the firm. I use a multi-method design, incorporating survey questionnaires and econometric multivariate analysis of a sample of European firms. I find a relationship between the risk management exposure of European firms and the quality of their internal control department. I also find a strong relationship between earnings at risk for UK firms and asset-liability at risk for financial firms, but only a weak relationship between cash flow at risk and internal audit quality for European firms. The quality of internal compliance business units is strongly positively related to corporate performance over time.