A Program Manager in a Power Plant Process group told me about the ‘Mock Audit’ that his company performs in its power plants across the country. He explained that his industry is heavily regulated at both the state and federal level. Power plants are subject to numerous levels of oversight including various ISO standards to which they must comply. ISO is the International Organization for Standardization and it develops and publishes International Standards for various industries and organization.
The ISO 9000 standards provide guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer’s requirements, and that quality is consistently improved. One of the components of ISO 9000 compliance is an internal audit to check how a quality management system is working. But, for the utility industry, there are additional, more formal audits by various state and federal regulatory bodies, including both North American Electric Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC). In other words, the utility industry is subject to numerous rules and regulations which require compliance audits.
To help prepare for these formal internal and external audits, his company employs the Mock Audit. In the Mock Audit, his team will go through the factors which will be reviewed in a formal audit at a power plant. But the thing that struck me was that he said that when goes into a plant, he tells the plant personnel “we all wear the same color shirt” and by this he means they are all on the same team, trying to achieve the same goal of doing business in compliance with the rules and regulations that the power industry is required to operate under. Coming from the energy service industry, the ‘color of one’s shirt’ is a powerful concept. I worked at Halliburton which is known as “Big Red”. Halliburton’s competitor, Schlumberger, is known as “Big Blue”. Once in an employment interview someone asked me if I could work under a person who came from “Big Blue” and I knew instantly what they meant.
The Mock Audit is a mechanism by which a compliance team can go into a facility and not only try to determine what might need remediation but, equally importantly, help the employees in that facility to move towards greater compliance. The team members who perform these Mock Audits are not lawyers but are engineers or other process focused team members. These Mock Audits help to uncover gaps that need closing before any of the regulatory mandated audits by external audit teams. As this Program Manager explained to me, they are a powerful compliance tool.
I thought about this concept of the Mock Audit in the context of continuous improvement under the Foreign Corrupt Practices Act (FCPA). Typically such monitoring and annual assessments are done by lawyers. One thing that I think we as lawyers bring to this process too often is an adversarial relationship. It sometimes feels and sounds like we are trying to find a violation or something wrong regarding a company’s compliance program. We are not there to try and help employees learn from their mistakes (if any) and we do not present ourselves as ‘wearing the same color shirt’. While there certainly is a fine line that must be trod in monitoring and annual assessments, if the compliance practitioner could adopt a bit of the tone of the Mock Audit it might open things up for a more useful and constructive exercise going forward. This is not to say that a more formal compliance audit should be conducted with such a tone, as it is a different type of activity. But, just as the Mock Audit is there to uncover any gaps and help fill those gaps, monitoring or annual assessments can also be used to help close compliance gaps before a biennial formal compliance audit. So what are some of the steps that a compliance practitioner can take?
I once worked in a corporate legal department where the attitude was very much ‘us against them’. The legal department was viewed as the last bastion between the business guys doing something to put the company at risk. The attitude was not cooperative at all. I would suggest that even if the legal department feels like it has to maintain that attitude, the compliance department is not required to have that attitude, at least not all the time. Just as my new found colleague from the utility industry can help power plant employees to do their work more in compliance with the rules and regulations that they are required to follow, the compliance department can work with employees rather than simply dictate the rules which are to be followed. An annual assessment is the perfect opportunity to learn more about a region or group’s compliance challenges and how those challenges are being met and might be met going forward. But it will not work if it starts out with the us against them or I am here to get you attitude. You have to wear the same color shirt and be on the same team.
One of the more constant complaints that I have heard from business unit folks is that compliance did not share the results of any assessments or audits with them. Not only was there no transparency at the end of the process but there seemed to be no simple desire for local participation or input to resolve any outstanding issues uncovered. So another step I gleaned from the Mock Audit is to review any assessment ﬁndings with the senior management team of the group or area being assessed. If warranted, the management team from the group or area reviewed should be a part of any corrective action plan that addresses a specific gap in compliance. You can use this opportunity to demonstrate that the overall goal is to drive towards compliance and that use of local input may be one of the best paths to positive change over the long term. As with anything, else if people feel like they have input into the process, they will be more likely invested to make sure the process succeeds. When you return to the corporate office you can collaborate with the group or region until issues are fully addressed.
The 2012 FCPA Guidance made clear that compliance audits, with actionable remediation plans, are a key component of any effective compliance program. The concept of the Mock Audit is one that can facilitate continuous improvement. As it is a process designed to help your employees do business in a more compliant manner it is a tool that should not be overlooked.
Three Key Takeaways
- Always remember we wear the same color shirt.
- Review your findings with the group being assessed.
- Use the Mock Audit to both learn and educate.
The Mock Audit is a useful tool for the CCO to utilize to both learn about a compliance program and educate employees on it.Click to tweet
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at www.affiliatedmonitors.com.