Participation in C5 Compliance Congress.
MONITORING
It is critical to be able to identify areas where your company is vulnerable and ensure that you have the proper procedures in place to avoid a costly government investigation and the negative headlines. In this interactive session, the working group leaders will walk you through a complete risk assessment in Spain. This allows ample time to discuss the nuances of creating a thorough risk profile focusing on risks that end up in corporate criminal liability for high profile crimes such as corruption, bribery, tax fraud, corporate fraud, environmental fraud, social security fraud, organised crime and many more…You will gain the tools and best practices allowing your organisation to upgrade your compliance programme or to write one from scratch. Putting in place adequate processes to capture potential risks and mitigating them on an ongoing basis is your defence
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service Chandigarh
Internal Controls and Monitoring 28 9-2015
1. PROGRAMA DE COMPLIANCE
Madrid, 27 Abril de 2015
Jose Manuel Garcelan 1
How to Conduct a Comprehensive Compliance Risk Assessment and Build an
Effective Compliance Program
2. Bio Introduction
An experienced Ethics & Compliance Director, supported
by a wide background occupying positions of increasing
responsibility in Compliance, Ethics, Privacy and Finance
and in other functions in the Internal Control and
optimization of resources. Experience in successful
implementation and management of robust integrated
customized compliance programs across various
countries.
Jose Manuel Garcelan
es.linkedin.com/in/JoseManuelGarcelan
Jose Manuel Garcelan 2
3. 2004 MBA Executive Master in Pharma business MADRID, SPAIN
EPHOS-Escuela Superior de Estudios Farmacéuticos
1991-1993 Degree in ECONOMICS Specialty in Finance MADRID, SPAIN
Universidad Complutense de Madrid
1987-1990 Graduate in BUSINESS ADMINISTRATION MADRID, SPAIN
Specialty: Marketing
Escuela Univ. de Estudios Empresariales Complutense
LANGUAGES
Spanish – Mother Tongue. Fluent in ENGLISH and basic knowledge of French.
FUTHER LEGAL TRAINING
• 2015 Legal-Compliance Post-grade
- Universidad Carlos III De Madrid
• 2010 Healthcare Compliance Ethics & Regulation Certification
- Seton Hall Law/ Sciencespo Paris, FRANCE
• 2013 Certified Information Privacy Profesional/Europe - (Cipp/E)
International Association
Jose Manuel Garcelan
es.linkedin.com/in/JoseManuelGarcelan
Education
Jose Manuel Garcelan 3
4. APRIL 2015-PRESENT COMPLIANCE CONSULTANCY
2009-2015 MERCK SHARP & DOHME
Chief Compliance & Privacy Officer Director Spain and Portugal
1996-2009 SCHERING-PLOUGH
2006 -2009 Compliance & Business Practices Director
2001-2005 Accounting, Internal Audit And Tax Asoc. Director
1996-2000 Controlling And Reporting Finance Manager
1995 - 1996 QUESERÍAS BEL ESPAÑA
Administration Manager
1990 - 1995 SWATCH Finance Manager
1986 - 1990 ZAMBELETTI ESPAÑA Finance Senior Analyst
Jose Manuel Garcelan
es.linkedin.com/in/JoseManuelGarcelan
Professional Experience
Jose Manuel Garcelan 4
5. Madrid, 27 Abril de 2015
Jose Manuel Garcelan 5
AGENDA
MONITOTING ,EVALUATING , REPORTING & AUDITING
Defense lines and Risk Concept
How to trace payments through Monitoring
Working with finance, internal audit and accounting departments in Compliance
Reporting
Auditing
Reporting findings to compliance officers, audit committees and legal counsel
How to implement controls to prevent improper payments and fraud
WHISHTLEBLOWING
INVESTIGATIONS & REMEDIATION DISCIPLINE & RESPONSE
Why you need a whistleblowing program and how to make it work in Spain
Data Protection the new face of privacy compliance
Employees facing corruption aligning anti-corruption measures to the influencing
factors of decision-making
19. Monitorización
El CMS debe ser monitorizado para asegurar su
adecuado rendimiento. Esta monitorización debe ser
continua.
La monitorización de Compliance es el proceso por el
cual se obtiene información indicativa de la efectividad
del CMS y su rendimiento. Incluye, entre otras cosas:
1. ‐ Efectividad de la formación.
2. ‐ Efectividad de los controles mediante muestreos.
3. ‐ Efectividad de la asignación de responsabilidades de
Compliance.
1. ‐ Efectividad en corregir las no conformidades y los no
cumplimientos, etc.
Jose Manuel Garcelan 19
21. Métodos para captar de información
Existen muchos métodos para obtener información útil
para poder valorar el rendimiento del CMS y la cultura de
cumplimiento, entre los cuales están:
‐ Los informes y reportes periódicos que se realicen ante
no cumplimientos.
‐ La obtenida por los canales de comunicación y/o
denuncia.
- La obtenida por barómetros de cumplimiento y DD.
‐ La que se obtiene de sistemas de Control y data
analytics
- ..etc….
Jose Manuel Garcelan 21
23. Análisis de información y
clasificación.
Una clasificación y gestión eficaz de la información es
fundamental. El CMS debe incorporar un sistema de
clasificación de la información según, por ejemplo, su
origen, departamento, descripción del no cumplimiento,
indicadores, etc.
La información bien gestionada permite analizar las
raíces de los no cumplimientos y detectar problemas
recurrentes..
Jose Manuel Garcelan 23
24. Desarrollo de indicadores
Son necesarios indicadores que permitan conocer si se han alcanzado
los objetivos de cumplimiento y poder así cuantificar el rendimiento de
la organización en materia de Compliance. Estos indicadores son
importantes para evidenciar la efectividad del CMS. Pueden incluir,
entre otras cosas:
Indicadores activos
‐ Porcentajes y frecuencia de formación.
‐ Nivel de utilización de mecanismos de
retroalimentación (canales de comunicación/denuncia), etc.
Indicadores reactivos
‐ No cumplimientos detectados y sus consecuencias así
como acciones correctivas, etc.
Indicadores predictivos
‐ Tendencias de no cumplimiento, nuevos riesgos de cumplimiento,
etc.
Jose Manuel Garcelan 24
25. My Expertise and Specialty : Compliance Analytics
“The bar is raised “ Compliance Monitoring now requires big data analytics
Area Observations Management Actions Owner Due Date
1. Not clear if list of 51 government intermediaries is complete (customs agents,
meeting logistics agencies)
1. Edit the customer master file and include an indicator if
customer is gvt intermediary or not in SAP
Dmitry & Marina
De Rosa
2. Unclear if the right people are on the list.
2. Reconfirm the accurracy and completeness of list - ensure only
the gvt intermediaries that need to be on the list are & provide
dialogue to management on why certain items are on the list or
not.
Nicolai
Training
Completion
1. Significant percentage of colleagues in Russia that have NOT taken training:
FCPA: 35% (324 colleagues incomplete)
FYEO: 48% (444 colleagues incomplete)
Privacy: 54% (505 colleagues incomplete)
OVS: 90% (836 due by 10/31)
1. Focus on Getting FCPA training complete in October.
1. Two open audit commitments due in Sep (Diethard) (6/29/2012-"Distributor
Margins for Tender Business" and 2/27/2012-"Travel & Entertainment")
1. Close open audit items from September Diethard
2. One open audit commitment due in Dec from 2/27/2012 - "Meetings with HCPS" Marina De Rosa Dec-12
1. Turnover rate is steadily around 22%; no significant increase or decrease in the
past 12 months
2. 13 out of 99 procedures do not have any dates (no creation/last update)
3. 31 out of 99 procedures were last updated 2-3 years ago.
1. 5 out of 14 distributors have inconsistent gross to net percentage. Typical= 7%,
range of 5 outliers are 16% -37%
1. Investigate root cause
2. One distributor has negative sales 2. Investigate root cause
3. 13 out of 60 products (22%) have inconsistencies in distributor bonus, composing
10.5% of total sales
(42 track consistently, 5 only have 1 distributor)
3. Investigate the 13 products and determine root cause for
deviation from typical bonus
1. 12% of employees on average exceed the 8000p limit per month
2. 351000p reimbursed above June limit
3. Fourth highest risk score, is the 2nd biggest spender
4. 15 people have over 20 rounded (to the nearest 500p) transactions in over 6
months (doesn't include per diem)
5. 50% of spend is made up of mini meetings and gasoline (51Mp)
Grants
1. Total dollars in grants: 8.1Mp (250K USD) across 25 entities. Not clear if
transactions went through company's donations committee.
1. Confirm with the minutes of the donation committee that all
transactions went through the committee
HCP 1. Unclear if data is accurate
1. Get new set of data, and upload to spotfire. Re-assess how
many HCPs are over the limit.
2. Use payroll to verify aggregate number
1. Not able to clearly monitor total spend by meeting or expense type: Inconsistent
recording of expenses across meeting types & expense types 1. Need launch of new meeting management system
2. Not all meetings are Planned into SAP: Manual Aggregate Spend Includes Estimates 2. Edit accounts in SAP. Determine timing if October or Jan 1.
Russia Business Analytics Observations - October 2012
Employees
Audit
Commitments
1. Investigate root cause
Meetings
Government
Intermediaries
Distributor
Data Range: January 2012- June 2012
T&E
DashboardAction Items
CORRECT
DETECT
PREVENT
AnalysisRECOGNITION; BEST SELF-STARTER
I have created a new Spotfire model
to be able to manage: Prevention ,
detection and correction of
Compliance Risks in the Organization
Jose Manuel Garcelan 25
26. Compliance Dashboard Design
Sales Activities
Gross to Net Sales & Trend
Sales by Products/Customers
Discounts
Free Goods
Credit Notes/Returns
Payments to Sales Customers
Distributor Interactions (Tenders)
Government Intermediaries (Distributors)
HCP/AHCP Interactions
Fees for Services
Sponsorships
T&E
Samples
• Disbursements
Grants, Donations and Charitable
Contributions
All Other third party Payments
Government Intermediaries (Other)
• Compliance Activities
Training
Audit Remediation
Promotional Materials
Employee
Patient Programs
Product Safety Request
Each risk and domain are evaluated per market for relevancy and data availability.
Local markets may choose to add additional monitoring elements based on market needs.
Data / Risk Prioritization Model
ResidualRisk
High
Work towards
Obtaining Data
Dashboard
Candidates
Dashboard
Candidates
Medium
Candidate
When Available
Candidate
When Available
Dashboard
Candidate
Low
Not included in
Dashboard
Not Included in
Dashboard
Not Included in
Dashboard
Not currently
Available
Available with
Effort
Readily
Available
Data Availability
Jose Manuel Garcelan 26
27. Examples of Signals (I)
Sales Activities
PERCENTAGE OF DISCOUNT BY CUSTOMER: Are any
customers getting discount above the limits per
commercial policy or compared to similar
customers? Ensure that customers are aligned to the
type of discounts allowed.
FREE GOODS - If expectation is no free goods, check
if there are any products/distributors getting
discount of 100%. If there are products in this case,
ensure we have controls in place to handle free
goods.
Outliers
High
Discounts
100%
Discounts
Jose Manuel Garcelan 27
28. Examples of Signals (II):
Disbursements & Compliance Activities
PAYMENTS: View actual payments to vendors
for unusual activity such as travel expenses
paid via PO, Vendors over authorization limits,
or high payments to HCPs or Customers.
THIRD PARTY INTERMEDIARIES: Identify where
third parties have not followed the proper
approval process, documentation is missing, or
contracts are invalid.
Authorization
Limit
Outliers
Non Valid
Contracts
Jose Manuel Garcelan 28
30. Reporte de Compliance
El órgano de gobierno social, la alta dirección y el equipo
directivo deben estar informados del rendimiento de
Compliance de la organización, incluyendo los no
cumplimientos relevantes que se hayan producido. Esto
supone la inclusión de diferentes mecanismos de reporte
que pueden contemplar su recepción y firma.
El reporting contemplará, por ejemplo:
‐ Aspectos que deban ser reportados al regulador.
‐ No cumplimientos producidos y sus consecuencias.
‐ Acciones correctivas adoptadas.
‐ Resultados de auditorías, etc.
Jose Manuel Garcelan 30
31. Cuando se detecte una no conformidad o un no
cumplimiento se deben tomar acciones para su
corrección y gestión de consecuencias.
Se valorará la causa raíz de la no conformidad o no
cumplimiento para desarrollar la acciones adecuadas
y se comprobará la efectividad de las acciones
correctivas (corregir procedimientos y/o controles,
variar la formación, alerta temprana cuando hay
evidencias, mejorando mecanismos de escalado,
etc).
Acciones frente a no conformidades y
no cumplimientos
Jose Manuel Garcelan 31
33. Mantenimiento de registros
Se deberán mantener registros adecuados que
recojan las actividades de Compliance de modo
que puedan ser monitorizadas o auditadas.
Estarán dotados de las medidas de seguridad
pertinentes.
Jose Manuel Garcelan 33
34. La organización desarrollará auditorías en
periodos programados (auditoría planificada).
La auditoría verificará que se siguen los criterios
del estándar y se ejecuta adecuadamente el
CMS.
La auditoría se debe desarrollar de forma que
garantice la objetividad e imparcialidad.
AUDITORIA
Jose Manuel Garcelan 34
47. Mejora continua
Toda la información obtenida y gestionada en
materia de Compliance debe ser utilizada para
detectar oportunidades de mejora y adoptar
acciones tendentes a mejorar el CMS de manera
continua.
Jose Manuel Garcelan 47
68. The greatest protection against corruption is
an effective compliance program.
Fuentes y Referencias:
• www.kpmgcumplimientolegal.es
• Business Compliance
Jose Manuel Garcelan 68