When establishing and maintaining an effective compliance program, boards of directors should focus their attention on three core areas: structure, culture, and risk management.
This area consists of questions that can aid in determining the fundamental sense of a company’s overall compliance program. As such, queries should begin with the basics of the program and move on to how the program operates in action. Some of the structural questions board members should ask are:
Is the board of directors aware of the code of conduct?
When was the code created and last updated?
What complaints are coming into the company, and how quickly are they acted on?
What resources are being devoted to compliance—both monetary and head count?
Have there been any compliance failures over the past five years? If so, what was the result and remediation?
This area of inquiry should focus on the culture of the organization regarding compliance. Board members should understand what message is being communicated from senior management and middle management right down to the bottom of the organization. Equally important, the board needs to understand what message is being heard at the lowest levels within the company. Some of the cultural questions board members should ask include:
When did the company last measure culture?
Is it time for another assessment?
What, if anything, came out of the most recent culture survey to improve ethics and compliance within the organization?
Risk Management Questions
Board members need to understand how the company identifies, evaluates, and manages emerging risks. Such risk analysis should be broader than simply a compliance risk assessment and should be tied to other broader corporate matters. In addition, the board should understand the full risk management process from the compliance perspective—employing forecasting, risk assessment, and risk-based monitoring. It should then ascertain how the information is looped back into the compliance program and how new developments in products, services, locations, and outside events are taken into account.
By focusing on these three key areas, the board stands posed to maintain an effective and successful compliance program.