Thank you for signing up!
8 Steps to an Effective Compliance Program
An effective program expects organizations to periodically assess the risk of criminal conduct and take appropriate steps to design, implement or modify each program element to reduce the risk of criminal conduct identified through this process. Periodic E&C risk assessments are an important “super” element of an ethics and compliance program and should serve as the foundation for all other program elements.
The risk assessment should identify the organization’s ethics, compliance and reputational risks, the employee population that creates the risk and the current and planned mitigation strategies to reduce risk to an acceptable level
Need help managing and assessing your risks? Contact us to see how we can help.
Use the chart below as a self-assessment to see how you are currently evaluating your risks.
If your responses fell mostly in the green column, you have the right processes in place to get an accurate picture of your risks. If most of your responses fell in the yellow or red category, review the resources included below to get a better idea of where your risks may be.
Framework: Risk Assessment Framework
Use this framework to walk through the steps of a risk assessment process including the identification, assessment, mitigation, and ongoing monitoring and reporting of these risks.
Framework: Sample Risk Assessment Ranking & Reporting Process
Once you’ve identified the risks, it helps to map them out and prioritize them. Use this tool to create a heat map to prioritize your highest risk areas.
White Paper: Anti-Bribery & Corruption Risk Assessment Checklist
Use this list to see the risks your organization faces in regards to bribery and corruption.
A compliance program cannot be effective without support of leadership and defined program ownership. Your program needs oversight to protect it from risk and commitment from leadership to drive employee behavior and culture change. Those who do have key oversight duties, including your board of directors, also need to be informed and trained on their roles within the compliance program.
Ask yourself the following questions to gauge if you have the appropriate level of leadership engagement:
Board of Directors
Compliance Program Leadership
If it seems like your answer is "no" to many of these questions, take a moment with the resources below to learn how you can engage your board and leadership.
Webinar: Become a Strategic Partner to the Board & C-Suite
See how you can gain a "seat at the table" with the board and c-suite by learning about the business, developing your strategic thinking skills and creating personal relationships.
White Paper: Four Key Board Responsibilities for Monitoring Risk & Compliance
Read about the key responsibilities the board should have to your compliance program like direct access, promoting a culture of ethics and receiving relevant compliance training.
White Paper: Key Elements for Effective Compliance Program Board Reporting
If you've gained the board's support, you'll also need to effectively report to them. Get practical tips and advice on how to successfully report your compliance outcomes to the board.
As we build on the foundations of an effective compliance program, policies and procedures play a massive role. Your code of conduct is the first step in establishing effective policies and procedures as it is the cornerstone policy of your organization. Beyond writing policies like your code of conduct, thought must also be given to how you will manage the ever-increasing number of polices organizations have today. In fact, according to the 2017 NAVEX Global Policy & Procedure Management Benchmark Report, 41 percent of organizations surveyed manage over 100 policies and procedures.
Managing the writing, editing, distributing and attesting to policies and procedures is no easy task.
Interested in finding out how you can more effectively manage your policies and procedures? Schedule a demo of PolicyTech to see how.
Use the chart below as a self-assessment to see how your policies and procedures, particularly your code of conduct, are measuring up to best practice standards.
If your responses fell mostly in the green column, you have a good handle on your code of conduct. Take a look at the resources below to learn more about effectively managing policies and procedures.
If your responses fell mostly in the yellow or red column, you have some writing to do. Take a look at the code of conduct eBook below for some advice on how to write and distribute your code of conduct.
eBook: Code of Conduct Tune Up
Is your code as effective as it could be? Do employees know where to find it and how to use it? Your code of conduct is one of the most vital documents that your company has. It helps guide employee behavior and acts as a manual from which employees and leadership can refer to when faced with difficult decisions. Use this eBook as a resource to get your code of conduct to be the thoughtful and engaging document it's meant to be.
Definitive Guide: The Definitive Guide to Policy & Procedure Management
The Definitive Guide to Policy and Procedure Management is your go-to resource for effectively and efficiently managing your organization’s employee handbook, Code of Conduct, and other policies and procedures. No matter where you are in your understanding of policy management, or how effective your current system may be, this guide offers practical perspectives and insights.
Assessment: Policy Management Program Assessment
Strong compliance policies, as well as efficient policy management processes, are the foundation of a robust compliance program. Use this assessment to see if your program meets best practice and how automation can help.
Sample Policy: Anti-Discrimination, Bullying & Harassment
Use this sample policy as a guide to ensure that all employees are treated with dignity and respect . The policy is illustrative of elements that should be written in an anti-harassment policy
Who an organization chooses to hire sends a clear signal as to what the organization’s top priorities are. A compliance program can only be effective in an organization with hiring practices that promote law abidance AND ethical conduct.
Does your organization formally evaluate managers (in performance appraisals) on whether they live up to ethics and compliance responsibilities?
The most successful organizations have input from human resources and compliance on policies relating to hiring, promotions and performance reviews. Developing positive relationships between ethics and compliance and human resources paves the way for an ethical company culture and sends a clear message that unethical behavior will not be tolerated.
See how policy management software can help you create HR policies more efficiently. Request a customized demo.
Use this framework as a basis for aligning your compliance program with human resources.
Sample Code of Conduct: Doing the Right Things Right, NAVEX Global's Code of Conduct
Take a look at our code of conduct. It clearly details important ethics and compliance and HR related policies.
Whitepaper: Are You Missing 82% of Your Ethics & Compliance Reports?
Read this whitepaper to learn about all the possible ways employees are reporting misconduct and HR issues. With appropriate and effective training, you’ll get an accurate picture of ethics and HR issues that come through the hotline, web form and conversations with managers.
The policies and procedures in your compliance program must be accompanied by a strategic communication plan and training program to keep employees informed about the components of the program and tested on the policies they’re responsible for knowing.
Having all of the right policies in place and an effective reporting process for employees has no value if employees don’t know where to go to find policies or who to call when witnessing misconduct.
Work with departments across the organization like Marketing and HR to develop a good communication plan so employees, leadership and third parties are crystal clear about the tools available to them and the expectations placed on them. Take a look at the example Awareness Materials below to help you communicate.
Need help with your ethics training and content? Get in touch with a NAVEX Global expert for a demo.
Beyond knowing what tools employees have available to them, you must ensure they know what is expected of them. Compliance training ensures employees are up-to-date on specific legislation and your company’s policies. It’s best to provide training in a risk-based manner with the highest risk employees receiving applicable training first.
A common practice program has the following elements:
A best practice program takes them a step further to include:
Drive measurable value with your training program with resources below.
Sample Materials: Awareness Posters & Communications
Use these posters as examples of the type of communication that will educate employees about your whistleblower hotline and the other compliance tools available to them.
Definitive Guide: The Definitive Guide to Compliance Training
This guide will help you plan your compliance training program and give you tools to help you gain leadership support, decide on which topics to train and tips on how to make employees aware of the training available to them.
Benchmark Report: 2017 E&C Compliance Training Benchmark Report
See how your program compares to other compliance training programs and the top issues and topics that other organizations are educating their employees on.
Template: Editable Multiyear Training Plan Template
This Excel document will help you plan out your training curriculum for the next three to five years so you can deploy the right training at the right time.
Every compliance program must offer ways for employees to easily and safely report issues without fear of retaliation, being shamed at work or even losing their job. The Ethics Resource Center revealed that 41% of employees have personally witnessed misconduct, 40% who witness it don’t report it and of those that do report, 82% reports are made directly to frontline managers.
Reporting and response programs are a ground-level element of an effective compliance program, but simply making a whistleblowing hotline available won’t be sufficient. Effective programs provide at least three reporting options:
Need help implementing an effective reporting program? Contact a NAVEX Global expert today.
Use the following chart to assess the effectiveness of your current program. If most of your responses fall into the red or yellow category, use the resources below to dig deeper in planning and implementing a whistleblower hotline program.
Definitive Guide: The Definitive Guide to Incident Management
Use this guide to get everything you need to know about planning, implementing and measuring your incident management program.
Benchmark Report: 2018 Ethics & Compliance Hotline & Incident Management Benchmark Report
Our benchmarks give you the data you need to compare your program against others in your industry, region and company size.
Whitepaper: Whistleblower Hotlines & Incident Management Solutions: Major Challenges and Best Practice Recommendations
This whitepaper takes you through nine challenges you may face in implementing your whistleblower hotline program and how you can overcome them.
When an organization’s policies, procedures, rewards or even its Code of Conduct are in conflict with its culture, culture wins. Therefore, in order to have an effective ethics and compliance program, an organization must pay as much attention to culture as it does to policies, training, auditing and other program elements.
Compliance supports the strategic goals and mission of an organization just as much as any other department or function. Achieving an effective ethics and compliance program requires more than simply adding rules and additional layers of controls. Successful programs are integrated efforts that align financial and compliance requirements with the organization’s mission and values.
Forward thinking organizations strive to build a culture where all employees know that doing the right thing is expected, understand the standards that apply to them and are confident their management is committed to operating with integrity. These same employees should feel empowered to raise concerns about misconduct without fear of retaliation and believe their concerns will be addressed.
If doing the right thing is the expected practice, behavior that is unethical or otherwise misaligned with organizational standards will stand out and can be more easily addressed. The only way to know this is by assessing the organization’s culture as part of the assessment of the ethics and compliance program.
Answer the following questions to see if your culture is one that promotes ethics and respect.
eBook: 25 Simple Yet Overlooked Ways to Boost Your Ethics and Compliance Program
Get 25 actionable and easy to implement tips for improving your compliance program effectiveness. Whether your goal is to improve your organizational culture or boost program awareness, there's an idea in this eBook you can put to work in your organization today.
eBook: Memos to Managers: On Strengthening Culture & Preventing Workplace Harassment
See how you can train frontline managers to receive reports of unethical behavior and encourage employees to speak-up without fear of retaliation.
Whitepaper: Strategies for Creating a Visionary Organisational Culture
After a major scandal, Serco Group rebuilt their program and their culture from the ground up. Learn how they did it in this whitepaper.
Measuring and monitoring your program is the only way to know if your program is truly effective. Effectiveness measurements can come from a variety of sources. In fact, using as many sources as possible is the most accurate way to get a "grade" for your program. Use the following chart as a list of where to go internally and externally to find measurements and benchmarks to improve your program.
The Importance of Benchmarking
Benchmarking is an important part of the assessment process. Benchmarks can be used to justify your budget or other resource requests, to create a prioritized list of improvement opportunities and to inform the timeline for incorporating those improvements.
Most importantly, benchmarking helps you understand whether your program is within the norms for your company’s size and industry—and where the program as a whole (or individual elements) may land on the continuum from substandard to best practice. In addition to using benchmarking to measure your program against peers, it is a critical step in designing your program for effectiveness that can withstand the scrutiny of external, governmental or regulatory parties.
An Approach to Benchmarking as Part of Your Assessment Process
» Determine the standards/guidelines on which your program is built. Are you using the U.S. Sentencing Guidelines framework? Or the model provided by ISO? Are there industry regulatory standards that apply to your business such as the OIG guidance for healthcare companies?
» Identify your program’s operating goal or the goal for each program component. For example, do you want your training and audit elements to be best practices and all other elements more aligned with common, effective practices?
» Select a program element or process to benchmark
» Identify the key structure, performance and effectiveness metrics
» Choose target organizations of desired size/industry to benchmark
» Collect and analyze data from target entities and published reports/surveys
» Identify opportunities for improvement based on your operating goal(s)
Ongoing Monitoring
The Guidelines require that organizations “take reasonable steps – to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct.”2 The Guidelines also provide that organizations should evaluate periodically the effectiveness of the ethics and compliance program. This requirement is in addition to auditing and monitoring for violations. Here the audits are of the program processes (e.g., whether the Code is distributed or whether training takes place as required and so forth). As with every assessment, a key step is evaluating the effectiveness of your assessment process to ensure your program is having the desired impact on the culture at your organization.
Definitive Guide: The Definitive Guide to Compliance Program Assessment
Use this guide as an overview of all the effectiveness elements and how they work together for overall program effectiveness.
Webinar: How Do I Prove My E&C Program is Effective? The Art & Science of Effectiveness Measurement
Use this webinar as a hands-on workshop with practical advice for measuring your program effectiveness.
As you uncover and assess the essential elements of your compliance program, ensure that you are also addressing current trends and influences that may impact your progress.
Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!