Program Oversight and Management

Printer Friendly, PDF & Email

APPENDIX 3-M: Twenty Questions that Boards of Directors Should Ask about Compliance and Ethics*

A. Context and Landscape
QuestionNotes

1. What are the elements of the company’s C&E program? How does each of the elements meet the guidelines set out by the US Federal Sentencing Guidelines or other relevant standards?

2. What is the budget for the C&E program?
B. Role of the Board
QuestionNotes
3. What board committee oversees the C&E program? How does the board discharge its legal and extralegal obligations for oversight of the C&E program? What is the method and frequency of C&E reporting to the board, and of board contact with the CECO?
4. How will the board obtain and evaluate the appropriate training and information to discharge its C&E responsibility? How often will the board include C&E on its agenda?
C. Structure and Role of the Compliance and Ethics Officer and Function
QuestionNotes
5. What high-level corporate personnel are responsible for the implementation, operation, and oversight of the C&E program?
6. Who is the company’s chief compliance and ethics officer (CECO) ? Is she a senior executive with experience, seniority, authority, autonomy, time, and resources sufficient to do the job? Who does the CECO report to, and what measures are in place to protect her ability to discharge the role with sufficient authority and independence? Does the CECO have unfiltered access to the CEO and board?
7. Has the board passed a resolution setting out the express mandate for the CECO and the compliance function? What are the full- and part-time resources in place to support compliance and ethics? Are compliance-related activities assigned across various levels in the organization? Are managers held accountable for meeting these objectives through the performance review process?
D. Program Status and Operation
QuestionNotes
8. How are the company’s compliance and ethics programs structured? Do they cover the company’s high priority risks and global operations, including business partners, vendors, subcontractors, and third-party relationships? What policies, procedures, and internal controls are in place to manage high priority risk areas?
9. What has management (both at the top and in the middle ranks of the organization) done—in both words and visible action—to support ethical conduct and legal compliance? Is the CECO involved and consulted on a regular basis by management regarding the culture of the organization, and how this supports ethical conduct and business decisions that comply with all rules and procedures?
10. What is the process for assessing C&E risks in the organization? Has the company developed and prioritized an inventory of C&E risks?
11. Where in the Code of Ethics/Conduct are responsibilities of all managers, employees, and third parties covered? How are those responsibilities communicated within the company?
12. How does the organization support ethical culture? What is the C&E training program for all levels of the company, including board of directors, managers, employees, and third parties?
13. How does the culture of the organization support the raising of concerns? What are the mechanisms for raising confidential whistleblower concerns, without fear of retaliation, to the top of the organization, including investigation and follow-up protocols?
14. What ongoing reporting, monitoring, and audit processes are in place to assess the effectiveness of the C&E program?
15. How does the organization embed ethical leadership and culture throughout its management, e.g. incentives and linkage to compensation and the performance evaluation processes?
16. What mechanisms does the Company have in place to regularly and systematically review C&E failures and respond appropriately, including remedial action and improvements to the C&E program?
17. How does the company ensure consistent disciplinary action and enforcement of its Code of Ethics/Conduct at all levels, including senior management?
E. Closing Questions for the CECO
QuestionNotes
18. What support does the C&E function receive from the CEO and senior management team?
19. Has the board had the program evaluated by a qualified independent expert? Has it performed a cultural assessment? How does the company program compare to its peers, and to best practice in the field?
20. What keeps you (the CECO) up at night? Are there any other matters you wish to raise to the attention of the board (or independent board committee)? What other questions should we be asking you?
This document is only available to subscribers. Please log in or purchase access.