Skip to content

What Makes a Successful CCO

People can (and do) debate what makes a successful CCO all day long. I want to approach that subject from a different angle.

What makes a successful Chief Audit Executive?

After all, much of the work they do is broadly similar to the work you do: they assess and remediate risk. What’s more, the audit profession has conducted many studies (much more than the compliance profession, frankly) to identify the skills that make a good audit executive. So what conclusions about professional success in that field might also apply to ours?

Well, audit executives have said for years that their most crucial skills are critical thinking, business acumen, and communication skills. That was true in a post earlier this year from the head of the Institute of Internal Auditors, and it was true in a survey the IIA commissioned in 2012.

That answer would resonate with most compliance officers, too. Success isn’t necessarily about having a law degree, or advanced knowledge of software, or superior statistical analysis skills, although all those things help. Success about knowing how to work with other people to achieve compliance goals in a business process.

Successful CCO's are Persuasive

Let’s take “knowing how to work with other people” first. That really means success as a compliance officer is about persuasion. Many times I’ve heard compliance officers wish for a world where other parts of the enterprise pull compliance into the discussion about the business, rather than compliance pushing its way in. That requires persuasive ability.

Sure, executive support and independence of the compliance function help, but those things still just make the compliance officer a person to be respected or even feared. That’s not the same as a person who is welcomed. A successful chief compliance officer knows how to communicate and win enthusiasm from others regardless of whatever authority and independence you might have.

Successful CCO's Understand Business

Then there’s the second part of our sentence above, “to achieve compliance goals in a business process.” That requires skill at risk assessment and design of internal controls, plus a knowledge of how your business works. Those skills help to build a compliance function that prevents misconduct — and the more you understand the business, the better your compliance function can fulfill that goal at least cost. Which is what gets you promoted to CCO.

We see hints of these ideas in the Justice Department’s guidelines to evaluate compliance programs. Those guidelines never address directly address what makes a great CCO, but they do ask, “What role has compliance played in the company’s strategic and operational decisions?”

A successful compliance officer knows how to weave him- or herself into those decisions. The more persuasive you are, and the more astutely you can embed compliance objectives into business processes, the greater a role compliance can play in those strategic and operational decisions.

That’s what success looks like. Budgets, autonomy, executive support, technology — they all help, to be sure. But let’s never forget what corporate ethics and compliance are about: persuading people to do the right thing. Ethics and compliance is, fundamentally, a people business.


Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Implement a tailored Third-Party Risk Management solution