Assessing the Effectiveness of Your Compliance Program

If you’ve already developed and implemented a compliance program, you’ve taken an important step toward ensuring your organization has a strong ethical culture. Additionally, a compliance program can serve as an effective risk management tool by helping you detect and prevent improper conduct, while also promoting adherence to any applicable legal or regulatory standards.

However, having a compliance program in place doesn’t necessarily mean that it is functioning at maximum efficiency. Realignment of organizational structure, expansion into new markets, and changes in the regulatory environment are just a few of the factors that can render a compliance program ineffective, or even obsolete.

According to the Federal Sentencing Guidelines for Organizations, one of the essential elements of any effective compliance program is verifying whether the standards and procedures outlined in the program are being followed. It is also important to determine whether the program is actually achieving the desired results. This typically requires a periodic review of the entire program.

A compliance program review/assessment can be conducted internally or externally. A benefit of using a third-party entity to conduct the review is that it provides an impartial, objective program assessment. Using an external source may also be the most viable option for an organization with limited resources. However, an internal review offers the advantage of the reviewer being intimately familiar with the organization’s operating practices and procedures, and having a clearer understanding of the various compliance challenges it faces. Organizations might consider using tools such as the FSGO Compliance Review Check List to conduct an informal self-assessment at any time.

A comprehensive assessment should focus on a variety of issues/areas that can impact the effectiveness of a compliance program. Typical review areas include:

  • Determining the level of oversight and support
  • Thorough review of compliance standards and procedures
  • Assessment of changes in risk
  • Evaluation of internal reporting process
  • Determining availability/effectiveness of compliance education and training
  • Measuring effectiveness of internal auditing practices
  • Gauging the appropriateness/efficacy of disciplinary action

Determining the level of oversight and support

An assessment should examine the role organizational leadership plays in overseeing the effective execution of the compliance program. Specifically, the review should gauge whether the board of directors and top management has sufficient knowledge regarding the content and operation of the program. It should also attempt to determine management’s overall level of support for the organization’s compliance efforts.

Thorough review of compliance standards and procedures

The review should evaluate where the organization’s current compliance standards and procedures are insufficient. Specifically, the Code of Conduct should be evaluated and updated if necessary, and existing compliance policies and procedures should be modified as well.

Assessment of changes in risk

An organization’s susceptibility to risk can change over time. For instance, when a company expands its operations into a country where bribery is viewed as standard operating procedure, its employees and third-party agents may become more likely to engage in corrupt business practices, either intentionally or unintentionally. A compliance program review should include a comprehensive risk assessment to ensure that all relevant risk areas are being adequately addressed.

Evaluation of internal reporting process

A compliance program review should evaluate the organization’s internal reporting systems and mechanisms. This includes an assessment of the effectiveness of anonymous reporting hotlines, the procedures to protect whistleblowers against retaliation, and the investigatory practices used to follow up on incident reports.

Determining availability/effectiveness of compliance education and training

Inadequate training of employees and stakeholders is a primary reason why compliance programs fail. A program assessment should measure the effectiveness of the compliance training program as it relates to the corporate values specified in the Code of Conduct. The training program should be evaluated for the adequacy of the subject matter, as well as the effectiveness of the method of delivery.

Measuring effectiveness of internal auditing practices

The review should take a close look at the organization’s internal audit processes and protocols to determine their adequacy and whether sufficient audit trails have been established. The assessment should also identify whether audit results are reaching the proper parties, as well as whether the findings are acted upon in an appropriate fashion.

Gauging the appropriateness/efficacy of disciplinary action

The assessment should examine the types of corrective actions that are taken when misconduct occurs. Are disciplinary actions administered consistently and fairly, and did the organization establish sufficient support and guidance for employees to comply with ethics and compliance initiatives? The review should also determine whether appropriate measures to prevent misconduct from reoccurring.

Related Posts

Enter your keyword