by Kortney Nordrum, CHC
blogging a live presentation by
Marjorie Doyle, JD, CCEP-F, CCEP-I, Marjorie Doyle & Associates, LLC
No other profession has to constantly educate leadership and the board on what an ethics and compliance program is. Everyone already knows the role of general counsel, audit, HR, etc. The great thing about compliance, is that we can define who we are, but we do need to remind management and the board that 1) compliance is a specific profession; and 2) that this profession has specific requirements.
What is the role of management and the board in a compliance program? They have to know the details.
Questions for the Board to ask & Senior Management to answer:
1. Risk Assessment
- What is our process for determining Ethics and Compliance risks?
- Have we prioritized and developed our top risks?
- What measures are being taken to mitigate these risks?
- Are the board and senior management in agreement on the definition of risk?
- Do we (management and the board) have the same goals in managing risk?
2. Code Policies & Procedures
- Are there policies and procedures in place to manage high risk areas?
- Does our code cover responsibilities of managers, employees, and third parties?
- Is our code easy to read?
- Does the code clearly state our values?
- Are the policies and procedures easy to find?
3. Governing Authority: Oversight, Staffing and Resources
- How does the board exercise oversight (training, agenda items, reports, asking question of management)?
- How often are Ethics & Compliance reports given to the board and senior management?
- How often is the board in contact with the Chief Compliance Officer?
- How often is senior management in contact with the Chief Compliance Officer?
- Who are the high level personnel responsible for implementing our compliance program?
- Are those people autonomous? Qualified?
- Do they have direct access to the board? Senior management?
- What are our compliance program resources? Are they sufficient?
- What kind of support do you have from management?
- How broadly is your program implemented?
4. Due Care in Delegation, Hiring, and Promotion
- Are managers held accountable for promotions and performance reviews of those they manage? Are they holding them accountable for meeting compliance program objectives?
- What are our processes for due diligence and accountability for business partners, vendors, subcontractors, and other third parties?
5. Education and Communication
- How are everyone’s responsibilities in the Code of Ethics and policies and procedures communicated to the entire organization?
- What kind of training are we doing for Ethics and Compliance? Does this apply to all levels? Does it include third parties?
6. Monitor, Audit, Report to Prevent and Detect Misconduct
- Does our culture support raising concerns? How?
- What is the actual process for raising confidential concerns?
- How do we handle the fear of retaliation?
- What measures do we have in place to assess the effectiveness of our process?
7. Investigate, Enforce, Discipline, and Incentivize
- How do we make sure discipline is consistent?
- What is the investigation process for issues raised?
- At what level, and how is management held responsible for enforcement of our Code and policies and procedures?
- Are specific ethics and compliance goals included in annual performance reviews?
8. Respond, Remediate, and Assess
- Is there a process to regularly review our ethics and compliance program? Does it include failures, near misses? Do they suggest ways to improve?
- How are our company’s values stated in our Code?
- How does this organization embed ethical leadership principles and culture through our management–at all levels?
How can you best communicate with the board and senior management?
1. Build relationships
- Develop an “angel” on the board
- Develop a relationship with a senior manager who is viewed as a leader–one who others follow and trust
- Go in with the attitude that you know what you’re talking about, and you’re there to help
2. Use the language of your business
- Use the same process the business uses in gaining approvals and reports
- Tie your ethics and compliance program to the success of your company
- Make it relevant and specific
- Ethics and compliance is a business process and needs to be seen as one
3. Develop metrics and measure
- Get the board and management used to the same type of metrics, create familiarity
- Narrow your only sharing what will answer board/senior management’s questions
- Educate everyone on the significance of the results of your metrics reporting
- Explain the value of the data and how it ties into your overall strategy
There is nothing more important that talking to senior management and the board. Get them to share your ideas and your compliance plan. Their support is the most valuable commodity in your ethics and compliance program.