Previously Published in Corporate Counsel | December 7, 2015 | By Sue Reisinger
At ON Semiconductor, general counsel George (Sonny) Cave works with a database of every compliance or ethics incident that has ever occurred at the company, along with significant incidents that have occurred at other companies, in an effort to mitigate risks.
The GC says that managing risk is an especially complex task at his company, which manufacturers and ships 1 billion semiconductor chips each week. “Having a robust compliance and ethics program is a challenge on one level just because of the pure volume,” he says.
But Cave’s company has an approach to the problem by using the database. In group sessions his team uses the database to try and identify every type of risk that could happen to the company. Then the team weaves in where certain operations are based and how that could affect the risk, based on country corruption rankings from organizations like Transparency International.
“Once we have a large potpourri of all these different types of risks, we score them on a 1 to 5 scale according to the likelihood that the risk will actually occur and the impact to the company if in fact it does occur,” Cave explains.
The GC says the team then plots the scores on a color-coded “heat map” grid, with the likelihood of occurrence on one horizontal axis and the impact on a vertical axis. The grid is broken into 25 boxes.
The upper right corner of the grid, box #25 in red, shows the highest risks with the most likelihood to occur and the largest impact. The lower left corner, box #1 in green, represents the least risk.
The company has determined its “risk appetite zone,” and part of Cave’s job is to help keep risks within that zone and to find mitigating factors to move larger risks into the zone. For example, when a government regulator toughens a rule or law, and that heightens risk, Cave’s legal team must help find a way to comply and lower the risk.
“But make no mistake,” Cave warns, “we will not knowingly violate the law in any country where we do business. That just is not acceptable at ON Semiconductor.”
Mike Zuraw, director of enterprise risk management at the company, works with Cave. Zuraw says the compliance and ethics piece is actually the least complex to manage because most such issues are preventable or at least controllable.
“In contrast, we have to manage risks across all functions in the company for things like earthquakes, typhoons, economic downturns and other events that are not preventable,” Zuraw says. “You have to educate folks on how to be prepared, and on what actions to take if they do occur.”
Under the umbrella of enterprise risk management, Cave has a compliance and ethics program with its own structure. It starts with the chief compliance and ethics officer, who is Cave, along with a chief risk officer and a corporate steering committee that includes senior executive vice presidents, the chief operating officer, and representatives of various key departments such as legal and procurement.
He intends to discuss his risk management operations in detail at a Corporate Compliance and Ethics Forum on Dec. 6 to 8 in San Francisco. The forum is sponsored by the Consero Group, which puts on such conferences for corporate executives.
Gina Nese is a corporate and compliance counsel at MicroVention Inc., a medical device company based in Irvine, California. Nese already knows a lot about compliance because she previously worked more than four years as chief compliance officer at Danaher Corp., also in California.
She also has previously been a speaker at a Consero compliance and ethics forum. But she plans to attend so she can hear how others, like Cave, are handling risks.
“We are a smaller but growing company,” she says, “and I really want to get cross-industry intelligence. I want to know what is trending outside of the medical device space on risk assessment and anti-corruption.”
Nese says her focus is to build a lean compliance program in a way to support business growth, while leveraging other leaders to run compliance inside their own departments. She’s looking for tools to give them to make that concept work.
“My challenge now is to learn more about how to use metrics and analytics to convey risk assessment to the business folks,” Nese says, including how to present information graphically.
And Sonny Cave may have just the graphic for her.
PA: International Commercial and Business Law; Securities and Federal Corporate Law/Corporate Governance/Compliance
S: In-House Counsel/General Counsel; Practice Skills
O: Company; Organization
I: Health Care/Medical