DOING MORE WITH LESS: OBSTACLE OR OPPORTUNITY FOR COMPLIANCE LEADERS

Transcription

1 DOING MORE WITH LESS: OBSTACLE OR OPPORTUNITY FOR COMPLIANCE LEADERS Society of Corporate Compliance & Ethics Institute Planet Hollywood, Las Vegas, Nevada September 16, 2009 Presenters: David Childers, CIPP, President/CEO, EthicsPoint, Inc. Jennifer Allison, JD, CCEP, Director of Compliance, EthicsPoint, Inc. Cheryl Wagonhurst, JD, CCEP Partner, Foley & Lardner LLP

2 Overview of the Session Interactive Round Table Topic Overview Case Study Table Discussion Table Comments Part 1: Building a New Compliance Program Today Part 2: Optimizing an Existing Compliance Program

3 Overview of the Session Part 3: Creative / Strategic Workshop Prioritizing Risks Analyzing Current Approach Cost Considerations Opportunities for Improvement Objective: Learning to Think Lean

4 Building a Compliance Program - Today In an open letter to chief executives, SEC acknowledged that many companies were considering reductions and cost-cutting cutting measures, but those cutbacks should not expose their investors, employees and management to unacceptable risks. The SEC told chief executives that their companies must "be vigilant and proactive and keep up their compliance programs despite undertaking costcutting measures. December 2008

5 Back to Fundamentals Evaluate Risk Common E&C Risk Concerns Risk Assessment What is the most compelling risk(s) facing your organization? Policy, Procedure and Controls Gap Analysis How are allegations or violations brought to light Bribery and Corruption Anti-Trust / Unfair Competition Data Privacy and Security Discrimination / Harassment Human Rights Conflicts of Interest Environmental Health and Safety Whistleblower Protection Political Lobbying Theft and Financial Misconduct Fraud and Earnings Management Money Laundering Develop elop an Action Plan How are they managed? Reputation/History

6 Back to Fundamentals Assess the Landscape Organizational Complexity Centralized / Decentralized Headcount size Geography Highly Regulated? Inherent Industry Risks FAR/FCPA CSR Tone and Leadership Is the leadership committed to ethics and compliance? What is the organization s track record? Are there existing E&C initiatives in place? Assessment Opportunity for Control or Collaboration

7 Back to Fundamentals Resources Common Areas of Responsibility Hotline/Helpline Operations Investigations Training Alignment of People, Process & Technology Do you have the people? Staff / Authority Levels Locate Extended Resources Contractor / Consultant Training What processes are in place? Communications Ongoing Risk Awareness Policy and Procedure Development Records Management Code of Conduct What policies, procedures are needed? Leverage SCCE and other off shelf resources What technology is needed? What existing technology can be leveraged? TCO SaaS vs. Premise

8 Develop an Implementation Plan Key Initiatives Code of Conduct Executive Leadership - Tone from the Top Specific Risk Mitigation Programs Timing Responsibilities for Completion Monitoring Progress and Reporting Feedback Value Proposition / Approval

9 Case Study #1 Smart Co. has just hired you as their Compliance Officer. Smart Co. is a publicly l traded retail company, comprised of 4,000 employees and headquartered in the United States (however 10% of Smart Co s employees are located in the UK and they utilize a number of agents in Asia). Until now, all compliance matters for Smart Co. have been handled by their in-house counsel. Your first task is to assess the company s needs and prepare a presentation to the CEO and Board of Directors outlining your business plan and framing a value proposition for your compliance initiative. After you complete the Risk Assessment you realize that several areas of the business are underserved by the office of Compliance. No consideration has been given to the Foreign Corrupt Practice Act and the hotline for the UK is answered by the GC during the day and goes to an answering machine at night. As you frame your proposition, keep the following questions in mind: What are the most significant details to include in the presentation? (Remember you can t boil the ocean.) What will garner the greatest amount of support and buy-in from this group of stakeholders? How do you guarantee dollars for the Compliance Department when other budgets are being cut?

10 Optimizing an Existing Compliance System Evaluate Current State vs. Desired State Is there a Charter for the Compliance Program? Determine Who are the Key Interactors Evaluate the Current Risk Profile, Control Structure and Performance Develop an Action Plan

11 Common Current State of Compliance Courtesy OCEG, 2007All Rights Reserved

12 Common Current State of Compliance Inefficient Processes Redundant Processes Limited Communication Inconsistency Lack of Metrics and KPI Manual Processes Duplication of Controls Poor Information Flow Over Processing

13 Additional Optimization Considerations Extended Enterprise Risks Globalization li Social Responsibility Out-of-date Risk Priorities Data Protection/Red Flags Reporting Structure Overlap of Activity Lack of Creativity Training 4 Generations in the Workforce Unnecessary Complexity Cost Efficient Automation

14 Key Performance Indicators Evaluation and Measurement Risk Assessment is: Current Applicable Reasonable Identification of Employees require training Includes Training Specifics for High Risk Roles Training content is appropriate and relative to the organizational risks Creation of any environment where stakeholders feel free to report concerns Documentation that the policies, i procedures and code of conduct have been appropriately distributed Process in place to monitor changes in Laws and Regulations

15 Lean Ways to Close the GAP Eliminate waste and over production Focus on principles based training and guidelines Cross Pollinate your teams to enhance collaboration, transparency and reduce overlap Concentrate on the creation of value and the people who add value Optimize process flow look for existing technology synergies across the organization Engender consistency and excellence

16 Case Study #2 You have been with Smart Co. for 5 years. You have performed a current risk assessment and have concluded that although there are inherent risks to the company, they are at an acceptable level. However, due to the economic climate, you have been mandated by the Board of Directors to articulate ways to optimize operations within the current system. During the assessment phase you identify the following groups as essential interactors with the Compliance Department: HR, Internal Audit, Legal and Information Technology. The assessment reinforces your view of the working relationship between these groups and Compliance, i.e. the groups are poorly integrated resulting in unnecessary complexity, lack of visibility and duplication of efforts. Moreover, the redundancies cause unnecessary waste in resources, high costs, and confusion for accountabilities. It is now up to you to build a business case to improve transparency and alignment between these key groups. How do you frame your presentation?

17 Learning to Think Lean

18 Building & Maintaining an Effective Compliance Program Thinking Lean Workshop Steps Post your thoughts at your table as how you think you can support effectiveness and go lean Review other tables and steal good ideas Improve your thoughts Present your best ideas and common themes

19 Thinking Lean Waste and Redundant Processes WASTE ELIMINATION Inefficiencies or Poor Performance Manual or Over Process OPTIMIZATION Poor Communication or lack of Transparency Duplication of Compliance Controls ALIGNMENT

20 Let s Get Started