While corporate compliance programs certainly need to be “living” programs that are not limited to just words on paper, it is still important to document your program. Below is a RACI chart with suggested roles related to the effort of creating such documentation. A RACI chart is a project management tool describing levels of involvement in a project as Responsible, Accountable, Consulted, and Informed.
Table 1 indicates suggested parties for each category. These can and should be customized and changed to fit the needs and practices of your own specific organization.
Task |
Responsible |
Accountable |
Consulted |
Informed |
Maintaining an updated written description of the structure, staffing, reporting lines, and different elements of the compliance program, including the logic and rationale for each |
Compliance officer |
Compliance committee |
Compliance staff |
Senior management |
Maintaining the minutes from all board meetings during which compliance issues were raised |
Corporate secretary |
Board of directors |
Compliance officer | |
Documentation of audit plans, reports, and deficiency mitigation plans |
Audit officer |
Audit committee |
Audit staff |
Senior management |
Records of all compliance education provided (both live and computer based), including attendee and completion data |
Compliance officer |
Compliance committee |
Compliance staff |
Senior management |
Records of all competitor contact, including industry association participation |
Compliance officer |
Compliance committee |
Legal officer and subject matter experts |
Senior management |
Records of all reported actual or apparent conflicts of interest |
Compliance officer |
Compliance committee |
Human Resources |
Senior management and the audit committee of the board |
Records of all helpline reports of any kind |
Compliance officer |
Compliance committee |
Subject matter experts for each issue type |
Senior management and the audit committee of the board |
Records of all internal investigations of potential compliance issues, including investigation reports, findings, root cause analysis, and remediation steps taken (e.g., any employee discipline) |
Compliance officer |
Compliance committee |
Compliance, Human Resources and Investigations staff |
Senior management and audit committee of the board |
Record of any request or visit from a regulator or government representative |
Compliance officer |
Compliance committee |
Subject matter experts |
Senior management |
Record of any guidance or advice received from a regulator or oversight agency affecting the organization |
Legal officer |
Compliance committee |
Compliance officer |
Senior management |
Document all conversations and correspondence with legal counsel relating to advice and recommendations for compliance-related issues |
Legal officer |
Compliance officer |
Legal and Compliance staff |
Senior management and compliance committee |
Record of any fines, penalties, or assessments by a regulator for an alleged compliance violation |
Compliance officer |
Compliance committee |
Legal officer |
Senior management and audit committee of the board |
Maintain a record of all policy and code revisions and updates |
Compliance officer |
Compliance committee |
All policy owners |
All employees affected by changes |
Maintain a record of all policy and code certifications or attestations |
Compliance officer |
Compliance committee |
Human Resources |
Senior management |
Maintain a record of all third-party due diligence activities, including all third parties not chosen or later terminated as a result of diligence findings |
Compliance officer |
Compliance committee |
All third-party sponsors and relationship managers |
Senior management |
Maintain a record of all gifts and entertainment paid for by the organization above a de minimis amount |
Compliance officer |
Compliance committee |
Travel and expense administrator |
Senior management |
Maintain a record of all gifts accepted by any employee of the organization above a de minimis amount |
Compliance officer |
Compliance committee |
Human Resources |
Senior management |
Documentation of all cultural assessments or surveys performed by the organization |
Compliance officer |
Compliance committee |
Human Resources |
Senior management and the audit committee of the board |
Documentation of all program assessments (self-assessments or assessments by an outside third party) |
Compliance officer |
Compliance committee |
Legal officer |
Senior management and the audit committee of the board |
Documentation of all licenses and permits required for the organization’s operation |
Compliance officer |
Compliance committee |
Subject matter experts |
Senior management |
Documentation of compliance with all specific regulatory compliance areas of the organization (e.g., environmental health and safety, REACH, conflict minerals, Anti-Kickback Statute, human trafficking prevention, data privacy, trade compliance) |
Compliance officer |
Compliance committee |
Subject matter experts |
Senior management |
Documentation of all incentive programs in the organization |
Compliance officer |
Compliance committee |
Human Resources and subject matter experts |
Senior management |
Documentation of all compliance monitoring activities (e.g., trend analysis, data analytics) |
Compliance officer |
Compliance committee |
Compliance staff |
Senior management and audit committee of the board |
Documentation of all compliance risk assessments, results, and risk mitigation activities |
Compliance officer |
Compliance committee |
Compliance and Risk Management staff |
Senior management and audit committee of the board |