Chapter 4: Measuring Effectiveness

Printer Friendly, PDF & Email

Appendix 4-A: Compliance and Ethics Program Self-Assessment Questions

CATEGORY

SUB-CATEGORY

TOPIC

ASSESSMENT QUESTION

Program design

Risk Assessment

Frequency

Is a risk assessment of compliance and ethics risks completed on a consistent basis?

Program design

Risk Assessment

Owner

Is there a clear mapping within compliance of responsible parties for key risk areas?

Program Design

Confidential reporting structure and investigation process

Confidential reporting

Are employee-reported compliance issues tracked?

Program design

Policies and procedures

Accountability

Is there a policy for every key risk area?

Program design

Policies and procedures

Accessibility

Are policies, standards, and procedures (collectively, "policies") stored in a central location on the intranet?

Program Design

Third party management

Screening

Is effective due diligence conducted on third parties?

Program Design

Third party management

Screening

Is there a policy in place to ensure vendor and other third-party agreements are managed consistent with the terms of the agreement?

Program design

Training and communication

Awareness

Does compliance promote compliance awareness through newsletters, email blasts, or Yammer posts?

Program design

Training and communication

Communications

Are employees consistently surveyed on the effectiveness of compliance communications?

Resources and empowerment

Commitment by Senior and Middle Management

Board of Directors

Are all Committee and Board minutes reviewed to ensure active engagement in compliance issues?

Resources and empowerment

Commitment by Senior and Middle Management

Board of Directors

Is there a process detailing clear escalation channels for compliance issues to the appropriate oversight committee?

Resources and empowerment

Commitment by Senior and Middle Management

Chief Compliance Officer

Does the Chief Compliance Officer have the authority to start a working group to look at new or emerging compliance risks?

Resources and empowerment

Autonomy and Resources

1st line of defense

Is there a clear mapping of compliance champions throughout the company?

Work in practice

Continuous Improvement, Periodic Testing, and Review

Audit

Are all areas of compliance and ethics audited by internal audit?

Work in practice

Continuous Improvement, Periodic Testing, and Review

Culture

Does the company promote a culture of compliance and ethics?

Work in practice

Analysis and Remediation of Any Underlying Misconduct

Analysis

Have there been transactions or deals that were stopped, modified, or further scrutinized as a result of compliance concerns?

Work in practice

Continuous Improvement, Periodic Testing, and Review

Planning

Is the testing and monitoring plan based on the results of the risk assessment?

This document is only available to subscribers. Please log in or purchase access.