|
CATEGORY |
SUB-CATEGORY |
TOPIC |
ASSESSMENT QUESTION |
|---|---|---|---|
|
Program design |
Risk Assessment |
Frequency |
Is a risk assessment of compliance and ethics risks completed on a consistent basis? |
|
Program design |
Risk Assessment |
Owner |
Is there a clear mapping within compliance of responsible parties for key risk areas? |
|
Program Design |
Confidential reporting structure and investigation process |
Confidential reporting |
Are employee-reported compliance issues tracked? |
|
Program design |
Policies and procedures |
Accountability |
Is there a policy for every key risk area? |
|
Program design |
Policies and procedures |
Accessibility |
Are policies, standards, and procedures (collectively, "policies") stored in a central location on the intranet? |
|
Program Design |
Third party management |
Screening |
Is effective due diligence conducted on third parties? |
|
Program Design |
Third party management |
Screening |
Is there a policy in place to ensure vendor and other third-party agreements are managed consistent with the terms of the agreement? |
|
Program design |
Training and communication |
Awareness |
Does compliance promote compliance awareness through newsletters, email blasts, or Yammer posts? |
|
Program design |
Training and communication |
Communications |
Are employees consistently surveyed on the effectiveness of compliance communications? |
|
Resources and empowerment |
Commitment by Senior and Middle Management |
Board of Directors |
Are all Committee and Board minutes reviewed to ensure active engagement in compliance issues? |
|
Resources and empowerment |
Commitment by Senior and Middle Management |
Board of Directors |
Is there a process detailing clear escalation channels for compliance issues to the appropriate oversight committee? |
|
Resources and empowerment |
Commitment by Senior and Middle Management |
Chief Compliance Officer |
Does the Chief Compliance Officer have the authority to start a working group to look at new or emerging compliance risks? |
|
Resources and empowerment |
Autonomy and Resources |
1st line of defense |
Is there a clear mapping of compliance champions throughout the company? |
|
Work in practice |
Continuous Improvement, Periodic Testing, and Review |
Audit |
Are all areas of compliance and ethics audited by internal audit? |
|
Work in practice |
Continuous Improvement, Periodic Testing, and Review |
Culture |
Does the company promote a culture of compliance and ethics? |
|
Work in practice |
Analysis and Remediation of Any Underlying Misconduct |
Analysis |
Have there been transactions or deals that were stopped, modified, or further scrutinized as a result of compliance concerns? |
|
Work in practice |
Continuous Improvement, Periodic Testing, and Review |
Planning |
Is the testing and monitoring plan based on the results of the risk assessment? |
Appendix 4-A: Compliance and Ethics Program Self-Assessment Questions
Don't show this message again