Anthony M. Tocco CCEP, CIA, CFE Chief Compliance Officer DTE Energy

Transcription

1 Anthony M. Tocco CCEP, CIA, CFE Chief Compliance Officer DTE Energy Define a Performance Assessment Governance Planning the Assessment Selecting the Assessor Common Assessment Practices Rating Scales Communication Reporting Remediation Lessons Learned Questions 2

2 An evaluation of a compliance programs structure (design and elements) and its effectiveness against prespecified standards and practices (i.e. FSG, leading practices). 3 Federal Sentencing Guidelines Chapter 8B2.1(b)(5)(b): The organization shall take reasonable steps to evaluate periodically the effectiveness of the organization s compliance and ethics program. Board Charters..assist the Board of Directors in its oversight of the Company's compliance with legal and regulatory requirements; FERC Policy Statement Emphasizes that assessments of the effectiveness of compliance and a ethics programs will likely be a key factor in determining the degree of o f penalty Department of Justice Compliance programs should be reviewed and appears to be a consideration for assessing charges against an organization. 4

3 Determine who will perform the assessment Determine the scope of the assessment Determine who will be the customer Determine the timing of the assessment Secure financial resources 5 Internal Resources Internal audit Legal Quality management External Resources Accounting firms Legal firms Compliance and ethics organizations Independent consultant 6

4 Risk Assessment Governance Auditing & Monitoring Business Unit Integration Policies & Procedures Core Values Tone at the Top/Middle Investigations Record Retention Communications Training Resources Culture Metrics 7 Board Senior Management General Counsel Chief Compliance Officer Internal Audit 8

5 Aligned with Board meeting Year-end end assessment Integrated with annual workplan In support of other company initiative Resource availability 9 Secure in annual financial budget process Compliance budget Other department budget (i.e. Legal, Internal Audit, Corporate Secretary) Corporate budget Personnel Compliance staff Legal Procurement/Supply Chain 10

6 Internal functional groups Organizational structure Skill sets and expertise Relationship with compliance & ethics office External parties Experience and knowledge of company Expertise in the field Independence References 11 Expertise in the compliance & ethics profession Skill sets (i.e. project management, interpersonal) Independence Cultural compatibilities Experience in performing assessments Biographies of assessment team Pricing model Timing of the engagement Assessment model Sample reports Acceptance of company s s terms and conditions Experience with the company 12

7 Board member CEO Chief Compliance Officer Chief Ethics Officer Project manager General Auditor Compliance & ethics professionals Legal representative Supply Chain/Procurement representative Corporate Secretary Other senior management representatives (i.e. HR) 13 Interviews Focus groups Surveys Document review Comparison to governance standards Comparison to industry leading practices 14

8 Senior Management CEO, COO, CFO General Counsel Chief Compliance/Ethics Officer Business Unit Presidents (Utility and Non-Utility) VP Human Resources VP Marketing & Sales VP Customer Service VP Regulatory Affairs Controller General Auditor 15 Board members Compliance and ethics staff External auditors Other third parties Vendors Contractors Consultants Employees (Focus Groups) 16

9 Employee sample from all levels and affiliates Include all classifications (i.e represented and non- represented) General facilitated discussion Knowledge about compliance program Strengths and weaknesses Integration within business units Identified resource for inquiries Random or judgmental sample Multiple sessions and/or locations may be required 17 Distribution to all employee levels and classifications Distribution to all affiliates, business units Distribution to all employees or random sample General questions Culture Tone Compliance and ethics program knowledge Values Resources (i.e. Helpline, inquiries) Risks Communications 18

10 Obtain data request in advance of engagement Compile and organize prior to commencement Draft an index for easy reference Identify hardcopy vs. online Provide sample report pages rather than voluminous report Draft document control log Ensure confidential and privilege privilege markings where appropriate Demonstrate technology and software used 19 Governance Introduction to Compliance Office Organizational Chart Job Descriptions Staff Bio s Vision Mission ECO Charter Audit Committee Charter Public Responsibility Committee Charter Policies and Procedures DTE Energy Way EM7 Hiring, Movement and Separation of Employees EM7-3 Recruitment, Hiring and Job Changes EM22 - Background Checks GV5 Officer Code of Business and Ethics New E-Verify E Rule for Federal Contractors Memorandum OP3 Information Security OP8 Physically Protecting People, Property, and Operations OP20 Critical Infrastructure Protection (CIP) Cyber Security Supplier Code of Conduct Investigations of alleged violations from Ethics Point Reporting System 20

11 Risk Assessment Risk Assessment Dashboard Sample Risk Assessment Form Samples Risk Assessment Process Risk Assessment Questionnaire Process ECO Questionnaire Assignment (for Compliance Specialists) ECO New Risk Reference Assignment (for Compliance Specialists) ECO Risk Review Assignment (for Compliance Specialists) ECO Validation Assignment (for Compliance Specialists) ECO Remediation Assignment (for Compliance Specialists) ECO Questionnaire Task (for Compliance Liaisons) ECO Risk Review/New Risk Task (for Process Owners) ECO Validation Task (for Process Owners) Incentives/Discipline Energy Model Yields Results Succeed with Energy Individual Contributor Exempt Succeed with Energy Individual Contributor Non Exempt Succeed with Energy Supervisor Succeed with Energy Manager Succeed with Energy Director and Above Positive Discipline Policy (EM4) Standards of Conduct (EM1) MichCon Company Employment Standards (Local 70, 132, 799 Northern) 21 Communications Strategic Communications Project Plan Compliance Office Communications Log ECO Orientation Presentation Multi-Year Training and Communication Plan Leadership and Oversight Foreign Corrupt Practices Act (FCPA) Identity Theft Prevention Program (Red Flag) NERC CIP Committee Privacy Governance Group (PGG) Committee 22

12 Does Not Exist Best Practice Unsatisfactory Satisfactory Q1 Leading Practice Company Performance Q2 Assess by industry performance quartile Q3 Q4 24

13 Notification to Board, Governance Committees and Senior Management Notification to interviewees Notification to focus group participants Notification to employees Periodic status reporting 25 Notification to Board, Governance Committees and Senior Management Reason for the assessment Objective Scope Identification of assessor Timing Contact Reporting 26

14 Notification to Interviewees Introduction of interviewers and bios Nature of interview Expectation of candidness in responses and input Required prep work Feedback channel Scheduling Contact 27 Notification of Focus Group Participants Introduction of facilitators Scope and objective of session Participant selection criteria (i.e. random, position) Expectation of candidness in responses and input Required prep work Feedback channel Scheduling Contact 28

15 Notification to Employees Reason for the assessment Objective Scope Identification of assessor Timing Contact Reporting 29 Periodic Status Updates Board Senior Management Compliance/Ethics Committees Legal Employees Project team 30

16 Independent Assessor OR Chief Compliance/Ethics Officer OR General Counsel Board CEO, COO Senior Management Legal Employees External Auditors External Regulators/Third Parties 31 Prioritize Establish and document Remediation Plan Identify activities Assign accountabilities Establish target completion dates Implement Monitor progress Communicate and report Re-assess 32

17 Clarify vocabulary (i.e. best practice, recommendation) Agree on rating scale Be specific as to expectations (i.e. deliverables, scope) Ensure continued communication Provide as much data as possible in advance Request to review and comment on interview questions Schedule interviews, focus groups, meetings in advance Agree on report format in beginning Be active in the design of the engagement and project plan Monitor planned vs. actual activities 33 34