In the latest of our conversations with players in the compliance and governance realm, we talk to Julia Janson, SVP of ethics and compliance and corporate secretary of Duke Energy. An index of previous conversations is available here.
What’s your role at the company?
In addition to being chief ethics and compliance officer, I’m also corporate secretary. It’s an interesting combination. I’ve been in that role since the merger of Cinergy Corp. and Duke Energy in April 2006. Prior to that, I was chief compliance officer at Cinergy Corp. since September 2004 and corporate secretary since July 2000.
So your duties are?
As corporate secretary obviously I have the usual blocking and tackling, taking care of the board and the agendas and minutes. In terms of corporate governance policies and procedures, I’m an attorney by training. I serve the full board, the finance and risk-management committee, and the corporate governance committee, as well as a number of internal committees. I have a broad perspective of how the board views governance at the company, and that allows me to bring a broader perspective, and depth, to the ethics program.
How big is your team?
We divide ethics and compliance into two teams. The compliance team has six members; ethics has three.
We really feel like we’ve got an ethics group focused on individual employees’ behavior. Examples of what the ethics group is responsible for are training, investigating allegations of misconduct, and guidance on general company policies.
The compliance group is focused more on the systems and processes that impact large groups of employees. It’s driven by new and existing laws and regulations. Their goal is to have the daily compliance responsibilities assumed by the corporate business units, and the compliance group monitors them for effectiveness.
What are the questions senior management asks you?
From a board perspective, it’s primarily the audit committee that asks questions about ethics and compliance. From time to time, we get general board questions, but they’re directed more from the audit committee. At every audit committee meeting we report about ethics and compliance, ensuring that we have the necessary programs in place to ensure we remain in compliance with federal and state guidelines.
In addition to focusing on our ethics and compliance program, the audit committee looks at the supply chain and any potential for vendor-related fraud. They are interested in our view of emerging risks at Duke Energy and our industry.
The board also is concerned with results from our business conduct questionnaires and employee surveys. These provide the board with insight into the corporate culture and tone. We regularly report results to them. The surveys are conducted annually, and they are sent to every employee, but not all are required to respond.
Tell us more about the surveys. What do they ask?
The questionnaire asks our employees questions about business conflicts they might be aware of. In general, it’s another vehicle we provide to employees to see if they are aware of any conflicts, such as information on a gift or gratuity that may have influenced a business decision. The questionnaire is risk based. Through it, we identify the most significant risks to a wide variety of employees. It also aligns with our Code of Business Ethics. The questionnaire provides employees who might otherwise not call the ethics hotline an opportunity to comment about an issue.
Give us an example of how you enforce your compliance program. After all, you’re a utility, so you’ve got lots of compliance to worry about.
Late last year, we rolled out a compliance software program to help us track our compliance program. We secured a software vendor, the same vendor that we use for our SOX 404 effort. We use the general compliance module offered by that vendor.
Because we operate in five different states, we are regulated by state and federal governments for our electricity and gas distribution services. We had roughly 300 merger conditions required to get our merger consummated in 2006.
We loaded those conditions into the software tool and assigned them to particular parties. We’re notified by e-mail when requirements are due or have been completed. For example, if we need to make a quarterly filing to a commission in Indiana about something like merger cost savings, the owner of that requirement gets an e-mail about making that filing. It all goes into the software system and allows us to know where we are. If we get audited, I can report to the board that merger conditions are satisfied.
This works for any type of compliance activity. We tick and tie those requirements to a particular person. The software is also tied in with the HR system, so if someone had a responsibility for a particular activity and they moved to another job, we would know when they move to the new job instead of waiting until the e-mail bounced back or the requirement was not completed.
We’re pretty excited about it. We feel it’s the next step in furthering our compliance program. It allows you the lead-time to meet your deadlines. You don’t want to wait until a filing is missed and deal with the ramifications of having missed it.
How do you educate Duke’s workforce about the compliance program?
All of our employees receive basic awareness training through our Code of Business Ethics Training. That’s a computer-based training administered to all new hires. The refresher training to all employees is also computer based. And we have the ability to do training that is not computer based.
What computer-based training gives you is the ability for employees to do the training at his or her convenience. It’s an efficient way to launch training. As a company we also have a lot of classroom training. For our nuclear operations and our line-safety operations where you’re dealing with high-voltage lines, a lot is classroom training. You need to think about your audience—whether these are corporate folks, for example, who have regular interaction and access to a computer. We recognize that there are pros and cons to both types of training.
We also provide subject-specific training to target audiences, both computer and classroom training. We have an ethics and compliance site on the company intranet that contains policy documents and news clips. There is also a video message there from the CEO discussing the importance of ethics and compliance. We refresh the Web page regularly to ensure that it’s timely.
Computer-based training is not a substitute for communications with employees. The head of the franchise electric business has a blog on a portal site where he takes questions from employees. Our senior team is very dynamic and energized about doing those types of things.
How do you monitor that the program is followed throughout the company?
Certain compliance risk areas are assigned to various corporate and business groups. Employee relations, environmental, and accounting, for example, manage their particular risk areas. The software program allows an overview of how compliance activities within these units and business groups are going. It provides some benchmark reporting.
We don’t use the “long arm of the law” technique. We haven’t felt that’s the right way to go about this, or the most effective. We have tried to have this be a partnership. The software tool is very interactive. We haven’t found a lot of resistance from our business units in terms of sharing information with us. There was fear that folks would not cooperate, but we got out and did the sales pitch of what we are doing, why, and what we have to offer. We have been very pleased with how well people have collaborated throughout the company.
We also review the trends and reports of misconduct. We watch what’s coming in via the hotline, and we survey employees to gauge their perceptions.
How do you leverage SOX work into the broader compliance program?
SOX was really the beginning of our compliance work. SOX introduced initially the concept of an affirmative response by raising awareness of the requirements to comply with the rules and regulations.
The SOX folks had it tough out-of-the-box after the law passed. But we used that as a springboard to other compliance activities. One of the reasons we decided to use the same software vendor as our SOX program is that we felt so many employees were already familiar with the software. We could easily deploy another module within the same program.
What are your priorities for this year?
I would like to create a cross-functional team focused on ethics and compliance. In HR, legal, internal audit—I would like to do more sharing and more looking ahead. We obviously want to expand documentation of compliance requirements; continue to automate monitoring and tracking systems; and improve the integration of multiple compliance technology and software. And we really want to complete the implementation of our anticorruption program with zero tolerance for bribery.