Running head: CORPORATE COMPLIANCE PLAN 1
Corporate Compliance Plan
Team B:
Trevor Adams
Leonard Hamelitz
Jennifer Truong
Angielia White
LAW 531
August 8, 2011
Michael V. Pundeff, B.A., M.A., J.D.
CORPORATE COMPLIANCE PLAN 2
Corporate Compliance Plan
Riordan Manufacturing Inc. is a global plastics manufacturer with facilities in San Jose,
California; Albany, Georgia; Pontiac, Michigan; and Hangzhou, China. The projected annual
earnings for Riordan is $46 million. In order to achieve the projected earnings and financial
profitability, the Board of Directors will need to focus on Riordan’s Corporate Compliance Plan.
The Corporate Compliance Plan manages the legal liability of officers and directors of
Riordan. The plan will focus on four legal issues: enterprise liability, real and intellectual
property, compliance with regulatory requirements, and international law. Within the four legal
issues Riordon may have enterprise risk to manage from the possible eight interrelated
components:
• Internal Environment – The internal environment encompasses the tone of an
organization, and sets the basis for how risk is viewed and addressed by an entity’s
people, including risk management philosophy and risk appetite, integrity and ethical
values, and the environment in which they operate.
• Objective Setting – Objectives must exist before management can identify potential
events affecting their achievement. Enterprise risk management ensures that
management has in place a process to set objectives and that the chosen objectives
support and align with the entity’s mission and are consistent with its risk appetite.
• Event Identification – Internal and external events affecting achievement of an
entity’s objectives must be identified, distinguishing between risks and opportunities.
Opportunities are channeled back to management’s strategy or objective-setting
processes.
CORPORATE COMPLIANCE PLAN 3
• Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis
for determining how they should be managed. Risks are assessed on an inherent and a
residual basis.
• Risk Response – Management selects risk responses – avoiding, accepting, reducing,
or sharing risk – developing a set of actions to align risks with the entity’s risk
tolerances and risk appetite.
• Control Activities – Policies and procedures are established and implemented to help
ensure the risk responses are effectively carried out.
• Information and Communication – Relevant information is identified, captured, and
communicated in a form and timeframe that enable people to carry out their
responsibilities. Effective communication also occurs in a broader sense, flowing
down, across, and up the entity.
• Monitoring – The entirety of enterprise risk management is monitored and
modifications made as necessary. Monitoring is accomplished through ongoing
management activities, separate evaluations, or both (University of Phoenix, 2004).
Enterprise Liability
Internal Enviroment. Litteral & Finkel is a large international law firm providing
“Riordan Manufacturing with legal services in the areas of tax law, real estate transactions,
employment law, immigration matters, civil litigation, workers compensation, labor law, and
customs regulations” (University of Phoenix, 2006). The owner of Riordan Manufacturing, Dr.
Riordan, initially partnered with Litteral & Finkel because his cousin was a partner of the law
firm. After the death of Dr. Riordan’s cousin, Riordan Manufacturing has maintained the
partnership between the two companies. All legal issues are addressed to Litteral & Finkel and
CORPORATE COMPLIANCE PLAN 4
are paid a monthly retainer. Riordan Manufacturing pays legal fees in excess of the retainer and
all monthly unused retainer funds are not carried forward.
Objective Setting. Riordan’s Board of Directors and Officers have a fiduciary
responsibility of making decisions and taking action on behalf of the corporation. The directors
and officers need to meet duty of care, which consist of “their duties (1) in good faith, (2) with
the care that an ordinary prudent person in a like position would use under similar
circumstances, and (3) in a manner they reasonably believe to be in the best interests of the
corporation” (Cheeseman, 2010).
Event Identification. The internal and external events are the relationship of Dr. Riordin
and his cousin as a partner, and also the use and payment of a retainer. The relationship and
payments are identified as possible risks or perhaps opportunities for Riordan Manufacturing.
Risk Assessment. The relationship of the Dr. Riordin and his cousin could pose a
conflict of interest. A breach of a directors or officers duty of care is “normally caused by
negligence, often involves a director’s or an officer’s failure to (1) make a reasonable
investigation of a corporate matter, (2) attend board meetings on a regular basis, (3) properly
supervise a subordinate who causes a loss to the corporation through embezzlement and such, or
(4) keep adequately informed about corporate affairs” (Cheeseman, 2010).
The use of a retainer is normal in a field where services are paid up front usually with a
form of a discount or unlimited services for the month. For Riordan Manufacturing to pay a
retainer plus excess charges above the retainer and any unused retainer funds are not carried
forwards appears to be a misuse of service retainer. A possible enterprise risk is if the officer, Dr.
Riordin profiting from the misuse of the retainer. According to Cheeseman, “if a director or an
CORPORATE COMPLIANCE PLAN 5
officer breaches his or her duty of loyalty and makes a secret profit on a transaction, the
corporation can sue the director or officer to recover the secret profit” (2010).
Risk Response. Directors, officers, or even other staff members will need to avoid
conflict of interests, making a secret profit, or other possible enterprise risks.
Control Activities. Riordin Manufacturing has a Corporate Governance Policy in place
to establish policies and procedures. The current policy lacks the implementation of avoiding
risk. The policy will need to be updated to include avoiding conflict of interest, avoiding to make
a secret profit, and other possible enterprise risks.
Information and Communication. Updating the Corporate Governance Policy is one of
the ways of communicating the information to directors and officers. Another is for all directors,
and officers to sign a contract discussing their fiduciary responsibility and duty of care as well
control activities of avoiding risk. The policy and contracts will be a way of identifying and
communicating directors and officers to enable them to carry out their responsibilities.
Monitoring. Having strong internal controls will help monitor the possible enterprise
risk. A team should be provided to monitor internal controls on a global level. Riordan
Manufacturing will need a large team to deal with their enterprise risk through the international
dealings and laws.
Real and Intellectual Property. Riordan Manufacturing requires that all of their
employees follow their policy on Business Ethics and Conduct. It states that “as an organization,
Riordan will comply with all applicable laws and regulations, and we expect our directors,
officers and employees to conduct business in accordance with the letter, spirit and intent of all
relevant laws and to refrain from any illegal, dishonest or unethical conduct” (University of
Phoenix, 2006). It is the job of management to ensure that Riordan and its employees are abiding
CORPORATE COMPLIANCE PLAN 6
by the laws and regulations. ISO 14001 standards do not dictate absolute environmental
performance requirements but acts as an assistant to organizations to develop their own
environmental management system. Riordan Manufacturing will comply with all standards set
forth by ISO 14001 standards to ensure that the organization does not cause negative effects on
the environment, to ensure that all applicable laws and regulations are being followed, and to
continue to improve on both.
It is also the job of management to ensure that Riordan Manufacturing is in compliance
with all building codes in the locations of each building. These laws are set in place to ensure
that health, safety, and the welfare of the public are protected in regards to the construction and
occupancy of the buildings structures.
Management is required to check and ensure the quality and safety of all the products that
are manufactured in each location. This includes protection of intellectual property. Each
location has different products, designs, data, and customer lists. Management is responsible for
the safety and security of all product information at the different locations. Should any problems
arise, Mr. Bradford is to be contacted immediately.
Prevention. The following training and development guidelines are set forth for all
Riordan employees:
The following mandatory training for all employees within 90 days of hire:
•New employee orientation (1 day) — offered once per month
•Six Sigma — for all production, shipping and quality employees
Supervisors are also expected to attend the following workshops within 12 months of
becoming a supervisor:
•Interviewing guidelines
CORPORATE COMPLIANCE PLAN 7
•Preventing EEO claims and sexual harassment in the workplace
•Performance reviews (University of Phoenix, 2006)
In addition to the current training process, employees will be trained in environmental
protection and safety. It is imperative that the trainers specify disposal procedures for all
chemicals and wastes. That will ensure compliance with government laws and regulations. As
part of the contract that was signed by each employee, it is grounds for termination if any
employee is caught violating any laws governing intellectual property. This information is talked
about again during the training process.
Compliance with Regulatory Requirements
Riordan Manufacturing is in need of a corporate compliance plan that minimizes risk of
litigation in a number of areas. Riordan Manufacturing is led by Ethical standards and practices
which allows employees to meet expectations and goals. The company integrity and ethics are
essential and crucial values and these values are the foundation of its success. Each of the
following sections contain preventative and management strategies the company can implement
to minimize risk. Along with these strategies, the plan presents specific regulation requirements
of each subject as well the procedures should a violation occur.
Internal Environment
Riordan is a profit corporation, as opposed to a sole proprietorship, partnership, or limited
liability company. As a corporation, Riordan’s shareholders, officers, and directors have limited
liability. However, these groups are not immune from all risk, and can be personally liable for
civil and criminal wrongdoings related to Riordan’s corporate obligations. The CEO is
responsible for ensuring that all employees are knowledgeable of internal and external practice’s
that are acceptable standards and procedures within the work environment.
CORPORATE COMPLIANCE PLAN 8
Objective Setting
Managing Riordan’s risk for officers and directors requires a clear set of bylaws that
establish internal rules and govern corporate procedures. In addition, the bylaws define the rules
and limits of authority for the officers and directors. For effective risk management, Riordan’s
boards of directors need to establish an compliance and risk management committee to ensure
adherence to their corporate procedures and to the governments regulatory requirements.
Event Identification
A large portion of management’s responsibility is to identify and facilitate direction for
uncertain risks to business operations globally. Enterprise risk management (ERM) is the
approach assisting management in identifying and managing uncertainties and in attaining
positive risk intents. ERM efforts are on developing a strategy to introduce cognizantinternal risk
control throughout the organization. This structure is an effort by the COSO to effect
responsibility on executives and directors through informed organizational procedures and
processes that assist these individuals in reporting organizational management metrics
(Applegate, 1999).
Control Activities
The Model Business Corporation Act (MBCA) provides a liberal set of corporate laws
that most states have adopted for corporate governance in this financial environment. The
business judgment rule and the corporate opportunity doctrine are two laws that apply to officer
and director liability. The business judgment rule requires officers and directors demonstrate
that they make decisions only after careful consideration and receive reliable expert
consultations. Officers and directors of Riordan must also adhere to the Corporate Opportunity
Doctrine, which prohibits officers and directors from personally taking advantage of an
CORPORATE COMPLIANCE PLAN 9
opportunity that could benefit the corporation without first presenting it to the corporation
(Stimmel, Stimmel, and Smith, 2004)
Information and Communication
Regarding risk associated with business ethics, Riordan’s risk management committee
must develop a culture that values ethical decisions over meeting internal or external goals.
Pressures of meeting far-reaching and unattainable goals can lead to costly and unethical
decisions. The compliance committee will be responsible for monitoring internal and external
corporate goals to ensure they are cost effective and reasonable within Riordan’s ethical
standards. The employee handbook serves as one type of governance that provides written
guidelines for reference.
Risk Assessment
In addition to the MBCA, Riordan must ensure regulatory compliance with the Sarbanes-
Oxley Act of 2002. This act takes precedent over state laws and requirements, like the MBCA.
The Sarbanes-Oxley Act requires Riordan follow and adhere to the following:
1) Prohibits Riordan from make personal loans to officers and directors
2) Disclosure obligations on auditors and accountants
3) Legal counsel requirement to report and initiate an investigation if the belief that a
material violation has occurred
4) Creation of a legal compliance committee for escalating violations to the board of
directors if not corrected by Riordan officers
5) Majority of Riordan board members must be independent:
6) Chair of audit committee must be an independent, and at least one member of the
audit committee must be a financial expert
CORPORATE COMPLIANCE PLAN 10
7) Establish a written code of ethics (107thCongress, 2002)
Although not required, Riordan’s code of ethics should include annual ethics awareness
training for all employees, including officers and directors. In addition, Riordan must establish a
means for employees to obtain ethical advice and anonymously report misconduct. It is also
imperative Riordan thoroughly investigate reports of ethical misconduct. As described in the
preventive section, the compliance officer is responsible for administering and ensuring
adherence of Riordan’s code of ethics.
Risk Response
The COSO enterprise risk management structure recognizes an organization’s need to
infuse risk management into strategic objectives and the organization’s culture. To protect
against unplanned or unforeseen risk, all layers of Riordan are exercised and evaluated on how
the response protects assets and personnel. Entities within Riordan Manufacturing that fail to
comply with local, state or federal governmental regulations expose the organization to
regulatory risks and liability that impact assets, earnings, and most important, Riordan’s
reputation as a civic supporter.
Monitoring
Riordan will thoroughly investigate all violations of Riordan’s governance and
compliance rules and procedures to determine the circumstances that led to the violation.
Intentional and external violations will result in immediate termination. Non-intentional
violations will result in corrective action and consideration of termination based on the severity
of the violation. As warranted, Riordan will modify procedures and awareness training sessions
to address reoccurrences of non-intentional violations. In addition, officers and directors are at
risk for criminal liability if they are aware of the violations and fail to correct the violation.
CORPORATE COMPLIANCE PLAN 11
Violating the Sarbanes-Oxley Acts can result in criminal liability for the officers and directors,
including federal penalties for certifying false statements.
Conclusion
Governance is defined as a guidance or control of an activity to meet a specific objective
(Fox, 2008). Corporate governance is a necessity to run Riordan effectively and be cost effective.
It keeps employees and officers from engaging in activities that may bring harm to the company.
The company’s risk management process looks at potential risks that may affect the company
and determine to what extent the risk will be taken. The underlying goal is to make a profit for
the shareholders and the careful steps planned for liabilities and risks will greatly determine the
future and profit of the company. As long as Riordan adheres to COSO guidelines regarding
financial and auditing practices along with The Sarbanes-Oxley Act, the company should be able
to realize a substantial profit, competitive advantage, and longevity.
International Law
Info…
Conclusion
Info…
CORPORATE COMPLIANCE PLAN 12
References
Cheeseman, H. R. (2010). Business Law: Legal Environment, Online Commerce, Business
Ethics, and International Issues (7th ed.). Upper Saddle River, NJ: Prentice Hall.
University of Phoenix. (2004). SUPPLEMENT: Enterprise Risk Management - Integrated
Framework. Retrieved from University of Phoenix, LAW531 website.
University of Phoenix. (2006). SUPPLEMENT: Riordan Manufacturing. Retrieved from
University of Phoenix, LAW531 website.
Stimmel, Stimmel, and Smith. (2004).
http://www.stimmel law.com/articles/Corporate_Opportunity_Doctrine.html
Applegate, Dennis. (1999). Struggling to incorporate the COSO recommendations into your
audit process? Here's one audit shop's winning strategy... COSO.
Fox, N., & Ward, K. (2008). What governs governance, and how does it evolve? The sociology
of governance-in-action. The British Journal Of Sociology, 59(3), 519-538.
107thCongress. (2002) .Corporate responsibility.116 STAT 145.
http://www.sec.gov/about/laws/soa2002.pdf