Follow on Google News News By Tag * Corporate Compliance Program * Regulatory Compliance * Code Of Conduct * Grc * Governance * Risk * Compliance * Regulatory * More Tags... Industry News News By Place Country(s) Industry News
Follow on Google News | Effective Corporate Compliance ProgramsA well-balanced compliance program will help ensure that a company’s organizational structure, people, processes & technology are working in harmony to manage risks, keep customers happy, grow the business, oversee vendors, and achieve other goals.
By: Ron Kral, Managing Partner, Candela Solutions LLC The benefits of a strong program go well beyond regulatory and legal compliance to also include operational benefits. A well-balanced corporate compliance program will help ensure that a company’s organizational structure, people, processes and technology are working in harmony to manage risks, keep customers happy, grow the business, oversee vendors, and achieve numerous other goals. Perhaps many of the recent company disasters could have been diverted with a robust program. It is always easier to look back on history and play “arm-chair- What is a Corporate Compliance Program? A corporate compliance program is generally defined as a formal program specifying an organization’ Some companies think of a corporate compliance program as strictly addressing external regulatory considerations. A more integrated approach also focuses on legal as well as internal compliance to mitigate the risks of fraud, as well as to reach strategic, operational, and financial reporting objectives. Think of a corporate compliance program as a magnet that brings all of a company’s compliance efforts together. Another way to look at it is as a codification of applicable regulatory and internal compliance requirements applicable as well as a roadmap to action. A comprehensive program helps position a company to best execute its plan to meet objectives and grow shareholder value. Many organizations have components of a program in place. However, the question that must be asked is; are the components collectively maximizing organizational value or wasting resources thorough duplicative efforts? A company with bits and pieces of a program organizationally scattered, and operating in a complex environment, is greatly challenged from a cost-efficiency and effectiveness standpoint. Oftentimes regulatory processes are siloed leading to a host of inefficiencies. While enterprise software can go a long ways towards addressing these inefficiencies, it often comes down to the organizational and cultural considerations to ensure an effective program across all significant risk areas. For example, those companies who have walked down the Sarbanes-Oxley (SOX) road may have extensive policies, procedures, and testing to assess the effectiveness of entity-level controls; however, are these efforts properly integrated with those of FCPA, labor laws, PCI, etc.? Oftentimes, documentation and testing efforts can be used for multiple legal requirements and company objectives, especially in the areas of entity-level and general IT controls. Keep it Focused and Simple to Help Ensure Adherence The more complex, the more difficult it is to communicate a corporate compliance program to employees and stakeholder groups. Consultants and professional trade organizations have a field-day with all sorts of approaches, frameworks, and models on compliance programs. This occurs because of semantics, multiple variables, and the inter-related disciplines of compliance. Compliance goes hand-in-hand with governance and risk management, otherwise known as GRC (governance, risk and compliance). It is very difficult to successfully isolate one without considering the other two. For purposes of this article, let’s focus on the “C” in GRC, but as you will read this is not entirely possible since all three areas are highly interwoven in concept and practice. This occurs because each element of governance, risk and compliance encompasses organizational factors, people, processes and technologies that cannot, and should not, be viewed separately. With this in mind, let’s proceed knowing that governance and risk management are deeply imbedded in any effective corporate compliance program. Ten Considerations to Help Ensure Effectiveness There are certainly many ingredients and aspects to an effective corporate compliance program. One excellent source of information is Chapter 8, Part B, entitled Remedying Harm from Criminal Conduct, and Effective Compliance and Ethics Program from the United States Sentencing Commission. These Federal Sentencing Guidelines forward a minimum set of requirements for development of an effective program to prevent and detect violations of law. Here are some aspects that go into the making of an effective corporate compliance program. This list of ten considerations can be used as a checklist to see where your organization stands: 1. Understand the Scope: Identify all regulatory and internal compliance needs and efforts to challenge if organizational responsibilities are properly aligned. 2. Gather Internal and External Intelligence: 3. Define Objectives: Define objectives (things to accomplish in order to achieve a goal) from an enterprise and business unit standpoints. 4. Conduct a Risk Assessment: Identify risks, probabilities, and the significance in terms of both qualitative and quantitative measures. 5. Align Controls: Policies, procedures, and actions within a process, should be in place to address the risks to best achieve objectives. 6. Verify Buy-In and Understandability: 7. Test Cultural Support 8. Assess On-Going Compliance: Build monitoring, internal audit and special reviews into the compliance program to help ensure that controls are operating effectively. 9. Train, Educate and Communicate 10. Measure Results and Report to Board Each and every one of the above considerations should be built into the corporate compliance program. If your answer was not affirmative to any of these items, chances are you have plenty of opportunity to make your compliance program more efficient and effective. A lapse in anyone of the above ten areas could spell “doom” for your compliance efforts. Don’t think of compliance as simply a regulatory necessity, but rather as a means in protecting your number one asset – your company’s reputation. Ronald Kral is the Managing Partner of Candela Solutions. Ron can be reached at rkral@CandelaSolutions.com. Candela Solutions LLC is a new breed of CPA firm building value for clients through strong governance, risk management and compliance services. Visit our website at www.CandelaSolutions.com for more information. # # # Candela Solutions LLC is a national public accounting firm helping companies reach objectives through: SEC, SOX & Compliance Programs Boardroom Leadership Corporate Responsibility We advise public companies on SEC rules and regulations; End
|
|