Presentation on theme: "Corporate Ethics Compliance *"— Presentation transcript:
1 Corporate Ethics Compliance * Required by Federal Sentencing Guidelines, Department of Justice, the Sarbanes-Oxley Act, the U.S. Securities and Exchange Commission, the NYSE, and the Office of Inspector General: Department of Health and Human Services, and many other agencies.*This presentation is from Katherina Wulf’s “Ethics and Compliance Programs in Multinational Organizations”
2 Corporate Ethics Compliance Elements of Corporate Ethics ComplianceElement 1: Risk AssessmentElement 2: Corporate CultureElement 3: Oversight by the Board and Senior ManagementElement 4: The Ethics and Compliance OfficeElement 5: Code of ConductElement 6: Receiving complaintsElement 7: Training and CommunicationElement 8: Assessment of compliance activitiesElement 9: Incentives and disciplineElement 10: Response to misconductElement 11: Employee screening
3 4 Structural Elements of Ethics Compliance Element 1: Risk AssessmentElement 2: Corporate CultureElement 3: Oversight by the Board and Senior ManagementElement 4: The Ethics and Compliance Office
4 Element 1: Risk Assessment potential exposure to criminal conduct; a broad view of the risks that could impact the organization’s reputation for ethical and legal conduct.
5 Element 1Step 1: Decide whether to do it separately or as part of enterprise assessmentStep 2: Appoint a risk management team“general counsel, the chief ethics and compliance officer, legal subject matter experts, and, if necessary, business unit or functional heads such as internal audit, human resources, finance, IT, regional heads, other subject matter experts, and outside attorneys or consultants.” (Wulf)
6 Element 1 Step 3: Risk Identification “internal and external sources of risk information, including the organization’s past audit results and litigation or claims history, the size and root causes of incidents in the organization’s industry, and major trends” (Wulf)
7 Element 1 Step 4: Data Gathering and Analysis Gather data Analyze data Current risksTools to identify riskStrategies to mitigate riskEmerging risksAnalyze data
8 Element 1 Step 5: Risk rating “the likelihood of occurrence, the severity of the risk, and the effectiveness of existing mitigation controls of the various risks. Adjustments to the rating scale may be required depending on each organization’s appetite for risk, as well as any characteristics particular to an industry or operating environment.” (Wulf)
9 Element 1 Step 6: Risk Communication and Information “a detailed description of the risk assessment, the determined risks, and the action plan…to address, monitor, and manage” these risks. (Wulf)Convey this information to senior management, and to all relevant parts of the organization.
10 Element 2: Corporate Culture Step 1: Analysis of the Existing Corporate Culture“A corporate culture is made up of these shared values of different stakeholders that are reflected in their collective actions…The total sum of all the collective values and behaviors of all employees and managers is the company’s culture.”
11 Element 2 Step 2: Assessment of the Corporate Culture Codes of conduct accord with culturePeople aspire to go beyond mere complianceInformal norms, rituals, stories, and traditions demonstrate to people what behavior is expectedBusiness objectives are “reached in a manner that is true to your values.”Appropriate behavior gets rewarded/punished, perception of fairness, the leadership is willing to talk about ethics
12 Element 2 Step 3: Implementation of an Action Plan “a shared vision of the future and a shared set of values that clarifies the organization’s intentions and gives employees purpose and meaning (is) integrated into all business operations and decisions.”“the organization’s processes and systems must reflect the shared values and behaviors with appropriate consequences for those who are not willing to comply.”
13 Element 3: Oversight Step 1: Right Tone from the Top Step 2: Monitoring the Program’s Key ComponentsStep 3: Regular Updates for Senior Management and the BoardStep 4: A Code of Conduct for the Board of Directors
14 Element 4: The Ethics and Compliance Office Step 1: The Organizational Structure options“the stand-alone structure, with the ethics and compliance office as a separate business unit.the semiautonomous structure, the ethics and compliance office is administratively a component of another business unit.In the centralized structure, the ethics and compliance office is responsible for the program for the entire organization.the decentralized structure, in which the rather small ethics and compliance office develops the program, but each business unit then has its own ethics and compliance office that implements the program according to its own needs.”
15 Element 4 Step 2: Leadership Credentials and Competencies of the CECO CECOs often have a background in law, auditing, human resources, or securityknowledgeable of the business operations and the company’s strategies and goals.able to work with the board of directors, senior management and many different departments.a passion for ethical conduct and compliance.
16 Element 4 Step 3: Professional Development and Certification Be a member of a professional organization and stay current.(e.g., Ethics and Compliance Officer Association,Step 4: Reporting Structure of the CECOOptions: CEO, Board, general counsel
17 Element 4 Step 5: Outsourcing the Ethics and Compliance Function If the program is completely outsourced, the organization is still responsible for meeting the regulatory requirements. The company loses controls over the ethics and compliance operations, but it is still liable.
18 Element 4Step 6: The Relationship with Senior Management and the BoardStep 7: Resources and BudgetSufficient staffing and budget to maintain hotline, provide training, do risk assessments and audits, record keeping.Step 8: Ethics and Compliance Committees or Councils