Written protocols are the foundation upon which an effective compliance program is built. Written protocols consist of a Code of Conduct, policies and procedures, and internal controls. They are inter-related and form the backbone of any best practices compliance program.

Code of Conduct

The substance of your Code of Conduct should be tailored to your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

Policies, Procedures, and Controls

The written policies and procedures required for a best practices compliance program are well known and long established. You should include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Internal Controls

They are an interrelated set of compliance control mechanisms, designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records, the two generally go hand in hand—where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”