Questions that Boards Should be Asking Regarding Ethics and Compliance Programs |
Building a culture of ethics and compliance within an organization is a business imperative for board directors. The director's role in oversight of an organization's ethics and compliance program is vital to its long-term success. An effective ethics and compliance program requires senior management involvement, organization-wide commitment, an effective communications system, and an ongoing monitoring system. In each of these areas, directors need to ask the right questions. Here are some questions that will assist board members in assessing whether each critical element of an effective program is in place:
- Can you describe the process for assessing ethics and compliance risks within the organization? Has the current program addressed high priority areas? Has the organization ever performed a cultural assessment?
- Has the organization’s ethics and compliance program and code of ethics/conduct been updated to comply with the requirements of Sarbanes-Oxley? Has the organization reevaluated its internal reporting mechanisms in light of Sarbanes-Oxley?
- Does the tone at the top, as communicated by senior management, let every employee know that ethics and corporate compliance are vital to continued business success?
- Does the organization have an ethics and compliance officer? How is the program structured? Is a senior manager with adequate time, financial resources and board access in charge of the program? Are there dedicated, full-time resources?
- Does the code of ethics/conduct include a statement regarding obligations to employees, shareholders, suppliers, customers and the community at large, and is it distributed to all relevant parties (board, all employees and management, vendors, etc)?
- Has the organization supported the ethics and compliance program through training and communication efforts?
- Does the ethics and compliance program cover the organization’s global operations?
- Does a process exist to keep the board informed on ethics and compliance issues, as well as the actions taken to address those issues? Is ethics and compliance a regular board agenda item? Is there a defined reporting process?
- Is there an effective and utilized reporting mechanism in place to let all employees raise ethics and compliance issues without fear of retribution? Is there an anonymous reporting mechanism or help line? Is the help line staffed internally or outsourced? Who fields and follows up on concerns raised through the help line? Are audit committee members or the audit chair named as an additional outlet for employee concerns?
- What type of ongoing monitoring and auditing processes are in place to monitor the effectiveness of the program? Is the code of ethics/conduct and ethics and compliance program reviewed at least annually by senior management to determine if it needs updating due to business, legal or regulatory changes? Does Internal Audit conduct reviews? Are employee surveys conducted? Has the program been reviewed by outside consultants/ experts on this topic for possible improvement?
- Does the organization regularly and systematically scrutinize the sources of compliance failures and react appropriately? Does management take action on reports? Are employees appropriately and consistently disciplined?
Page Last Updated
