With a new year, many folks have been promoted to the CCO chair. What should be your plan starting the new year and a new job. The answer is found in the eBook Compliance Program Game Plan by myself and Jonathan Marks. In this eBook, we lay out our thoughts on a guide for CCOs and those responsible for developing and implementing compliance policies and procedures for an organization. It is our vision that companies have more than a best-in-class compliance program going forward. It is broken down into four sections: (1) the first 30 days, (2) the first 90 days, (3) the first 180 days and (4) the first year.
What other have said:
“I have just read the Compliance Program Game Plan which you co-authored. You have saved me several weeks work because I had wanted to write such a guide. It is excellent, probably far better than I could have achieved.”
Adrian Pay | Director – Dynamic – GRC
“I like waking up in the morning to goodies like this! A fantastic guide for Chief Compliance Officers (CCOs) and those responsible for developing and implementing #compliance policies and procedures for an organization – Step by step for your first year on the job courtesy of Jonathan T. Marks and Thomas Fox.”
Sofia El Mansouri CCEP-I, CFE | Director of Business Conduct and Compliance
First 30 Days
In the first 30 days, we suggest you (a) Review the compliance budget, (b) Meet with leaders from other corporate functions, (c) Review internal documentation and (d) Inventory compliance policies and procedures.The role of the compliance policies is to prevent, detect and remediate any compliance related issue(s) which may arise with the organization, employees and third parties working on behalf of the company. Compliance policies provide a basic set of guidelines for employees and others to follow. Compliance policies should provide general prescriptions and be supplemented by more specific procedures. By establishing what is and what is not acceptable ethical and compliant behavior, a company helps mitigate the risks posed by employees who might not always make the right ethical choices. The key in this first phase is to obtain a full grasp on the basic state of your compliance program and meet with key stakeholders.
First 90 Days
In the first 90 days, you should continue your review of key documents and get out on the road. We suggest the following: (a) A worldwide listening tour to engage and educate throughout the organization, (b) Review past data and findings in all risk assessments, hotline reporting data, internal audits, culture surveys, internal investigations or other documents that discuss the state of your compliance program, (c) Begin the process to refine or develop training and delivery, (d) Improve communications from the compliance function to and through the organization and (e) Meet with outside compliance counsel, both those you utilize for investigations and those who focus more on the nuts and bolts work of compliance.
To introduce yourself and the compliance function to the company, we recommend you undertake a minimum two-week Listening Tour, to engage employees with the compliance function and to educate the workforce on the goals and objectives of the program. A listening tour should reach across the world of the company – both geographically and functionally. The goal of the listening tour is to both engage and educate employees.
First 180 Days
Here you are still in the learning phase but beginning to move actively move forward. We suggest you (a) Perform a gap analysis of the internal compliance controls, (b) Bring in an outside independent to administer a cultural survey, (c) Work with your Chief Financial Officer (CFO) and their team to review and analyze key financial processes to understand how compliance fits into that framework and (d) Hold a Compliance Retreat.
A gap analysis is mainly a document review or a “show me the proof” type activity, evidence which usually will come in the form of a record or document. During a gap analysis, there is some auditing accomplished, with key stakeholders providing the evidence they may have – or not – for each of the requirements set forth in the relevant internal controls standard. Conversely, by bringing an outside independent integrity consultant, a company is able to garner a broader picture of where its culture exists as, more usually than not, employees are more willing to open up to an independent outsider, rather than someone in their own organization.
In the first 365 days, we suggest that you engage in the following steps: (a) Create a Compliance Center of Excellence and (b) Provide training and coaching for your compliance team so that they can lead with the message of doing business ethically and in compliance.
The development of a Compliance Center of Excellence (CCE) would allow compliance to be more integrated into the overall strategic planning and allow for strategy discussions to stay tuned to the ever-changing risk profile of a company. Moreover, through an interdisciplinary approach, it would bring compliance knowhow to help employees and executives understand that compliance is, in reality, a business process that can easily be incorporated into business unit operating procedures going forward. Finally, you should consider retaining an outside consultant who can work with you, the CCO, and each team member to set up a personalized training and coaching program to help fine tune individual compliance expertise. While it would have a leadership training component, this program is not designed to focus on leadership development but on compliance development.
If you are starting a new CCO position or you want some ideas for ramping up your compliance program, this eBook is the resource for you. You can download a free copy of the Compliance Program Game Plan, by clicking here. Did I mention the cost? IT’s FREE.