Corporate Ethics Compliance *

advertisement
Corporate Ethics Compliance *
• Required by Federal Sentencing Guidelines,
Department of Justice, the Sarbanes-Oxley
Act, the U.S. Securities and Exchange
Commission, the NYSE, and the Office of
Inspector General: Department of Health and
Human Services, and many other agencies.
• *This presentation is from Katherina Wulf’s
“Ethics and Compliance Programs in
Multinational Organizations”
Corporate Ethics Compliance
•
•
•
•
•
•
•
•
•
•
•
•
Elements of Corporate Ethics Compliance
Element 1: Risk Assessment
Element 2: Corporate Culture
Element 3: Oversight by the Board and Senior Management
Element 4: The Ethics and Compliance Office
Element 5: Code of Conduct
Element 6: Receiving complaints
Element 7: Training and Communication
Element 8: Assessment of compliance activities
Element 9: Incentives and discipline
Element 10: Response to misconduct
Element 11: Employee screening
4 Structural Elements of Ethics
Compliance
• Element 1: Risk Assessment
• Element 2: Corporate Culture
• Element 3: Oversight by the Board and Senior
Management
• Element 4: The Ethics and Compliance Office
Element 1: Risk Assessment
• potential exposure to criminal conduct; a broad view
of the risks that could impact the organization’s
reputation for ethical and legal conduct.
Element 1
• Step 1: Decide whether to do it separately or
as part of enterprise assessment
• Step 2: Appoint a risk management team
– “general counsel, the chief ethics and compliance
officer, legal subject matter experts, and, if
necessary, business unit or functional heads such
as internal audit, human resources, finance, IT,
regional heads, other subject matter experts, and
outside attorneys or consultants.” (Wulf)
Element 1
• Step 3: Risk Identification
– “internal and external sources of risk information,
including the organization’s past audit results and
litigation or claims history, the size and root
causes of incidents in the organization’s industry,
and major trends” (Wulf)
Element 1
• Step 4: Data Gathering and Analysis
– Gather data
•
•
•
•
Current risks
Tools to identify risk
Strategies to mitigate risk
Emerging risks
– Analyze data
Element 1
• Step 5: Risk rating
– “the likelihood of occurrence, the severity of the
risk, and the effectiveness of existing mitigation
controls of the various risks. Adjustments to the
rating scale may be required depending on each
organization’s appetite for risk, as well as any
characteristics particular to an industry or
operating environment.” (Wulf)
Element 1
• Step 6: Risk Communication and Information
– “a detailed description of the risk assessment, the
determined risks, and the action plan…to address,
monitor, and manage” these risks. (Wulf)
– Convey this information to senior management,
and to all relevant parts of the organization.
Element 2: Corporate Culture
• Step 1: Analysis of the Existing Corporate
Culture
– “A corporate culture is made up of these shared
values of different stakeholders that are reflected
in their collective actions…The total sum of all the
collective values and behaviors of all employees
and managers is the company’s culture.”
Element 2
• Step 2: Assessment of the Corporate Culture
– Codes of conduct accord with culture
– People aspire to go beyond mere compliance
– Informal norms, rituals, stories, and traditions
demonstrate to people what behavior is expected
– Business objectives are “reached in a manner that
is true to your values.”
– Appropriate behavior gets rewarded/punished,
perception of fairness, the leadership is willing to
talk about ethics
Element 2
• Step 3: Implementation of an Action Plan
– “a shared vision of the future and a shared set of
values that clarifies the organization’s intentions
and gives employees purpose and meaning (is)
integrated into all business operations and
decisions.”
– “the organization’s processes and systems must
reflect the shared values and behaviors with
appropriate consequences for those who are not
willing to comply.”
Element 3: Oversight
• Step 1: Right Tone from the Top
• Step 2: Monitoring the Program’s Key
Components
• Step 3: Regular Updates for Senior
Management and the Board
• Step 4: A Code of Conduct for the Board of
Directors
Element 4: The Ethics and Compliance
Office
• Step 1: The Organizational Structure options
– “the stand-alone structure, with the ethics and compliance
office as a separate business unit.
– the semiautonomous structure, the ethics and compliance
office is administratively a component of another business
unit.
– In the centralized structure, the ethics and compliance
office is responsible for the program for the entire
organization.
– the decentralized structure, in which the rather small
ethics and compliance office develops the program, but
each business unit then has its own ethics and compliance
office that implements the program according to its own
needs.”
Element 4
• Step 2: Leadership Credentials and
Competencies of the CECO
– CECOs often have a background in law, auditing,
human resources, or security
– knowledgeable of the business operations and the
company’s strategies and goals.
– able to work with the board of directors, senior
management and many different departments.
– a passion for ethical conduct and compliance.
Element 4
• Step 3: Professional Development and
Certification
– Be a member of a professional organization and
stay current.
• (e.g., Ethics and Compliance Officer Association,
www.theecoa.org/imis15/ECOAPublic/)
• Step 4: Reporting Structure of the CECO
– Options: CEO, Board, general counsel
Element 4
• Step 5: Outsourcing the Ethics and
Compliance Function
– If the program is completely outsourced, the
organization is still responsible for meeting the
regulatory requirements. The company loses
controls over the ethics and compliance
operations, but it is still liable.
Element 4
• Step 6: The Relationship with Senior
Management and the Board
• Step 7: Resources and Budget
– Sufficient staffing and budget to maintain hotline,
provide training, do risk assessments and audits,
record keeping.
• Step 8: Ethics and Compliance Committees or
Councils
Download