First 100 Day Guide For CCO
First 100 Day Guide For CCO
First 100 Day Guide For CCO
The Chief
Compliance and
Ethics Officer’s
First 100 Days
© 2024 Gartner, Inc. and/or its affiliates. All rights reserved. CM_GBS_2922457
The Chief Compliance and Ethics Officer’s First 100 Days
Overview
Key Findings Recommendations
• Quickly forming effective working relationships with the CEO, general To ensure a successful transition into your role during your first 100 days,
counsel (GC), and other C-suite and cross-functional stakeholders can you must:
be challenging, but it is a key factor in determining chief compliance and • Clarify your role and mandate by researching the organization and its
ethics officers’ (CCEOs’) success and tenure. existing compliance functionality, speaking to your CEO and/or your GC.
• Quantitatively benchmarking and diagnosing functional gaps helps • Build relationships with key stakeholders throughout the organization by
CCEOs objectively identify priorities and build a case for changes and/or asking them questions specific to their role to identify and act on relevant
investments to bridge them. opportunities for cross-functional collaboration, creating better alignment
• Focusing on a collective quick win within the first 100 days — particularly and goodwill.
one where a CCEO leads the team — can help create a stronger connection • Assess the compliance function’s current state and maturity to identify gaps
with the compliance team and improve stakeholder support for future and improvement opportunities that will ultimately inform the strategic plan.
initiatives.
• Develop a strategic plan for the compliance program that aligns with
• The early projects of a CCEO entering a new seat will likely differ from a business priorities and incorporates both short- and long-term initiatives.
CCEO entering an established program. New programs require a focus on
building foundational elements such as policies, while established programs
can focus on updating existing elements or starting more complex
initiatives.
Assess Act
Communication
Source: Gartner
Prepare
The initial Plan phase is all about understanding the organization’s business, Learn about your role and the existing compliance program.
culture and existing compliance program, so you align on the expectations for Meet with your CEO, GC and other key stakeholders (e.g., head of enterprise risk
your role. To successfully kick-start your transition plan, you’ll have to take management (ERM), CHRO, predecessor if possible) to discuss your personal
actions before you start with the new role and then quickly after your first day. role, team and expectations on both sides. Allot a substantial amount of time to
Understand the Organization, Role and Function review how success will be defined and measured. Additionally, talk through
your span of control and level of influence on the organization’s strategic and
Learn about the organization. Study the market, business model and strategy
business goals. Leverage the following resources to build greater understanding:
of your organization. You can use the following suggested resources to do so:
• Compliance Documents — Read available program documents, such as the
• Company website and code of conduct — Analyze your company’s website
compliance charter, to understand compliance’s structure, responsibilities
to learn the fundamentals of its business and industry. Read through the
and governance at your company. Learn what the current compliance
code of conduct to learn about your company’s value proposition, purpose
staffing looks like, paying attention to how staff are distributed throughout
statement and commitments to its employees.
compliance areas (e.g., ethics, internal controls), geographies and specialties
• Key regulations and regulator updates — Identify the jurisdictions where (e.g., data analysis, communications).
your company operates and understand how regulatory demands vary
• Functional leaders — Set up time with key functional leaders to understand
among them (e.g., the EU Whistleblower Directive, U.S. Department of
how compliance has historically collaborated with them and discover any
Justice’s Monaco Memo). Survey the compliance landscape for your
relationships (e.g., compliance liaisons). Functions such as legal, internal
industry, paying keen attention to regulatory updates that significantly
audit and HR often hold similar responsibilities to compliance; engaging them
affect it as well as any compliance scandals among competitors.
during the transition can help clarify the compliance function’s expectations
• Job sites — Browse employee reviews on Glassdoor or Indeed, social media and identify potential challenges. For example, you must discuss with your
posts, and local and national “best place to work” lists to understand how GC how compliance typically works with the legal function to comply with
employees and outsiders perceive your company’s culture. new regulations, handle incidents and conduct investigations.
• Published company reports — Review the company’s performance results
and compliance reports to keep abreast of past regulatory fines, regulator
investigations and any voluntary misconduct disclosures.
• News reports — Look beyond published reports for any recent compliance-
related updates regarding the company and industry.
Acquaint yourself with your team. Once the above one-on-ones are Barriers to Success and Actionable Solutions
completed, call a meeting for everyone in your direct team. This meeting has • Assumed ownership: While compliance programs may have typical
two objectives: (1) to introduce yourself and, (2) show you are approachable responsibilities and obligations, other functions may own certain
and available to everyone. In addition to delivering the introductory message compliance activities. Ensure activity ownership is clear to avoid
you drafted, state when you will report back to the team with updates on duplicative work or overstepping controls, and collaborate on any
your progress. activities that should transition to the CCEO role.
Regroup with the CEO and/or your GC. Wrap up the prepare phase with • Regulatory complexity: You may have an understanding of the compliance
a meeting with your CEO and/or GC that covers: rules for your country or a specific industry, but global organizations must
• The key challenges and opportunities from your point of view navigate many different regulations. Understanding the organization’s
business and structure will help identify which regulations must be
• Your preliminary strategic vision and immediate priorities
accounted for, and regional stakeholders may provide additional insight
• A communications schedule for the future between the two of you to quicken this upskilling process.
Target Outcomes
• Alignment with the CEO and/or your GC on your core responsibilities
and span of authority/control
• An understanding of top regulations that govern the geographies and
industry the company operates in
• An understanding of the existing compliance function, including
program structure and staffing
• Identification of key stakeholders within assurance and throughout
the business with whom you can establish parameters for a mutually
beneficial relationship
Source: Gartner
Assess
The Assess phase is about evaluating current compliance key elements, Understand the compliance team’s perspectives on the
initiatives and structure. Avoid the temptation to solve problems or even compliance program. As you continue interacting with your direct
render judgements at this stage. Your chief priority should be benchmarking reports and key team members during your first few months, pay close
compliance’s functional maturity and conducting analyses that will provide attention to their sentiments about the current compliance program and
insight into pressing issues and internal information that will ultimately inform your transition. Document any themes or trends you observe from your
your strategic plan. conversations, including their:
• Assessment of compliance program maturity
Conduct a Current State-of-the-Function Assessment and Identify Gaps
• Satisfaction with the team culture
As you begin assessing gaps in your compliance program’s coverage and
maturity, the following resources will help you gain targeted employee and • Adaptation to internal change and rapidly evolving regulatory landscape
stakeholder feedback, and benchmark your program to that of your peers. • Challenges related to your transition and/or organizational changes
Understand stakeholder perspectives on the compliance program. As you • Proposed solutions to improving workflows and collaboration
continue to hold the functional leader meetings that you initiated in the Employees often struggle to address these topics directly with a senior leader,
prepare phase, identify how each leader feels about the current compliance so look for context clues in your conversations. Nonmanagerial employees may
program. Some conversation starters could include: feel alienated by the changes, so try to organize ask-me-anything (AMA) sessions
• How do you feel about existing compliance processes and controls? to understand their views and challenges. If your resources permit, you can also
• How have you historically felt about compliance involvement in business conduct a quick pulse survey to gauge employee sentiment. If concerns are
workflows? noted, plan to address them in a collaborative way to build team rapport.
• Have you experienced any conflicts with the compliance function in the
past? If so, how?
• How much impact does compliance training have on ethical outcomes?
• What are some organizational priorities where compliance involvement may
be beneficial?
• What do you expect from a CCEO?
Analyze program staffing and spending. Familiarize yourself with how Conduct a current state of the function assessment. Whether you are
compliance’s budget is allocated and request a three- to five-year dashboard entering a previously created compliance program or building your own from
of compliance spending. Conduct a benchmarking exercise, such as Gartner’s the ground up, conduct a gap analysis for a robust vision of organizationwide
Corporate Compliance, Ethics and Privacy Budget & Efficiency Benchmark, compliance performance. Use the Legal & Compliance Score for Compliance
to understand how your compliance spending and staffing compares to to assess compliance and ethics functional performance and maturity against
those of your peers. The benchmark can also help you plan future program seven objectives and 30 key management activities that represent the
developments and make a budgeting case to the board. Gartner’s Corporate scope of activities for the typical compliance function. When you set up an
Compliance, Ethics and Privacy Budget & Efficiency Benchmark is an assessment, you can choose to complete all or a subset of the activities listed.
interactive, online tool that guides you to enter key metrics so you can create Use the benchmarking data from the Score diagnostic to understand how
informative and comparative views of your function against those of your your compliance maturity matches up to programs on average and identify
peers. The categories of metrics for comparison include: top priorities for program improvement.
• Risk ownership • A prioritized list of the key organizational and operating needs and
deliverables that must be addressed within the first year in your role
• Privacy activity ownership and functional involvement
Barrier to Success and Actionable Solution The Seven Objectives of the Legal & Compliance Score for Compliance
Trying to address too many maturity or gap areas: Your goal is to complete a
high-level current-state assessment of the work being completed today and
then understand capabilities and dependencies at a macro level. Particularly
for a new program, maturity assessments can highlight how far behind you
are. Even if everything needs improvement, focus on identifying which areas Define Program
are more crucial to the business or can be addressed given your resources. Mandate
Compliance
Reinforce Establish
Behavioral Policies and
Expectations Procedures
Provide Oversee
Training and Allegations of
Communications Misconduct
Source: Gartner
Plan
Based on the information you gained during the Assess phase and your Use peer data while creating your strategic plan.
observations regarding the company’s current level of maturity, build an While building your program’s strategy, assess how your investments,
actionable plan to improve specific focus areas. Ensure the plan includes quick activities and staff allocation matches your peers’. Use our research based on
wins, detailed operational plans for the next one to two quarters and medium- benchmarking data from our 2022 Corporate Compliance, Ethics and Privacy
term plans for the first six to 12 months. Clarify the resources you will need Budget & Efficiency survey for detailed insight into peer trends. An example
(both inside and outside your team) to execute the plan successfully. of the type of benchmarking you can expect.
Develop metrics. Create metrics that effectively capture progress for the Allocation of Compliance Spend
activities included in your strategic plan. The Compliance Strategy Workbook
and Roadmap also includes guidance on developing specific metrics for
different compliance areas. Metrics should include: 5%
9% Other
• Activities-focused information, such as investigation cycle time and Compliance Expenses
Technology
training completion rates Expenses
• Results-oriented metrics, such as percentage of substantiated compliance
cases and the percentage of employees who fear retaliation in response
to reported allegations 17%
External Experts
Measuring the program is an important step that must be done right from
and Services
the start; begin by tracking metrics upfront to show program improvements Expenses
and return on investment sooner rather than later, and set yourself up for
year-over-year tracking.
Target Outcomes
• An initial strategic roadmap articulating your goals and activities for the Source: Gartner
remaining 100 days and beyond, with clear priorities and milestones that
consider the observations and data collected as part of the Assess phase
• A set of well-defined metrics that not only measure the completion of
program activities but also their success
Barriers to Success and Actionable Solutions Align Function Strategy With Business Priorities
• Rigidity regarding strategic goals: Having a rigid view about the tasks Meet with key stakeholders to solicit feedback. Assess how stakeholder
and goals to accomplish in a certain time period without taking the time concerns brought up during earlier conversations are addressed by your
to understand the needs of the function might lead you to miss key strategic plan. Test this plan in your meetings with select stakeholders (e.g.,
pieces of information. You must continually revisit your plans as you build CEO, GC) to solicit their advice and feedback. Bring up questions such as:
knowledge about the organization and function (such as the culture, the • Are compliance activities that are currently causing business slowdowns
function’s past performance and employee capability needs and goals). prioritized in the strategic plan?
• Overambitious timelines: Compliance owns many activities that fit • Would stakeholders resist aspects of the developed plan? If so, why?
within the strategic plan, and they should be charted on a timeline. Be Optimize cost. If you are filling an existing CCEO seat, you may face pressure
reasonable with how many tasks you might accomplish, particularly from the business to optimize existing program costs. To manage this
weighted against the current and expected size of your team. expectation, you should:
• Benchmark compliance program spending against that of peers to identify
where to cut costs or restructure current resources.
• Optimize performance by identifying where compliance can streamline its
requirements through tailored training and improved compliance controls.
• Identify investment opportunities that will maintain program effectiveness
while supporting business needs.
Focus on data analysis. Data analysis capabilities are becoming increasingly Project Prioritization Matrix
important for legal and compliance risk management. New analytics
initiatives should align with strategic business goals and specific department
needs. Speak to your CTO or IT stakeholders to see how existing company
analytics and systems can improve workflows with little effort and discuss
potential new technology investments. Identify quick wins related to an
enterprise strategic initiative. To quickly establish your credibility as a leader,
identify low-effort projects that can nonetheless help you make a meaningful High Quick Wins Major Projects
impact on the organization. Quick wins not only help demonstrate
compliance’s value to the broader organization but also build rapport and
motivation within the compliance team. Prioritize team initiatives based on
the information you gathered during your conversations with stakeholders,
Impact
using the following criteria:
• Value — A quick win must be linked to an urgent, critical business
outcome with a clear connection to revenue growth or cost reduction.
• Collective impact — The best quick wins are collective — executed Low Low-Hanging Fruit Hygiene
with the help of your direct reports and even the broader compliance
community. Once achieved, all team members will feel they contributed
to the win.
• Relationship building — The work should require you to seek guidance
and input from your direct reports and peers outside the function. Low Effort High
Source: Gartner
Target Outcomes
• Prioritized list of your three highest-value quick wins to pursue over the
balance of your first 100 days
• CEO and key stakeholder buy-in on the budget plan and strategic roadmap
• Knowledge of expected challenges and possible solutions.
Barriers to Success and Actionable Solutions
• Changing or canceling inherited projects too quickly: Keep in mind your
early performance will be assessed based on the initiatives you inherited
from your predecessor, in addition to new pursuits. Gauge the merits of in-
process projects to the extent they support your goals and strategic plan.
• Continuing out-of-scope projects: Avoid getting mired in initiatives that
don’t support your quick wins or vision statement(s) by pushing back
on requests outside your plan. If you can’t avoid an outside request (for
example, a new organizationwide priority arises), ensure the new project
is built into an agreed, adjusted plan with reset objectives and KPIs.
Act
You now have an opportunity to put plans into action and deliver visible Get involved in existing projects. By this phase, you will have some
results. Execute a quick win, get involved in existing projects, allocate team understanding of how compliance works at your organization, so you can
responsibilities and communicate your plans regularly to the CEO and other start adding value to the projects your team is currently involved in. Your
key stakeholders to establish formalized feedback loops. Monitor progress role should be to support these projects, not assume responsibility for
closely to ensure obstacles to execution are dealt with swiftly and continue them. You should have only two objectives in this process: to keep the
your information gathering internally to iterate the longer-term plan. teams focused on the business value of their projects and motivated to
smoothly and effectively execute them.
Execute Collective Quick Wins
Target Outcomes
Operationalize quick wins. To demonstrate your ability to act on the areas
• Delivery of a limited number of quick wins throughout the first 100 days,
identified for improvement and garner goodwill, initiate short-term projects
meeting or beating target deadlines and performance expectations: Early
that address stakeholder pain points. Quick wins will look different depending
successes create the necessary momentum for the next phase of larger
on the maturity of your program. A new role requires building essential
strategic initiatives.
program elements while an existing role might focus on modifying existing
program elements. • Completion of tasks that have an impact on the whole or a large portion of
the business to increase visibility for the program.
Build essential program elements for new-role quick wins:
Barriers to Success and Actionable Solutions
• Setting up a compliance hotline
• Overburdening the compliance team: Any quick win must be achievable
• Building a compliance program charter
without substantially distracting the team from its day-to-day work. In
• Building a compliance committee with key stakeholders your conversations with team members, understand their capacity before
Focus on current program modifications for existing-role quick wins: assigning newer tasks and help them prioritize between competing
• Revising parts of compliance guidance and training activities that they must perform.
• Organizing a Compliance and Ethics Week • Conflicts with other functions: Certain quick win activities may be similar
in scope to another function and create employee strain (e.g., running a
compliance training simultaneously with an HR training). Communicate
with key functional partners before initiating projects to ensure proper
coordination.
Assign Clear Roles for Longer-Term Strategic Initiatives Barriers to Success and Actionable Solutions
• Develop a formal strategy for communicating your initiatives. As you • Unclear team roles and objectives: Ensure your team members
finalize your strategic initiatives, communicate your strategy to the team, understand which specific goals they will be evaluated against and
including leaders and the broader compliance team. why. This understanding is particularly important if you have made
• Identify initiative owners. Identify which team members and stakeholders any structural changes.
will be involved in the next strategic initiatives and set expectations for • Infrequent or ineffective communication: Communicate regularly with the
them — timelines, how success or failure will be measured, etc. Source CEO, your direct reports and key stakeholders to determine what actions
inputs on the plan to make any necessary adjustments before you to initiate, speed up, continue, slow down or stop. Use these meetings to
implement it. socialize successes since you’ve assumed the role and gain additional buy-
• Meet with owners of new strategic initiatives. Give initiative owners the in and support for your initiatives.
autonomy to build their plans and ensure they have a list of decision factors
for project discontinuation. These activities should build off the quick wins
to establish longer-term projects.
Target Outcomes
• Action on quick wins that reflect immediate compliance impact on the
business
• Delegation of tasks to defined owners and managers of longer-term
strategic initiatives
Measure
The Measure phase is your opportunity to demonstrate the evidence of your Target Outcomes
influence and the effect of your initiatives. Share metrics, data points and • Feedback from key stakeholders on your effectiveness in navigating the
anecdotal feedback. Identify the parts of the plan that are working well — first 100 days to identify areas that require further attention
mentioning early wins and progress — and challenges that need more time • Documented list of successes, key lessons learned and areas for
or additional resources. improvement, and an assessment of outcomes related to your plan goals
Review the Plan Successes • Data against predetermined metrics from the plan phase and/or
• Execute postmortem reviews. When wrapping up an initiative, review identification of new or emerging metrics to track
the goals and outcomes with the owner. Discuss any shortcomings and Barriers to Success and Actionable Solutions
identify opportunities to improve the process for the next initiative. Check
• Overemphasis on quick projects: With so many tasks to accomplish in the
that those involved in the initiative are producing the intended outcomes
early stages, you might be tempted to continue a streak of quick wins to
and update your own perspective when necessary.
maintain momentum and a sense of progress. Once you finish the early
• Summarize outcomes and key findings. Toward the end of your first 100 stages of your tenure, focus attention on a blend of short- and long-term
days, prepare a short presentation for your CEO and leadership team projects to ensure major program needs will be addressed.
that tells the story of your project outcomes and key findings. Keep your
• Overreliance on your own data: Compliance programs will tend to use
presentation simple: Provide a summary of what you learned, potential
immediately available and accessible data in their evaluations. Connect
organizational and process changes, and next steps.
with peers in other workflows (such as HR) for any data insights they may
• Refine your metrics gathering. If the initially chosen metrics do not have that can support your story.
properly measure the success of a quick win, avoid using them. Use the
most accurate insights you can, even if some of them are anecdotal, and
explain how you will refine the process of measurement in the future.
• Update and adjust your future plans. After one quarter of execution,
use what you’ve learned about internal procedures, team capabilities and
organizational dynamics to update your future plans and goals. Discuss them
with your CEO and/or GC, particularly if you will need to modify any of your
key performance metrics for potential upstream and downstream effects.
objective insight
Join a Virtual Event Define the Leadership Vision for Your Role
Hear the latest insights from Gartner experts at an Achieve personal and enterprise success with
upcoming or recorded event. data-driven actionable insights.
Become a Client
© 2024 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of Gartner's
research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such
information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner
prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and Objectivity." Gartner research
may not be used as input into or for the training or development of generative artificial intelligence, machine learning, algorithms, software, or related technologies. CM_GBS_2922457