The Complete Compliance and Ethics Manual 2021

☐ Yes

☐ No

Does your company currently have regulatory permits?

• If so, obtain a list, review, and summarize.

☐ Yes

☐ No

Is your company/facility inspected regularly?

• If so, obtain and review copies of recent inspections.

☐ Yes

☐ No

Does your company have a history of criminal and/or regulatory violations?

If so, review in detail to understand:

• What were the “root causes” for these violations?

• What changes, if any, were made in response?

• Is there sufficient documentation of such corrective measures?

☐ Yes

☐ No

☐ Yes

☐ No

Have other companies in your industry been investigated or indicted?

If so, review the background:

• What legal outcome? (civil and/or criminal)

• What punishments? (fines, consent orders, etc.)

• What impact did these have upon the organization? (financial, reputational)

☐ Yes

☐ No

Does your company have an environmental compliance program?

• If yes, review the plan and any policies/procedures/ related documents.

☐ Yes

☐ No

How large is your ethics and compliance program?

• What is the number of full-time employees who devote more than 50% of time to the compliance function?

• What is the annual budget/operational cost to maintain program?

• Does the compliance team believe that these resources are adequate in relation to the environmental compliance risks?

Gather and review the following information:

• Why was the program created?

• How long has the program been in place?

• What areas of law does it cover/focus on?

• Has it been amended or updated?

  • How many times?

  • When was the latest update?

  • What prompted these revisions?

  • Do you keep copies of all past versions?

Does your company regularly document all functions of its ethics and compliance program?

• If yes, where are those records maintained, and for how long?

☐ Yes

☐ No

Has your company identified and assigned specific high-level personnel with the overall responsibility to oversee compliance?

• If yes, what position?

• Is that position part of senior executive management?

• Review the job description of the top ethics and compliance officer.

• What is the reporting authority of the environmental compliance function?

• Review the organizational chart.

• Does the environmental compliance officer report to the board of directors?

  • If so, how often has that occurred?

☐ Yes

☐ No

What role does the board of directors play in overseeing the environmental compliance program?

• How frequently are environmental compliance risk reports issued to the board?

• What is the nature and frequency of the communications between the chief ethics and compliance officer and the board?

Is your company’s compliance program communicated to all employees?

• If yes, how is it communicated?

• If yes, how frequently?

☐ Yes

☐ No

Does your company conduct criminal background checks?

• If yes, on all employees?

• If yes, on executives as well?

☐ Yes

☐ No

Does your company conduct additional background checks?

• Verification of education/degrees?

• Past employment?

• Past litigation?

☐ Yes

☐ No

Does the company have a policy to discipline violations and incentivize compliance?

• What documentation exists of such discipline and/or rewards?

☐ Yes

☐ No

Does your company use a confidential reporting hotline?

• If yes , is it well-publicized within the company?

• How is that awareness achieved?

• How often/frequently is the hotline used?

• Is there supporting documentation for the calls?

• Are all calls logged or recorded, along with responses/follow-up?

• Does this hotline also offer help for employees about how to report misconduct or seek guidance?

• Is there a nonretaliation policy for such calls/reports?

• Is that also well-publicized? How?

☐ Yes

☐ No

Apart from the hotline, what are the other mechanisms that employees have for reporting environmental regulatory concerns?

Any documentation of use and follow-up?

Has your company ever conducted an internal investigation in response to allegations of noncompliance?

• If yes, how many?

• How soon was the investigation initiated after the initial report?

• What were the outcomes?

• Are they documented?

☐ Yes

☐ No

☐ Yes

☐ No

Who investigates? (internal or external, legal or compliance, or both?)

• Are the investigators qualified and/or fully trained?

☐ Yes

☐ No

Is there a policy that requires a response to be taken as quickly as possible?

• What is the time limit for such a response?

☐ Yes

☐ No

☐ Yes

☐ No

☐ Yes

☐ No

In response to allegations or violations, has your company ever made any adjustments to the ethics and compliance program as a result?

• If so, please describe.

☐ Yes

☐ No

☐ Yes

☐ No

☐ Yes

☐ No

☐ Yes

☐ No

Has your company ever taken actions to correct any violations or taken any disciplinary actions that were revealed by the compliance program?

• If yes, has your company made any adjustments to the ethics and compliance program as a result?

• If so, please describe.

☐ Yes

☐ No

After any significant “incidents” or violations, does management routinely conduct or authorize a root cause analysis of the underlying violations/misconduct and then make necessary improvements?

• What documentation exists for such measures?

☐ Yes

☐ No

Has your company ever conducted compliance program assessments to determine the effectiveness of the program and/or possible areas of exposure or highest risk?

• Who has conducted these reviews?

• Internal/external/hybrid

• What was the focus of such reviews?

• Review copies of all prior assessments.

☐ Yes

☐ No

Does your company regularly conduct environmental compliance risk assessments?

• If so, how frequently?

• Who is involved in that responsibility?

• Review past assessments.

• What are the most pressing risks facing the company?

• Have those risks changed over time?

• Does your monitoring and auditing strategy prioritize these top risks that have the most significant potential adverse impact?

☐ Yes

☐ No

What measures are being taken by the company to mitigate/reduce these risks?

Is there a written plan of action to mitigate or reduce these risks?

Does your ethics and compliance program have specific procedures and training to address:

• Requests from regulators?

• Regulatory inspections/audits?

• Allegations from hotline calls?

• Subpoena receipts and responses?

• Search warrant responses?

• Handling internal investigations?

☐ Yes ☐ No

☐ Yes ☐ No

☐ Yes ☐ No

☐ Yes ☐ No

☐ Yes ☐ No

☐ Yes ☐ No

What would your company point to as evidence to demonstrate your company’s positive culture, as well as the right tone at the top?

• Review and assemble all related documents.

What feature or accomplishment within the ethics and compliance program is your company most proud of, and why?

• Provide details.

Are you aware of whether your industry has established any such best practices?

• If so, have you compared your company’s program against these metrics?

☐ Yes

☐ No

What would your current and former employees claim is your company’s level of commitment toward regulatory compliance or sound business ethics?

• What is that prediction based upon?

Historically, what have been your company’s biggest compliance challenges?

• If you have overcome them, how was that accomplished?

Currently, what are your company’s biggest compliance challenges?

• How are you attempting to overcome or address them?