Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

Duke Energy Modernizes Its Compliance Program

Dunn Christine | April 22, 2008

In the latest of our conversations with players in the compliance and governance realm, we talk to Julia Janson, SVP of ethics and compliance and corporate secretary of Duke Energy. An index of previous conversations is available here.



Julia Janson is senior vice president of ethics and compliance, and corporate secretary for Duke Energy. In her current role, she directs Duke Energy’s ethics and compliance program. She was named to her current position in April 2006.

Most recently, Janson served as corporate secretary and chief compliance officer for Cinergy Corp. She directed Cinergy’s corporate compliance program, which provided oversight, tracking, and management of compliance with laws, regulations, and business conduct standards. She was appointed chief compliance officer in 2004 and corporate secretary in 2000.

Prior to joining Cinergy, Janson began her corporate career in 1987 as a law clerk with The Cincinnati Gas & Electric Company (CG&E). After a series of promotions including supervisor of securities processing and transfer agent for CG&E common and preferred stock, she was named corporate attorney.



Duke Energy


Charlotte, N.C.




Electric Power

'07 Revenue

$13 billion

What’s your role at the company?

In addition to being chief ethics and compliance officer, I’m also corporate secretary. It’s an interesting combination. I’ve been in that role since the merger of Cinergy Corp. and Duke Energy in April 2006. Prior to that, I was chief compliance officer at Cinergy Corp. since September 2004 and corporate secretary since July 2000.

So your duties are?

As corporate secretary obviously I have the usual blocking and tackling, taking care of the board and the agendas and minutes. In terms of corporate governance policies and procedures, I’m an attorney by training. I serve the full board, the finance and risk-management committee, and the corporate governance committee, as well as a number of internal committees. I have a broad perspective of how the board views governance at the company, and that allows me to bring a broader perspective, and depth, to the ethics program.

How big is your team?

We divide ethics and compliance into two teams. The compliance team has six members; ethics has three.

We really feel like we’ve got an ethics group focused on individual employees’ behavior. Examples of what the ethics group is responsible for are training, investigating allegations of misconduct, and guidance on general company policies.

The compliance group is focused more on the systems and processes that impact large groups of employees. It’s driven by new and existing laws and regulations. Their goal is to have the daily compliance responsibilities assumed by the corporate business units, and the compliance group monitors them for effectiveness.

What are the questions senior management asks you?

From a board perspective, it’s primarily the audit committee that asks questions about ethics and compliance. From time to time, we get general board questions, but they’re directed more from the audit committee. At every audit committee meeting we report about ethics and compliance, ensuring that we have the necessary programs in place to ensure we remain in compliance with federal and state guidelines.

In addition to focusing on our ethics and compliance program, the audit committee looks at the supply chain and any potential for vendor-related fraud. They are interested in our view of emerging risks at Duke Energy and our industry.

The board also is concerned with results from our business conduct questionnaires and employee surveys. These provide the board with insight into the corporate culture and tone. We regularly report results to them. The surveys are conducted annually, and they are sent to every employee, but not all are required to respond.

Tell us more about the surveys. What do they ask?

The questionnaire asks our employees questions about business conflicts they might be aware of. In general, it’s another vehicle we provide to employees to see if they are aware of any conflicts, such as information on a gift or gratuity that may have influenced a business decision. The questionnaire is risk based. Through it, we identify the most significant risks to a wide variety of employees. It also aligns with our Code of Business Ethics. The questionnaire provides employees who might otherwise not call the ethics hotline an opportunity to comment about an issue.

Give us an example of how you enforce your compliance program. After all, you’re a utility, so you’ve got lots of compliance to worry about.

Late last year, we rolled out a compliance software program to help us track our compliance program. We secured a software vendor, the same vendor that we use for our SOX 404 effort. We use the general compliance module offered by that vendor.

Because we operate in five different states, we are regulated by state and federal governments for our electricity and gas distribution services. We had roughly 300 merger conditions required to get our merger consummated in 2006.

We loaded those conditions into the software tool and assigned them to particular parties. We’re notified by e-mail when requirements are due or have been completed. For example, if we need to make a quarterly filing to a commission in Indiana about something like merger cost savings, the owner of that requirement gets an e-mail about making that filing. It all goes into the software system and allows us to know where we are. If we get audited, I can report to the board that merger conditions are satisfied.

This works for any type of compliance activity. We tick and tie those requirements to a particular person. The software is also tied in with the HR system, so if someone had a responsibility for a particular activity and they moved to another job, we would know when they move to the new job instead of waiting until the e-mail bounced back or the requirement was not completed.

We’re pretty excited about it. We feel it’s the next step in furthering our compliance program. It allows you the lead-time to meet your deadlines. You don’t want to wait until a filing is missed and deal with the ramifications of having missed it.

How do you educate Duke’s workforce about the compliance program?

All of our employees receive basic awareness training through our Code of Business Ethics Training. That’s a computer-based training administered to all new hires. The refresher training to all employees is also computer based. And we have the ability to do training that is not computer based.

What computer-based training gives you is the ability for employees to do the training at his or her convenience. It’s an efficient way to launch training. As a company we also have a lot of classroom training. For our nuclear operations and our line-safety operations where you’re dealing with high-voltage lines, a lot is classroom training. You need to think about your audience—whether these are corporate folks, for example, who have regular interaction and access to a computer. We recognize that there are pros and cons to both types of training.

We also provide subject-specific training to target audiences, both computer and classroom training. We have an ethics and compliance site on the company intranet that contains policy documents and news clips. There is also a video message there from the CEO discussing the importance of ethics and compliance. We refresh the Web page regularly to ensure that it’s timely.

Computer-based training is not a substitute for communications with employees. The head of the franchise electric business has a blog on a portal site where he takes questions from employees. Our senior team is very dynamic and energized about doing those types of things.

How do you monitor that the program is followed throughout the company?

Certain compliance risk areas are assigned to various corporate and business groups. Employee relations, environmental, and accounting, for example, manage their particular risk areas. The software program allows an overview of how compliance activities within these units and business groups are going. It provides some benchmark reporting.

We don’t use the “long arm of the law” technique. We haven’t felt that’s the right way to go about this, or the most effective. We have tried to have this be a partnership. The software tool is very interactive. We haven’t found a lot of resistance from our business units in terms of sharing information with us. There was fear that folks would not cooperate, but we got out and did the sales pitch of what we are doing, why, and what we have to offer. We have been very pleased with how well people have collaborated throughout the company.

We also review the trends and reports of misconduct. We watch what’s coming in via the hotline, and we survey employees to gauge their perceptions.

How do you leverage SOX work into the broader compliance program?

SOX was really the beginning of our compliance work. SOX introduced initially the concept of an affirmative response by raising awareness of the requirements to comply with the rules and regulations.

The SOX folks had it tough out-of-the-box after the law passed. But we used that as a springboard to other compliance activities. One of the reasons we decided to use the same software vendor as our SOX program is that we felt so many employees were already familiar with the software. We could easily deploy another module within the same program.

What are your priorities for this year?

I would like to create a cross-functional team focused on ethics and compliance. In HR, legal, internal audit—I would like to do more sharing and more looking ahead. We obviously want to expand documentation of compliance requirements; continue to automate monitoring and tracking systems; and improve the integration of multiple compliance technology and software. And we really want to complete the implementation of our anticorruption program with zero tolerance for bribery.

Thanks, Julia.