How Good Is Your Ethics and Compliance Program?
Verschoor, Curtis C., Strategic Finance
Actions to implement the 2004 expansion of the U.S. Sentencing Guidelines (USSG) for organizations have further heightened organizations' interest in meeting the standards for maintaining a comprehensive ethics and compliance program. The USSG apply to companies large and small, private and public, and for profit and non-profit. Fines and other punitive measures otherwise imposed by the courts can be reduced or avoided if the organization is deemed to have an effective ethics and compliance program to prevent and deter criminal conduct.
The USSG list seven requirements that an organization must comply with to be eligible for reduced penalties because of mitigating circumstances:
* Develop compliance standards and procedures tailored to the company's business needs.
* Designate high-level personnel to oversee compliance.
* Avoid delegating substantial discretionary authority to employees with a propensity for illegal conduct.
* Educate employees in the company's standards and procedures through publications and training.
* Design a compliance system that includes auditing and monitoring procedures and mechanisms that encourage employees to report potential violations.
* Enforce standards through appropriate and consistent discipline.
* Report all violations, and take appropriate steps to improve the program.
The announcement for the 2004 Guidelines revisions notes, "As a fundamental proposition, organizations must promote an organizational culture that encourages ethical conduct." Added responsibilities of senior management and the board of directors include:
* Being knowledgeable about and exercising reasonable oversight of the program.
* Ensuring the senior-level compliance and ethics officer has adequate resources, credibility, and access to the board of directors.
* Exercising independent review by directors.
* Being sufficiently informed so directors can exercise independent judgment.
The revisions also mandate continuous improvement in an ethics and compliance program through risk assessment and analysis. Chapter 8, Section B.2.1.(c) of the USSG manual states, "Organizations shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each of the [seven] requirements [previously] set forth to reduce the risk of criminal conduct identified through this process."
The Conference Board, a membership organization providing management education to experienced executives, has published Universal Conduct: An Ethics and Compliance Benchmark Survey, its latest survey of corporate ethics programs and practices. The study documents how 225 global companies have designed, implemented, and monitored their compliance and risk assessment programs. It compares current practices with those from three previous studies.
Some of the findings of this survey contrast with the USSG requirements. Although 77% of respondents in a previous Conference Board study said that board members should be trained in ethics or compliance issues, only 39% said that their organization's board had actually received training. Regardless of the amount of training board members received, however, contact between the compliance program head and the board is nearly universal.
The report also indicates that companies appear to be making ethics training a priority for a majority of employees. Of companies with ethics programs, 70% said they trained at least 91% of all employees. The three most common subjects taught are related to employment law: sexual harassment, work-place harassment, and ethical sales.
The Conference Board also reports that 91% of surveyed companies had an anonymous reporting system for employee reporting of misconduct, far more than the 52% reported in the 1998 survey. Surprisingly, 9% of responding companies that were subject to the Sarbanes-Oxley Act (SOX) have yet to institute a confidential reporting system or hotline, while 78% of companies not covered by SOX have a system in place. …