CLEAR GOAL. Satisfy Regulatory Demands. Mitigates Current Risk Effectively. Provides Meaningful Information About Program Effectiveness

Similar documents
Building an Effective Compliance and Ethics Program

ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

2017 The Global ABB Integrity Program.

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Developing Effective Anti-Corruption Ethics and Compliance Programmes. Sven Biermann

European CEI. Compliance 101

Thomson Reuters Regulatory Change Management

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

More than 2000 organizations use our ERM solution

Effective implementation of COSO s new anti-fraud guidance

convercent Sample Board Report* Ethics & Compliance Program Update

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

An Overview of the AWS Cloud Adoption Framework

CODE OF ETHICS AND BUSINESS CONDUCT

BEATING THE BENCHMARK. A comprehensive guide for assessing and benchmarking compliance program effectiveness

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

SAMPLE BOARD REPORT* convercent. Ethics & Compliance Program Update

Implementing a Compliance Monitoring Program. January 29, 2014

Fraud Risk Management

Benchmarking 101: Shaping your E&C Program for Maximum Value

Compliance Plans. Kelly S. McIntosh July 20, 2017

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Metso Code of Conduct

Code of Business Conduct & Ethics

Extended Enterprise Risk Management

Third Party Risk Management ( TPRM ) Transformation

Compliance in 2016: Navigating the New Expectations

ASSOCIATED BANC-CORP CODE OF BUSINESS CONDUCT AND ETHICS

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

Driving Compliance and Ethics Program Effectiveness A Data-Driven Look at What Drives a Successful Compliance and Ethics Program

CODE OF CONDUCT. We Are Responsible For Our Own Success.

Compliance Metrics. Moving from Best Practice to Standard Practice. Tuesday, June 7, 2016

4/26. Analytics Strategy

Global Code of Business Conduct and Ethics

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

Enterprise Risk Management Handbook. June, 2010

Certified Identity Governance Expert (CIGE) Overview & Curriculum

SETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS

Morality/Ethics in a Workplace and the Ethical Dilemma for SCM, Finance & Internal Audit

Fraud in focus March Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond

Harnessing data and analytics to transform compliance

POLICY The following are the principles of the Conduent Global Ethics Policy that govern all practices concerning business ethics:

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Fraud Risk Management

Society of Corporate Compliance & Ethics: West Coast Regional

Compliance Auditing Done Right

Code of Business Conduct and Ethics

Guide to Internal Controls

Triple C Housing, Inc. Compliance Plan

EY Center for Board Matters. Leading practices for audit committees

Business Partner Code of Conduct

A Discussion About Internal Controls February 2016

Managing Compliance Risk in M&A, and Special Considerations for Joint Ventures

Dragon Oil. Code of Conduct

DALLAS COWBOYS MERCHANDISING, LTD. ASSESSMENT FOR ACCREDITATION

CODE OF CONDUCT Business ethics and compliance

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

Henkel s Compliance Management System (CMS)

Guide to North America Healthcare Compliance 2016/2017

ETHICS AND BUSINESS INTEGRITY POLICY

Our Commitments. Living our vision and values

SUPPLIER CODE OF PRACTICE SUPPLIER CODE OF PRACTICE

Measuring Compliance Program Effectiveness

Anti-bribery corporate policy

Appendix 8. M&T BANK CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

The Path to Clinical Enterprise Maturity DEVELOPING A CLINICALLY INTEGRATED NETWORK

Building A Holistic and Risk-Based Insider Threat Program

Compliance Program Effectiveness Guide

This report was prepared by McLean & Company for ACME Incorporated on Data is comprised of 8 responses. Prepared for ACME Incorporated

CODE OF CONDUCT FOR DOING BUSINESS WITH LINKEDIN

Supplier Ethics and Compliance Webinar

Keep Procure-to-Pay (P2P) Fraud at Bay with Fraud Detection Tools & Techniques

Contract Compliance: How Much Are Your Contracts Costing You? Written by: William Melville, Internal Audit Executive

Enterprise Risk Management. Focus on the Future June 2017

SAMSUNG HEAVY INDUSTRIES

And $100 million in savings.

Risk Management Strategy

WHISTLE BLOWING POLICY

SOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Navigating the New Health Economy

Business Framework Change How You Manage Safety

Office of Business Conduct and Ethics Program Review. Name and Title

Audit & Risk Committee Charter

Improved Risk Management via Data Quality Improvement

CFPB Examination Procedures

Physician Marketing & Outreach Growing Referring Physician Lifetime Value

CODE OF BUSINESS CONDUCT AND ETHICS

CHANGE MANAGEMENT IN PROCUREMENT TRANSFORMATION. Bloomberg. Page 1

Implementing an Employee Engagement Programme

Level of Reporting on GRI Indicators, 'in accordance' Core. Fully Significant Changes during 2016

SAP Road Map for Governance, Risk, and Compliance Solutions

Building a Winning Business Case for HCM SaaS

Code of Conduct & Ethics

Statement on Risk Management and Internal Control

Fulfilling CDM Phase II with Identity Governance and Provisioning

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017)

Transcription:

Catalog # 3 Regulatory Interconnected 4 Growth Hyper Building Predictive Monitoring Capabilities SCCE Conference October 205 Las Vegas, Nevada CEB Compliance & Ethics Leadership Council Project # 4365 02 CELC983024SYN THE VALUE OF PREVENTION Cost of a Noncompliance Event Across Time Illustrative Predictive Detection Period when increased susceptibility for noncompliance can first be measured Rapid Internal Detection Period after event occurred but before widespread knowledge Slow Detection Inability to identify an event before it s widespread knowledge Cost of Noncompliance Cost Cost of Monitoring: 0% 5% of Corporate Compliance Budget Cost Cost Cost of Monitoring: 0% 5% of Cost of Monitoring: 0% 5% of Corporate Corporate Compliance Budget Compliance Budget Regulatory Fine: Approximately Regulatory Fine: Approximately US$5.8 US$5.8 Million Million Internal Remediation Costs Internal Remediation Costs Legal Fees: US$200 US$500/Hour Decrease in Stock Value: Up to 4% Public Disclosure Decline in Employee Perceptions of Integrity: 20% Decline in Employee Engagement: Up to 0% Decline Noncompliance Event Reputational Harm Time Source: CEB 204 State of the Compliance and Ethics Function Survey; CEB 203 Q3 Integrity Capital Quarterly. HEIGHTENED URGENCY The Expanding Corporate Risk Ecosystem Highlights of the Interconnected Risk Landscape DATA PRIVACY THE CLOUD INSIDER TRADING CORRUPTION RISK Fragmentation Supply Chains in Information Transparency A

5 6 7 CLEAR GOAL Primary Objective of Compliance and Ethics Monitoring Percentage of Compliance Executives Selecting as Primary Objective Compel Action to Mitigate Unacceptable Compliance Risk Obtain an Accurate Read on Compliance Provide Information About the Effectiveness of the Compliance Program Report Compliance Program Activities to the Board Report Compliance Effectiveness to Regulators 2% 7% 6% 22% 38% Identify and Mitigate Risk = 60% Demonstrate Program Effectiveness = 35% Other 4% n = 98. Source: CEB 204 State of the Compliance and Ethics Function Survey. 0% 20% 40% BUT LIMITED INSIGHT Measuring and Monitoring Effectiveness Percentage of Compliance Executives That Agree or Strongly Agree with the Following Statements About Their Compliance Monitoring Program Satisfy Regulatory Demands 43% Mitigates Current Risk Effectively 33% Limited Effectiveness Provides Meaningful Information About Program Effectiveness 23% Predicts Future Compliance Risks 5% Limited Foresight 0% 25% 50% n = 90 96. Source: CEB 204 State of the Compliance and Ethics Function Survey. BARRIERS TO EFFECTIVE MONITORING Barriers to Building an Effective Measurement and Monitoring System By Percentage of Compliance Executives Complexity of Business Operations Lack of Predictive Metrics/Leading Indicators Poor Information Sharing (Across Functional Silos) Technology Constraints Corporate Culture Limited Understanding of the Organization s Risk Landscape n = 22. Source: CEB 204 State of the Compliance and Ethics Function Survey. Resistance from the Business Staff Skills (Mismatch of Skills and Needs) Regulatory Requirements/Expectations Other 8% 7% 6% 5% 5% 3% 0% 2% 2% 23% 0% 5% 30% A2

8 9 0 FOCUS ON ROOT CAUSES Current Versus Ideal Focus of Metrics Current Focus of Metrics: Period where detection that a noncompliance event has occurred takes place. Ideal Focus of Metrics: Period where earliest indication of the risk of noncompliance is possible. Reactive to Predictive Spectrum Representation Features: Activity and Efficiency Metrics Training completion rates Helpline call volume and trends Case cycle time Percentage of substantiated compliance cases Root Cause Metrics Tied to Risk Outcomes Measurable actions or events that indicate increased susceptibility to risk and allow for treatment of causes before an event occurs. IMPROVING THE SIGNAL TO NOISE RATIO Current Versus Ideal State of Risk Insight Illustrative Ideal State Current State Signal to Noise Ratio Ideal State: Predictive Monitoring Compliance only tracks the root caused-based metrics that increase understanding of the related risk. Number of Metrics Tracked Current State The average compliance program tracks 24 different metrics, yet lacks meaningful risk insight as there is no clear relationship between metrics tracked and risk outcomes. THE PATH TO PREDICTIVE MONITORING Key Barriers Understanding Meaningful Data 2 Creating Risk Indicators 3 Improving Visibility into Risk Change 4 Translating Monitoring Into Action Predictive Capabilities Identify the Root Causes of Risk Translate Root Causes Into Risk Indicators Embed Risk Indicators Into Existing Workflows Drive Business Accountability for Risk Mitigation Implementation Steps Conduct root cause analysis of noncompliance, focusing on cultural risk drivers Categorize root Create measurable KRIs by systematically translating root causes into specific, quantifiable metrics Build risk informationsharing protocols among internal partners Instill business leader support for KRI monitoring and mitigation by providing tools to ease the burden causes to prioritize Ensure efficacy of most significant risks corrective action plans A3

2 3 BUILDING PREDICTIVE MONITORING CAPABILITIES What drives How do I create How do I monitor how my How do I drive compliance risk? trackable risk indicators? risk indicators are changing? proactive risk mitigation? IDENTIFY THE ROOT CAUSES OF RISK TRANSLATE ROOT CAUSES INTO RISK INDICATORS EMBED RISK INDICATORS INTO EXISTING WORKFLOWS DRIVE BUSINESS ACCOUNTABILITY FOR RISK MITIGATION MassMutual Cultural Root Causes of Risk Root Cause-Based KRIs Business Risk Sensors Business-Led Risk Prevention Process-Based Risk Drivers Functional Risk Expertise High-Impact Risk Mitigation Principles for Conducting an Effective Root Cause Analysis ROOT CAUSES ENABLE PREDICTIVE INSIGHT Key Root Causes of Noncompliance Noncompliance Events Culture of Self Interest, Permissiveness, and Pressure Root Causes of Insufficient, Noncompliance Burdensome, and Complex Processes Description, Not Prediction Basic information about noncompliance events explains the type of noncompliance that can occur, but fails to provide insight into why noncompliance occurred. Predictive Insight Root causes explain the conditions and moments that precede and drive noncompliance, setting the foundation for a predictive monitoring system. Employee Mistakes ROOT CAUSES THAT MATTER MOST (AN INDEPENDENT ASSESSMENT) Primary Causes of Noncompliance 20-203, Council Analysis Company Gain 53% n = 209 Compliance Settlements. Personal Gain Pressure From Superior Permissive Culture Operational Burden Poor Process Design Employee Made Mistake Employee Unaware of Policy Other (External Actor) 0% 7% 0% 0% 9% 2% 4% 39% 0% 30% 60% Culture = 69% Process = 2% A4

4 5 6 ROOT CAUSES THAT MATTER MOST (STAKEHOLDERS PERSPECTIVES) Primary Causes of Misconduct Percentage of Compliance Executive Responses by Reason for Business Misconduct (Select up to Three Causes) Compliance Executives Employees Employee(s) Self-interest 32% 74% Employee(s) Felt Pressure to Commit Misconduct Poor (Permissive) Company Culture 0% % 9% 23% Insufficient Controls 23% 48% Operational Burden Process Complexity (Unintentional or Negligent) 0% 4% 0% 26% Employee Made Mistake 6% 4% n = 36; 3,668 employees. Source: CEB 204 State of the Compliance and Ethics Function Survey. 2% Lack of Awareness 2% 0% 40% 80% IDENTIFY THE ROOT CAUSES OF RISK What drives compliance risk? Challenge Understand the primary root causes of noncompliance Challenge 2 Identify where to focus root cause analyses Challenge 3 Conduct an effective root cause analysis Profiled Solution Profiled Solution Profiled Solution Cultural Root Causes of Risk Process-Based Risk Drivers Principles for Conducting an Effective Root Cause Analysis THE IMPORTANCE OF A CULTURE OF INTEGRITY Observations of Misconduct by Employee Perception of Culture Reporting Rates by Employee Perception of Culture Less Observations, More Reports Employees with the most favorable perceptions of the organization s culture are 90% less likely to observe misconduct and 63% more likely to report anything they see. 80% 80% = 63% 40% = (90%) 40% 0% Least Neutral Moderately Most Favorable Favorable Favorable n = 255,498. 0% Least Neutral Moderately Most Favorable Favorable Favorable n = 255,498. A5

7 8 9 A KEY CULTURAL ROOT CAUSE Organizational Justice Drives a Culture of Integrity 73% Organizational Justice Organizational Justice is employees degree of agreement that: Their company responds quickly and consistently to verified or proven unethical behavior and Unethical behavior is not tolerated in their department. 27% All Other Integrity Components Clarity of Expectations Leadership Comfort Speaking Up Trust in Colleagues Direct Manager Openness of Communication Tone at the Top n = 65 companies. CULTURE SHIFTS AS THE ORGANIZATION CHANGES Impact of Career Moments on Employee Perceptions of Integrity By Number of Career Moments in the Past Year (Excluding Promotions) No One Two Moments Moment Moments 0% Employee Perception of Integrity (6%) (2%) n = 3,3. Three Moments A 4% decline is equivalent to moving from middle to bottom-quartile scores in perceptions of integrity. Four Moments 5 0 Moments IMPLICATIONS FOR COMPLIANCE MONITORING Summary of CEB Cultural Research Implications on Compliance Monitoring By Number of Career Moments in the Past Year (Excluding Promotions) Compliance Monitoring Implications Over-invest in Monitoring Culture Cultural metrics are the most predictive indicators of future misconduct, compared to process-related factors and employee mistakes. Track Employee Perceptions of Organizational Justice Use operational metrics (e.g., percentage of employee concerns that receive follow-up) to monitor organizational justice. Include questions about employee perceptions of organizational justice (e.g., extent to which the company responds quickly and consistently to verified or proven unethical behavior) on annual C&E program or company-wide engagement surveys. Conduct Deeper Dives During Periods of Change Increase cultural monitoring and conduct focus groups during times of change when employees perceptions of culture (and thus the potential for increased risk) are most likely to shift. A6

20 2 Pseudonym. 22 CREATING THE MANAGER INTEGRITY DASHBOARD Manager Integrity Pre-Alert Dashboard Illustrative, CEB Employee Integrity Performance Human Resource Factors Compliance Factors Behaviors Risk Whistleblowing Leadership or Integrity Turnover, Actions Senior Engagement Exit Interview Assessment MBOs Absenteeism, ( >.5 SD Manager Survey Trends ( >.5 SD below Noncompliance below company Results company average) average) Comfort Speaking Up 80% to Organizational Justice SVP > 5% N/A Target Goal 5% Y-o-Y Direct Manager Within Range Leadership Comfort Speaking Up SVP 2 95% to Target Goal > 0% N/A 20% Y-o-Y Organizational Justice Direct Manager Leadership Within Range SVP 3 50% to Target Goal > 5% Increase in Management Concerns 5% Y-o-Y Comfort Speaking Up Organizational Justice Direct Manager Leadership Outside Acceptable Range CEB RISKCLARITY SERVICE: ASSESSING CORPORATE CULTURE CEB RiskClarity: A Corporate Integrity Service Employee Survey and Potential Responses Key Demographics of Survey Participants Multiple Industries CEB RiskClarity: A Corporate Integrity Service I have observed misconduct at my company in the past year. Yes No Don t Know Have you observed any of the following types of misconduct in the past year? (Select all that apply.) Don t Don t Yes No Know Yes No Know Accounting irregularities Improper payments 2 All Employee Levels 3 Global Coverage Alcohol or drug abuse Business information violation Conflict of interest Data privacy or information security violation Discrimination Fraud Harassment Inappropriate behavior Inappropriate giving Insider trading Misuse of time or resources Preferential treatment Stealing of company property Violation of environmental regulations Violation of health and safety regulations 4 All Business Functions 5 Dozens of Languages PROCESS-BASED RISK DRIVERS OVERVIEW Vista aligns compliance risks to associated business activities, forming the basis for quarterly risk-based monitoring plans that reflect the risk weight of each business activity. SOLUTION HIGHLIGHTS Align Business Activities with Compliance Risks Define the set of risks in Compliance s purview and align those risks to the activities in which they manifest. Pinpoint Business Activities Contribution to Risk Conduct an activity-based risk assessment to identify the level of compliance risk associated with common business processes. Derive Monitoring Plans from Risk Assessment Results Use annual risk assessment results to prioritize each region s monitoring efforts around its high-risk activities. COMPANY SNAPSHOT Vista Industry: Pharmaceuticals and Biotechnology 203 Sales: US$5 5 Billion Employees: 4,000 8,000 A7

23 24 25 A MORE HOLISTIC RISK ASSESSMENT Vista s Two-Pronged Risk Assessment Top-Down Environmental Risk Score Collection of broad conditions that describe a region s environment of compliance risk. Ownership Corporate Compliance pulls environmental conditions from functional and regional partners and other sources. Examples Sales Growth Expectation (from Finance) Employee Turnover Rates (from HR) Controls Required by Regulators (from external publication) Bottom-Up Operational Root Causes Risk rating of the specific business operations and processes in which misconduct can manifest. Ownership Each regional or functional compliance officer assesses the risk level of business activities within his or her region. Examples Likelihood of HIPAA violation during promotional interactions with patients Effectiveness of controls in preventing bribery during interactions with health authorities Accurate Insight Vista develops a comprehensive understanding of the conditions and processes that drive risk across the organization. Source: Vista; CEB analysis. Pseudonym. HOW THEY DO IT Overview of Bottom-Up Assessment and Monitoring Plans Align Risks with Activities Define the risks in Compliance s purview. Identify the company s core business activities and how they relate to compliance risks. Create a catalog that aligns each business activity to the relevant compliance risks. Identify High-Risk Business Activities Use an activity-based risk assessment to identify the business activities that drive the most risk within each region. Deploy Right-Sized Monitoring Plans Create a customized monitoring plan for each business activity that reflects its contribution to compliance risk exposure. Source: Vista; CEB analysis. Pseudonym. ACTIVITY-BASED RISK ASSESSMENT Vista s Risk and Control Assessment Illustrative, Does Not Reflect Real Results Risk Data Privacy Inherent Risk Control Risk- Overall (likelihood x Residual Activity Effectiveness Specific Compliance impact; Risk ( 3 Scale) Weight Risk Weight both on 5 Scale) Promotional Interactions 5 5 60% 28% with Patients Market Research 2 2 6 24% % Consulting Meeting 2 3 4 6% 7% Antitrust/Unfair Competition/ Competitor Disparagement Corruption and Bribery Promotional Interactions 20 2 0 63% 9% with Patients Hospital Sponsorships 8 3 6 38% % Education Grants 6 2 8 62% 5% Interactions with Health 5 3 5 38% 9% Authority Source: Vista; CEB analysis. Note: Up by the 60% for risk-specific weight and then at the bottom add: Risk-Specific Weight of 60% = Residual risk score of 5/total of all residual risk scores for data privacy of 25. Pseudonym. A8

26 Pseudonym. 27 Pseudonym. 28 IDENTIFYING HIGH-RISK ACTIVITIES Risk Weight of Activities, Data Privacy Risk Illustrative Risk Weight of Activities, All Compliance Risks Illustrative 6% Consulting Meeting Focus on a specific risk area. 9% Interactions with Health Authority 5% Education Grants View total compliance risk. 24% Market Research 60% Promotional Interactions with Patients % Hospital Sponsorships 47% Promotional Interactions with Patients 7% Consulting Meeting % Market Research Source: Vista; CEB analysis. Pseudonym. DEPLOY RIGHT-SIZED MONITORING Source: Vista; CEB analysis. Vista s Data Privacy Monitoring Plan Illustrative Monitoring Plan: United States Regional (204 Q3) Data Privacy Risk Sub-Activities Promotional Market Consulting Interactions Research Meeting with Patients Residual Risk 5 6 4 Total Occurrences 00 30 0 Monitoring Format Post-Transaction Post-Transaction Live Review Review Suggested Sample Size 30 4 Risk Score-Adjusted Sample Size 32 5 2 BUILDING PREDICTIVE MONITORING CAPABILITIES What drives compliance risk? How do I create trackable risk indicators? How do I monitor how my risk indicators are changing? How do I drive proactive risk mitigation? IDENTIFY THE ROOT CAUSES OF RISK TRANSLATE ROOT CAUSES INTO RISK INDICATORS EMBED RISK INDICATORS INTO EXISTING WORKFLOWS DRIVE BUSINESS ACCOUNTABILITY FOR RISK MITIGATION MassMutual Cultural Root Causes of Risk Root Cause-Based KRIs Business Risk Sensors Business-Led Risk Prevention Process-Based Risk Drivers Functional Risk Expertise High-Impact Risk Mitigation Principles for Conducting an Effective Root Cause Analysis A9

29 30 3 MONITORING CHANGES IN RISK EXPOSURE Internal Capabilities to Monitor Risk Business Partners Information on changes in the business Internal Audit Previous audit findings Information Technology Systems access permissions Human Resources Employee information Finance Information on outgoing payments Compliance Hotline and investigations data Procurement Third-party vendor information CEB INSIGHTS IN BUILDING AND SUSTAINING A LIAISON PROGRAM Key Learnings in Developing a Liaison Program Align the Business Case with Key Stakeholders Interests 2 Right-Size Your Liaison Program Structure 3 Look Beyond Functional Background and Seniority in Selection 4 Provide Support to Build Early Engagement 5 Measure Ongoing Effectiveness of the Program Source: CEVA Logistics; CEB analysis. CEB INSIGHTS IN BUILDING AND SUSTAINING A LIAISON PROGRAM (CONTINUED) Case-in-Point: Overview of CEVA Logistics Liaison Program CEVA Logistics Liaison Program Situation: CEVA Logistics launched its liaison program in 2008 to strengthen its corporate culture while minimizing additional resource investment. Key Liaison Program Attributes: Phased Rollout: CEVA Logistics piloted its liaison program in South America. After a few years of success with its liaisons (called Compliance Leaders), CEVA expanded the program into other regions. Right-Sized Structure: To maximize coverage, CEVA Logistics assigns one Compliance Leader to each country of operation. The company provides additional liaisons to certain countries based on complexity of operations and risk profile. Competency-Based Selection: Compliance leaders are nominated by regional managers and selected based on key competencies. Leaders come from a variety of functional backgrounds (Operations, HR, Legal). Support Tools: New leaders receive one-on-one onboarding with the Compliance office, and monthly calls for ongoing support. Rewards/Recognition: Performance reviews include a compliance and ethics component. Compliance-in-Action is an initiative to recognize ethical behavior and reward leaders. Source: CEVA Logistics; CEB analysis. A0

32 33 34 NEW CEB RESOURCE: LIAISON TOOLKIT Liaison Toolkit Highlights Sample Resources Compliance and Ethics Liaison Toolkit Proposed Topics Liaison Program Organizational Structures and Decision Rules. Making the Business Case Overview of program benefits Customizable business case presentation 2. Structuring and Rolling Out a Liaison Program Sample program charter Liaison program organizational structures Sample Liaison Reporting Dashboard 3. Identifying and Selecting Liaisons Liaison roles and responsibilities Liaison selection criteria 4. Onboarding and Engaging Liaisons Liaison development plan Liaison onboarding presentations Liaison support tools (e.g., reporting dashboards) 5. Managing the Program Liaison performance management (e.g., performance criteria, incentives) Measuring liaison program effectiveness This Toolkit Will Help You: Implement a Liaison Program: Save time and effort organizing and implementing an effective ethics liaison program Enhance Ethics Network: Improve the reach and oversight of the compliance and ethics program across the company EMBED MONITORING IN FUNCTIONAL RISK CENTERS Monitoring Compliance Risk in Corporate Functions Functional Partners Compliance Risk- Relevant System Risk Indicator Examples Procurement Third-Party Database Sub-contractor due diligence Information Technology Information Security Incident Database Data privacy breaches Human Resources Human Resources Information System (HRIS) Employee career moments (e.g., layoffs, role changes, restructuring) Senior management involvement in noncompliance cases Sales & Marketing CRM Database Customer complaints Finance Accounts Payable Improper Payments Travel and Entertainment Expenses EMBED MONITORING IN FUNCTIONAL RISK CENTERS Monitoring Compliance Risk in Corporate Functions Implementation Guidance for Functionally-Integrated Monitoring Prove Business Value Build buy-in for consistent collaboration by outlining the benefits of closer integration (e.g., business efficiency, heightened corporate assurance, lower cost of compliance). Extract Value from Existing Capabilities Use risk information already tracked in functional systems to streamline monitoring efforts and reduce the burden of Compliance-led monitoring. Synthesize Risk Intelligence Utilize functional partners knowledge and experience of how noncompliance manifests to enhance practical understanding of compliance risk and local control environment. A

35 QUESTIONS? Jennifer Childs Kugler Principal Executive Advisor CEB Compliance and Ethics Leadership Council kuglerj@cebglobal.com A2

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback