How well do you know your compliance program? 6 simple tools
In light of DOJ’s recent guidance, most companies understand that “paper” compliance programs are no longer enough to protect a company when a regulator comes knocking. Companies are under increasing pressure to demonstrate to both the Audit Committee and, if necessary, regulators, that their compliance program is operational and effective.
But how do you really measure your program’s effectiveness? A simple approach: leverage what your company is already doing by repurposing some quick, accurate tools you probably already have in place.
These tools can be used to quickly and accurately evaluate the effectiveness of your compliance program. It should go without saying, but the more tools you use, the better.
1. Form a Governance, Regulatory, and Compliance Committee. Many companies are turning to GRCCs to assist in monitoring and auditing their compliance programs. A GRCC is a management committee that includes representation for functions most likely to have some responsibility for compliance. Your GRCC could include employees from such areas as compliance, legal, HR, IT, sales and marketing, procurement/sourcing, investor relations, operations, finance, security risk and internal audit.
2. Expand your surveys. Compliance and HR can collaborate to incorporate compliance metrics into preexisting annual HR surveys. Alternatively, you can develop a freestanding annual ethics survey to help gauge your compliance program’s effectiveness. Among possible survey topics: tone at the top or in the middle; awareness of policies and procedures; comfort in reporting issues; fear of retaliation; effectiveness of certain controls; third-party due diligence; and the way the company interacts with regulators. Note: employee surveys are generally not privileged.
3. Use the exit interview. Include compliance questions as part of the exit interview process. Departing employees may candidly tell you something that a current employee would rather not.
4. Analyze hotline data. Hotlines are a traditional source for gathering data to assess a compliance program. Companies commonly examine the number of calls received to gauge employees’ comfort with using the hotline as well as their awareness of its existence. In addition, call substance can provide insight into the company’s most prevalent issues. Companies can generate data regarding follow-up and anonymous reporting and cross-check data against previous years to identify spikes in complaints relative to a particular region or topic.
5. Leverage regular audits. The numerous auditing activities your company already conducts as also offer an opportunity to evaluate your compliance program. For example, many companies leverage the work of internal audit to examine compliance-related issues, such as gifts, entertainment and charitable contributions.
6. Examine the training data. Training completion rates, average scores on training quizzes and post-training evaluation also provide helpful data. Analyze the cohorts that received training on particular issues during the course of the year to assess the training’s effectiveness.
Learn more about using these tools to assess your compliance program by contacting the authors.