Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Carrie Penman, President, Ethical Leadership Group | Ed Petry, Vice President Ethical Leadership Group
Stress Testing Your...
Photos and bios
7/13/2015 2NAVEX Global: Stress Testing Your Ethics & Compliance Program
Carrie Penman is the president of...
NAVEX Global provides an array of GRC
services to capture and respond to
business risk, improving the economic
and social ...
NAVEX Global is not a law firm and is not engaged in providing legal or other similar
professional advice or services. In ...
The need for an effective program is not going away.
Just because budgets are tight...
7/13/2015 5NAVEX Global: Stress Tes...
Great organizations. Great brands. Great people.
What is the value of a reputation for integrity?
7/13/2015 6NAVEX Global:...
The Department of Justice
just issued a document
request to evaluate your
program before making a
charging decision…
Would...
Learn what is expected from
your program by third
parties including:
• US Attorneys
• Government agencies
• Customers
• Bu...
Determine how the program would survive a
third-party review
Provide additional benefits:
• Define current program element...
• What is expected of a Fortune 50 healthcare or
defense company will be different from what is
expected of a small privat...
If your program was stress-tested today by the government or
a major customer, how do you think it would do?
1. Excellent—...
Has your organization conducted a comprehensive
ethics/compliance program assessment?
1.Yes, more than once
2.Yes, once
3....
If you haven’t done one recently, why not?
1. It is not a priority
2. Budget
3. Won’t tell me anything I
don’t already kno...
Who authorizes?
Board
Senior Management
General Counsel
Compliance Officer
Who conducts?
Ethics/Compliance
Audit
External ...
Program elements and implementation
Effectiveness of implementation
Organizational culture
What should be tested?
7/13/201...
Why is it important to assess the ethical culture?
7/13/2015 16NAVEX Global: Stress Testing Your Ethics & Compliance Progr...
Culture wins.
• When a rule or a policy or a Code
conflict with an organization’s culture,
the culture prevails most of th...
Corporate goal:
Strengthen the culture so that it stands for integrity—inside and outside the
Company.
A culture of integr...
Document request and reviews
Interviews
Focus groups
Surveys
Comparison against best practices
How do we approach the revi...
Risk Assessment
Standards, Policies, and Procedures
Oversight, Structure and Leadership
Alignment with HR Practices
Commun...
Today we will describe each element in three ways:
What we ask for:
Documents, etc.
What we look for:
Outcomes
What we fin...
Worksheet for the session
7/13/2015 22NAVEX Global: Stress Testing Your Ethics & Compliance Program
Risk Assessment
7/13/2015 23
©2010 Ethical Leadrship Group
NAVEX Global: Stress Testing Your Ethics & Compliance Program
• Description of the risk assessment
processes used
• Results of any risk assessments previously
conducted by, or on behal...
• Does the organization periodically assess the risk of criminal conduct and
take appropriate steps to design, implement o...
• ERM versus compliance, ethics, and
reputational risk assessment
• Involvement of SME’s and operational
personnel in risk...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Oversight, Structure and Leadership
7/13/2015 28NAVEX Global: Stress Testing Your Ethics & Compliance Program
• Written overview of the Program
• Responsibilities/ job descriptions (both oversight and administrative) of directors,
o...
• Is the Board of Directors knowledgeable about the content and operation of the ethics
program?
• Does the Board exercise...
• Does senior leadership understand and exercise their responsibilities to create and
maintain a culture that supports com...
• Board knowledge and oversight of the Program
• Senior management knowledge of, or engagement in, the Program
• Effective...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Standards
7/13/2015 34NAVEX Global: Stress Testing Your Ethics & Compliance Program
• The company’s Code of Conduct
• Other ethics and compliance policies
and procedures –company-wide
• Any documents reflec...
• Do the Code and policies establish standards designed to prevent and detect
criminal conduct? Do they require compliance...
• Codes: language, style, presentation,
readability, and relevance to employee jobs
• References or links to applicable po...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Alignment with HR Practices
7/13/2015 39NAVEX Global: Stress Testing Your Ethics & Compliance Program
• Personnel evaluations reflecting the use of ethics and compliance criteria
• Anything else reflecting the use of ethics ...
• Are there any incentives or disincentives built into the goal setting or review
process that could force employees to ma...
Does your organization formally evaluate managers
(in performance appraisals) on whether they live up
to ethics and compli...
• Objectives and performance measures
versus Program responsibilities
• Background checking processes –
particularly in in...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Communications and Training
7/13/2015 45NAVEX Global: Stress Testing Your Ethics & Compliance Program
• Any communications to employees, and others, concerning ethics, values, or
compliance (include: executive letters and sp...
• Are the Code, policies, and procedures understandable, communicated, and easily
accessible?
• Do managers play a key rol...
• Do the Board and management receive periodic and relevant training on their
ethics responsibilities?
• Does employee tra...
• Board briefings on Program status versus real
Board training
• Communications and training tied to the risk
assessment
•...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Reporting and Response
7/13/2015 51NAVEX Global: Stress Testing Your Ethics & Compliance Program
• System for encouraging reports of possible violations and expressing ethics and
compliance concerns
• Policies and proce...
• Does the company encourage and support employees and others to report known
or suspected wrongdoing?
• Does the company ...
• Does the company investigate issues in a timely way while protecting
confidentiality?
• Do the investigations conducted ...
• Employee understanding of reporting process
• Fear of retaliation
• Case closure times
• Escalation processes
• Tracking...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Monitoring and Assessment
7/13/2015 57NAVEX Global: Stress Testing Your Ethics & Compliance Program
• Plans and audit protocols for conducting ethics and
compliance related audits and the results of the
auditing
• Auditing...
• Does the company conduct audits to ensure that
Program elements are functioning as intended?
• Does the company perform ...
• Focus on assessment of process
implementation versus focus on how the
Program is received at all levels of the
organizat...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
Culture
7/13/2015 62NAVEX Global: Stress Testing Your Ethics & Compliance Program
• Any documents relating to efforts to
ensure that the company’s organizational
culture promotes law abidance and
ethical ...
Culture: What we look for
• Do employees believe that it is possible to behave ethically and achieve
objectives at the Com...
Culture: What we find
 Connection between what the company has communicated and what
employees have heard and believe to ...
Is your company Red, Yellow
or Green?
1. Red
2. Yellow
3. Green
1 2 3
33% 33%33%
• Levels of management commitment
• Document production after the draft
report
o OK with us as long as schedule can be
del...
If you had to respond to a government document request,
how quickly could you pull together all the documents we
discussed...
• Finalize the questionnaire
• Summarize:
• Program strengths
• Program weaknesses
• Barriers to program success
Take a fe...
How many “red” answers did you have?
1. 0 to 5
2. 6 to 10
3. 11 to 18
4. 19 to 25
5. 26 to 35
6. Call the doctor!
1 2 3 4 ...
• Do not rely on any one process/measure. Good
assessments are mosaics.
• Be careful with surveys—employees tell us that
t...
1.Risk Assessment
2.Standards, Policies, and
Procedures
3.Oversight, Structure and
Leadership
4.Alignment with HR practice...
• Describe your culture and areas of attention needed
• Integrate the program with company risk assessment
• Develop and i...
Questions?
7/13/2015 74NAVEX Global: Stress Testing Your Ethics & Compliance Program
Carrie Penman
cpenman@NAVEXGlobal.com
781-271-1317
Ed Petry
epetry@NAVEXGlobal.com
508-754-1021
Contact Information
7/13/2...
Upcoming SlideShare
Loading in …5
×

[P5] Stress Testing Your Ethics & Compliance Program SCCE Compliance & Ethics Institute 2013

411 views

Published on

[P5] Stress Testing Your Ethics & Compliance Program SCCE Compliance & Ethics Institute 2013

Published in: Education
  • Be the first to comment

[P5] Stress Testing Your Ethics & Compliance Program SCCE Compliance & Ethics Institute 2013

  1. 1. Carrie Penman, President, Ethical Leadership Group | Ed Petry, Vice President Ethical Leadership Group Stress Testing Your Ethics and Compliance Program This material is confidential and proprietary to NAVEX Global and/or third parties and may not be reproduced, published or disclosed to others without the express authorization of the General Counsel of Navex Global. October 6, 2013
  2. 2. Photos and bios 7/13/2015 2NAVEX Global: Stress Testing Your Ethics & Compliance Program Carrie Penman is the president of Ethical Leadership Group (ELG), the advisory services practice of NAVEX Global™. She has been with the firm since 2003 after four years as deputy director of the Ethics and Compliance Officer Association (ECOA). Carrie was one of the earliest ethics officers in America Ed Petry, Ph.D., joined ELG in 2004 after almost ten years as executive director of the Ethics and Compliance Officer Association (ECOA). Ed served on the Advisory Panel to the U.S. Sentencing Commission which was responsible for the 2004 revisions. Earlier in his career he was a tenured professor of ethics and a prolific author and researcher.
  3. 3. NAVEX Global provides an array of GRC services to capture and respond to business risk, improving the economic and social value of organizations around the world. Ethical Leadership Group (founded 1993) is the Advisory Services Division of NAVEX Global. Worked with 25% of F200. Consulted in 40 countries. Served clients in almost every industry. Our Background 7/13/2015 3 ©2010 Ethical Leadership Group NAVEX Global: Stress Testing Your Ethics & Compliance Program
  4. 4. NAVEX Global is not a law firm and is not engaged in providing legal or other similar professional advice or services. In providing our services, NAVEX Global attempts to provide its clients with “effective practices” advice in light of then-current laws and/or regulations. NAVEX Global’s services should not replace advice from your in-house or outside counsel or their opinions concerning Company practices. Legal Disclaimer 7/13/2015 4NAVEX Global: Stress Testing Your Ethics & Compliance Program
  5. 5. The need for an effective program is not going away. Just because budgets are tight... 7/13/2015 5NAVEX Global: Stress Testing Your Ethics & Compliance Program
  6. 6. Great organizations. Great brands. Great people. What is the value of a reputation for integrity? 7/13/2015 6NAVEX Global: Stress Testing Your Ethics & Compliance Program
  7. 7. The Department of Justice just issued a document request to evaluate your program before making a charging decision… Would you be prepared to respond? 7/13/2015 7 And now this happens… NAVEX Global: Stress Testing Your Ethics & Compliance Program
  8. 8. Learn what is expected from your program by third parties including: • US Attorneys • Government agencies • Customers • Business partners • Third-party assessors Why stress test? 7/13/2015 8NAVEX Global: Stress Testing Your Ethics & Compliance Program
  9. 9. Determine how the program would survive a third-party review Provide additional benefits: • Define current program elements and organizational culture • Develop a prioritized list of opportunities for improvement • Identify training needs • Result in long range plan to incorporate opportunities • Identify needs from other organizations such as HR, Audit, etc. Objectives of stress testing 7/13/2015 9NAVEX Global: Stress Testing Your Ethics & Compliance Program
  10. 10. • What is expected of a Fortune 50 healthcare or defense company will be different from what is expected of a small privately held business • Because risk areas vary, the level of importance of each program component will not be the same for every organization • Newer programs will not have the same level of information or detail as more mature programs Keep in mind...grading will vary 7/13/2015 10NAVEX Global: Stress Testing Your Ethics & Compliance Program
  11. 11. If your program was stress-tested today by the government or a major customer, how do you think it would do? 1. Excellent—we are a leader in every aspect 2. Very well—we generally meet best practices 3. Well—we meet all standards and exceed some of them 4. Passing—we can show that we meet standards 5. Not well—a skeptical third party would not find us to have an effective program 1 2 3 4 5 20% 20% 20%20%20% Start with reality…
  12. 12. Has your organization conducted a comprehensive ethics/compliance program assessment? 1.Yes, more than once 2.Yes, once 3.I don’t know 4.No 1 2 3 4 25% 25%25%25% Your organization’s assessment experience
  13. 13. If you haven’t done one recently, why not? 1. It is not a priority 2. Budget 3. Won’t tell me anything I don’t already know 4. May tell me something I don’t want to know 5. Other 1 2 3 4 5 20% 20% 20%20%20% Reasons for not doing an assessment:
  14. 14. Who authorizes? Board Senior Management General Counsel Compliance Officer Who conducts? Ethics/Compliance Audit External consultants Legal Getting started: considerations 7/13/2015 14NAVEX Global: Stress Testing Your Ethics & Compliance Program Conduct under privilege or not? What are the pros, cons, and deciding factors for each of these options?
  15. 15. Program elements and implementation Effectiveness of implementation Organizational culture What should be tested? 7/13/2015 15NAVEX Global: Stress Testing Your Ethics & Compliance Program
  16. 16. Why is it important to assess the ethical culture? 7/13/2015 16NAVEX Global: Stress Testing Your Ethics & Compliance Program
  17. 17. Culture wins. • When a rule or a policy or a Code conflict with an organization’s culture, the culture prevails most of the time. • Therefore, in order to have an effective ethics and compliance program, a company needs to pay as much attention to culture as to policies, training, auditing, etc. Our big idea 7/13/2015 17NAVEX Global: Stress Testing Your Ethics & Compliance Program
  18. 18. Corporate goal: Strengthen the culture so that it stands for integrity—inside and outside the Company. A culture of integrity is one where: • Employees know the standards and rules that apply to them in their roles. • Employees believe that their managers—and senior management—are committed to integrity. • Employees raise concerns about misconduct because they do not fear retaliation and they believe their concerns will be addressed. • Employees are held accountable to act consistently with the Code and standards, and are disciplined consistently if they fail to do so. • Suppliers and others who expose the company to risk are held accountable to high ethical standards. • Doing the right thing is the expected practice every day, and unethical or non-compliant behavior stands out and is called out. A culture of integrity 7/13/2015 18NAVEX Global: Stress Testing Your Ethics & Compliance Program
  19. 19. Document request and reviews Interviews Focus groups Surveys Comparison against best practices How do we approach the review? 7/13/2015 19NAVEX Global: Stress Testing Your Ethics & Compliance Program
  20. 20. Risk Assessment Standards, Policies, and Procedures Oversight, Structure and Leadership Alignment with HR Practices Communications and Training Reporting and Response Monitoring and Assessment Culture Stress testing should include a review of: 7/13/2015 20NAVEX Global: Stress Testing Your Ethics & Compliance Program
  21. 21. Today we will describe each element in three ways: What we ask for: Documents, etc. What we look for: Outcomes What we find: Stay tuned 7/13/2015 21NAVEX Global: Stress Testing Your Ethics & Compliance Program
  22. 22. Worksheet for the session 7/13/2015 22NAVEX Global: Stress Testing Your Ethics & Compliance Program
  23. 23. Risk Assessment 7/13/2015 23 ©2010 Ethical Leadrship Group NAVEX Global: Stress Testing Your Ethics & Compliance Program
  24. 24. • Description of the risk assessment processes used • Results of any risk assessments previously conducted by, or on behalf of, the company • Documents reflecting incorporation of the results of the risk assessment into Program modifications • Risk assessment outcome and activity reports to senior management and the Board of Directors Risk Assessment: What we ask for 7/13/2015 24NAVEX Global: Stress Testing Your Ethics & Compliance Program
  25. 25. • Does the organization periodically assess the risk of criminal conduct and take appropriate steps to design, implement or modify each ethics program element to reduce the risk of criminal conduct identified through this process? • Does the organization comprehensively define high risk areas including the potential for reputational risks and ethics risks? • Does the organization deploy the respective programs’ resources in a risk- sensitive manner? • If appropriate, does the company have groups within various business units assigned to address unique issues and ethics risks faced by the specific business units? 7/13/2015 25NAVEX Global: Stress Testing Your Ethics & Compliance Program Risk Assessment: What we look for
  26. 26. • ERM versus compliance, ethics, and reputational risk assessment • Involvement of SME’s and operational personnel in risk identification • Focus on reputational risks • Curiosity and imagination in risk identification • Coordination of risk assessment findings with ethics and compliance initiatives • Board awareness/involvement in outcome review or mitigation oversight • Recognition of emerging issues/trends Risk Assessment: What we find 7/13/2015 26NAVEX Global: Stress Testing Your Ethics & Compliance Program
  27. 27. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  28. 28. Oversight, Structure and Leadership 7/13/2015 28NAVEX Global: Stress Testing Your Ethics & Compliance Program
  29. 29. • Written overview of the Program • Responsibilities/ job descriptions (both oversight and administrative) of directors, officers, line management, employees, under the Program • Governance Committee charter and any other governance documents relating to Board Program responsibilities • Program and/or committee operational charters and procedures • Organizational charts for the Program • Budgets and resources assigned to the Program • Application of the Program to third parties (e.g., temporary employees, agents, suppliers, distributors, joint venture partners or others) • Any in-force Administrative or Corporate Integrity Agreements 7/13/2015 29NAVEX Global: Stress Testing Your Ethics & Compliance Program Oversight, Structure, and Leadership: What we ask for
  30. 30. • Is the Board of Directors knowledgeable about the content and operation of the ethics program? • Does the Board exercise reasonable oversight of the implementation and effectiveness of the Program and the organization’s culture? • Does the organization have a high-level person and a person with day-to-day responsibility assigned to manage the program? Is there a defined relationship to the Board of Directors? • Is the Board (or a committee thereof) accessible to individuals with day-to-day responsibility including meeting with them in executive session? • Does the Board (or a committee thereof) receive timely reports of significant issues and investigations involving the company or any elected officers? 7/13/2015 30NAVEX Global: Stress Testing Your Ethics & Compliance Program Oversight, Structure, and Leadership: What we look for
  31. 31. • Does senior leadership understand and exercise their responsibilities to create and maintain a culture that supports compliance with the law and ethical conduct? • Is there an Ethics Committee or Council of company management that receives information from the high-level person or the person with day-to-day responsibility and also provides practical input into the program? • If appropriate, are there committees or councils designated to ensure that ethics initiatives are appropriately deployed in regional areas where significant differences in requirements or culture could leave certain risk areas unaddressed? • Have ethics responsibilities been assigned to line management? Are they knowledgeable about the content and operation of the ethics program? 7/13/2015 31NAVEX Global: Stress Testing Your Ethics & Compliance Program Oversight, Structure, and Leadership: What we look for
  32. 32. • Board knowledge and oversight of the Program • Senior management knowledge of, or engagement in, the Program • Effectiveness and clout of high-level and day-to-day persons responsible for the Program • Integration of the Program with business operations • Implementation and focus in U.S. versus international operations • Resources tied to risk assessment • Line management knowledge and comfort level with their responsibilities 7/13/2015 32NAVEX Global: Stress Testing Your Ethics & Compliance Program Oversight, Structure, and Leadership: What we find
  33. 33. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  34. 34. Standards 7/13/2015 34NAVEX Global: Stress Testing Your Ethics & Compliance Program
  35. 35. • The company’s Code of Conduct • Other ethics and compliance policies and procedures –company-wide • Any documents reflecting the process by which ethics and compliance policies are developed and disseminated • Document retention policies relating to the Program • Application to third parties Standards: What we ask for 7/13/2015 35NAVEX Global: Stress Testing Your Ethics & Compliance Program
  36. 36. • Do the Code and policies establish standards designed to prevent and detect criminal conduct? Do they require compliance with company policies, values, and applicable governmental laws, rules and regulations? • Does the Code emphasize prompt internal reporting to an appropriate person identified in the code of any potential violations of the code? • Does the Code establish accountability for adherence to the code and is it applicable to directors, officers and employees? • Does the company have policies and procedures that provide specific guidance to employees – especially in high risk areas? • Are the Code and company policies periodically reviewed and updated to meet the specific ethics risk areas as defined by the risk assessment? 7/13/2015 36NAVEX Global: Stress Testing Your Ethics & Compliance Program Standards: What we look for
  37. 37. • Codes: language, style, presentation, readability, and relevance to employee jobs • References or links to applicable policies and procedures • Accessibility of Code, policies, and procedures • Explanation of reporting processes and how they work • Explanation of additional responsibilities of leaders and managers • Standards for high-risk areas 7/13/2015 37NAVEX Global: Stress Testing Your Ethics & Compliance Program Standards: What we find
  38. 38. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  39. 39. Alignment with HR Practices 7/13/2015 39NAVEX Global: Stress Testing Your Ethics & Compliance Program
  40. 40. • Personnel evaluations reflecting the use of ethics and compliance criteria • Anything else reflecting the use of ethics and criteria for promotions or compensation-related purposes such as: • 360 degree review process • Promotion procedures, especially to management • Info on background checking, other new and ongoing screening • Exit interview protocols Alignment with HR Practices: What we ask for 7/13/2015 40NAVEX Global: Stress Testing Your Ethics & Compliance Program
  41. 41. • Are there any incentives or disincentives built into the goal setting or review process that could force employees to make a bad choice? • Is strong ethical conduct included as part of the promotion criteria? • Are potential new hires and third parties working on behalf of the company screened? • Is there a defined performance evaluation process to ensure that all management is meeting their responsibilities? • Do exit interviews have an ethics and compliance component? 7/13/2015 41NAVEX Global: Stress Testing Your Ethics & Compliance Program Alignment with HR Practices: What we look for
  42. 42. Does your organization formally evaluate managers (in performance appraisals) on whether they live up to ethics and compliance responsibilities? 1. Yes, it is a critical part of our appraisals 2. Yes, but it is closer to “check the box” 3. Yes, but not universally 4. No 1 2 3 4 25% 25%25%25%
  43. 43. • Objectives and performance measures versus Program responsibilities • Background checking processes – particularly in internal promotions and third-party personnel • Performance appraisal component for managers regarding their Program responsibilities Alignment with HR Practices: What we find 7/13/2015 43NAVEX Global: Stress Testing Your Ethics & Compliance Program
  44. 44. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  45. 45. Communications and Training 7/13/2015 45NAVEX Global: Stress Testing Your Ethics & Compliance Program
  46. 46. • Any communications to employees, and others, concerning ethics, values, or compliance (include: executive letters and speeches, posters, e-mails, mailings, newsletters, and brochures with the defined audience receiving each form of communication) • Materials for related, recent training programs (include both general ethics/compliance training and risk area-specific training as well as audiences receiving each type of training) • Documentation of participation in required training • Feedback/evaluation summaries on ethics/compliance training • Ethics and compliance-related communications/training plans 7/13/2015 46NAVEX Global: Stress Testing Your Ethics & Compliance Program Communications and Training: What we ask for
  47. 47. • Are the Code, policies, and procedures understandable, communicated, and easily accessible? • Do managers play a key role in delivering the message? • Does the company have and use an ethics communication strategy that incorporates the organization’s risk assessment? • Does the company have and use a training plan that defines the training required for various levels and groups of employees as well as contractors and agencies based on the company’s risk assessment process? • Does the company communicate, to all levels of employees, lessons learned from ethical issues the organization has confronted? 7/13/2015 47NAVEX Global: Stress Testing Your Ethics & Compliance Program Communications and Training: What we look for
  48. 48. • Do the Board and management receive periodic and relevant training on their ethics responsibilities? • Does employee training address key concerns of employees such as fear of retaliation? • Are employees who are working in a high-risk environment (as defined by the risk assessment) receiving training in sufficient detail to help them identify problem situations and avoid the violation of company standards and the law? • Does the company assess the effectiveness of the training? 7/13/2015 48NAVEX Global: Stress Testing Your Ethics & Compliance Program Communications and Training: What we look for
  49. 49. • Board briefings on Program status versus real Board training • Communications and training tied to the risk assessment • Job relevant and memorable training • Focus and rigor in defining and training high-risk personnel • Leadership messaging • Manager awareness of responsibilities and how to respond to issues raised • Communication of lessons learned 7/13/2015 49NAVEX Global: Stress Testing Your Ethics & Compliance Program Communications and Training: What we find
  50. 50. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  51. 51. Reporting and Response 7/13/2015 51NAVEX Global: Stress Testing Your Ethics & Compliance Program
  52. 52. • System for encouraging reports of possible violations and expressing ethics and compliance concerns • Policies and procedures relating to this system • Documents describing or reflecting the publicizing of this system • Reporting system call/email reporting statistics (numbers, trends, types, outcomes) from the prior three years • Ethics and compliance -related investigations • Policies/procedures for assigning responsibility for conducting and for overseeing such investigations • Reports of ethics and compliance investigations (to be reviewed on-site) • Ethics and compliance -related discipline • Discipline policy/procedures • Records of ethics and compliance related discipline (to be reviewed on-site) 7/13/2015 52NAVEX Global: Stress Testing Your Ethics & Compliance Program Reporting and Response: What we ask for
  53. 53. • Does the company encourage and support employees and others to report known or suspected wrongdoing? • Does the company explain the reporting system and processes to all employees including information on how the process works? • Does the company have an appropriate escalation process? • Do employees believe they can raise issues to management or the 800 number without fear of retaliation? • Does the company use a tracking system for all reports and issues received? Does the company review reporting and outcome data to determine potential problem areas? Is this information provided to senior management and the Board? 7/13/2015 53NAVEX Global: Stress Testing Your Ethics & Compliance Program Reporting and Response: What we look for
  54. 54. • Does the company investigate issues in a timely way while protecting confidentiality? • Do the investigations conducted help determine the root cause of misconduct, and meet the requirement that a company “take reasonable steps to respond appropriately to such misconduct and to prevent further similar [violations], including making any necessary modifications to the organization’s ethics program? • Is disciplinary action administered appropriately and consistently for violations of the Code, values, policies or the law? • Does the company enforce policies prohibiting retaliation or retribution against individuals who report suspected or actual violations of Company policy or the law? 7/13/2015 54NAVEX Global: Stress Testing Your Ethics & Compliance Program Reporting and Response: What we look for
  55. 55. • Employee understanding of reporting process • Fear of retaliation • Case closure times • Escalation processes • Tracking of disciplinary actions for consistency • Focus on root cause analysis • Focus on Program modifications based on issues raised • Data tracking, trending, and reporting to leadership and the Board 7/13/2015 55NAVEX Global: Stress Testing Your Ethics & Compliance Program Reporting and Response: What we find
  56. 56. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  57. 57. Monitoring and Assessment 7/13/2015 57NAVEX Global: Stress Testing Your Ethics & Compliance Program
  58. 58. • Plans and audit protocols for conducting ethics and compliance related audits and the results of the auditing • Auditing process for adherence to Program procedures (as opposed to standards), e.g. to ensure that the Program is functioning as intended (e.g., that all mandated training has taken place, etc.) • Assessments/evaluations, conducted internally or externally, of the Program including data from any surveys/focus groups • Any other Information reflecting a view of the Program by others (including employees, agents, competitors, suppliers, customers or governmental bodies) 7/13/2015 58NAVEX Global: Stress Testing Your Ethics & Compliance Program Monitoring and Assessment: What we ask for
  59. 59. • Does the company conduct audits to ensure that Program elements are functioning as intended? • Does the company perform qualitative assessments (culture) to show that the Program overall is having the desired impact? • Does the Company utilize exit interviews to ask departing employees if they are aware of any actual or suspected violations of Company policy? • Does the Company follow industry best practices? • Does the Company ensure continuous Program improvement? 7/13/2015 59NAVEX Global: Stress Testing Your Ethics & Compliance Program Monitoring and Assessment: What we look for
  60. 60. • Focus on assessment of process implementation versus focus on how the Program is received at all levels of the organization • Opportunities for partnering with Internal Audit and other subject matter experts who are regularly visiting the businesses • Culture assessment • Use of employee surveys • Continuous improvement • Use of exit interview process as a monitoring tool 7/13/2015 60NAVEX Global: Stress Testing Your Ethics & Compliance Program Monitoring and Assessment: What we find
  61. 61. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  62. 62. Culture 7/13/2015 62NAVEX Global: Stress Testing Your Ethics & Compliance Program
  63. 63. • Any documents relating to efforts to ensure that the company’s organizational culture promotes law abidance and ethical conduct • Any documents reflecting the results of these efforts, or which otherwise reflect the impact of the organization’s culture on the company’s efforts, to promote law abidance and ethical conduct Culture: What we ask for 7/13/2015 63NAVEX Global: Stress Testing Your Ethics & Compliance Program
  64. 64. Culture: What we look for • Do employees believe that it is possible to behave ethically and achieve objectives at the Company? Is unethical behavior clearly seen as out of bounds? • Do employees believe they can raise issues to management or the 800 number without fear of retaliation? • Do employees believe that management will take appropriate action if misconduct is communicated to them? • Do employees believe that others who violate Company standards get promoted to positions of increased authority? • Is the Program viewed as a paper program or as a genuine commitment? • Is the Program – or the people responsible for it – denigrated or marginalized? 7/13/2015 64NAVEX Global: Stress Testing Your Ethics & Compliance Program Reporting and Response: What we look for
  65. 65. Culture: What we find  Connection between what the company has communicated and what employees have heard and believe to be true  Priorities on objectives and pressure to compromise standards to meet objectives  Trust in the processes and systems  Whether employees believe that top performers who violate the code are tolerated or promoted  Varying cultures within a company, business unit, and geographic locations 7/13/2015 65NAVEX Global: Stress Testing Your Ethics & Compliance Program Reporting and Response: What we find
  66. 66. Is your company Red, Yellow or Green? 1. Red 2. Yellow 3. Green 1 2 3 33% 33%33%
  67. 67. • Levels of management commitment • Document production after the draft report o OK with us as long as schedule can be delayed o Few second chances to produce additional documents for the government Some other observations 7/13/2015 67 ©2010 Ethical Leadership Group NAVEX Global: Stress Testing Your Ethics & Compliance Program Employees know when the company gets it, means it, and lives it.
  68. 68. If you had to respond to a government document request, how quickly could you pull together all the documents we discussed? 1.Within two days 2.Within a week 3.Within a month 4.By the fifth of never 1 2 3 4 25% 25%25%25%
  69. 69. • Finalize the questionnaire • Summarize: • Program strengths • Program weaknesses • Barriers to program success Take a few minutes… 7/13/2015 69NAVEX Global: Stress Testing Your Ethics & Compliance Program
  70. 70. How many “red” answers did you have? 1. 0 to 5 2. 6 to 10 3. 11 to 18 4. 19 to 25 5. 26 to 35 6. Call the doctor! 1 2 3 4 5 6 17% 17% 17%17%17%17%
  71. 71. • Do not rely on any one process/measure. Good assessments are mosaics. • Be careful with surveys—employees tell us that they often do not respond with the whole truth • Remember Albert Einstein: “Not everything that can be counted counts, and not everything that counts can be counted.” Assessment cautionary notes 7/13/2015 71NAVEX Global: Stress Testing Your Ethics & Compliance Program
  72. 72. 1.Risk Assessment 2.Standards, Policies, and Procedures 3.Oversight, Structure and Leadership 4.Alignment with HR practices 5.Communications and Training 6.Reporting and Response 7.Monitoring and Assessment 8.Culture 1 2 3 4 5 6 7 8 13% 13% 13% 13%13%13%13%13%
  73. 73. • Describe your culture and areas of attention needed • Integrate the program with company risk assessment • Develop and implement a 2-3 year ethics and compliance work plan • Align program with company performance objectives and strategic goals • Communicate, communicate, communicate • Periodically reassess the program • Build an ethics and compliance culture that is understood by all to be a strategic, business asset After the stress testing… 7/13/2015 73NAVEX Global: Stress Testing Your Ethics & Compliance Program
  74. 74. Questions? 7/13/2015 74NAVEX Global: Stress Testing Your Ethics & Compliance Program
  75. 75. Carrie Penman cpenman@NAVEXGlobal.com 781-271-1317 Ed Petry epetry@NAVEXGlobal.com 508-754-1021 Contact Information 7/13/2015 75NAVEX Global: Stress Testing Your Ethics & Compliance Program

×