SAI Global GRC Community

GRC COMMUNITY
Building Organizational Integrity.
Blogs >> Compliance & Ethics Risk Management

Compliance & Ethics Risk Management

The primary goal of most Chief Compliance Officers is to decrease compliance risk by increasing ethical behavior. One of the most difficult questions in pursuit of that goal is how to measure progress. Unfortunately, ethical behavior can’t be directly measured, so the measurements compliance officers rely on are actually proxies for ethical behavior. For compliance programs that have reached a degree of maturity, surveys are among the most commonly used broad-based tool for measuring employee knowledge, attitudes, and buy-in regarding compliance and ethics.

Read more...

This fall I had the opportunity to attend the SCCE’s 2013 Compliance and Ethics Institute in Washington, D.C.  Attending the conference was very informative, offering the opportunity for attendees to interact with others in the compliance and ethics industry and to attend a number of sessions covering a variety of compliance and ethics related topics. Taking a look at the topics the sessions covered, one could pick up on a number of themes that have been prominent within the industry for quite some time. However, one topic seemed to be more prevalent than the rest and that was how to assess your compliance program and/or measure the effectiveness of your compliance program.  There were a quite a few sessions covering this topic and I was able to attend a number of them.

Read more...

It seems like we are always looking for ways to assess our ethics and compliance culture.  Is it really possible?  Even if areas like culture, which can be tricky to assess and measure…we can see some evidence of some innovative ways to look at concrete data points to develop a risk mitigation strategy.  For example, using the data provided by Geert Hofstede’s research database, it’s possible to compare national cultures along the dimensions pioneered by Hofstede.

Read more...

In her recent article in the Christian Science Monitor, Ruth Walker points to the ever expanding number of “C- level” positions companies are creating and rightly questions the motivation behind these newly fashionable positions. Walker sites the chief compliance officer title as one of her examples and at the conclusion of the article asks an intriguing question, “does calling one person, say, ‘chief ethics officer,’ signal a serious corporate commitment to ethics – or does it just let everyone else off the hook?”

Read more...

In November 2009, the International Organization for Standardization (ISO) introduced ISO 31000: 2009 Risk Management as a standard on the implementation of risk management that is applicable to ‘any public, private or community enterprise, association, group or individual’. ISO 31000 replaced several older country based or organisation standards such as AS/NZS 4360:2004, broadening the process focus to address the entire management system supporting the design, implementation, maintenance and improvement of risk management processes.


The case for the introduction of a global risk management standard was a relatively simple one; the only real debating point was on elements relating to risk appetite and tolerance.

Read more...

In Andrea Falcione’s last Viewpoint post, she commented on the fact that compliance and ethics need to be fully integrated into corporate culture, with compliance and ethics leadership playing an integral role on the management team.  (She also expressed some surprise that this is news to some organizations.)

Read more...

In a prior blog article (January 25, 2011), Andrea Falcione made the important point that in measuring compliance and ethics programs it is not sufficient simply to measure activity; the Sentencing Guidelines and other program standards call for measuring effectiveness. Measurement takes more than simply counting how many steps you take; you also have to measure whether the steps are having an effect on what your people are doing.

Read more...

In February, I wrote about the importance of embracing technology, particularly case management systems, to effectively manage the multitude of processes associated with  third party due diligence.  Such systems automate many tasks that are otherwise onerous, manual, and would quickly overwhelm most compliance departments.  The December 2010 Alcatel-Lucent Deferred Prosecution Agreement (DPA) provides yet another compelling reason for utilizing an enterprise-wide case management system:  The ability to enable proper oversight of the process.

Read more...

If you’re like many business owners, you probably feel too busy to worry about building an ethical culture at your company. As long as you hire good people, you’ll be fine---right?

Read more...

If you thought that Sarbanes-Oxley was bad - brace yourself for Dodd-Frank. Compare 66 pages to 2300+ pages - with hundreds of rule-making initiatives for various federal agencies, new and old. Corporate directors will, once again, be diverted from their key oversight role with a barrage of "best practices," most notably in the area of executive compensation. Rulemaking will reveal the haste with which Dodd-Frank was cobbled together as well as its ambiguities.

Read more...

© 2015 SAI Global Limited ABN 67 050 611 642

Login

LOG IN

Register

User Registration
or Cancel