A risk assessment is key to developing your organisation’s risk profile – the starting point of an effective programme. Your risk profile is an evaluation that identifies the unique risks your organisation may face given its industry, geography and employee population. A periodic, comprehensive risk assessment will help regularly identify potential criminal, reputational and ethical risks.
Need help managing and assessing your risks? Contact us to see how we can help.
Use the chart below as a self-assessment to see how you are currently evaluating your risks.
If your responses fell mostly in the green column, you have the right processes in place to get an accurate picture of your risks. If most of your responses fell in the yellow or red category, review the resources included below to get a better idea of where your risks may be.
Resource: Risk Assessment Framework
Use this framework to walk through the steps of a risk assessment process including the identification, assessment, mitigation, and ongoing monitoring and reporting of these risks.
Resource: Sample Risk Assessment Ranking & Reporting Process
Once you’ve identified the risks, it helps to map them out and prioritise them. Use this tool to create a heat map to prioritise your highest risk areas.
Resource: Anti-Bribery & Corruption Risk Assessment Checklist
Use this list to see the risks your organisation faces in regards to bribery and corruption.
A compliance programme cannot be effective without support of leadership and defined programme ownership. Your programme needs oversight to protect it from risk and commitment from leadership to drive employee behaviour and culture change. Those who do have key oversight duties, including your board of directors, also need to be informed and trained on their roles within the compliance programme.
Board of Directors
Compliance Programme Leadership
If it seems like your answer is "no" to many of these questions, take a moment with the resources below to learn how you can engage your board and leadership.
Webinar: Become a Strategic Partner to the Board & C-Suite
See how you can gain a "seat at the table" with the board and c-suite by learning about the business, developing your strategic thinking skills and creating personal relationships.
White Paper: Four Key Board Responsibilities for Monitoring Risk & Compliance
Read about the key responsibilities the board should have to your compliance programme like direct access, promoting a culture of ethics and receiving relevant compliance training.
White Paper: Key Elements for Effective Compliance Programme Board Reporting
If you've gained the board's support, you'll also need to effectively report to them. Get practical tips and advice on how to successfully report your compliance outcomes to the board.
As we build on the foundations of an effective compliance programme, policies and procedures play a massive role. Your code of conduct is the first step in establishing effective policies and procedures as it is the cornerstone policy of your organisation. Beyond writing policies like your code of conduct, thought must also be given to how you will manage the ever-increasing number of polices organisations have today. In fact, according to the 2017 NAVEX Global Policy & Procedure Management Benchmark Report, 41 percent of organisations surveyed manage over 100 policies and procedures.
Managing the writing, editing, distributing and attesting to policies and procedures is no easy task.
Interested in finding out how you can more effectively manage your policies and procedures? Schedule a demo of PolicyTech to see how.
Use the chart below as a self-assessment to see how your policies and procedures, particularly your code of conduct, are measuring up to best practice standards.
If your responses fell mostly in the green column, you have a good handle on your code of conduct. Take a look at the resources below to learn more about effectively managing policies and procedures.
If your responses fell mostly in the yellow or red column, you have some writing to do. Take a look at the code of conduct eBook below for some advice on how to write and distribute your code of conduct.
eBook: Code of Conduct Tune Up
Is your code as effective as it could be? Do employees know where to find it and how to use it? Your code of conduct is one of the most vital documents that your company has. It helps guide employee behaviour and acts as a manual from which employees and leadership can refer to when faced with difficult decisions. Use this eBook as a resource to get your code of conduct to be the thoughtful and engaging document it's meant to be.
Definitive Guide: The Definitive Guide to Policy & Procedure Management
The Definitive Guide to Policy and Procedure Management is your go-to resource for effectively and efficiently managing your organisation’s employee handbook, Code of Conduct, and other policies and procedures. No matter where you are in your understanding of policy management, or how effective your current system may be, this guide offers practical perspectives and insights.
Assessment: Policy Management Programme Assessment
Strong compliance policies, as well as efficient policy management processes, are the foundation of a robust compliance programme. Use this assessment to see if your programme meets best practice and how automation can help.
Sample Policy: Sample Anti-Bribery Policy
Use this sample policy as a guide when building your organisation's policy on bribery and corruption. The policy is illustrative of elements that should be written in an anti-bribery and corruption policy.
Who an organisation chooses to hire sends a clear signal as to what the organisation’s top priorities are. A compliance programme can only be effective in an organisation with hiring practices that promote law abidance AND ethical conduct.
Does your organisation formally evaluate managers (in performance appraisals) on whether they live up to ethics and compliance responsibilities?
The most successful organisations have input from human resources and compliance on policies relating to hiring, promotions and performance reviews. Developing positive relationships between ethics and compliance and human resources paves the way for an ethical company culture and sends a clear message that unethical behaviour will not be tolerated.
See how policy management software can help you create HR policies more efficiently. Request a customised demo.
Use this framework as a basis for aligning your compliance programme with human resources.
Sample Code of Conduct: Doing the Right Things Right, NAVEX Global's Code of Conduct
Take a look at our code of conduct. It clearly details important ethics and compliance and HR related policies.
Whitepaper: Are You Missing 82% of Your Ethics & Compliance Reports?
Read this white paper to learn about all the possible ways employees are reporting misconduct or HR issues. By training managers appropriately, you’ll get an accurate picture of ethics and HR issues that come through the hotline, web form and conversations with managers.
The policies and procedures in your compliance programme must be accompanied by a strategic communication plan and training programme to keep employees informed about the components of the programme and tested on the policies they’re responsible for knowing.
Having all of the right policies in place and an effective reporting process for employees has no value if employees don’t know where to go to find policies or who to call when witnessing misconduct.
Work with departments across the organisation like Marketing and HR to develop a good communication plan so employees, leadership and third parties are crystal clear about the tools available to them and the expectations placed on them. Take a look at the example Awareness Materials below to help you communicate.
Need help with your ethics training and content? Get in touch with a NAVEX Global expert for a demo.
Beyond knowing what tools employees have available to them, you must ensure they know what is expected of them. Compliance training ensures employees are up-to-date on specific legislation and your company’s policies. It’s best to provide training in a risk-based manner with the highest risk employees receiving applicable training first.
A common practice programme has the following elements:
A best practice programme takes them a step further to include:
Drive measurable value with your training programme with resources below.
Sample Materials: Awareness Posters & Communications
Use these posters as examples of the type of communication that will educate employees about your whistleblower hotline and the other compliance tools available to them.
Definitive Guide: The Definitive Guide to Compliance Training
This guide will help you plan your compliance training programme and give you tools to help you gain leadership support, decide on which topics to train and tips on how to make employees aware of the training available to them.
Benchmark Report: 2017 E&C Compliance Training Benchmark Report
See how your programme compares to other compliance training programmes and the top issues and topics that other organisations are educating their employees on.
Template: Editable Multiyear Training Plan Template
This Excel document will help you plan out your training curriculum for the next three to five years so you can deploy the right training at the right time.
Every compliance programme must offer ways for employees to easily and safely report issues without fear of retaliation, being shamed at work or even losing their job. The Ethics Resource Center revealed that 41% of employees have personally witnessed misconduct, 40% who witness it don’t report it and of those that do report, 82% reports are made directly to frontline managers.
Reporting and response programmes are a ground-level element of an effective compliance programme, but simply making a whistleblowing hotline available won’t be sufficient. Effective programmes provide at least three reporting options:
Need help implementing an effective reporting programme? Contact a NAVEX Global expert today.
Use the following chart to assess the effectiveness of your current programme. If most of your responses fall into the red or yellow category, use the resources below to dig deeper in planning and implementing a whistleblower hotline programme.
Definitive Guide: The Definitive Guide to Incident Management
Use this guide to get everything you need to know about planning, implementing and measuring your incident management programme.
Benchmark Report: 2017 EMEA & APAC Whistleblowing Hotline Benchmark Report
Our benchmarks from over 7,500 reports gives you the data you need to compare your programme against others in your industry, region and company size.
Whitepaper: Whistleblowing 101: Speaking up about misconduct in the UK
See why having a reporting programme is essential if you are headquartered or do business in the UK.
Whitepaper: Whistleblower Hotlines & Incident Management Solutions: Major Challenges and Best Practice Recommendations
This whitepaper takes you through nine challenges you may face in implementing your whistleblower hotline programme and how you can overcome them.
When an organisation’s policies, procedures, rewards or even its Code of Conduct are in conflict with its culture, culture wins. Therefore, in order to have an effective ethics and compliance programme, an organisation must pay as much attention to culture as it does to policies, training, auditing and other programme elements.
Compliance supports the strategic goals and mission of an organisation just as much as any other department or function. Achieving an effective ethics and compliance programme requires more than simply adding rules and additional layers of controls. Successful programmes are integrated efforts that align financial and compliance requirements with the organisation’s mission and values.
Forward thinking organisations strive to build a culture where all employees know that doing the right thing is expected, understand the standards that apply to them and are confident their management is committed to operating with integrity. These same employees should feel empowered to raise concerns about misconduct without fear of retaliation and believe their concerns will be addressed.
If doing the right thing is the expected practice, behaviour that is unethical or otherwise misaligned with organisational standards will stand out and can be more easily addressed. The only way to know this by assessing the organisation’s culture as part of the assessment of the ethics and compliance programme.
Answer the following questions to see if your culture is one that promotes ethics and respect.
Benchmark Report: 2017 EMEA & APAC Culture & Compliance Benchmark Report
Use this report to see the biggest challenges organisations across EMEA face in regards to their company culture and compliance programmes. You'll get metrics to see how your organisation compares and data to use when speaking with your leadership and board.
eBook: Memos to Managers: On Strengthening Culture & Preventing Workplace Harassment
See how you can train frontline managers to receive reports of unethical behaviour and encourage employees to speak-up without fear of retaliation.
Whitepaper: Strategies for Creating a Visionary Organisational Culture
After a major scandal, Serco Group rebuilt their programme and their culture from the ground up. Learn how they did it in this whitepaper.
Measuring and monitoring your programme is the only way to know if your programme is truly effective. Effectiveness measurements can come from a variety of sources. In fact, using as many sources as possible is the most accurate way to get a "grade" for your programme. Use the following chart as a list of where to go internally and externally to find measurements and benchmarks to improve your programme.
Definitive Guide: The Definitive Guide to Compliance Programme Assessment
Use this guide as an overview of all the effectiveness elements and how they work together for overall programme effectiveness.
Webinar: How do I prove my E&C Programme is Effective? The Art & Science of Effectiveness Measurement
Use this webinar as a hands-on workshop with practical advice for measuring your programme effectiveness.
Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!