By Joe Murphy, CCEP
From Compliance & Ethics Professional, a publication for SCCE members
One of the best changes made in 2004 by the US Sentencing Commission in its standards for compliance and ethics programs was to require companies to “evaluate periodically the effectiveness of the organization’s compliance and ethics program.” This requirement highlights the point that compliance and ethics programs are management programs; any management effort that involves important work should include checking to be sure the effort is actually working.
This point is also an important response to those who criticize what is done in programs and claim it does not work. For example, if your training is boring or condescending, any real evaluation will quickly bring that fact to your attention so you can fix the weaknesses. On the other hand, if you do not do assessments, you cannot meet the Guidelines standards, and you are also not a very effective manager. Doing anything in a program that does not work is bad management and bad compliance.
Here are some points for your consideration in making sure your program is evaluated.
- Risk areas. Evaluate your program dealing with key risk areas, not just the general program.
- Program elements. Include evaluation of the separate program elements (e.g., training, investigations, helpline, etc.). How are you doing in each?
- Ongoing. Evaluate on an ongoing basis (at different levels of intensity), not just once every couple years.
- Three levels. Cover the design, implementation, and impact. Did you design it right, are you actually implementing what you designed, and is it working?
- Independence. Don’t just evaluate your own work; use independent reviewers you don’t control.
- Mock trials. View it the way the government would; do a mock presentation. Will your presentation convince a skeptic that your program is complete and diligent?
- Many tools. Don’t rely on just one technique, like surveys; consider the broad range of tools as appropriate: focus groups, mock presentations, tests, peer reviews, audits, self-assessments, exit interviews, screening, deep dives, etc.
- Risk assessment. Base your evaluations and priorities on your risk assessment. What do you assess, how often, and how intensely? Your risk assessment should tell you this.
- Kaplan Matrix. Cover the Kaplan Matrix: consider all your risks, in all units and areas of the business, and all the compliance program tools.
- Number numbness. Don’t be mesmerized by numbers; corporate crime is not committed by majority vote. Include qualitative assessment.
- Follow up. Don’t be afraid to find things, but be scared to death of not following up. Assign specific management responsibility for all follow-ups.
- Many benefits. Get all you can from the evaluation process: it is also educational, can detect violations, provides key input for your risk assessment, and can improve the program.
[clickToTweet tweet=”12 Tips for Evaluating Compliance and Ethics Programs @SCCE” quote=”12 Tips for Evaluating Compliance and Ethics Programs” theme=”style3″]
Thanks Joe!! This is great and I sure enjoyed seeing you at the SCCE Conference this year! Always a pleasure to meet and network with like minded professionals and always enjoying the awards dinner and dancing.
I work implementing compliance programs . One of the barriers we face is the lack of commitment from the high positions in the organizations. It is important not always to implement ethic codes but to live and apply them on daily basis from the CEO down to the low levels. Ethic codes have to be part of the DNA of the organization. Other wise is kind of wasting money and time. Good tips thanks for sharing.
Comments are closed.