Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
1
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Effective Interactions Between the Chief Ethics & Compliance Officer and the Board
Carrie Penman, President, Ethical Leadership Group, NAVEX Global
Barbara Kipp, Partner, PwC
October, 2012
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Presenters:
Carrie Penman, NAVEX Global Barbara (Bobby) Kipp, PwC
2
2
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
News flash…
3
CEOs and Boards of Directors are increasingly under the microscope…
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Compliance Department – Scope and effectiveness
Stakeholder demands for evidence of effective compliance are on the rise.
Source: PWC State of Compliance 2012 benchmarking report
4
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Business partners
Regulators
Investors
Employees
Senior management
Audit committee or otherboard committee
Board of directors
Non-governmentalorganizations (NGOs)
Increase No change Decrease
129
Number of respondents
129
127
129
129
129
129
126
3
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Voting questions:You and your Board…
5
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
About you and your Board…
CCO formally reports to the following individual(s)
6
Source: PWC State of Compliance 2012 benchmarking report
Per State of Compliance 2011 study, 8% reported to the Audit Committee/Board
A - 33%
B - 31%
C - 3%
E - 5%
F - 19%
G - 10%
A - General Counsel / Legal
B - Audit Committee / Board of Directors
C - Chief Risk Officer
E - Chief Financial Officer
F - Chief Executive Officer
G - Other Executive
Number of respondents: 126
4
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Types of Board Interactions
7
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Two types of meetings with the Board
Program briefing (Periodically through the year)
• Risk assessment – risk areas; changes in risk
• Program initiative status and plans
• Implementation of mitigation efforts
• Trends – internal and external
• Issues and concerns raised through the Program
• Executive session
Board training (every 1-2 years)
• Roles and responsibilities
• Role relevant
• Includes case studies
8
5
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Boards are people too, but…
9
Attention Span
Level in Company
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Biggest mistakes Ethics and Compliance Officers make when dealing with their Boards:
Too much deference (to authority – executives and board)
Irrelevance (of information presented)
Lack of context (with information presented)
Narrow focus on the Sentencing Guidelines, especially Helpline, code, training
Status reporters (rather than strategic business thinkers)
Failure to prioritize risks/concerns
Too much activity reporting; not enough relevant KPI’s/results info
Other scope issues:
• Coverage of compliance risk universe
• Hotline stats vs. all incidents
10
6
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Refresher on the Ethics and Compliance Roles and Responsibilities of Boards
11
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Roles and responsibilities of the Board re: ethics and compliance
“Exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”
“Direct access” to the ethics and compliance officer
“Promote an organizational culture that encourages ethical conduct”
Receive “effective training . . . . appropriate to such individuals’ respective roles and responsibilities.”
12
Source: US Sentencing Guidelines
7
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Role of the Board: Reasonable Oversight and Direct Access
13
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Reasonable oversight:
Full Board has knowledge and oversight of the Company’s key risks areas
Full Board has knowledge of, and a Committee is delegated oversight responsibility, of E&C program
Oversight as the goal (not “honorary” board members or micro-managers)
Board leads by example and ensures accountability
• Practice the Company’s values and meet its compliance requirements
• Ensure that senior management is held accountable to the same standards as all employees
• Ensure that compensation/incentives reflects this accountability
14
8
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Reasonable oversight:
Ensure that Compliance/Ethics and the businesses/functions have:
• Right scope
• Right people
• Right resources
• Right support from management and the Board
• Right responsibilities and authorities
Provide long term perspective-- compass in a “glocalized” world; be mindful of the great reputation of the organization
Help set the tone; support a culture of integrity; establish risk tolerance/appetite
Review information that provides evidence that risks are effectively identified and managed
15
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Polling Question - Reflection
For 25 compliance areas/risks:
• 1 hour per area per year = 4 hours per meeting on risks
• 1 hour per meeting on risks = 10 minutes per risk/year
What do you think?
16
9
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Reasonable oversight: what we look for in Program effectiveness assessments:
Does the Board have a comprehensive view of the organization’s compliance risks? What information provides that view?
Is the Board of Directors knowledgeable about the content and operation of the program?
Does the Board exercise reasonable oversight of the implementation and effectiveness of the Program and the organization’s culture?
Does the organization have a high-level person and a person with day-to-day responsibility assigned to manage the program? Is there a defined relationship to the Board of Directors?
Is the Board (or a committee thereof) accessible to individuals with day-to-day responsibility including meeting with them in executive session?
Does the Board (or a committee thereof) receive timely reports of significant issues and investigations involving the company or any elected officers?
17
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Direct Access:
4 Requirements to decrease in FSG culpability score:
1. Individual(s) with operational responsibility have direct reporting obligations to governing authority
2. Program detected the offense
3. Organization reported the offense
4. No E&C program personnel involved
What are “direct reporting obligations”?
18
10
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Discussion – What is Real, Direct Access?
Is formal reporting enough? Does formal reporting guarantee direct access?
Can you have direct access without formal reporting?
Have the events/circumstances that trigger a call been defined?
19
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Role of the Board: Promoting an Organizational Culture that Encourages Ethical Conduct
20
11
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
When a Rule, Policy or a Code conflicts with an organization’s culture, the culture trumps – and prevails most of the time.
In order to have an effective ethics and compliance program, a company needs to pay as much attention to culture as to policies, training, auditing, etc.
Research proves: programs builds culture; culture drives behavior (programs alone do not drive behavior as much as culture does) *
* Source: Ethics Resource Centre, NBES
21
We know this: culture will trump compliance
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
The challenge:
For many Board members, ethics and culture are not in their comfort zone
• “Give me a financial statement any day!”
• Not really sure what to ask you = quiet meetings
22
12
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
The conversation about culture:
Explicit/concrete examples help –
• Responsibility or rules— Will people take personal responsibility to address issues, or is it the job of somebody else?
• Candor or quiet—Will people speak up if they see questionable business conduct?
• Accountability or acquiescence—What happens to great performers who violate the Code?
23
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Culture: What Can/Should the Board do:
• Send visible signals about behavioral expectations through actions, including compensation
• When executives/leaders misbehave
• The Big Stuff
• The Not-so-Big Stuff
• Monitor overall corporate culture and subcultures
24
13
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Shaping a culture of integrity: talk to your Board about…
Knowing your culture(s)
− Employee perceptions (Surveys, focus groups, message boards)
− Customer and supplier perceptions (Surveys, social media, “social monitoring”/are you listening)
− Reports of concern (Helpline data)
− HR processes
The language and branding shift
− Away from compliance on its own
− Toward integrity and “doing the right thing”
− Selling the vision
25
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Program Reporting to the Board - Briefing
26
14
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
A major discount retail chain faced a challenge when industry regulation changes impacted its marketing strategy.
Discuss current events that could affect your organization:
27
Product SafetyImpact of Subcontractors
on Reputation
Chairman Resigns; Ousted CEO to Meet With FBI
Dealing with Whistleblowers…Encouraging Reporting
Bad Behavior
Bribery and Corruption Concerns
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Give them context when reviewing your program:
28
15
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Additional context
29
0% 20% 40% 60% 80% 100%
Hotline / helpline metrics
Customer and other third-party complaints (notreported through hotline / helpline)
Training data (completion rates, competency tests,etc.)
Employee disclosures (e.g., conflicts of interest andgift reporting)
Material weaknesses and significant deficiencies
Employee questionnaires or culture surveys
Aging and disposition of litigation and enforcement
Very important Important Not important Not used
Importance of indicators and metrics in evaluating effectiveness of the ethics and compliance program.
128
Number of respondents
127
129
128
127
127
126
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Remember:
Boards expect outcome driven information –
Don’t just give them a laundry list of issues and statistics – tell them if the clothes are cleaner.
30
16
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Role of the Board: Receive Effective and Role-relevant Training
31
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Typical elements of Board training:
Frameworks for ethics and compliance programs (USSG, global requirements, risk based)
Board’s oversight responsibilities
Specific compliance and ethics environment and risks to the organization and to the Board
Creating a culture of integrity—challenges and building blocks - Board observations and potential areas of impact
Cases relevant to their roles and responsibilities
32
17
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
What do you tell them in training?
They need to know (be trained) about issues they could face
Many CCO’s assume that boards know it already and are afraid to discuss Board-specific risks.
Boards need and want to talk about things like:
• What’s coming?
• Status of the Company’s relationships with regulators
• Benchmarking
• Full compliance risk universe
• Audit coverage
• KPIs
33
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
What do you tell them in training?
Boards need and want to talk about things like (continued):
• Conflicts of interest – personal and organizational
• Insider trading
• Gifts, gratuities, influences
• Recognizing their unintended influence
• Issues that have happened with other companies and Boards
• Executive accountability
34
18
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Use case studies and ask how they would respond:
You and they will be surprised to learn they aren’t as aligned as they think they are…
35
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Case example: the anonymous letter…
Several members of the Board receive an anonymous letter stating that a local Company manager is “playing games with the books on a project in process in Corruptistan” but the letter provides no additional information about which project, who is involved, or the specific alleged financial impropriety.
What should the Board do?
Does it matter that the report is anonymous?
What if the allegation involves a colleague at the Board table?
36
19
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Questions the Board should ask you…
What information do you get to give you comfort that compliance risks are covered?
Do leaders set the right tone? How are they perceived by employees?
Do we have a “make plan at all costs culture?” Is candor rewarded or punished? What about fear of retaliation?
How are we at discipline? Are top performers and high level people held accountable to the Code of Conduct in the same way as other employees?
Are there any risks that aren’t being addressed as they should be?
Do your businesses/functions have the resources you need to do your job appropriately? Do you feel you have access to the CEO and us whenever you need it?
Do you have visibility to business unit compliance?
37
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Questions the Board should ask you…
How do our resources stack up?
What trends in issue types or company locations are you seeing?
Is there anything we should know? What keeps you [ethics officer] up at night?
If you had another $1 million to spend, what would you do with it?
38
20
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Questions:
39
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
Thank you!
Contact information:
Carrie Penman, President, Ethical Leadership Group, NAVEX Global
Barbara Kipp, Partner, PwC
40
21
Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
© 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
© NAVEX Global Holding Company (including its subsidiary and affiliated companies.)