Jose Tabuena provides a unique perspective on internal auditing issues bringing Big 4 firm experience and having held a variety of audit-related roles, including compliance auditor, risk manager, corporate counsel, and chief compliance officer. He has conducted sensitive internal investigations and assessed the performance of internal audit and ethics and compliance functions in highly regulated industries. Tabuena has held major compliance management roles at Kaiser Permanente, Texas Health Resources, Orion Health, and Concentra | Humana. Tabuena is certified as a fraud examiner, in healthcare compliance, and he is an OCEG Fellow.
The days of viewing culture as a hazy intangible are over, given regulator interest in using the efficiency of cultural programs as benchmarks for everything from indictment decisions to penalties. Corporate culture, says Jose Tabuena, needs to be subject to performance benchmarks, like anything else.
The time to discover when your data breach incident response plan actually works is not in the middle of data breach. Jose Tabuena offers some insights on how to make sure that the incident response plan in place is actually up to the task.
The Department of Justice is poised to consider benchmarking as a criteria for determining how far certain companies have failed to enact adequate internal controls against wrongdoing. But what are the benchmarks for benchmarking itself? Jose Tabuena reports.
Jose Tabuena explores how companies and, specifically, chief compliance officers can demonstrate the effectiveness of their compliance programs and be seen as creditworthy in the eyes of the U.S. Sentencing Guidelines.
Inside, CW columnist Jose Tabuena examines the power of data analytics and predictive models to assess compliance effectiveness and encourage employees toward acting responsibly, thereby ensuring an ethical workplace. But, Tabuena advises, keep in mind that predictive models only yield benefits if used appropriately.
Do compliance programs make a difference? Post-mortem reviews of compliance failures typically raise the question as to whether the cause of the failure is due to a rogue bad actor or a failure in controls. It may be both; a lack of compliance controls allowed or even enabled the rogue employee to engage in the misconduct as part of a culture that lacked transparency, accountability, and a tradition of speaking up.
Board audit committees and compliance professionals should review new compliance guidance provided in a recent speech by assistant attorney general Leslie Caldwell, chief of the U.S. Department of Justice’s Criminal Division. Along with the DoJ’s appointment of a “compliance counsel” this guidance presented so-called “metrics” to apply when evaluating programs for effectiveness. Columnist Jose Tabuena clarifies the misconceptions surrounding compliance program evaluation and measurement, and how internal audit can help make such reviews more robust.