- April 13, 2017
- Posted by: admin
- Category: Risk Advisory
When one thinks of ‘effective’ compliance programme in an organisation, there are many characteristics to it that can be cited. Ever increasing rates of reported misconducts in an organization, results of ethical cultural survey etc. are a few aspects that come to mind.
These characteristics, in addition to providing important insight into the overall effectiveness of a compliance program also provide subtle indicators for a corrective action plan.
Recently, the US Sentencing Commission (USSC) laid down the required elements of an effective compliance program. Further, the Department of Justice (DoJ) initiated a dialogue, as set forth in the FCPA guidelines and very recently in the FCPA Pilot Program as well.
As a result of some recent surveys conducted in India, consensus has been formed that fraud instances are on the rise and non-compliance even with the most strictly laid down guidelines is in place. Even with this, the actions taken by the organisations are not effective, as they remain post-facto when the damage has essentially been done.
Some of the unique Indian compliance challenges observed are as under:
- “Tick in the box” attitude toward certifications, training, etc.
- Excessive reliance on cheaper professional consultants and other similar vendors to get things done, especially approvals, permits, licenses, etc.
- Difficulty in getting good, actionable information on employee background checks and in third-party intermediary due diligence
Of late, the Industry has come to realise that it is now time to develop a comprehensive stratgey around this specific subject. Realisation has now set in that an ethical company is more profitable in the long run. Looking at some basic facts, employees who work at ethical companies are more productive and less likely to leave the company; misconduct rates among employees are lower at ethically-driven companies and employee reporting rates are higher at companies committed to a culture of ethics to name a few.
The above may anyways be a logical conclusion which has been further corroborated by Research findings and actual experiences of corporates.
The price that a couple of big pharmaceutical companies had to pay to the DoJ for lack of adequate process validation and non-existence of controls over various departments of an organization is known to everyone. Organizations that have a real and effective ‘Code of Conduct’ (CoC) are likely to experience lower rates of misconduct than companies that do not have a code of conduct at all. In case the CoC is also communicated at regular intervals, it makes the unwanted instances even more sparse. This is rational as well as demonstrable.
Likewise, there must be a way to measure characteristics of a culture that encourages reporting, notwithstanding the variance of actual rates of employee misconduct. In other words, there should be a way to work out the employees’ trust on the internal reporting system for reporting misconduct.
In addition to the above, ‘tone at the top’ is equally critical for building a culture of compliance as employees and managers cannot live in an area of emptiness. Also, employees and managers will naturally reflect the importance of ethical business practices shown to them by the senior executives and board members above them. Then, how accurately do you build tone at the top?
“Tone at the top” cannot be easily formalized and executed in a policy or procedure. The basic building blocks of board and employees training program should include, at a minimum:
- Importance of corporate culture
- Company risk management
- Third party risk management strategies and procedures
- Internal investigation procedures and results
- Periodic inter departmental assessment and results thereof
- Board legal responsibility for compliance oversight.
Using this basic outline, an effective compliance training program may be developed that explains why the information is appropriate and how the board and senior executives should use the information. Charts and graphs, along with numbers and metrics, are all important parts of the oversight and monitoring process. There are many third-party consultants/ trainers who can aid on this issue and have training programs designed specifically for senior executives and board members.
Once a company defines an outline for its corporate culture, it should focus on implementation of the culture and its communication, thus making it a reality for an organization. A corporate audience is like any other audience in society and hence, the message should be clear and genuine, and it should be accessible to the managers and employees who are expected to implement it.
Further, it is also of utmost importance that the definition of ‘culture’ is quantifiable. If it is simple, it can be quantified. If it is complex, the quantification may not be very accurate and could reflect a poor messaging strategy. However, it is easy to put effective compliance in theory but it is much more difficult to implement it in the real world.
Compliance practitioners have a lot to contribute here and this is an area where compliance representatives can extend support. Finally, the compliance profession will be required to demonstrate its ability to evaluate performance, bring some valuable research to the table, and help establish some parameters around this key issue. In the end, it will help the compliance profession to establish itself as a credible entity in the corporate boardroom, in political circles, and in the corporate governance field.
Like in business, as in any walk of life, keeping the focus absolutely clear will do good in the long run. Like it is said, ‘A picture is worth a thousand words, but a thousand pictures are worth nothing’.
Puneet is a Partner with International Business Advisors (IBA). He is a Chartered Accountant with 14 years of post qualification experience. He has rich experience in the field of accounting and auditing, due diligences and risk advisory to various mid-sized and large companies (Indian as well as trans-nationals) across various sectors. For most of his professional career he has worked with Big4 consulting firms such as KPMG and Deloitte.
In addition to heading the Assurance and Risk Advisory practice, he also leads the Forensic practice at IBA.
He regularly writes on various accounting and auditing matters. For any professional assistance, he can be reached on Puneet.firstname.lastname@example.org or at +91 98180 03353