SlideShare a Scribd company logo

Session 309 - Allocating Risk for Your Company - Playing the Feud (cjp 10.26)

C
Carl Peterson
1 of 35
Download to read offline
Session 309: Allocating Risk For Your Company: Playing the Feud
Faculty • General Counsel, Mid-Atlantic Business Unit, Titan America LLC Carl Peterson • Associate General Counsel, Dassault Falcon Jet Corp. Stephanie Bortnyk • Assistant General Counsel, Allegis Group, Inc. Allie Wright • Attorney, Womble Carlyle Sandridge & Rice, LLP Sonny Haynes *Disclaimer: The views and opinions expressed in this presentation and the accompanying materials are those of the authors as individuals and do not necessarily reflect the views or opinions of any of their respective employers.
Allocating Risk for Your Company: Agenda I. Traditional role of Legal Department in Risk Assessment/Compliance II. Current Environment – Recent Developments III. Survey Results - Introduction IV. Approaches to Compliance and Risk Assessment V. Ethical Concerns Related to Risk Assessments and Compliance VI. Survey of In-House Counsel – Discussion and Results – Playing the Feud! VII. Wrap Up/Q&A
Allocating Risk for Your Company: The Changing Landscape of Compliance • Has historically been the norm • But environment is evolving… “Triage” Approach – Learn and Respond • Began with financial reporting - Sarbanes-Oxley, Gramm Leach Bliley, Dodd-Frank, etc. • Recent developments = more comprehensive Compliance Obligations Are Increasing • DOJ/other agencies becoming more aggressive • Holder Memo • Thompson Memo • McNulty Memo • Filip Memo Risks of Non-Compliance Also Increasing
Potential for Personal Liability Antitrust Laws Environmental Laws Federal Securities Laws Yates Memo (2015) FCPA MSHA Responsible Corporate Officer Doctrine “Hide no Harm Act” (SB) (2015)
Allocating Risk for Your Company: Survey Results - Introduction • Wanted to learn “typical” in-house risks • How risks were being monitored • SLD focus Survey Development
Allocating Risk for Your Company: Survey Results - Demographics # of Lawyers 1-3 4-7 8+ 68%15% 17% # of Support Staff 1-3 4-7 8+ 84% 14% 2% Specialists v. Generalists Generalists Specialized A Little of Both 49%45% 6% Company Size 0-500 501-5,000 5,001+ 43% 32%25%
Internal Audit Department (Separate from Legal) Triage of Issues as they Arise (brought forward by the business or outside forces) Outside Compliance Monitoring Vendor Monitored/Addressed by Outside Counsel Routine Legal Department Compliance Checks 45% 20%26% 8% 1% Allocating Risk for Your Company: Survey Results – Risk Monitoring and Compliance
• More clients/practice areas/responsibilities, fewer attorneys/staff • Shift from triage to forward-looking program is vital • A viable compliance program is a must • Protect your company • Protect yourself and executives • Financial incentives Legal Departments Are Being Asked to Do More With Less Allocating Risk for Your Company: Survey Results - Overview
• Strong internal controls • Self-discovery/self-reporting • Requires formal compliance audits, risk assessments, mitigation efforts, etc. • Evidence shows that very few of us have these practices in place Limited Tools That May Garner Leniency Where To Start? Allocating Risk for Your Company: The Changing Landscape of Compliance
C O M M I T M E N T 1 P O L I C I E S 2 O V E R S I G H T 3 T R A I N I N G 5 I N C E N T I V E S 6 D I L I G E N C E 7 R E P O R T I N G 8 I M P R O V E M E N T 9 I N T E G R A T I O N 10 A S S E S S M E N T 4
0-5 Hallmarks 6-8 Hallmarks 9-10 Hallmarks 53% 13% Allocating Risk for Your Company: Ten Hallmarks of an Effective Compliance Program 34%
ERM CAS (2003) COSO (2004) RIMS (2006) ISO 31000 (2009) “The discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.” “A process…applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” “A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risk and managing the combined impacts of those risks as an interrelated risk portfolio.” “A process that provides confidence that planned objectives will be achieved within an acceptable degree of residual risk” Risk is “the effect of uncertainty on objects
• Systematic process to identify and scale risk • Can be applied to any area • Prioritizes and manages risks as an integrated portfolio • Evaluation of portfolio through various lenses • Recognizes that all risks are interrelated – combination of multiple risks may exceed sum of individual parts • Involve risk identification/management in all critical business decisions In Plain English? Allocating Risk for Your Company: Enterprise Risk Management
• ERM concepts can be replicated on a smaller scale • DOJ Guidance – smaller companies with fewer resources can still comply • If a program meets these three criteria, it will provide for detection, prevention, and remediation Allocating Risk for Your Company: Small Law Department – Other Compliance Methods
COSO Methodology
Step 1 – Set parameters for ranking Value Risk Grade Probability 1 - Very low < $10k < once every 10 years 2 - Low > $10k > once every 10 years 3 - Medium > $100k > once a year 4 - High > $1m > once a month 5 - Very high > $10m > once a day Step 2 – Survey risk/probability Allocating Risk for Your Company: Create Your Own Assessment
Step 3 – Tabulate Survey Results Allocating Risk for Your Company: Create Your Own Assessment Risk Description Activity Risk Grade Probability Risk Value Grade Value Probability Value Employment Law Union 2 - Low 2 - Low 100 10 10 Social Media 3 - Medium 3 - Medium 10000 100 100 Co-Employment 3 - Medium 3 - Medium 10000 100 100 FLSA 4 - High 4 - High 1000000 1,000 1,000 Overtime 3 - Medium 3 - Medium 10000 100 100 Discrimination 3 - Medium 3 - Medium 10000 100 100 Employee Safety 4 - High 5 - Very High 10000000 1,000 10,000
•Who is your client? •What do you do with information uncovered? •Attorney/client privilege protection? Unlocking Potential Ethical Concerns in Preparing a Risk Assessment Allocating Risk for Your Company: Small Law Department – Risk Assessments & Investigations
• What about risks that might be uncovered? • Something significant? • Serious enough to warrant outside counsel engagement? • Ethical rules to consider: • Rule 1.6: Confidentiality of Information • Rule 1.13: Organization as Client • Rule 4.1: Truthfulness In Statements To Others • Rule 8.4: Misconduct Allocating Risk for Your Company: Risk Assessments & Investigations
• Client Confidences • Routine business audits v. audits to determine need for legal advice • What about internal investigations? Model Rule 1.6: Confidentiality of Information Allocating Risk for Your Company: Small Law Department – Risk Assessments & Investigations
• (a) A lawyer employed or retained by an organization represents the organization acting through it duly authorized constituents • What about… • Conflicts of interest? • Upjohn warnings? • Report up, but do you always report out? Model Rule 1.13 – Organization as Client Allocating Risk for Your Company: Risk Assessments & Investigations
• Do not fail to disclose material fact when disclosure needed to avoid criminal or fraudulent act • Do not knowingly make false statement of material fact or law Model Rule 4.1 – Truthfulness in Statements to Others • Defines “professional misconduct” • Refrain from deceit, dishonesty, fraud, or misrepresentation Model Rule 8.4 – Misconduct Allocating Risk for Your Company: Risk Assessments & Investigations
Allocating Risk for Your Company: Playing the Feud – Labor and Employment Edition • Fair Labor Standards Act • Employee Safety (OSHA/MSHA) • Overtime Rules • Co-Employment • Social Media Issues • Union Activities/Persuader Rule POLL QUESTION – What do you believe survey respondents identified as the “highest risk” labor and employment issue:
0 0 0 FLSA Employee Safety (OSHA/MSHA) Overtime Rules Cheer SilenceLoseWin Boo Labor & Employment
Allocating Risk for Your Company: Playing the Feud – IT/Data Protection Edition • Increased Role of Legal in Data Compliance • Data Management/Retention/Deletion • Cybersecurity (Breaches/Hacking) • Unstructured Data Control • IT Infrastructure (aging/new technology) • EU Privacy Mandates POLL QUESTION – What do you believe survey respondents identified as the “highest risk” IT/Data Protection Issue:
0 0 0 Cybersecurity Data Management/ Retention/Deletion Unstructured Data Control Cheer SilenceLoseWin Boo IT & Data Protection
Allocating Risk for Your Company: Playing the Feud – Legal Department Management Edition • Establishing/Maintaining Business Relationships • Enterprise Risk Management • Identifying C-Level Risk Tolerance • Identification/Retention of Talent • Protection of Privilege • Conflicts of Interest POLL QUESTION – What do you believe survey respondents identified as the “highest risk” Legal Department Management Issue:
0 0 0 Talent Identification & Retention Protection of Privilege Enterprise Risk Management Cheer SilenceLoseWin Boo Legal Department Management
Allocating Risk for Your Company: Playing the Feud – Supply Chain Edition • Supply Chain Transparency • Foreign Privacy Laws • FCPA Compliance • Re-Export Concerns • OFAC Compliance/Sanctions List • Ethical and Social Compliance POLL QUESTION – What do you believe survey respondents identified as the “highest risk” Supply Chain Issue:
0 0 0 Ethical and Social Compliance Supply Chain Transparency FCPA Compliance Cheer SilenceLoseWin Boo Supply Chain
Allocating Risk for Your Company: Playing the Feud – Ethics Edition • Client Identification/Conflicts of Interest • E-Discovery/Litigation Management • Legal Outsourcing/Unauthorized Practice of Law • Communications with Represented Parties • Preserving Privilege and Work Product Protections • Personal Liability/Obligations Regarding Reporting POLL QUESTION – What do you believe survey respondents identified as the “highest risk” Ethics Issue:
0 0 0 Preserving Privilege/Work Product Protections E-Discovery/Litigation Management Personal Liability/ Obligations re Reporting Cheer SilenceLoseWin Boo Ethics
Summary Overview Changing Environment = Changing Approach Survey Your Landscape Open an Ongoing Dialog with Business Consider Legal as well as Business Risks Review/Adopt Compliance and Risk Monitoring Plans Incorporate Compliance Efforts into Business Routine Create a Defensible Position
Q&A •Thanks! Questions?

Recommended

Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
Legal Risk - New Thinking
Legal Risk - New ThinkingLegal Risk - New Thinking
Legal Risk - New ThinkingComplyWith NZ Ltd
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineFraudBusters
 
Tips for Implementing a Whistleblower Hotline
Tips for Implementing a Whistleblower HotlineTips for Implementing a Whistleblower Hotline
Tips for Implementing a Whistleblower HotlineCase IQ
 
Legally Optimistic: A study on legal departments and legal department operations
Legally Optimistic: A study on legal departments and legal department operationsLegally Optimistic: A study on legal departments and legal department operations
Legally Optimistic: A study on legal departments and legal department operationsLexisNexis Software Division
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadershipjobdoctors
 
Intro to Legal Risk Management
Intro to Legal Risk Management Intro to Legal Risk Management
Intro to Legal Risk Management Bryan Hopkins
 

Recommended

Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
Legal Risk - New Thinking
Legal Risk - New ThinkingLegal Risk - New Thinking
Legal Risk - New ThinkingComplyWith NZ Ltd
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineFraudBusters
 
Tips for Implementing a Whistleblower Hotline
Tips for Implementing a Whistleblower HotlineTips for Implementing a Whistleblower Hotline
Tips for Implementing a Whistleblower HotlineCase IQ
 
Legally Optimistic: A study on legal departments and legal department operations
Legally Optimistic: A study on legal departments and legal department operationsLegally Optimistic: A study on legal departments and legal department operations
Legally Optimistic: A study on legal departments and legal department operationsLexisNexis Software Division
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadershipjobdoctors
 
Intro to Legal Risk Management
Intro to Legal Risk Management Intro to Legal Risk Management
Intro to Legal Risk Management Bryan Hopkins
 
BIZGrowth Strategies Summer 2016
BIZGrowth Strategies Summer 2016BIZGrowth Strategies Summer 2016
BIZGrowth Strategies Summer 2016CBIZ, Inc.
 
Introducing a whistleblower_hotline
Introducing a whistleblower_hotlineIntroducing a whistleblower_hotline
Introducing a whistleblower_hotlineWhistleBlower Security Inc
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...David Cunningham
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013Nidhi Gupta
 
Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Case IQ
 
2009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 1102009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 110tmdonoesq
 
The Pitfalls of Linking Pay With Performance and How To Overcome Them
The Pitfalls of Linking Pay With Performance and How To Overcome ThemThe Pitfalls of Linking Pay With Performance and How To Overcome Them
The Pitfalls of Linking Pay With Performance and How To Overcome ThemCBIZ, Inc.
 
8 Tactics to Minimize Law Firm Risk of Malpractice
8 Tactics to Minimize Law Firm Risk of Malpractice8 Tactics to Minimize Law Firm Risk of Malpractice
8 Tactics to Minimize Law Firm Risk of MalpracticeLexisNexis Software Division
 
Common Pitfalls While Establishing a Whistle-blowing Hotline
Common Pitfalls While Establishing a Whistle-blowing HotlineCommon Pitfalls While Establishing a Whistle-blowing Hotline
Common Pitfalls While Establishing a Whistle-blowing HotlineRobin Singh, Ms.(Law), MBA, Ms. (IT), LPEC, CFE
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
 
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
 
Compliance Internal Investigation
Compliance Internal Investigation Compliance Internal Investigation
Compliance Internal Investigation Nexsen Pruet
 
Preparing for the Worst: Confronting Organizational Risk with Training Strategy
Preparing for the Worst: Confronting Organizational Risk with Training StrategyPreparing for the Worst: Confronting Organizational Risk with Training Strategy
Preparing for the Worst: Confronting Organizational Risk with Training Strategyrps_inkhouse_1
 
V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13Marion Macleod
 
Coffee Break Webinar: Regulatory Compliance
Coffee Break Webinar: Regulatory ComplianceCoffee Break Webinar: Regulatory Compliance
Coffee Break Webinar: Regulatory ComplianceDATIS
 
Own Your Business Risk
Own Your Business RiskOwn Your Business Risk
Own Your Business RiskCraig Tappel
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
2008_Miami_OpRisk_Conf
2008_Miami_OpRisk_Conf2008_Miami_OpRisk_Conf
2008_Miami_OpRisk_ConfPeter Poulos
 
Managing Risk
Managing RiskManaging Risk
Managing RiskSkoda Minotti
 
Salsa
SalsaSalsa
SalsaPaola Abella
 
PORTFOLIO rev 5.16
PORTFOLIO rev 5.16PORTFOLIO rev 5.16
PORTFOLIO rev 5.16Wai-Nung Lee
 

More Related Content

What's hot

BIZGrowth Strategies Summer 2016
BIZGrowth Strategies Summer 2016BIZGrowth Strategies Summer 2016
BIZGrowth Strategies Summer 2016CBIZ, Inc.
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...David Cunningham
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013Nidhi Gupta
 
Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Case IQ
 
2009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 1102009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 110tmdonoesq
 
The Pitfalls of Linking Pay With Performance and How To Overcome Them
The Pitfalls of Linking Pay With Performance and How To Overcome ThemThe Pitfalls of Linking Pay With Performance and How To Overcome Them
The Pitfalls of Linking Pay With Performance and How To Overcome ThemCBIZ, Inc.
 
8 Tactics to Minimize Law Firm Risk of Malpractice
8 Tactics to Minimize Law Firm Risk of Malpractice8 Tactics to Minimize Law Firm Risk of Malpractice
8 Tactics to Minimize Law Firm Risk of MalpracticeLexisNexis Software Division
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
 
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
 
Compliance Internal Investigation
Compliance Internal Investigation Compliance Internal Investigation
Compliance Internal Investigation Nexsen Pruet
 
Preparing for the Worst: Confronting Organizational Risk with Training Strategy
Preparing for the Worst: Confronting Organizational Risk with Training StrategyPreparing for the Worst: Confronting Organizational Risk with Training Strategy
Preparing for the Worst: Confronting Organizational Risk with Training Strategyrps_inkhouse_1
 
V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13Marion Macleod
 
Coffee Break Webinar: Regulatory Compliance
Coffee Break Webinar: Regulatory ComplianceCoffee Break Webinar: Regulatory Compliance
Coffee Break Webinar: Regulatory ComplianceDATIS
 
Own Your Business Risk
Own Your Business RiskOwn Your Business Risk
Own Your Business RiskCraig Tappel
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
2008_Miami_OpRisk_Conf
2008_Miami_OpRisk_Conf2008_Miami_OpRisk_Conf
2008_Miami_OpRisk_ConfPeter Poulos
 

What's hot (20)

BIZGrowth Strategies Summer 2016
BIZGrowth Strategies Summer 2016BIZGrowth Strategies Summer 2016
BIZGrowth Strategies Summer 2016
 
Introducing a whistleblower_hotline
Introducing a whistleblower_hotlineIntroducing a whistleblower_hotline
Introducing a whistleblower_hotline
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...
 
2009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 1102009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 110
 
The Pitfalls of Linking Pay With Performance and How To Overcome Them
The Pitfalls of Linking Pay With Performance and How To Overcome ThemThe Pitfalls of Linking Pay With Performance and How To Overcome Them
The Pitfalls of Linking Pay With Performance and How To Overcome Them
 
8 Tactics to Minimize Law Firm Risk of Malpractice
8 Tactics to Minimize Law Firm Risk of Malpractice8 Tactics to Minimize Law Firm Risk of Malpractice
8 Tactics to Minimize Law Firm Risk of Malpractice
 
Common Pitfalls While Establishing a Whistle-blowing Hotline
Common Pitfalls While Establishing a Whistle-blowing HotlineCommon Pitfalls While Establishing a Whistle-blowing Hotline
Common Pitfalls While Establishing a Whistle-blowing Hotline
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
 
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...
 
Compliance Internal Investigation
Compliance Internal Investigation Compliance Internal Investigation
Compliance Internal Investigation
 
Preparing for the Worst: Confronting Organizational Risk with Training Strategy
Preparing for the Worst: Confronting Organizational Risk with Training StrategyPreparing for the Worst: Confronting Organizational Risk with Training Strategy
Preparing for the Worst: Confronting Organizational Risk with Training Strategy
 
V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13
 
Coffee Break Webinar: Regulatory Compliance
Coffee Break Webinar: Regulatory ComplianceCoffee Break Webinar: Regulatory Compliance
Coffee Break Webinar: Regulatory Compliance
 
Own Your Business Risk
Own Your Business RiskOwn Your Business Risk
Own Your Business Risk
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we work
 
2008_Miami_OpRisk_Conf
2008_Miami_OpRisk_Conf2008_Miami_OpRisk_Conf
2008_Miami_OpRisk_Conf
 
Managing Risk
Managing RiskManaging Risk
Managing Risk
 

Viewers also liked

PORTFOLIO rev 5.16
PORTFOLIO rev 5.16PORTFOLIO rev 5.16
PORTFOLIO rev 5.16Wai-Nung Lee
 
Blogueros paolaabella.docx
Blogueros paolaabella.docxBlogueros paolaabella.docx
Blogueros paolaabella.docxPaola Abella
 
PWC case PPT-2
PWC case PPT-2PWC case PPT-2
PWC case PPT-2Lily Chi
 
Empresa socialmente responsable
Empresa socialmente responsableEmpresa socialmente responsable
Empresa socialmente responsableyamilemogo
 
Pitch Presentation
Pitch PresentationPitch Presentation
Pitch Presentationcm160032
 
c++ project
c++ projectc++ project
c++ projectTrish004
 
オープンコースウェアのこれから
オープンコースウェアのこれからオープンコースウェアのこれから
オープンコースウェアのこれからKatsusuke Shigeta
 
Font analysis
Font analysisFont analysis
Font analysiscobes1
 
Interpretacion de la ley
Interpretacion de la leyInterpretacion de la ley
Interpretacion de la leyWilliam Alvaro
 

Viewers also liked (17)

Salsa
SalsaSalsa
Salsa
 
PORTFOLIO rev 5.16
PORTFOLIO rev 5.16PORTFOLIO rev 5.16
PORTFOLIO rev 5.16
 
Descarga y streaming
Descarga y streamingDescarga y streaming
Descarga y streaming
 
Blogueros paolaabella.docx
Blogueros paolaabella.docxBlogueros paolaabella.docx
Blogueros paolaabella.docx
 
PWC case PPT-2
PWC case PPT-2PWC case PPT-2
PWC case PPT-2
 
La justicia de paz
La justicia de pazLa justicia de paz
La justicia de paz
 
Tarea 1
Tarea 1Tarea 1
Tarea 1
 
Empresa socialmente responsable
Empresa socialmente responsableEmpresa socialmente responsable
Empresa socialmente responsable
 
Pitch Presentation
Pitch PresentationPitch Presentation
Pitch Presentation
 
c++ project
c++ projectc++ project
c++ project
 
Trabajo semana 4
Trabajo semana 4Trabajo semana 4
Trabajo semana 4
 
オープンコースウェアのこれから
オープンコースウェアのこれからオープンコースウェアのこれから
オープンコースウェアのこれから
 
2011.11.10.coeducación
2011.11.10.coeducación2011.11.10.coeducación
2011.11.10.coeducación
 
Font analysis
Font analysisFont analysis
Font analysis
 
Interpretacion de la ley
Interpretacion de la leyInterpretacion de la ley
Interpretacion de la ley
 
Comunicadores
ComunicadoresComunicadores
Comunicadores
 
Los mamíferos !!
Los mamíferos !!Los mamíferos !!
Los mamíferos !!
 

Similar to Session 309 - Allocating Risk for Your Company - Playing the Feud (cjp 10.26)

IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop Ersoy AKSOY
 
5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work Culture5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work CultureCase IQ
 
Risk assessment and compliance 151119
Risk assessment and compliance 151119Risk assessment and compliance 151119
Risk assessment and compliance 151119KAYODE ADEBIYI
 
Next Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance RiskNext Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance Riskqordata
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh ISSA
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
Vendor Sustainability Programme Development
Vendor Sustainability Programme DevelopmentVendor Sustainability Programme Development
Vendor Sustainability Programme DevelopmentPECB
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsID Experts
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
 
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
5 Ways to Build Employee Trust for Less Turnover and Fewer IncidentsCase IQ
 
OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?ID Experts
 

Similar to Session 309 - Allocating Risk for Your Company - Playing the Feud (cjp 10.26) (20)

IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop
 
5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work Culture5 Steps to Creating an Ethical Work Culture
5 Steps to Creating an Ethical Work Culture
 
Risk assessment and compliance 151119
Risk assessment and compliance 151119Risk assessment and compliance 151119
Risk assessment and compliance 151119
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Next Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance RiskNext Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance Risk
 
Compliance as Culture Strategy
Compliance as Culture StrategyCompliance as Culture Strategy
Compliance as Culture Strategy
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
 
654L17_E
654L17_E654L17_E
654L17_E
 
Kick Start Your Fraud Prevention
Kick Start Your Fraud PreventionKick Start Your Fraud Prevention
Kick Start Your Fraud Prevention
 
Kick Start Your Fraud Prevention
Kick Start Your Fraud PreventionKick Start Your Fraud Prevention
Kick Start Your Fraud Prevention
 
Beyond Compliance
Beyond ComplianceBeyond Compliance
Beyond Compliance
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1
 
Vendor Sustainability Programme Development
Vendor Sustainability Programme DevelopmentVendor Sustainability Programme Development
Vendor Sustainability Programme Development
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity Clients
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
 
OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?
 

Session 309 - Allocating Risk for Your Company - Playing the Feud (cjp 10.26)

  • 1. Session 309: Allocating Risk For Your Company: Playing the Feud
  • 2. Faculty • General Counsel, Mid-Atlantic Business Unit, Titan America LLC Carl Peterson • Associate General Counsel, Dassault Falcon Jet Corp. Stephanie Bortnyk • Assistant General Counsel, Allegis Group, Inc. Allie Wright • Attorney, Womble Carlyle Sandridge & Rice, LLP Sonny Haynes *Disclaimer: The views and opinions expressed in this presentation and the accompanying materials are those of the authors as individuals and do not necessarily reflect the views or opinions of any of their respective employers.
  • 3. Allocating Risk for Your Company: Agenda I. Traditional role of Legal Department in Risk Assessment/Compliance II. Current Environment – Recent Developments III. Survey Results - Introduction IV. Approaches to Compliance and Risk Assessment V. Ethical Concerns Related to Risk Assessments and Compliance VI. Survey of In-House Counsel – Discussion and Results – Playing the Feud! VII. Wrap Up/Q&A
  • 4. Allocating Risk for Your Company: The Changing Landscape of Compliance • Has historically been the norm • But environment is evolving… “Triage” Approach – Learn and Respond • Began with financial reporting - Sarbanes-Oxley, Gramm Leach Bliley, Dodd-Frank, etc. • Recent developments = more comprehensive Compliance Obligations Are Increasing • DOJ/other agencies becoming more aggressive • Holder Memo • Thompson Memo • McNulty Memo • Filip Memo Risks of Non-Compliance Also Increasing
  • 6. Allocating Risk for Your Company: Survey Results - Introduction • Wanted to learn “typical” in-house risks • How risks were being monitored • SLD focus Survey Development
  • 7. Allocating Risk for Your Company: Survey Results - Demographics # of Lawyers 1-3 4-7 8+ 68%15% 17% # of Support Staff 1-3 4-7 8+ 84% 14% 2% Specialists v. Generalists Generalists Specialized A Little of Both 49%45% 6% Company Size 0-500 501-5,000 5,001+ 43% 32%25%
  • 8. Internal Audit Department (Separate from Legal) Triage of Issues as they Arise (brought forward by the business or outside forces) Outside Compliance Monitoring Vendor Monitored/Addressed by Outside Counsel Routine Legal Department Compliance Checks 45% 20%26% 8% 1% Allocating Risk for Your Company: Survey Results – Risk Monitoring and Compliance
  • 9. • More clients/practice areas/responsibilities, fewer attorneys/staff • Shift from triage to forward-looking program is vital • A viable compliance program is a must • Protect your company • Protect yourself and executives • Financial incentives Legal Departments Are Being Asked to Do More With Less Allocating Risk for Your Company: Survey Results - Overview
  • 10. • Strong internal controls • Self-discovery/self-reporting • Requires formal compliance audits, risk assessments, mitigation efforts, etc. • Evidence shows that very few of us have these practices in place Limited Tools That May Garner Leniency Where To Start? Allocating Risk for Your Company: The Changing Landscape of Compliance
  • 12. 0-5 Hallmarks 6-8 Hallmarks 9-10 Hallmarks 53% 13% Allocating Risk for Your Company: Ten Hallmarks of an Effective Compliance Program 34%
  • 13. ERM CAS (2003) COSO (2004) RIMS (2006) ISO 31000 (2009) “The discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.” “A process…applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” “A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risk and managing the combined impacts of those risks as an interrelated risk portfolio.” “A process that provides confidence that planned objectives will be achieved within an acceptable degree of residual risk” Risk is “the effect of uncertainty on objects
  • 14. • Systematic process to identify and scale risk • Can be applied to any area • Prioritizes and manages risks as an integrated portfolio • Evaluation of portfolio through various lenses • Recognizes that all risks are interrelated – combination of multiple risks may exceed sum of individual parts • Involve risk identification/management in all critical business decisions In Plain English? Allocating Risk for Your Company: Enterprise Risk Management
  • 15. • ERM concepts can be replicated on a smaller scale • DOJ Guidance – smaller companies with fewer resources can still comply • If a program meets these three criteria, it will provide for detection, prevention, and remediation Allocating Risk for Your Company: Small Law Department – Other Compliance Methods
  • 17. Step 1 – Set parameters for ranking Value Risk Grade Probability 1 - Very low < $10k < once every 10 years 2 - Low > $10k > once every 10 years 3 - Medium > $100k > once a year 4 - High > $1m > once a month 5 - Very high > $10m > once a day Step 2 – Survey risk/probability Allocating Risk for Your Company: Create Your Own Assessment
  • 18. Step 3 – Tabulate Survey Results Allocating Risk for Your Company: Create Your Own Assessment Risk Description Activity Risk Grade Probability Risk Value Grade Value Probability Value Employment Law Union 2 - Low 2 - Low 100 10 10 Social Media 3 - Medium 3 - Medium 10000 100 100 Co-Employment 3 - Medium 3 - Medium 10000 100 100 FLSA 4 - High 4 - High 1000000 1,000 1,000 Overtime 3 - Medium 3 - Medium 10000 100 100 Discrimination 3 - Medium 3 - Medium 10000 100 100 Employee Safety 4 - High 5 - Very High 10000000 1,000 10,000
  • 19. •Who is your client? •What do you do with information uncovered? •Attorney/client privilege protection? Unlocking Potential Ethical Concerns in Preparing a Risk Assessment Allocating Risk for Your Company: Small Law Department – Risk Assessments & Investigations
  • 20. • What about risks that might be uncovered? • Something significant? • Serious enough to warrant outside counsel engagement? • Ethical rules to consider: • Rule 1.6: Confidentiality of Information • Rule 1.13: Organization as Client • Rule 4.1: Truthfulness In Statements To Others • Rule 8.4: Misconduct Allocating Risk for Your Company: Risk Assessments & Investigations
  • 21. • Client Confidences • Routine business audits v. audits to determine need for legal advice • What about internal investigations? Model Rule 1.6: Confidentiality of Information Allocating Risk for Your Company: Small Law Department – Risk Assessments & Investigations
  • 22. • (a) A lawyer employed or retained by an organization represents the organization acting through it duly authorized constituents • What about… • Conflicts of interest? • Upjohn warnings? • Report up, but do you always report out? Model Rule 1.13 – Organization as Client Allocating Risk for Your Company: Risk Assessments & Investigations
  • 23. • Do not fail to disclose material fact when disclosure needed to avoid criminal or fraudulent act • Do not knowingly make false statement of material fact or law Model Rule 4.1 – Truthfulness in Statements to Others • Defines “professional misconduct” • Refrain from deceit, dishonesty, fraud, or misrepresentation Model Rule 8.4 – Misconduct Allocating Risk for Your Company: Risk Assessments & Investigations
  • 24. Allocating Risk for Your Company: Playing the Feud – Labor and Employment Edition • Fair Labor Standards Act • Employee Safety (OSHA/MSHA) • Overtime Rules • Co-Employment • Social Media Issues • Union Activities/Persuader Rule POLL QUESTION – What do you believe survey respondents identified as the “highest risk” labor and employment issue:
  • 25. 0 0 0 FLSA Employee Safety (OSHA/MSHA) Overtime Rules Cheer SilenceLoseWin Boo Labor & Employment
  • 26. Allocating Risk for Your Company: Playing the Feud – IT/Data Protection Edition • Increased Role of Legal in Data Compliance • Data Management/Retention/Deletion • Cybersecurity (Breaches/Hacking) • Unstructured Data Control • IT Infrastructure (aging/new technology) • EU Privacy Mandates POLL QUESTION – What do you believe survey respondents identified as the “highest risk” IT/Data Protection Issue:
  • 28. Allocating Risk for Your Company: Playing the Feud – Legal Department Management Edition • Establishing/Maintaining Business Relationships • Enterprise Risk Management • Identifying C-Level Risk Tolerance • Identification/Retention of Talent • Protection of Privilege • Conflicts of Interest POLL QUESTION – What do you believe survey respondents identified as the “highest risk” Legal Department Management Issue:
  • 29. 0 0 0 Talent Identification & Retention Protection of Privilege Enterprise Risk Management Cheer SilenceLoseWin Boo Legal Department Management
  • 30. Allocating Risk for Your Company: Playing the Feud – Supply Chain Edition • Supply Chain Transparency • Foreign Privacy Laws • FCPA Compliance • Re-Export Concerns • OFAC Compliance/Sanctions List • Ethical and Social Compliance POLL QUESTION – What do you believe survey respondents identified as the “highest risk” Supply Chain Issue:
  • 31. 0 0 0 Ethical and Social Compliance Supply Chain Transparency FCPA Compliance Cheer SilenceLoseWin Boo Supply Chain
  • 32. Allocating Risk for Your Company: Playing the Feud – Ethics Edition • Client Identification/Conflicts of Interest • E-Discovery/Litigation Management • Legal Outsourcing/Unauthorized Practice of Law • Communications with Represented Parties • Preserving Privilege and Work Product Protections • Personal Liability/Obligations Regarding Reporting POLL QUESTION – What do you believe survey respondents identified as the “highest risk” Ethics Issue:
  • 33. 0 0 0 Preserving Privilege/Work Product Protections E-Discovery/Litigation Management Personal Liability/ Obligations re Reporting Cheer SilenceLoseWin Boo Ethics
  • 34. Summary Overview Changing Environment = Changing Approach Survey Your Landscape Open an Ongoing Dialog with Business Consider Legal as well as Business Risks Review/Adopt Compliance and Risk Monitoring Plans Incorporate Compliance Efforts into Business Routine Create a Defensible Position