Behind the Scenes with Dana McMahon: The Importance of Enterprise Risk Management and Compliance in Today's Business Landscape.
I had the pleasure of speaking to the highly accomplished Dana McMahon, Global Chief Compliance Officer at Stryker. With almost 20 years of experience in the life sciences industry, Dana has significant expertise in legal, compliance, and enterprise risk, and her work extends across sales, marketing, privacy, supply chain, R&D, and much more.
In the interview, we discussed Dana's role as a global leader and her perspective on the role risk management and compliance can play within an organization. As she rightly mentioned, compliance is not just the responsibility of one individual or department; it is a collective effort that involves every member of the organization.
How have you seen companies’ approach to enterprise risk evolve over the last 3-5 years?
The evolution of companies' approach to enterprise risk management (ERM) over the last 3-5 years has been transformative. The Covid-19 pandemic accelerated this change, triggering a paradigm shift in how companies perceive and manage risk. The way leading companies manage risk has evolved from a reactive stance to a proactive approach. It’s the difference between responding to problems as they arise to actively identifying potential disruptors and taking necessary steps in anticipation.
The integration of technology into ERM is a testament to this. Artificial intelligence and predictive analytics are no longer merely buzzwords but essential components of a modern ERM framework. These advancements equip businesses with the tools to better assess and manage their risks, thereby reducing potential disruptions to their operations.
Furthermore, the expansion of ERM's partnerships reflects the interconnected nature of risks across different functions. By working closely with corporate strategy, information security, and supply chain, among others, ERM can provide a more comprehensive view of the organization's risk profile.
Lastly, the shift towards a balanced blend of quantitative and qualitative analysis signifies a more nuanced approach to risk assessment. Companies now appreciate the importance of expert insights alongside data, ensuring that no potential risk is overlooked.
In essence, the evolution in companies' approach to ERM over the past few years is indicative of their readiness to adapt and innovate, turning potential threats into opportunities for growth.
You have championed a mindset shift at Styker in viewing compliance risk as business risk. Can you describe what this means and the impact it has had on your organization?
This mindset shift has been a game-changer. Historically, compliance risk was perceived as a separate issue, to be managed outside of business processes. But by reframing compliance risks as business risks first, we've encouraged a deeper understanding and ownership in mitigating these risks. Teams are engaged not because they have to be, but because they understand the direct impact on business success.
The transformation has increased our efficiency and effectiveness in dealing with potential issues. We're no longer simply reacting to challenges in the moment. Today, we proactively identify risks and develop practical, purposeful solutions. Compliance, legal, business teams and other partners are working collaboratively towards a shared goal of ensuring both compliance and business success.
As a global leader in compliance, legal, and enterprise risk, what do you see are some of the biggest challenges global companies are facing today, and how should we be approaching them with solutions?
First, there’s the volatility of the legal and regulatory landscape, heightened by rapidly changing policies and enforcement measures. This unpredictability demands that companies stay vigilant about updates and adapt swiftly.
Second, data privacy and cybersecurity have become paramount. As reliance on digital technologies surges, safeguarding sensitive data has become a non-negotiable priority. Companies must not only take robust preventive measures but also have strategies in place to respond to cyber threats effectively.
Third, supply chain disruption and geopolitical uncertainty have been thrust into the spotlight. Global supply chains are vulnerable to natural disasters, political instability, and the unexpected, like a global pandemic. Amidst shifting geopolitical dynamics, trade tensions, and policy changes, uncertainty abounds. Companies must build resilience into their supply chain strategies and proactively manage geopolitical risks.
Finally, the increasing focus on bribery and corruption across different jurisdictions exposes global companies to significant risk. To mitigate these issues, it's crucial that policies and guidance are accessible and easy to understand, and education is relevant and ongoing. Discussing the “why” behind our policies, increasing live training with real-world scenarios, and ensuring guidance is available when it’s needed supports employees to make ethical decisions.
In addressing these challenges, we must adopt an approach that is proactive, adaptable, and comprehensive. By staying informed, planning for contingencies, and promoting a culture of ethics and integrity, we can navigate these complexities and ensure the successful operation of our business.
How do you think boards should be approaching enterprise risk and compliance matters?
It's vital that boards are asking the right questions around compliance and enterprise risk management and taking a holistic approach, recognizing that these matters impact all facets of a business, from financial operations to customer trust. Not every board member needs this focus, but certainly specific members need to keep pace with evolving regulations, be engaged in discussion on key risks, and ensure compliance and other risk management functions are adequately resourced. In the same way that boards have members with experience in finance, operations, and human relations, experience in compliance and risk management is also needed. This skill set not only mitigates risk but also enhances brand reputation by ensuring business practices reflect an organization’s commitment to doing business ethically and responsibly.
I want to extend my sincerest gratitude to Dana for sharing her insights and highlighting the critical role that compliance and privacy play in successful business operations. Her expertise is a testament to the fact that ethical conduct and business success are not mutually exclusive, but rather, symbiotically linked. There is no surprise that her passion for integrity and doing what's right is at the heart of her work.