| Before starting to design and implement policies | | | | for a superior quality ethics and compliance program, |
| within an organization, it's important to conduct a | | | | look at their corporate governance guidelines, annual |
| proper risk assessment. Risk assessments ensure | | | | reports and code of ethics to get an idea of issues |
| company policies and procedures help reduce the | | | | that are important to them and how they handle |
| risks and potential threats within the workplace. Each | | | | them. Benchmarking is similar to leading by example. |
| company faces different risks based on factors such | | | | Industry leaders and companies known for their |
| as location and industry type. There are certain | | | | commitment to ethics and compliance want to lead |
| elements that need to be included in all risk | | | | the way for other companies to follow and |
| assessments. Similar to conducting a basic SWOT | | | | incorporate best practices into their workplace. 4. |
| analysis, risk assessments encourage HR managers | | | | Training and Awareness The article "Maintaining a |
| and executives to think harder about different | | | | Robust Ethics and Compliance Program in |
| threats and opportunities for the business. A SWOT | | | | Today’s Business Climate: A Necessity to |
| analysis assists in defining clear goals, making a risk | | | | Minimize Your Organization’s Risks" states that |
| analysis investment worthwhile. In our previous post, | | | | it's also important to evaluate employee training |
| "5 Simple Steps to Conduct a Risk Assessment", we | | | | related to the compliance and ethics program to |
| focused on safety based tips for conducting | | | | make improvements to the training program: |
| workplace risk assessments, however, in today's | | | | "Measure employee knowledge. The ethics and |
| post we are focusing in on 5 risk assessment tips | | | | compliance risk assessment should include a |
| that help with setting the tone at the top and | | | | measurement of employee knowledge and |
| governing policies. 1. Evaluate ALL Areas of | | | | awareness of the compliance program and supporting |
| Misconduct To conduct a proper ethics and | | | | controls. Doing so can help pinpoint where training and |
| compliance risk assessment, address all potential | | | | communications programs need to be improved." In |
| areas of risk- not just the most common or obvious | | | | our post, "How to Encourage Employees to Use |
| ones. To ensure that all of the bases have been | | | | Internal Reporting Tools", we discussed the impact of |
| covered, evaluate risks that are specific to both the | | | | increased ethics and compliance program training and |
| company and the industry that it operates in. As a | | | | awareness at BAE Systems. BAE Systems credits |
| starting point, go through previous files or cases | | | | increased employee awareness of compliance and |
| relating to complaints or problems that occurred | | | | reporting systems as a contributing factor in the |
| within the company and then focus on risks that are | | | | increased use of internal reporting systems to help |
| a bit harder to identify. It's important to examine the | | | | detect and uncover workplace misconduct. |
| factors causing these risks to occur, as well as the | | | | Employees must be aware of all policies and |
| ability company's have to plan for and reduce the | | | | procedures that govern employee actions in order to |
| impact of risks. This analysis will helps with policy | | | | create an ethical corporate culture. When evaluating |
| creation, aiding in the development of effective | | | | and developing training programs, consider the |
| policies fostering an ethical corporate culture. 2. The | | | | interests of the audience and make training |
| More The Merrier During the ethics risk assessment, | | | | interactive. Taking those two factors into |
| gather opinions from as many employees as possible. | | | | consideration will lead to increased employee |
| Also, make sure they come from different levels | | | | engagement and retention of information |
| within the company. There are different risks present | | | | communicated- take a page out of the books at |
| at different levels and faced by different employees. | | | | Cisco Systems, their "Ethics Idol" training program |
| Including a number of employees allows for a more | | | | really got employees talking! 5. Set a Re-Evaluation |
| complete picture of the company's "risk landscape," | | | | Date I know that this point was already included in |
| as these employees can identify and communicate | | | | our post "5 Simple Steps to Conduct a Risk |
| risks they encounter on a day-to-day basis. | | | | Assessment", but it's just to important to leave out. |
| Depending on company size and the number of | | | | Select a time or times each year where to |
| people included in this step, the article "Maintaining a | | | | re-evaluate corporate risk assessments. This allows |
| Robust Ethics and Compliance Program in | | | | companies to keep policies and procedures up to |
| Today’s Business Climate: A Necessity to | | | | date and remain inline with updated laws and |
| Minimize Your Organization’s Risks" recommends | | | | regulations. As the workplace evolves, adapt policies |
| using methods such as distributing surveys, holding | | | | to these changes to help mitigate risk. To provide an |
| focus groups or other forms of meetings or individual | | | | idea of the frequency required for re-evaluation, the |
| interviews, to gather information. 3. Benchmarking | | | | authors of the article "Maintaining a Robust Ethics and |
| and Comparison A useful resource for identifying | | | | Compliance Program in Today’s Business Climate: |
| risks and evaluating ethics and compliance program is | | | | A Necessity to Minimize Your Organization’s |
| to benchmark against competitors or industry leaders. | | | | Risks" recommend that: "The frequency with which |
| This helps to ensure policies keep companies "in | | | | an organization chooses to conduct ethics and |
| check" with industry laws and standards. When | | | | compliance risk assessments depends on the nature |
| observing the ethics program of an industry leader, | | | | of the organization’s industry, but if the |
| look at their code of ethics, corporate culture and | | | | methodology and process is adequately defined, it |
| corporate social responsibility statements that can be | | | | can reasonably be conducted on an annual basis |
| easily accessed on corporate websites. Pay attention | | | | where year-over-year results can be appropriately |
| to the areas of risk they focus on and see if the | | | | compared. Since operating environments, regulations |
| policies they have put in place actually work as | | | | and government enforcement priorities routinely |
| intended. For example, Johnson and Johnson is an | | | | change, it is inadvisable to conduct compliance risk |
| industry leader in the consumer health care field. If a | | | | assessments on a less frequent basis than every |
| company is one of their competitors or are looking | | | | two years. |