Section 2

Building Your Foundation

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Implement What You Know with Confidence

Discover action-based tools that provide simple steps for program improvement or robust plans for new ways of doing business. 

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Your ethics and compliance program is an ecosystem of moving parts. New laws and regulations, new lines of business, new geographies, mergers and acquisitions become part of a growing enterprise that your compliance ecosystem must support. 

Effective compliance programs are able to deftly navigate these complexities because they have built strong foundations that were developed with the nature of the compliance industry in mind.

This section will give you the expert advice and programmatic best practices to ensure the first steps you take to develop your program are in the right direction. Or if your program is more mature, these resources and insights will give you the necessary guidance to course correct and improve your program’s foundation at whichever stage it is in. 

 

How to Survive a Root-Cause Analysis

Chapter 8 of The Worst-Case Scenario Survival Guide for Compliance Professionals

For the first time, companies that sustain an FCPA violation are required to perform a root-cause analysis and incorporate that information back into the compliance program. Learn how to survive with Tom Fox.

Tom Fox 02/07/2018

Chapter 8 of The Worst-Case Scenario Survival Guide for Compliance Professionals

For the first time, companies that sustain an FCPA violation are required to perform a root-cause analysis and incorporate that information back into the compliance program. Learn how to survive with Tom Fox.

In November, 2017, the Justice Department released its new FCPA Corporate Enforcement Policy. Many compliance practitioners have focused on the requirements for obtaining a declination and the discounts in fines and penalties for companies that do not receive a full declination. However, there was other important information every compliance practitioner should pay attention to.

A new area was introduced into compliance programs with the Justice Department’s 2017 Evaluation of Corporate Compliance Programs. For the first time, companies that sustain an FCPA violation are required to perform a root-cause analysis and incorporate that information back into the compliance program.

 

How to Survive
 

1. Know What a Root-Cause Analysis Is

A root-cause analysis is a reactive approach to problems. Its purpose is to use problem solving methods to identify the root-cause of issues or events. It is based on the belief that problems are best solved by attempting to correct or eliminate root-causes, as opposed to merely addressing the more obvious symptoms.

 

2. Understand the Difference Between a Root-Cause Analysis & an Investigation

In an investigation, the goal is to either prove or disprove an allegation. A root-cause analysis should not be structured like an investigation, nor should it follow investigative protocols. In an investigation, you are simply gathering facts, not assessing blame. A root-cause analysis takes a step beyond gathering the facts to determine how the compliance failure occurred, or was allowed to occur.

 

3. Find an Approach that Works for You

Keep in mind – there is no one right or wrong away to perform a root-cause analysis. However, there are several known strategies such as the “Five-Whys Approach”, the “Causal Factors Approach” and the “Ishikawa Diagram.” Whichever approach you choose, ensure you apply rigor and do not take shortcuts. Dig, dig and then dig again until you cannot dig any further. At that point, you have determined the root-cause and can confidently move onto defining remediation. Do not engage in the “blame game” of simply defaulting to human error. Dig into your polices, procedures and controls to see what led to the compliance failure or allowed it to manifest.