Presentation is loading. Please wait.

Presentation is loading. Please wait.

C&E PROGRAM ASSESSMENT Jeffrey M. Kaplan Kaplan & Walker LLP PLI Advanced C&E Workshop October 13, 2015.

Published byMitchell Walters Modified over 8 years ago

Similar presentations

Presentation on theme: "C&E PROGRAM ASSESSMENT Jeffrey M. Kaplan Kaplan & Walker LLP PLI Advanced C&E Workshop October 13, 2015."— Presentation transcript:

1 C&E PROGRAM ASSESSMENT Jeffrey M. Kaplan Kaplan & Walker LLP PLI Advanced C&E Workshop October 13, 2015

2 Reasons to assess Legal expectations General: USSG Risk-area specific. E.g., FCPA guidance and other anti-corruption standards Other nations’ laws. E.g., 2015 Spanish criminal law Practical benefits Identify good practices, so the company doesn’t cut back Identify room for improvement – including areas to cut Serve as commitment device – to maintain (or regain) momentum Serve as a “road map” for getting program credit in an investigation Overcoming “moral hazard” Kaplan & Walker LLP 2

3 Means to assess Interviews Various possibilities: C&E personnel other staff operations sometimes third parties (e.g., lawyers) Interviews can serve an educational purpose, too Should conduct on a non-attribution basis Document reviews Program design Program operation Kaplan & Walker LLP 3

4 Means to assess Surveys Use already existing data (regular employee engagement survey results), or Conduct one specifically for the assessment Survey data can be very helpful for identifying parts of company – geographic, business line, risk areas – where program faces special challenges Focus groups – often less helpful Privilege issue Increases candor Decreases ability to share results Kaplan & Walker LLP 4

5 Audits as distinct from assessments Different types General process – e.g., against program charters or other general process documents Risk-area procedures – e.g., use of due diligence mechanisms Risk-area substantive – e.g., improper payments Can be stand-alone or part of general audits Typically done by internal audit staff But need to ensure that they have sufficient background/direction for audits to be effective Line between audits and assessments is not always clear- cut Kaplan & Walker LLP 5

6 Assessments: who conducts? Internal versus external. Issues are: Cost and greater knowledge of the company, versus Independence and breadth of knowledge External assessment recommendations may be harder to ignore than with internal effort Blended approach may be best Internal should be more frequent than external Internal assessments can be built into ongoing activities E.g., surveys at the end of training sessions Kaplan & Walker LLP 6

7 What is relationship with risk assessment? In principle, risk assessment tells you how to design and implement a C&E program and program assessment tells you if your approach is working In practice, the two overlap substantially One should be alert to risk insight from program assessments and vice versa E.g., gap between “gross” and “net” risk tells you something about efficacy of program for a given area Kaplan & Walker LLP 7

8 Scope of assessment: full program  Generally all the elements and sub-elements of an effective C&E program  Plus program “characteristics” – aspects of programs that cut across program elements: o Strength/clout o Independence o Reach o Ethics, as well as compliance o Culture o Resources Kaplan & Walker LLP 8

9 Deep dives By risk area, e.g., Anti-corruption Consider using the DOJ/SEC FCPA guidance document Competition law Note that this may make particular sense for emerging areas of risk By program function, e.g., Investigations Board oversight Note that dives don’t have to be very deep to be useful Several medium dives can be more helpful than one deep one, at least for some companies Kaplan & Walker LLP 9

10 Use of assessments Who gets a copy? Privilege issues Using the results Develop an action plan – not just what but who Different levels of priority – short, medium and maybe long term Board reporting Senior management reporting Kaplan & Walker LLP 10

11 Appendix: What to assess On risk assessment, focus on not only whether the company seems to know its risks, but also…  The risk assessment process  Helpful in meeting legal expectations?  Does it produce valuable information?  Is it sufficiently documented?  The extent to which the results of the risk assessment are actually used in designing, improving and deploying various program elements  Are you getting full use of the assessment?  Many companies don’t Kaplan & Walker LLP 11

12 Elements: standards and policies Code of conduct – is it On point? Understandable? Being read? Periodically revised? Sufficiently translated? Individual policies – to what extent Do they seem to address pertinent risks? Get reviewed/revised as much as needed? Are they “connected” to other program elements, e.g., training and auditing? Kaplan & Walker LLP 12

13 Program governance and management Consider adequacy of program governance documentation, not only of C&E office but also other functions with C&E roles, such as members of C&E management committees, SMEs and regional personnel Are the individuals in C&E functions actually doing what the governance documents say they will? Is there an appropriate level of independence and authority to implement the Program? Is the Audit Committee getting the right information, and at the right frequency, about the Program? Look at both general program elements and also risk-area specific information (for high-risk areas) Kaplan & Walker LLP 13

14 Diligence in hiring and promotions Diligence in hiring tends to be fairly straightforward. (Typically it is risk based) But not all companies have ethics questions for hiring interviews What due diligence steps a company should take regarding promotions is not that straightforward Often an opportunity to develop recommendations here, based on a company’s risks and culture Having C&E input for promotions can send a powerful message about the importance of the program Third parties – a related dimension (which should be dealt with not only by program assessment but also risk assessment) Goes beyond FCPA Kaplan & Walker LLP 14

15 Training and other communications Tends to be among the most extensive parts of a program assessment In addition to whether the right people are getting trained on the right topics at the right intervals, should look at efficacy/impact This can lead, for some companies, to recommendations for more role-based training (and sometimes even less overall training) A note on training fatigue Also consider training and communications plans and documentation of training and communications efforts Lessons of Morgan Stanley and the Black (ACL) cases Kaplan & Walker LLP 15

16 Auditing and monitoring Examine the “three lines of defense” Real-time monitoring by businesses Monitoring by functions (e.g., C&E, Finance, HR) True auditing With each of the above: Is there enough, based on risk assessment? Are the results being put to full use? For C&E auditing ask: What percentage of overall auditing effort is C&E-related? Same question with findings Note that monitoring is an area where many companies have room to improve Kaplan & Walker LLP 16

17 Reporting systems Consider Whether sufficient reporting procedures and avenues are in place How well those are communicated to employees and others What is employee comfort level in reporting (good area for surveys) Can benchmark metrics E.g., number of calls to helpline and percentage of anonymous calls Local results can be key here Look closely at means to protect whistleblowers E.g., are managers trained in relevant do’s/don’ts? Kaplan & Walker LLP 17

18 Investigations and discipline Are protocols and procedures in place? How these are implemented in practice? Typically includes a review/audit of some case files to get a first- hand look at how investigations are conducted Timeliness and state of documentation. What is state of investigator training and other forms of guidance Discipline: Is it meted out for supervisory failures that contributed to misconduct in appropriate cases? Is it publicized? Is it fair and consistent? A note on “organizational justice” Kaplan & Walker LLP 18

19 Continuous improvement Does the organization have formal procedures for considering enhancements to the Program following violations, including across business units, staff functions and geographies? Are investigators trained to look for this? Procedures also necessary for smaller program enhancements, such as those recommended in an audit or following an investigation Are there procedures and practices related to periodic program assessment, including self-assessment? This can be on a risk-area – as well as overall – basis In practice, how well does the organization consider enhancements following violations? Kaplan & Walker LLP 19

20 Incentives Does the company use economic incentives? Not necessary for all companies in my view, but can help in some Does it use softer forms of incentives? Are managers trained on how to recognize and acknowledge ethically exemplary behavior? Does it deploy not just general incentives but also, as appropriate, risk-area specific incentives? Can be important in rolling out major initiatives, such as third-party due diligence systems Kaplan & Walker LLP 20

Download ppt "C&E PROGRAM ASSESSMENT Jeffrey M. Kaplan Kaplan & Walker LLP PLI Advanced C&E Workshop October 13, 2015."

Similar presentations

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.
Board Governance: A Key to Quality Organizations

Board Governance: A Key to Quality Organizations
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Www.theiia.org External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.

External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
Role of Senior Management

Role of Senior Management
Whistleblower Policy and Implementation For Supervisors.

Whistleblower Policy and Implementation For Supervisors.
Jeff Kaplan/Kaplan & Walker LLP SCCE Upper NE Regional Conference May 17, 2013 Encouraging C&E Reports and Preventing Retaliation.

Jeff Kaplan/Kaplan & Walker LLP SCCE Upper NE Regional Conference May 17, 2013 Encouraging C&E Reports and Preventing Retaliation.
Environmental Management System (EMS)

Environmental Management System (EMS)
Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.

Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Fundamentals of IRB Review. Regulatory Role of the IRB Authority to approve, require modifications in (to secure approval), or disapprove all research.

Fundamentals of IRB Review. Regulatory Role of the IRB Authority to approve, require modifications in (to secure approval), or disapprove all research.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
IS Audit Function Knowledge

IS Audit Function Knowledge
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Purpose of the Standards

Purpose of the Standards
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Corporate Ethics Compliance *

Corporate Ethics Compliance *

Similar presentations

Ads by Google