[page_header height=”235px” align=”center” title=”Frequently Asked Questions” bg=”48″ bg_pos=”51% 15%”]
[row]
[col span__sm=”12″]
[accordion]
[accordion-item title=”What is an ethics and compliance program?”]
An ethics and compliance program is the documenting of the company’ management practices. It provides everyone who acts on behalf of the company a framework to make decisions that align with the company mission and values. And finally, the program helps ensure everyone understands and complies with the laws and policies applicable to the company business.
[/accordion-item]
[accordion-item title=”What is a program?”]
A plan of action to achieve a business objective. It will include details on what work is to be performed, by whom, when, and what means or resources will be used. A program is usually documented through a combination of policies and procedures.
[/accordion-item]
[accordion-item title=”What’s the difference between policies and procedures?”]
Policies and procedures clarify what your organization wants to do and how to do it. Policies and accompanying procedures vary between workplaces because they reflect the values, approaches and commitments of a specific organization and its culture. But they share the same role in guiding your organization.
Policies
Specifically, policies are clear, simple statements of how your organization intends to conduct its business regarding a specific topic. They provide a set of guiding principles to help with decision making. One or two sentences may be all that is required to define a policy. Policies should never be long nor complicated.
Procedures
In contrast, procedures describe how each policy will be put into action in your organization. Procedures may be a few bullet points or instructions. A procedure may be documented in the context of forms, checklists, instructions, or flowcharts. A procedure should outline:
– When to engage in the procedure
– Who will do what
– What steps are needed
– Which forms or documents to use
[/accordion-item]
[accordion-item title=”Why does a company need an ethics and compliance program?”]
There are 2 answers to this question: operational discipline and legal risk.
Operational Discipline
First, as a company grows it’s important to ensure that the company executes efficiently. As a business owner, you want to make sure that your employees perform their duties the same way you would you were doing the work. So, think of a compliance and ethics program as a way for your employees to incorporate operational discipline in their behavior.
Legal Risk
Next, every company is exposed to certain legal risks. As a company grows, the risks change and as such, we need to review our internal compliance programs to make sure we are protecting the right activities. A company should always strive to keep the rules simple and as few as possible. Every program has the potential to burden the company with training and reporting requirements. For those reasons alone, it’s important perform a cost benefit analysis before creating a compliance obligation inside the company.
For example, a company that communicates electronically with its customers will be required to have a number of data privacy measures in place to protect the client information and to respond in case of a inadvertent release of customer information. Another example is a construction company that installs underground utilities. Almost every state has a call before you dig program (commonly known as a “one call” program). Failing to comply with either of the above examples can expose a company to unanticipated risk. The occurrence of failing to keep a client’s personal information safe or hitting a buried pipeline can create significant, if not devastating damages to your company. The consequences to your company can affect operations, finances, and business reputation. Let’s face it, growing a business is rarely easy. Why would we want to introduce extra barriers to success?
One final note regarding legal risk, depending on the legal infraction of the company, the Department of Justice currently has adopted the policy that government attorneys in investigating either criminal or civil matters should focus on individual wrongdoing from the very beginning of any investigation of corporate misconduct (Department of Justice Memorandum, September 9, 2015). The thought behind building cases against individuals from the inception of an investigation, is to first, maximize the ability to ferret out the full extent of corporate misconduct. Additionally, the Department believes that by focusing the investigation on individuals, it can increase the likelihood that individuals with knowledge of the corporate misconduct will cooperate with the investigation and provide information against individuals higher up the corporate hierarchy. And, finally, by focusing on individuals from the very beginning of an investigation, the goal is to maximize the chances that the final outcome of an investigation uncovering misconduct will include civil or criminal charges against both the corporation and the responsible individuals.
[/accordion-item]
[accordion-item title=”How do I decide what laws my company is legally obligated to follow?”]
Every business has certain legal requirements, whether it is paying local taxes or protecting client or employee personal data. Additionally, depending on the business, there may be more stringent legal obligations. In order for an organization to determine it’s legal compliance obligations it first must do a risk assessment.
Why? Simply put, the organization needs to assess what risks are likely and the potential consequences for each risk. To put it in the context of building a home, it doesn’t make sense to buy flood insurance or build a house on stilts on the top of a mountain or in the middle of the desert. Likewise, it is not prudent to own a home on the ground at the beach without some form of flood damage insurance.
After performing a risk assessment, the Department of Justice has identified 7 elements to an effective ethics and compliance program.
1. Establish Policies, Procedures and Controls
2. Exercise Effective Compliance and Ethics Oversight
3. Exercise Due Diligence to Avoid Delegation of Authority to Unethical Individuals
4. Communicate and Educate Employees on Compliance and Ethics Programs
5. Monitor and Audit Compliance and Ethics Programs for Effectiveness
6. Ensure Consistent Enforcement and Discipline of Violations
7. Respond Appropriately to Incidents and Take Steps to Prevent Future Incidents
8. Conduct ongoing risk assessment
[/accordion-item]
[accordion-item title=”What are the benefits of an ethics and compliance program?”]
Think of an effective ethics and compliance program as a continuous improvement wheel.
What is the difference between Audit, Compliance, and Risk functions inside and organization?
An oversimplified way to view risk, compliance and audit is as follows:
1. Risk sets the bar height (risk appetite and risk tolerance);
2. Compliance determines the effort needed to clear the bar of risk appetite; and
3. Audit determines if operations operated within or beyond the organization’s risk appetite.
Risk
Risk determines the operational performance expectations for the organization based upon legal and operational expectations. When you think of risk, think about it this context, a risk is a situation where the probability of a variable (such as burning down of a building) is known but when a mode of occurrence or the actual consequence of the occurrence (whether the fire will occur at a particular property) is not. Risk appetite is the amount and type of risk that an organization is willing to pursue or retain. Risk tolerance is an organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives. It’s important to note that risk tolerance can be influenced by leg or regulatory requirements.
Compliance
Compliance is fundamentally operational in the context that compliance is looking at a present situation against the current expectations to ensure the future activities are carried out in compliance with applicable legal and operational expectations.
Audit
Audit measures an organization’s performance against the organization’ internal controls to determine whether the performance met legal and operational expectations. In other words, Audit’s objective is fundamentally assurance. Looking at the past and present to provide assurance that all activities are being carried out according to the written policy and procedure.
[/accordion-item]
[/accordion]
[/col]
[/row]
[section label=”Simple Center” bg_color=”rgb(114, 112, 87)” dark=”true” padding=”0px” height=”215px”]
[row h_align=”center”]
[col span=”10″ span__sm=”12″ align=”center”]
HOW CAN WE HELP?
Get in touch to let us know how we can best help you.
[button text=”GET STARTED” link=”https://mccannlaw.co/contact/”]
[/col]
[/row]
[/section]