Professional. Compliance & Ethics. 37 Design Thinking: Creating an ethicsbased

Transcription

1 Compliance & Ethics February 2016 Professional a publication of the society of corporate and ethics Meet Rhonda Bishop Chief Compliance and Ethics Officer University of Central Florida, Orlando See page European marketing legislation: Keeping your fingers crossed is not enough Jeremy Stern 31 Breaking chains: Modern slavery, supply chains, and the Modern Slavery Act 2015 Paul Henty 37 Design Thinking: Creating an ethicsbased governance solution Kuldeep Singh 45 A case for enhanced project management in Compliance Brooke Hopkins This article, published in Compliance & Ethics Professional, appears here with permission from the Society of Corporate Compliance & Ethics. Call SCCE at or with reprint requests.

2 by Brooke Hopkins, CCEP, CFE, CVA, MAFF A case for enhanced project management in Compliance Successful programs embody accountable, prioritized, measurable, and monitored strategic detailed tasks. Use enhanced project management to lessen the pressure and complexity of addressing regulatory requirements. Decrease risk exposure and increase defensibility of a program with active implementation of key elements. Implement automated tools to manage and execute initiatives for seamless and immediate communication of priorities and potential issues to all stakeholders. Complement and strengthen manual controls with automated solutions. Hopkins The difficulties inherent in complex project management and the protocols required by regulators mean that financial services companies often need to work harder as they execute arduous, multiphase projects and to work even harder to maintain sustainable programs. A functional program that covers these elements including operations indirectly affected by the Compliance function such as Human Resources, Internal Audit, Finance, and Legal is an important cog in an efficient enterprise s wheel. Effective project management leads companies to a centralized approach for specific projects and initiatives while allowing for uninterrupted operations across different business functions, departments, and subsidiaries. There are numerous factors to consider, and among the challenges are: establishing strategic executable tasks with specific milestones and deadlines, setting defined budget parameters, designating responsible parties for each process and task, and determining indicators for successfully completed tasks. Keeping these challenging factors in mind while also addressing regulatory requirements makes everything exponentially more demanding. Balance test: Managing For most chief officers (CCOs) and other professionals, it is important to find a balance between internal, companydriven external concerns, particularly the regulatory requirements set by the U.S. Foreign Corrupt Practices Act and the Dodd Frank Wall Street Reform and Consumer Protection Act, as well as results from past internal and external investigations. The mix of regulations and the sheer complexity of many large projects may often be overwhelming. It is important that CCOs address the requirement, not only for planning purposes, but also to implement processes and procedures. Certainly, the or

3 SEC has acknowledged that mere planning for management may not be enough it is important that a CCO and leadership actually implement the plans to be successful. AlixPartners 2015 Anticorruption Survey reveals a multitude of issues that arise for organizations, despite the upward trend of companies addressing and improving their programs. Among survey participants, 22% said they believed their companies had lost business or customers to a competitor because that competitor had made an illicit payment to a government official. About 28% said they had ceased doing business with a partner because of corruption risks, and 34% said they avoided doing business in regions with high risk of corruption. 1 Figure 1: Effective Program Management Historically, companies have managed their organizations through simplified manual controls, such as written work plans, meetings, one-off reporting, and training. These can be effective tools in managing projects within a program, but they lack the detailed planning, seamless accountability, and ease of accessibility of an automated project management tool. Figure 1 shows the various components and the related project activities/ functions within an effectively managed program. Accountable Prioritized Measurable Monitored Determine initiatives based on annual assessments and known issues. Define tasks, including specific to-dos within each initiative. Assign responsible parties to each task, including internal and external stakeholders. Set a deadline for each task, including milestones for multiphased tasks. Consider tasks specific to high-risk countries. Highlight tasks resulting from current and past investigations. Focus on tasks based on corporate monitor s and Internal Audit s work plans. Consider how certain initiatives and tasks may affect other financial and operational processes. Develop a dashboard to show the summary statuses of all tasks. Alert relevant stakeholders about completed tasks, including highlighting of completed tasks on dashboard. Put in place realtime enforcement over responsible parties for overdue tasks (e.g., automated alerts). Coordinate with relevant stakeholders to delete obsolete tasks or to revise tasks based on changing /or operations. Plan for periodic risk assessments that drive initiatives. Coordinate among Compliance, Legal, and Internal Audit regarding new and known issues for monitoring. Develop data analytics to perform monitoring of data sets related to new and known issues, including real-time alerts for potential red flags. Follow through on development and oversight of corrective actions and remediation plans, including additional testing and monitoring to ensure successful and sustainable remediation and executed disciplinary action. Hands off: Automated solutions Enhanced project management through the use of automated tools decreases risk exposure and standardizes controls and data analytics procedures, it increases the level of monitoring effectiveness for high-risk areas, or

4 and it makes it easier to communicate with global stakeholders. For public companies and others subject to regulation, an automated project management tool can lead to a defensible solution one on par with other governance, risk, and (GRC) software. Even though prepackaged, off-the-shelf software is available, customized automated solutions implemented with a consultative approach enable companies to tailor their support for initiatives. The solutions serve as central repositories for all Compliance, Audit, and Investigation functions. The U.S. Securities and Exchange Commission and the Department of Justice noted as much in their Resource Guide to the U.S. Foreign Corrupt Practices Act: When it comes to, there is no one-sizefits-all program... Compliance programs that employ a check-the-box approach may be inefficient and, more importantly, ineffective. 2 An effective program substantially reduces the pressure to violate standards, increases the number of workers willing to report misconduct, and decreases the chances for retribution. 3 Some examples of customized platform solutions that integrate with each other as well as with corporate financial data are: Policy Portal: Provides the ability to develop and revise policies, procedures, and processes, with traceable work flows for managed accountability. Global Compliance Dashboard: Provides the ability to review tasks by geography, business unit, responsible party, prioritization, and criticality, with related summary visualization and automated alerts to responsible parties for past-due tasks. Due Diligence Portal: Provides the ability to evaluate, track, and store all due diligence electronic forms and information related to employees, third parties, and subsidiaries. Gives access to reference guides for employees on due diligence process flow and forms for third-party certification and clearance. Monitoring Portal: Provides the ability to report and communicate internal audit status and results and the ability to continuously monitor by using data uploads and a custom data analytics application. Investigations Portal: Provides an integrated dashboard that highlights (1) the details of ongoing investigations, (2) corrective-actions development, (3) remediation planning and implementation, and (4) the incorporation of rapidly deployed data analytics for targeted investigation issues. Training Portal: Enables a company to track training sessions and upload topic details, presenter names, attendee lists, and presentation materials and provides employees with calendar and registration access for upcoming training events. Can increase levels of employee interaction through the use of employee forums and on-demand reporting from external sources. An automated project management tool can satisfy regulatory expectations and requirements and lead to a defensible historical solution. Such a tool also results in seamless coordination among the Compliance, Legal, and Internal Audit functions, which can then enable those functions to address to centralize the Compliance function while broadening the reach of global communications or

5 Not so fast: Important manual controls Companies can still rely on manual controls to handle issues that require a more hands-on approach and adapt those processes to address today s complex environment. Some suggested measures are: The company assigns a project management officer who oversees the general Project Management function (automated and manual) and enforces accountability for defined schedules and budgets. Compliance Steering Committee meetings facilitate organization between program and project management include the CCO and other corporate leadership as well as regional leads. The meetings allow for occasional participation by other business unit leads, such as the chief financial officer, the chief operating officer, the chief information officer, and the head of Internal Audit. Compliance Task Force meetings can be convened for special issues, such as responding to government investigations, devising corporate monitoring of work plans, and developing the corporate Compliance function. The meetings can include corporate Compliance leadership and relevant stakeholders related to the special issues. Language sensitivity offers the assurance that all training and communication will be provided in local languages at relevant business units and subsidiaries, including customization of global online portals. Tone from the top and consistent, periodic communication and acknowledgments by top management, including the board of directors, demonstrate executive support for corporate. An example is the recognition of those employees who developed and implemented automated controls around the global delegation-ofauthority matrix within the company s enterprise resource planning system. Summary Most CCOs and practitioners say they not only juggle priorities, but also must help build a strong ethical culture throughout an entire organization. Ethics Research Center research indicates that a strong and effective program contributes to a strong ethics culture and that the two are self-reinforcing. 4 Enhanced project management may give a company a framework for successful management and enables the company to institute program management and oversight, to strategically organize and plan, and to tactically and efficiently execute initiatives that affect an organization s business and its culture. In effect, project management provides not only the cogs in the wheel, but also the manual for getting the cogs to mesh in an efficient and enhanced machine. The opinions expressed are those of the author, and do not necessarily reflect the views of AlixPartners, LLP, its affiliates, or any of its or their respective professionals or clients. 1. AlixPartners: Combatting Corporate Corruption: The 2015 Anti- Corruption Survey. Available at 2. Criminal Division of the US Department of Justice and the Enforcement Division of the US Securities and Exchange Commission: A Resource Guide to the US Foreign Corrupt Practices Act, p. 57. Available at 3. Ethics Research Center: The State of Ethics in Large Companies, 2015, p. IV. Available at 4. Idem, p. 8. Brooke Hopkins (bhopkins@alixpartners.com) is Director at AlixPartners in Dallas, TX or