Perspectives

Compliance in focus: findings from Deloitte’s 12th Energy Industry Compliance Survey

Insights to fuel future readiness amid evolving regulatory environment

As the regulatory environment surrounding the energy industry continues to evolve, energy companies are expected to bolster and scale programs with acceptable controls to proactively manage compliance risks from emerging areas. Deloitte’s 12th Energy Industry Compliance Survey focused on capturing insights into the latest compliance trends and leading practices in the energy industry to help organizations improve their compliance programs and manage risks more effectively.

The 2024 survey gathered responses from 39 energy companies, including power and utility, independent power producers, and oil and gas sectors. Participants included chief compliance officers, plus directors and managers focusing on compliance and/or regulatory risk within their company. The survey focused on capturing insights into how organizations stay abreast of the evolving compliance environment across four specific areas: 1) Compliance Program Governance; 2) Compliance Risk Assessments (CRA); 3) Information Governance (IG); and 4) Risk, Controls, and Assurance. It was carefully curated to highlight specific regulatory and compliance matters across these four major areas of interest.

Two themes emerged across the four specific areas and are echoed throughout this report:

Organizations should take a broad-based approach to compliance, integrating emerging areas like Generative AI with traditional enterprise and regulatory matters. Proactive management of compliance risks is crucial, balancing the rising risks of data privacy and cybersecurity with traditional risks such as corruption and regulatory risk.
The digitization of operations and commerce, has altered risk management approaches. Policies and controls are being updated to handle digital information, yet many control infrastructures remain manual.

The four areas—why are they so important?

Three primary enterprise service delivery goals

${column1-large-text}

Compliance and ethics program governance

Effective governance enables organizations to not only adhere to legal and regulatory requirements but also uphold the standards of integrity and ethical conduct. Strong governance frameworks enable companies to proactively identify and mitigate risks, promote transparency, and demonstrate accountability across many levels of the organization. Ultimately, the commitment to compliance and ethics is essential to maintaining a competitive edge and achieving strategic objectives in a responsible and principled manner.

Learn more

${column2-large-text}

Compliance risk assessments

CRAs are a cornerstone of an organization’s commitment to maintaining the standards of legal and ethical conduct. These assessments are vital for identifying, evaluating, and mitigating potential compliance risks that could impact a company’s reputation, regulatory scrutiny, and financial stability.

${column3-large-text}

Information governance

This is needed for companies striving to manage their data assets responsibly and effectively. It helps keep information correct, secure, and accessible, thereby supporting compliance with regulatory requirements and mitigating risks associated with data breaches and misuse. By maintaining stringent information governance standards, companies can build and sustain trust with stakeholders―demonstrating a commitment to data privacy and security. Common factors considered when prioritizing information governance are compliance risk, reputational risk, litigation, and security threats/obligations.

Download the report

${column4-large-text}

Risk, controls, and assurance

Controls and assurance activities provide a structured approach to identifying, assessing, and managing potential threats and risks. By establishing strong internal controls, companies can better prevent and detect errors, fraud, and non-compliance, thereby protecting their assets and reputation. Assurance activities, like audits and reviews, offer an additional layer of oversight, considering that controls are functioning as intended and that risk management processes are effective.

${column4-button-text}

So … what is the data telling us?

Keeping pace with emerging ethics and compliance developments

As risks facing the industry continue to grow and become more complex, organizations find themselves requiring greater measures in place and attempt to anticipate risks, but there is room for improvement. Compliance continues to have a strong voice within organizations, often wearing a dual hat with other positions and continues to collaborate more with other business and assurance functions to help prepare their organizations for the future.

Contacts

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Viewing offline content