Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program AssessmentDeveloping Meaningful Ethics and Compliance Data
Anthony Tocco Larry Parsons T. Dean MainesDirector of Enterprise Compliance Vice President, President, SAIP Institute
DTE Energy Business Conduct and Ethics University of St. Thomas
Freescale Semiconductor, Inc. Opus College of Business
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 2
Background: Why Evaluate Program Effectiveness?
• Required under Federal Sentencing Guidelines and DOJ McNulty Memorandum
• Identifies gaps and weaknesses within and across your various programs
• Tells you the “big picture” – How are you doing as an organization?
• Creates leadership support
• Results matter
2
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 3
Federal Sentencing Guidelines - §8B2.1. Effective Compliance and Ethics Program
(a) To have an effective compliance and ethics program, for purposes of subsection
(f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation - Organizations), an organization shall—
(1) exercise due diligence to prevent and detect criminal conduct; and
(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.
(b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:
(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.
(2) (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.
(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.
Guidelines Standard§8B2.1 (b) :
(b) Due diligence and the promotion of an organizationalculture that encourages a commitment to compliance with the law within the meaning of subsection (a) minimally require the following steps : …
(5) The organization shall take reasonable steps -(B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 4
What does “due diligence” mean for your organization?
• What is reasonable and prudent?
• Is there an industry standard?
• Is it the same degree of care used for other management priorities within a prudent organization?
• What are the hallmarks of due care for management priorities?
– Resources to do it right
– Metrics + Trending to measure progress
– Accountability for results
– Rewards/incentives
– Responsive action to improve points of weakness
3
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 5
McNulty Memorandum
Corporate Compliance Programs: two overarching questions:
1. Is the compliance program well designed?
2. Does the compliance program work?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 6
McNulty Memorandum
Factors:
• Comprehensiveness of the compliance program
• Is compliance program a “paper program” only, or has it been adequately implemented?
• Are resources adequate?
• Are employees adequately informed about the program?
• Do employees have confidence in the corporation’s commitment to the program?
• Extent and pervasiveness of the misconduct
• Level of employees with responsibility for the program
• Remedial actions taken (restitution, discipline, revision of thecompliance program)
• Promptness of self-disclosure
4
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 7
McNulty Memorandum
Factors – Effectiveness of Governance:
• Do directors exercise independent review or merely ratify recommendations of management?
• Are directors given adequate information to allow independent judgment/oversight?
• Are internal audits adequately funded?
• Have directors established adequate internal reporting mechanisms?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 8
What to Assess
• Your program itself
– Starting Point: Track the Guidelines
– Activities (measurement examples)
• Contacts
• Investigations
• Training Completions
– Culture (measurement examples)
• Ethics Related Actions
• Employee Opinion
• Employee Action
5
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 9
Elements This Session will Cover
• Code of Conduct
• Policies and Procedures
• Governance
• Surveys
• Risk Assessment
• Ethics Training and Communications
• Auditing and Monitoring
• Avenue for employees to seek ethics advice
• Anonymous reporting
• Incentives and Discipline - Consequences for misconduct
• Assessment Tools
Source: National Business Ethics Survey 2005, Ethics Resource Center
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 10
Process and Takeaways
• Activities
– Presentations
– Table Work
– Group Discussion
• Takeaways
– Program Assessment Tool
– Possible Survey Questions
– Metrics examples
– Checklists
6
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 11
Program Evaluation – Some Third Party Resources
Measurement & Metrics Guide: Performance Measurement Approach and Metrics for a Compliance & Ethics Program
www.oceg.org/view/NMG
Ethical Leadership Group:
www.ethicalleadershipgroup.com/assessment.psp
Corporate Leadership Counsel:
www.clc.executiveboard.com/public/ourservices.aspx
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program AssessmentCommunications and Training
Larry Parsons Freescale Semiconductor
7
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 13
Freescale – Company Overview
Semiconductor design and manufacturing company established in 1953
� Focused on the networking, automotive, wireless communications, industrial control and consumer electronics markets
� Engaged with 10,000+ customers globally; over 100 of the top electronic manufacturers
� $5.7 billion in revenue in 2007
� Headquartered in Austin, Texas
� 24,000+ employees in over 30 countries
� Separated from Motorola in 2004 (IPO/Spin)
� No. 368 on Fortune 500 list in 2006
� Leveraged buyout by consortium of private equity funds completed December 1, 2006
� Listing on NYSE ceased on December 1, 2006
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 14
Freescale – Ethics Communications Plan
• Planning – Develop communications plan at beginning of year.
• Elements
– Summit (Freescale Employee Intranet Portal) Articles
– Ethics in Action
– Ethics IQ
– Recurring specific subjects (Insider Trading, Confidential Information, Export Compliance)
– CEO Messages
– External Communications
– Town Hall Materials for Management
– Newest Element: Ethics Blog
8
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 15
Freescale Sample – Summit (Intranet) Article
It’s not easy being green:An emphasis on the environment8 February 2008
Kermit the Frog says, “It’s not easy being green.” I doubt that the Muppet was talking about the semiconductor industry, but I believe his statement fits. The world grows more conscious about the environmental impact ofhazardous materials and energy consumption. Companies are modifying their products, processes and packaging – making their products better for the environment and more attractive to customers.
Environmental efforts feed our bottom line
Freescale’s Environmentally Preferred Products (EPP) program spent years implementing low lead (Pb) content chip packages without mercury, cadmium, hexavalent chromium, or two brominated compounds – PBB and PBDE. We also implemented programs with our suppliers to ensure they minimized these hazardous substances.
The EPP team certifies that each new product and component is free from 39 Freescale banned substance groups. We also certify that our products meet today’s regulatory and customer requirements for hazardous substance content.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 16
Freescale Sample – Ethics in Action
Freescale's Impeccable Ethics in action:
Corporate credit cards are only to be used to pay approved company expenses
18 April 2008
Maintaining our commitment to Freescale’s Impeccable Ethics fundamental requires constant diligence in our daily job responsibilities. Periodically, we publish a summary of a recent matter handled by Freescale’s Office of Business Conduct and Ethics (OBCE), including the outcome and how the situation should have been handled consistent with our Code of Business Conduct and Ethics (the Code) and commitment to a culture of impeccable ethics.
Obviously, discussing any issue handled by the OBCE has an educational and awareness benefit that must be balanced against issues of privacy and confidentiality. As such, all identifying information (such as names and places) has been removed from this summary. If you are familiar with the situations described in this article, we ask that you not disclose the names of the individuals involved or any other details.
Read on for this month's Impeccable Ethics in action article.
9
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 17
Freescale Sample – Test Your Ethics IQ
Test your ethics IQ:What would you do? 22 February 2008
We all face ethical choices each day as we carry out our responsibilities for Freescale. Test your ethics IQ by reading the scenarios below and selecting the best course of action. Do your responses support Freescale’s commitment to Impeccable Ethics?
Scenario one:
A good friend of yours is employed by a Freescale customer. He recently sent you an e-mail that his employer received from a Freescale competitor thatcontained test specifications for a product being developed by the competitor. The test specifications provide some technical information that would be useful to your department’s development of a similar product line for Freescale.
What should you do with the e-mail?
• Thank your friend for the information and send copies of the e-mail to all of the managers and engineers working on the similar Freescale product line.
• Consult with your manager before distributing the e-mail information.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 18
Freescale - Internal Program Communications 2007
1Q2007
2Q2007
3Q2007
4Q2007
Jan -- iCAP and Records Management policies and processes, Emails: SLT, employees
Mar 23 – Freescale Remains Committed to Impeccable Ethics; Summit Feature, Parsons to all employees,
Apr 20 –He Met the Deadline But Violated Our Code – intentional misreport of costs; Summit Feature, Ethics in Action, all employees:
Jun 22 – Protecting Confidential Information, Summit Feature, Test Your Ethics IQ, all employees
Jul 20 – Personal Relationships, Summit Feature, Test Your Ethics IQ, all employees:
Sep 21 – They Used Freescale Assets for Personal Benefit – misuse of company assets; Summit Feature, Ethics in Action, all employees
Sep 27 – 2007 American Business Ethics Award; Summit Feature; All Employees
Oct. 1 – Summit Feature – Insider Trading Policy Reminder
Oct 19 – Gifts and Entertainment, Summit Feature, Test Your Ethics IQ, all employees
Dec 8 –Guidelines for Holiday Gift Giving and Receiving; Parsons Email to all employees
10
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 19
Freescale – Training Plan
• Planning – Rolling three year plan for training
– Courses (Risk Assessment)
– Audiences
– Timing
– Year to year modification
• Coordination with other functions
– Human Resources – Training function (to mesh with other training initiatives
– Communications
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 20
Measurement of training programs
1. Content and objectives
2. Courses and target audiences
3. Total attendance
4. Percentage of target audience who attended
5. Format (e.g., live, computer-based)
6. Names and credentials of trainers
7. Materials provided to attendees
11
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 21
Freescale Ethics and Compliance Training - 2007
Feb – Completion of online Code course by approximately 900 employees previously exempted because of attendance at instructor-led ethics course
Apr - Two courses, FCPA and Antitrust, approximately 1500 employees in each course, Communications, Sales, Strategy, Procurement, Finance
1Q2007
2Q2007
3Q2007
4Q2007
Jun – Two courses, Whistleblowing and Conflicts of Interest, approximately 2000 employees in each course, Executives and Managers
Nov – two courses, Ethical Principles and Practical Ethics, approximately 1000 employees, Managers and Individual Contributors, Malaysia
Oct – E-compliance & Careful Communications, approximately 11,000 employees, Executives, Managers and Individual Contributors
Jan - Completion of iCAP/Records Management online course regarding new policies, 17,000 employees with emailJan - Board of Directors Education Session
May - Board enrolled in online Code course
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program AssessmentGovernance
Larry Parsons Freescale Semiconductor
12
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 23
Freescale: Audit and Legal Committee Charter
Business Conduct, Ethics and Compliance
16.The Committee will review the Company’s business conduct and compliance policies and programs. In connection with such review, the Committee will:
– Receive periodic reports from the ethics and compliance officer regarding ethics and compliance.
– Periodically meet separately with the ethics and compliance officer without other senior management present.
– Obtain reports from management, the Company’s internal audit director and the independent auditor that the Company and its subsidiary/foreign affiliated entities are in conformity with applicable legal requirements and the Company’s Code of Business Conduct.
– Advise the Board with respect to the Company’s policies and procedures regarding compliance with applicable laws and regulations and with the Company’s Code of Business Conduct.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 24
Business Conduct & Ethics Organization
Larry Parsons
Vice President , Business Conduct
and Ethics
Code of Business Conduct and Ethics
Human Resources Compliance Issues
Regulatory Compliance and Governmental Affairs
Compliance Special Projects
InvestigationsEthics and Compliance
Training
• Records Management
• Data Privacy
• Corporate Social Responsibility
• Supplier Certifications
• Code of Business Conduct and Ethics
• ETHICSline
• BCE Committees
• EEO
• Immigration
• OFCCP
• Regulatory Compliance
• Trade Compliance
• Government Relations
• EPP Function
• EHS Audit
• FCC/CE
• Risk Assessment
13
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 25
The Eight Elements of an Effective Ethics and Compliance Program
Management Support & Resources
Clear WrittenStandards & Controls
Effective Training & Communication
Consistent Monitoring, Evaluation & Reporting
Response & ContinuousImprovement
Periodic Risk Assessment
Due Care in Delegating Authority
Consistent Enforcement
• VP, Ethics & Compliance
• Resources
• Freescale Business Conduct & Ethics Leadership Team (“FBCELT”)
• FSL Code of Business Conduct & Ethics
• Ethics & Compliance policies
• Initial & Ongoing
• All Employee Training
• Senior Leadership
• Board
• FSL ETHICSline
• FBCELT
• Audit & Legal Committee
•SOX Disclosure Committee
• FSL Fundamental –Impeccable Ethics
• Performance Mgt. & incentives aligned
• Disciplinary Actions
• Track record of integrity prior to delegation
• Screening of new hires
• Business Integrity Questionnaires
• ERM Process
• Review & amend program after problems occur
• Senior Leader Meetings
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 26
Consistent Enforcement and Alignment of Incentives
Impeccable Ethics
> Follows the Freescale code of conduct> Acts with integrity> Communicates openly and honestly> Treats everyone with respect and fairness
Creates an environment where employees want to do the right thing
Manager specific
Maintain our commitment to being the most ethical company in the business
Freescale
Innovation
Speed
CustomerFocus
FundamentalsImpeccable
Ethics
Ownership
14
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 27
ETHICSline Contacts
OBCE Contact Statistics 2005 2006 2007
•Total Contacts Received by the OBCE *** *** ***
Anonymous Contacts 17 35 36
Unsubstantiated Allegations 18 14 23
Anonymous with Unsubstantiated Allegations 5 11 8
Contacts Immediately Reported to the
Audit/Legal Committee4 0 2
Contacts Leading to Employee Termination 7 7 6
Total Employee Terminations 9 10 6
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 28
ETHICSline Contacts
US
Unknown
LatAm/Can
EM EA
AsiaPac
2005 2006 2007
N/ A
P ol i cy
Gui dance
Issue
Repor ted
A ppr oval
per P ol i cy
2005 2006 2007
Securit y
Misc & Other
Human
Resources
Finance
EHS
Code of
Conduct2005 2006 2007
Contacts by Region
Contacts by Category Contact Type
15
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 29
ETHICSline Contacts
United States
LatAm/Can
EM EA
AsiaPac
Referred Out
OBCE
Investigation
Immediate
Response
2005 2006 20072005 2006 2007
31+ Days
15-30 Days
3-14 Days
0-2 Days
Employee Terminations Contact Cycle Time Handling and Response
2005 2006 2007
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 30
Standards, Monitoring and Reporting
� Freescale Code of Business Conduct and Ethics
� Audit and Legal Committee Meeting
� Quarterly Meetings:
Freescale Business Conduct and Ethics Leadership Team
Regional Business Conduct and Ethics Committees
Country Manager Meetings
Disclosure Committee
� Reports:
Monthly Contacts Report
Audit Committee Reports
Year End Metrics
� Regular Communications on Program
Ethics in Action
Test Your Ethics IQ
Summit Articles
16
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program Assessment Using Employee Surveys to Measure Ethical Climate
Larry Parsons Freescale Semiconductor
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 32
Why Do an Ethical Climate Survey
• What is it?
– a measure of employee perceptions of the practices and behaviors that get rewarded and supported with regard to ethics in the workplace
• Why do it?
– Useful for assessing the current state of your organization’s ethical climate
– Signals to employees and other stakeholders that their opinions are valued, and that the organization is committed to acting with integrity
• But, done poorly, with no visible actions after the survey, and it will be viewed as management “papering the file”
• Credit Where Credit is Due
– For portions of this section of my presentation, I relied heavily on the following article: Tiffany McDowell, PhD and Jose Tabuena, JD, CFE, CHC, Measuring Your Organization’s Climate for Ethics: The Survey Approach, Society of Corporate Compliance and Ethics, August 2007
17
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 33
Freescale’s Employee Survey – “FreeSpeak”
Background:– Freescale partnered with Corporate Leadership Council Solutions to create and implement
FreeSpeak, our employee engagement survey
– The survey leverages the question bank of CLC solutions to permit comparisons of employee engagement levels with other companies
– Freescale first conducted the survey in April 2005, one year after we launched as an independent company, and within six months of separating from Motorola
– We conducted two surveys a year in 2005, 2006 and 2007. Beginning with our next survey in September 2008, we will conduct our survey on an annual basis
Objectives:– The employee engagement survey is a key element in Freescale’s cultural transformation.
– Survey results serve as the key measure of our progress in realizing the desired Freescale culture
– Provide employees a forum for their feedback on the Freescale work environment
– Identify areas for improvement at team, organization, division and corporate levels – (Ex: Customer Loyalty – Key focus area in 2008)
– Provide feedback directly to managers
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 34
What is Measured?
Results measure four aspects of cultural change:
– Alignment to the Freescale Fundamentals
– Employee opinions on how effective managers are in leading a high-performance culture
– Employee engagement levels, a measurement proven to have strong correlation to company performance
– Retention index, which is reflective of employees’overall intent to stay
Freescale Fundamentals
Manager Effectiveness
Employee Engagement
Retention Index
18
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 35
Freescale Overall Results
Cultural Dashboard
0.4
1
0.4
1 0.5
7
0.3
8
0.4
8
0.5 0.5
9
0.4
3
0.4
9
0.5
1
0.6
0
0.4
40.5
0.5
1 0.6
0.4
5
0.4
9
0.5
2 0.6
0.4
-1
-0.8
-0.6
-0.4
-0.2
0
0.2
0.4
0.6
0.8
1
Fundamentals Manager
Effectiveness
Engagement Retention Index
Strongly Agree
Disagree
Agree
StronglyDisagree
Fundamentals
0.5
0
0.5
2
0.4
5
0.3
6
0.3
2
0.3
3
0.5
8
0.5
8
0.4
8
0.4
2
0.4
4
0.4
20.5
9
0.6
0
0.5
0
0.4
5
0.4
5
0.4
4
0.6
0.6
0.5
0.4
8
0.4
7
0.4
5
0.4
60. 6
0. 5
6
0. 5
1
0.4
6
0.4
9
0.4
4
0. 4
7
-1.00
-0.80
-0.60
-0.40
-0.20
0.00
0.20
0.40
0.60
0.80
1.00
Ethic
s
Cust
omer
Focu
s
Owner
ship
Innova
tion
Speed
Gre
at T
alen
t
Colla
borat
ion
GoalGoal
Key Findings
Strengths & Most Improved:– Engagement continues to be the strongest of the four dashboard indicators
– Ethics and Customer Focus continue to be the strongest Fundamentals
– Speed showed the most improvement, increasing by +.02
Areas for Continued Improvement – Retention Index (Intent to Stay)
– Customer Focus
2Q05 4Q05 2Q06 4Q06 2Q07
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 36
Law Department Results
Cultural Dashboard
0.6
2
0.6
6
0.6
8
0.6
0
0.6
9
0.7
4
0.7
5
0.6
9
0.6
6
0.6
8
0.7
3
0.6
5
0.6
2
0.6
2
0.7
1
0.6
0.6
1
0.6
7
0.6
9
0.40.4
9
0.5
2 0.6
0.4
-1.00
-0.80
-0.60
-0.40
-0.20
0.00
0.20
0.40
0.60
0.80
1.00
Fundamentals Manager
Effectiveness
Engagement Retention Index
Strongly Agree
Disagree
Agree
StronglyDisagree
Fundamentals
0.7
6
0.6
4
0.6
4
0.5
3
0.5
8
0.5
5
0.8
3
0.7
2
0.6
9
0.6
4
0.6
0
0.6
20.7
9
0.7
3
0.6
8
0.6
0.5
9
0.5
0.7
7
0.6
9
0.6
3
0.6
1
0.5
4
0.5
7
0.5
8
0.8
1
0.6
2
0.6
1
0.6
1
0.5
5
0.5
8
0.5
7
0.6
0.5
6
0.5
1
0.4
9
0.4
7
0.4
6
0.4
4
-1.00
-0.80
-0.60
-0.40
-0.20
0.00
0.20
0.40
0.60
0.80
1.00
Ethic
s
Cust
omer
Focu
s
Owner
ship
Speed
Colla
boratio
n
Innova
tion
Gre
at T
alen
t
GoalGoal
Key Findings
Strengths & Most Improved:– Engagement and Manager Effectiveness scores are the strongest indicators
– Ahead of the rest of Freescale on all Fundamentals
Areas for Continued Improvement – Retention Index dropped dramatically, by .2
– While still ahead of Freescale overall, most areas continue to decline
2Q05 4Q05 2Q06 4Q06 2Q07 FSL
19
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 37
Sample - Calendar & Expectations
� 22 January Manager Reporting Tool available: www.clcmetrics.com/ManagerTool
� 15 February Share results with your manager and direct reports
� 28 February Work with manager and team to formulate your action plan
� 15 March All M1 & above managers must document action plans within the Talent Pipeline Management (TPM) tool:
https://summit.freescale.net/irj/portal
All supervisors must document action plans within the Performance
Management (PM) System: https://summit.freescale.net/irj/portal
� Ongoing Schedule regular follow up dialogues with your employeesand manager to highlight progress and solicit support neededduring the year.
Update your progress to action plan via TPM - M1 & above managers and via Performance Management tool - Supervisors
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 38
Sample - Action Planning Expectations
• All supervisors and managers are expected to meet with their direct managers and teams to develop action plans around their individual and/or organizational FreeSpeak results.
• Supervisors and managers with less than three (3) respondents will not receive a feedback report, however, they are strongly encouraged to align and utilize their direct manager and/or organizational feedback to develop action plans.
• Goal is to have an action plan in place for 100% of our Freescale management population to ensure we’re working together to drive the changes needed within our culture.
• OBCE Specific Actions: Review all results to identify ethics “hotspots,” specific locations or organizations with low scores. Action plans developed around those locations, organizations and managers.
20
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 39
Ethical Climate Survey on a Budget
• Recognize that not everyone will have budget approved for a third party survey
• Doing it yourself
– There is no single right approach to measuring a climate for ethics
– Step 1: Determine your survey objectives
• Why conduct a survey
• What will you do with the results
– Step 2: Identify your audience
• All employees or random sample
• Suggest – combine with senior leader interviews and focus groups
– Step 3: Determine Response Scale
• Not a testing expert, but some suggestions
– Step 4: Determine method of administration
– Step 5: Administer the survey
– Step 6: Assess the results and develop communication and action plans
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 40
Survey on a Budget – A Word about Wording
• Keep your questions short
• Avoid jargon and acronyms
• Avoid requiring inaccessible information (“How does our ethics program compare to the programs of our competitors?”
• Avoid hypothetical questions (“What would you do if…”)
• Avoid leading questions (“Most people feel…do you agree”)
• Use multiple questions on the same topic
• Don’t make the survey too long
• Provide a comments section at the end
21
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 41
Table Work: Ethical Climate Survey
• Table Work:
– Develop your “case” for conducting a survey
– Develop your plan for using the results
– Develop questions for a basic Ethical Climate Survey
• General Format for a Survey (Handout - initial survey draft):
– Use Suggested Survey Areas to Develop Questions
– Review Suggested Case Statement, Plan for Use and Questions as aGroup
• Output: Compilation of items identified by group for inclusion in draft survey. Distribution after event of survey tool, statement of reasons for conducting survey, and plan for use of results.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 42
Compliance and Ethics – Suggested Survey Areas
– Observations of perceived misconduct
– Willingness to report misconduct/violations and violations in fact are reported when they are perceived to occur
– Perceptions about the organization’s responsiveness to misconduct
– Fear of retaliation for reporting concerns
– Willingness to seek help within the organization for ethical issues
– Supervisors demonstrate/pay attention to ethics
– Leadership demonstrates/pays attention to ethics
– Open discussion of ethics in the workplace encouraged
– Ethical behavior rewarded at all levels
– Unethical behavior punished at all levels (management accountability)
– Perceptions of fair treatment in the workplace
– Employee willingness to deliver “bad news” to management
– Employee knowledge of workplace rules
– Employee “commitment” to the organization
– Confidence in preparedness to respond to ethical situations
22
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program AssessmentPolicies and Procedures
Dean Maines SAIP Institute, University of St. Thomas
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 44
University of St. Thomas: Corporate Ethics Activities
• Ethics & Business Law
– Teaching
– Case Studies
– Other Research
• Support & Collaboration – Practitioners
– Center for Ethical Business Cultures
– SAIP Institute
23
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 45
Policies and Procedures: Role and Function
• Provide guidance on recurring/critical issues;
• Communicate standards/expectations for employee behavior within specific areas;
• Supplement and support a company’s code of conduct;
• Help prevent unethical or illegal conduct;
• Other…
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 46
Policies and Procedures: Sample Topics
• Questionable payments to government officials and other agents
• Financial representations
• Document management
• Confidentiality
• Supplier selection
• Employee participation in political campaigns
• Other…
24
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 47
Policies and Procedures: Effectiveness Issues
• How does the organization formulate its policies?
– Assessment of principal operational and legal risks
• How are policies communicated?
• How is employee understanding developed and assessed?
• How is policy compliance monitored?
• What process is used to ensure policies are periodically reviewed and updated as needed?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 48
Policies/Procedures: Sample Process Metrics
• Development
– Periodic review of risk assessment results to identify/initiate new policies or policy revisions;
– Periodic review of emerging legal/regulatory requirements to identify/initiative new policies or policy revisions.
• Communication
– Prompt orientation of new employees to applicable policies and procedures;
– Prompt notification/orientation of existing employees to revisedpolicies.
25
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 49
Policies/Procedures: Sample Outcome Metrics
• Development
– Policies/procedures cover principal areas of operational and legal/regulatory risk
• Effectiveness
– Audit results: Number and nature of errors where new/revised policies have been implemented
• Communication
– Audit results: Interviews suggest employees understand policy and procedural requirements
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program AssessmentAuditing and Monitoring
Dean Maines SAIP Institute, University of St. Thomas
26
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 51
Auditing and Monitoring: Terminology
• Auditing:
– Review of compliance with internal or external standards, conducted by independent staff;
– May be repeated periodically;
– Usually focuses on high risk areas/activities.
• Monitoring:
– Compliance review, typically conducted by operational management;
– Repeated regularly, usually part of normal operations;
– May be focused or broad in scope.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 52
Auditing and Monitoring: Role and Function
• Test current compliance with internal policies and procedures and legal/regulatory requirements
• Assist risk management efforts
– Identify possible illegal behavior or misconduct;
– Help correct non-compliance.
• Provides evaluation of compliance processes and activities
– E.g., effectiveness of training, screening, etc.
• Facilitate improved compliance effectiveness over time
• Other…
27
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 53
Auditing and Monitoring: Effectiveness Issues
• How is planning for auditing/monitoring addressed?
– Is there a written auditing/monitoring plan?
– How does the organization determine which areas or activities are targeted for auditing and monitoring?
– How frequently are risk areas reviewed and auditing/monitoring plans updated?
– Is the plan consistent with the organization’s size, complexity, and scope of operations?
– Are adequate resources available?
• How does the organization ensure that independent and properly trained audit resources are utilized?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 54
Auditing and Monitoring: Effectiveness Issues
• How and when are appropriate parties notified of outcomes, including adverse findings?
– Compliance officer
– Local management
– Senior management
– Board of directors
– Governmental agencies
• Are corrective plans developed and implemented to address adverse findings?
• How are results used to enhance the organization’s ethics/compliance program?
28
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 55
Auditing/Monitoring: Sample Process Metrics
• Establishment of written annual plan/budget
• Periodic progress reports
– Status of planned activities
– Budget status
– Identification of special implementation issues
• Prompt communication to appropriate parties of major findings and corrective action requirements
• Establishment of corrective action plans
• Periodic progress reports against corrective action plans
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 56
Auditing/Monitoring: Sample Outcome Metrics
• Adverse findings for current year
– Number;
– Nature (e.g., degree of seriousness);
– Required corrective action.
• Trend data
– Overall number/nature of adverse findings
– Results from repeat audits
• Issue: Do trends suggest an improvement in the organization’s understanding of compliance requirements and adherence to those requirements?
29
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Program AssessmentIncentives and Discipline
Dean Maines SAIP Institute, University of St. Thomas
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 58
Incentives and Discipline: Role and Function
• Promote conduct that is ethical and legal
• Deter and sanction unethical and illegal conduct
• Signal the importance of ethical conduct and legal compliance to employees at all levels
• Other…
30
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 59
Incentives and Discipline: Relevant Systems
• Performance Assessment
– Organization:
• Balanced/Integrated Scorecard
– Individual:
• Performance Management
• Compensation
• Recognition
• Discipline Policy and Procedures
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 60
Incentives and Discipline: Effectiveness Issues
• How is ethics/legal compliance highlighted in the company’s operating plan and assessments of its performance? In plans/assessments of key subunits?
• How is ethics/legal compliance factored into the work plan, performance assessment, and compensation of individual employees, from the CEO on down? What weight is assigned to these criteria?
• How does the organization recognize employees who “did the right thing” in difficult circumstances?
31
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 61
Incentives and Discipline: Effectiveness Issues
• Does the company have a written policy that specifies:
– What conduct merits discipline;
– Factors to be considered in assigning discipline;
– The range of possible disciplinary actions; etc.
• How are disciplinary standards communicated?
• How does the company ensure fair and consistent application of its disciplinary guidelines?
• How does the company publicize instances of misconduct and discipline?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 62
Discipline: Example - Publicizing Misconduct
• Business Ethics Bulletin: Opening up the dialog about how to better live our values
In 2004 [the company] terminated 18 employees who failed to follow company policies or industry regulations. The following is a sampling of the issues that arose, and some lessons to be learned from them.
Situation #1
A research analyst was terminated for misrepresenting the analyst’s identity in the marketplace in order to obtain information that this person would not have been able to get had the analyst’s affiliation with [the company] been disclosed.
Addressing the Issue
The [company’s] Code of Ethics and Business Conduct identifies common areas in which ethical issues might arise and provides guidance for carrying out our responsibilities and observing the highest standards of ethical conduct. While not an exhaustive list of issues, the Code does specifically address competition and fair dealing. In part, it states:
We seek to outperform our competition fairly and honestly. Misappropriating proprietary information, possessing trade secret information that was obtained without the owner’s consent, or inducing such disclosure by past or present employees of other companies is prohibited. You must respect the rights of and deal fairly with our customers, suppliers, competitors and employees.
Other industry regulations that deal with this issue include:
– SEC Regulation SP
– NASD Rule 2110- Standards of Commercial Honor and Principles of Trade
– NYSE Rule 476(a)(6)
32
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 63
Incentives/Discipline: Sample Process Metrics
• Incentives
– Performance on ethics/legal compliance factored into organizational assessments (company, subunits)
– Performance on ethics/legal compliance is factored into employee assessments and compensation/recognition decisions
• Discipline
– Prompt orientation of new employees to disciplinary policy;
– Prompt notification/orientation of existing employees to policy revisions;
– Regular maintenance of discipline records for ethics/compliance violations;
– Periodic review of discipline records for consistency/fairness;
– Prompt reporting of disciplinary actions to appropriate parties.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 64
Incentives/Discipline: Sample Outcome Metrics
• Incentives
– Overall company rating for ethics/legal compliance;
– Ratings of organizational subunits;
– Number/percentage of employees who satisfy ethics/legal compliance elements within their work plan
• Discipline
– Number of employees disciplined for ethics/compliance violations;
– Types of disciplinary actions taken;
– Assessment of disciplinary fairness/consistency;
– Audit results: Employee understanding of disciplinary policy;
– Survey results: Employee perception of disciplinary fairness/consistency.
33
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Code of Conduct
Anthony M. Tocco CCEP, CIA, CFE
Director, Enterprise Compliance
DTE Energy
Detroit, MI
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 66
Elements of an Effective Code of Conduct
• Organization
– Includes a Table of Contents
– Utilizes subject headings to separate topics
– Organized by company/industry risk areas
– Considers appropriateness of document length (average 5,000 – 7,000 words)
THE DTE ENERGY
WAY
THE DTE ENERGY
WAY
34
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 67
Elements of an Effective Code of Conduct
• Content
– Includes an executive statement of commitment and support
– Ties to company’s values, principles, etc.
– Applies to all levels of the organization
– Outlines behavioral expectations of employees
– Communicates a commitment of ethics and compliance to employees,customers, vendors, shareholders and the community
– Emphasizes non-retaliation policy throughout the document (i.e. table of contents, executive statement, separate heading, hotline section, etc.)
– Describes company policy on enforcement and discipline involvingCode violations
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 68
Elements of an Effective Code of Conduct
• Writing Style
– Keep it simple (i.e. high school level of reading)
– Translate to all foreign languages as needed
– Use “active” voice whenever possible
– Ensure correct spelling, punctuation and grammar
35
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 69
Elements of an Effective Code of Conduct
• Educational Resource
– Provides names and links to supporting policies, values, etc.
– Incorporates examples, scenarios and/or frequently asked questions
– Prominently displays information on the company hotline program
– Instructs readers on how to report concerns (i.e. hotline)
– Includes contact information for referenced resources (i.e. security, ethics, etc.)
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 70
Elements of an Effective Code of Conduct
• Distribution
– Easy to access by employees and the public
– Provided to new hires in print
– Requires employee signed acknowledgment and commitment
– Integrated into employees’ performance goals and evaluations
– Includes a regular review and revision cycle or process
– Integrated into periodic training programs and other company initiatives
36
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 71
Elements of an Effective Code of Conduct
• Branding
– Identifies with program name and/or graphics
– Incorporates company logo and colors throughout
– Includes photos of company facilities, personnel, community, etc.
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Hotlines
Anthony M. Tocco CCEP, CIA, CFE
Director, Enterprise Compliance
DTE Energy
Detroit, MI
37
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 73
Elements of an Effective Hotline
Relevance
Federal Sentencing Guidelines Sec.8B2.1(b)(5)
“The organization shall take reasonable steps to have and publicize a
system, which may include mechanisms that allow for anonymity or
confidentiality, whereby the organization’s employees and agents
may report or seek guidance regarding potential or actual criminal
conduct without fear of retaliation.”
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 74
Elements of an Effective Hotline
Relevance
Sarbanes-Oxley Act - Section 301(4)
“Each audit committee shall establish procedures for:
(A) the receipt, retention, and treatment of complaints received by
the issuer regarding accounting, internal accounting controls, or
auditing matters; and
(B) the confidential, anonymous submission by employees of the
issuer of concerns regarding questionable accounting or auditing
matters.”
38
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 75
Elements of an Effective Hotline
Relevance
• Proactively prepares for increased enforcement actions by regulators
• Protects organization’s reputational integrity
• Supports compliance and ethics program
• Promotes employee engagement
• Provides risk management data point
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 76
Elements of an Effective Hotline
Hotline Objectives
• Meet regulatory requirements
• Easy access, simple to use, and available
• Single repository of reported misconduct
• Resource guide for ethical dilemmas
39
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 77
Elements of an Effective Hotline
Shareholder Expectations
• No fear of retaliation
• Confidential
• Anonymous
• Reports are thoroughly investigated
• Feedback on status
• Resolution
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 78
Elements of an Effective Hotline
Methods of Measuring Effectiveness
• Independent audit
• User survey
• Industry benchmarks
• Internal metrics
40
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 79
Elements of an Effective Hotline
Measurements of Effectiveness
• Clear accountability for administration
• Clear accountability for investigation
• Consistent application of protocol
• Reporter awareness
• Process metrics
• Reporter trust
• Policy, procedure or control modifications
• Report volume and tracking
• Integration with other programs
• System availability
• Communication strategy
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 80
Elements of an Effective Hotline
Measurements of Effectiveness
Number of days to respond to a question
Source: Ethical Leadership
Group and ECOA, October 2006
Days 2006
1 Day 38%
2 Days 16%
3 Days 10%
4–13Days 16%
14+ Days 16%
41
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 81
Elements of an Effective Hotline
Measurements of Effectiveness
Number of days to close a case involvingan allegation
Source: Ethical Leadership
Group and ECOA, October 2006
Days 2006
1- 3 Days 2%
4 - 10 Days 13%
11 - 21 Days 33%
22 - 30Days 35%
30+ Days 17%
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Risk Assessment
Anthony M. Tocco CCEP, CIA, CFE
Director, Enterprise Compliance
DTE Energy
Detroit, MI
42
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 83
Elements of Effective Compliance Risk Assessments
• Usefulness
– Supports Federal Sentencing Guidelines expectations
– Integrates with Enterprise Risk Management (ERM) Program
– Demonstrates diligence in compliance oversight and monitoring
– Serves as SOX entity level control
– Provides information to management and Board
– Fulfills regulatory demands for increased oversight
– Forces compliance accountability into business units
– Serves as a training and developmental exercise
– Assists other functional initiatives (i.e. internal audit, training, HR, etc.)
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 84
Elements of Effective Compliance Risk Assessments
• Objectives
– Identify key organizational risks
– Prioritize organizational or program gaps (i.e. policies, training, etc.)
– Assign accountability for remediation
– Assist in resource allocation
– Communicate to management and Board
43
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 85
Elements of Effective Compliance Risk Assessments
• Defining the Scope
– Enterprise wide
– Geographic
– Business Unit
– Compliance program design and activities (i.e. training, hotline, etc.)
– Laws and regulations
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 86
Elements of Effective Compliance Risk Assessments
• Tools and Techniques
– Internally generated model (i.e. Excel, Access, etc.)
– Vendor software or technology
– Survey or questionnaire
– Remediation templates
– Interviews
– Focus groups
– Document or version controls
– Audit trail
44
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 87
Elements of Effective Compliance Risk Assessments
• Rating Critieria
– Likelihood or probability
– Severity or significance
– Inherent risk
– Residual risk
– Control Effectiveness
– Improvement opportunities
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 88
Elements of Effective Compliance Risk Assessments
Examples of Rating Scales
Likelihood of Occurrence
1 2 3 4 5
Very Low Low Moderate High Very High
Almost Impossible
Extremely Unlikely
Possible Sometimes
Isolated Incidents
Repeated Incidents
Less than once/5 years
Less than once/year
Once/month to once/year
Once/week to once/month
More than once/week
Less than 1% 1% - 5% 5% - 10% 10% - 20% More than 20%
45
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 89
Elements of Effective Compliance Risk Assessments
Examples of Rating Scales
Severity
1 2 3 4 5
$0 > $100K $100K>$500K $500K>$5M $5M>$25M $25M or >
< 1% of revenue
1% - 3% of revenue
3% - 5% of revenue
5% - 10% of revenue
> 10% of revenue
No reputational exposure or regulatory harm
Localized negative impact on reputation but recoverable
Negative media coverage in state or region
Negative national media coverage (not front page news)
Sustained national negative media coverage (front page news)
No operational impact or loss of business
Noticeable but easily manageable; limited impact on operations
Results in some damage at an individual or stakeholder level; requires careful management attention
Severe impact on the business unit’s or company’s operational performance
Catastrophic impact on the business unit’s or company’s operational performance
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 90
Elements of Effective Compliance Risk Assessments
Examples of Rating Scales
Control Effectiveness
1 2 3 4 5
Ineffective Partially Effective
Effective Highly Effective Very Highly Effective
No control in place to date
Largely ineffective
Partially effective on some occasions
Effective on most occasions
Highly effective on almost all occasions
46
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 91
Elements of Effective Compliance Risk Assessments
Examples of Rating Scales
Improvement Opportunity
1 2 3 4 5
Low Opportunity
Partial Opportunity
Reasonable Opportunity
High Opportunity Very High Opportunity
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 92
Elements of Effective Compliance Risk Assessments
• Documentation
– Keep it simple to understand and easy to use
– Provide clear instructions
– Establish protocol for language and tone
– Limit the distribution of documents
– Ensure consistency
– Link remediation to risks, including responsible parties and completion dates
– Do not assume documents are “confidential” or “privileged”
– Obtain support to validate risk rankings
– Request remediation plans and monitor progress
– Retain and secure documentation
47
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 93
Elements of Effective Compliance Risk Assessments
• Assessment and Analysis Techniques
– Completed by accountable business unit representative
– Collaboration with other support functions (i.e. internal audit, legal, etc.)
– Perform a reasonableness check for objectivity
– Prioritize rankings by enterprise, by business unit, by activity, by risk category, etc.
– Create illustrative heat maps to support data
– Determine overall average and median risk scores for the company
– Create dashboards
– Perform trending over time
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 94
Elements of Effective Compliance Risk Assessments
• Reporting
– Business unit management
– Senior/executive management
– Board