It seems to be that each week is busier than the last. Here are some of the things we blogged about this week- as well as some other pieces that caught our attention regarding internal investigation, human resources and ethics:

Monday:

• Blog Post- Employee Embezzlement Detection and Prevention

“Kickbacks, payroll fraud, false reimbursement claims and the use of company credit cards and accounts for personal use are all issues of employee embezzlement that employers are faced with on an all-too-frequent basis. As employees try to become more creative with their schemes for embezzling company money into their own pockets, employers can fight back and put up internal “road blocks” to help deter employees from getting their hands on money that is not theirs. One of the harshest realities about employee embezzlement is that it’s usually conducted by employees who have gained significant levels of trust from their superiors. Embezzlers usually begin by taking small sums of money, and if they realize they have yet to be caught, can continue taking money for many years, equating to significant losses to the company.”

Tuesday:

• Blog Post- Controlling the Cost of Workplace Investigations

“Now, more than ever before, companies are held liable for their actions and are closely monitored to ensure they’re conducting business in a socially responsible manner. When companies face allegations warranting a workplace investigation, it becomes difficult to control costs, as the company can’t afford to cut corners throughout the investigative process — without facing serious consequences. There are several solutions available that can help companies control the cost of workplace investigations, while ensuring compliance with federal and industry laws and regulations. From policy development to investigation management systems, investigative teams now have the opportunity to spend less time on paperwork and more time actively in the field conducting investigations.”

Wednesday:

• Blog Post- Workplace Investigations and Information Privacy

“Privacy and information protection are issues addressed during the planning stages of the investigative process. Cases involving top level executives, multiple employees or cases dealing with legal violations are sensitive matters requiring the highest level of confidentiality. Some workplace investigations require that access is restricted within the investigative unit itself. Security and privacy are also important issues when information is transferred across borders within an organization, as the level of security over personal and corporate information differs, further complicating workplace investigations.”

Thursday:

• Blog Post- Best Practices: Building an Ethical Corporate Culture at American Express

“American Express employees are encouraged to make a difference in the lives of customers and give back to the communities they live in. At American Express there’s a company-wide commitment to best in class compliance and accountability, as the scrutiny and regulation of their entire industry continues to intensify. Examining the mission, values and tone at the top help create a better understanding of why American Express is continually recognized as an ethical leader within their industry.”

American Express employees are encouraged to make a difference in the lives of customers and give back to the communities they live in. At American Express there’s a company-wide commitment to best in class compliance and accountability, as the scrutiny and regulation of their entire industry continues to intensify. Examining the mission, values and tone at the top help create a better understanding of why American Express is continually recognized as an ethical leader within their industry.

Valuing the Team

In 2001, American Express was the recipient of a Catalyst Award, recognizing the company for their efforts in building a winning corporate culture and embracing workplace diversity. In 2010, American Express continues to receive awards and recognition for their philanthropic projects and their overall commitment to workplace ethics. At American Express, they understand that their employees communicate the company’s mission to the public each day. In an “Expert Corner” interview with Ethisphere, Leonard Shen, Senior Vice President-Chief Compliance & Ethics Officer at American Express, stated the following when asked if there was a specific piece of advice he wished he would have known when he first started in his position at American Express:

“Ensure that you spend the majority of your time understanding your team and the people and environments in which you work. For a compliance leader it’s a matter of knowing how to leverage the team and work with the business to drive change in a way that’s owned by and integrated with the business’s goals.”

Later in the interview, Shen was asked why he feels that American Express Compliance is a good place to work. In his response, he acknowledged the tone and the top and the leadership at the company for their commitment to being the best they can when it comes to enforcing ethics and compliance throughout the organization. It makes a world of difference when corporate leaders provide resources and spend time with their employees to ensure the mission of the company is understood by everyone. A strong mutual understanding allows employees at American Express to embrace the company’s corporate culture and commitment to ethical business practices.

Another key contributor to the strong corporate culture at American Express are the company values and the ability of top level executives to act in the same manner they expect their employees to act. Here are the eight values adopted by employees at American Express:

• Customer Commitment- develop relationships that make a positive difference in our customers’ lives.
• Quality- provide outstanding products and unsurpassed service that, together, deliver premium value to our customers.
• Integrity- uphold the highest standards of integrity in all of our actions.
• Teamwork- work together, across boundaries, to meet the needs of our customers and to help the company win.
• Respect for People- value our people, encourage their development and reward their performance.
• Good Citizenship-  in the communities in which we live and work.
• A Will to Win- exhibit a strong will to win in the marketplace and in every aspect of our business.
• Personal Accountability- for delivering on our commitments.

Philanthropy

Philanthropy is a significant component in the corporate culture at American Express. The company works with the Red Cross to provide relief to nations during disaster situations, created a (RED) American Express card to allow cardholders to donate to AIDS awareness through Project (RED) and provides  grants to individuals and groups that demonstrate commitments to cultural heritage, leadership and community service. American Express posts the names of grant recipients on their website under their “Corporate Responsibility” page. The mission behind the company’s philanthropic efforts is found on the first page of their “Corporate Responsibility” section:

“At American Express we believe that serving our communities is not only integral to running a business successfully, it is part of our individual responsibilities as citizens of the world. The mission of our program is to bring to life the American Express value of good corporate citizenship by supporting diverse communities in ways that enhance the company’s reputation with employees, customers, business partners and other stakeholders.”

Privacy and information protection are issues addressed during the planning stages of the investigative process. Cases involving top level executives, multiple employees or cases dealing with legal violations are sensitive matters requiring the highest level of confidentiality. Some workplace investigations require that access is restricted within the investigative unit itself.

Security and privacy are also important issues when information is transferred across borders within an organization, as the level of security over personal and corporate information differs, further complicating workplace investigations.

Investigations and Personal Information Security

In many countries, information can only be exported out of the country if federal laws approve of the security standards established in the destination country. In the GRC 360 blog post “Resolve: Part of Internal Investigations for Control and Compliance Violations (5 of 5)” they touch on the issue of global considerations related to personal information transfer during investigations:

“Rules governing how personal information must be handled are different all around the world. For example, the European Union’s Directive on Data Protection restricts the transfer of personal data to non-EU nations that do not meet the European Union’s ‘adequacy’ test for privacy protection– namely the United States. As such, any information gathered in the EU before or during an investigation may or may not be allowed to be transmitted to a U.S. location for analysis or follow-up.”

In 2001, Canada established the Personal Information Protection and Electronic Documents Act (PIPEDA). On December 20th, 2001, the EU recognized PIPEDA as providing sufficient protection of certain pieces of personal information when transferred between Canada and the EU. This recognition allows information to be transferred between the two areas without additional safeguards to be put in place within specified industries.

Executives and investigation managers of multinational companies need to understand the different laws and regulations governing the transfer of information across borders to begin implementing channels for “cross-border data transfers”. In the White & Case Newsletter “Global HR Hot Topic: Conducting Internal Employee Investigations Outside the US (part 1) ,” they discuss the importance of cross-border data transfers and the need to establish information channels before investigations begin:

“In cross-border investigations, information identifying employees almost inevitably gets transmitted back to headquarters. Before undertaking a specific investigation, build channels allowing the legal ‘export’ of investigation data. This is a keen issue in jurisdictions like Belgium and the Netherlands where laws impede cross-border transmissions of workplace accusations specifically. In Europe these channels include ‘model contractual clauses,’ ‘safe harbor,’ and ‘binding corporate rules.’ If existing channels fail expressly to cover ‘investigation’ data, expand them. In Hong Kong an appropriate data-export channel can be employee-signed data-transfer consents. Start early: Building these channels takes time, and it will be too late after a specific allegation or suspicion sparks an actual investigation.”

Investigation Privacy with i-Sight

Most jurisdictions around the world have implemented legislation to govern the handling and use of personal information. We understand that many organizations operate across multiple jurisdictions and we follow a set of procedures to ensure compliance with all of the legislation listed below.

United States

• (HIPPA) Healthcare Insurance Portability and Accountability Act
• (GLB) Financial Modernization Act of 1999 or Gramm-Leach-Bliley

Canada

• (PIPEDA) Personal Information Protection and Electronic Documents Act of 2000

European Union

• EU Data Protection Directive
• EU E-Privacy Directive

The following is a list of some of the principles that are built into i-Sight Software to ensure compliance with privacy laws:

Consent for the Collection, Use, and Disclosure of Personal Information- The knowledge and consent of the individuals are required for the collection, use or disclosure of personal information, except where inappropriate.

Limiting Collection of Personal Information- The collection of personal information will be limited to that which is necessary for the purposes identified by Customer Expressions (CEC), the company behind i-Sight. Information will be collected by fair and lawful means.

Limiting Use, Disclosure and Retention of Personal Information- Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by contract or law. Personal information will be retained only as long as necessary for the fulfillment of those purposes.

Ensuring Accuracy of Personal Information- Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

Ensuring Safeguards for Personal Information- Security safeguards appropriate to the sensitivity of the information will protect personal information. Administrative, physical, and technical safeguards are provided to ensure that all personal information is readily available at all times to those that have access rights to the information. CEC Information Technology Policy (ITP) Manual outlines those safeguards.

Openness about Personal Information Policies and Practices- CEC will make readily available to individuals upon request specific information about its policies and practices relating to the management of personal information as outlined in this manual.

Individual Access to their own Personal Information- Upon request, an individual will be informed of the existence, use and disclosure of his or her personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

To learn more about our commitment to world class security and reliability at i-Sight, please review our “i-Sight Security and Reliability” manual.

Now, more than ever before, companies are held liable for their actions and are closely monitored to ensure they’re conducting business in a socially responsible manner. When companies face allegations warranting a workplace investigation, it becomes difficult to control costs, as the company can’t afford to cut corners throughout the investigative process — without facing serious consequences.

There are several solutions available that can help companies control the cost of workplace investigations, while ensuring compliance with federal and industry laws and regulations. From policy development to investigation management systems, investigative teams now have the opportunity to spend less time on paperwork and more time actively in the field conducting investigations.

Workplace Investigation Money Saving Tips

Company policies, reporting mechanisms and investigative processes each impact the time and costs associated with an investigation. These three components must be examined together to help control costs and maintain high quality investigations. Reducing redundancies and establishing clear reporting lines can help reduce confusion internally, which can also reduce investigation costs by reducing the time it takes to complete investigative tasks.

Workplace Policies

Policies must be easy to understand, documented and distributed to employees, communicated and discussed with all staff, as well as given the appropriate amount of time when it comes to training employees. When employees understand company policies and the consequences for violating them, investigation costs can drop, as the number of violations reported may decrease. Understanding company policies also helps reduce conflict in the workplace, therefore reducing occurrences of workplace misconduct. It’s important for employers to spend extra time working with employees to help them understand the reason for implementing policies and the importance of following them while at work. The tone at the top significantly impacts the ability of employees to adopt company practices.

Policies that are clearly defined make investigations run smoother, as ambiguity is reduced and proper penalties for violating policies are clearly defined. Policies must be developed to guide decision making surrounding whether or not certain allegations require further investigation. Conducting a full-fledged investigation into allegations that can be resolved on simpler terms wastes both the time of the investigator and company money. At the same time, dismissing allegations and not following through on an investigation can cause a company to incur significant costs if the case escalates and the claimant decides to take the issue to another level. Companies should develop a policy outlining the steps to take when conducting a preliminary screening of all cases before making a decision regarding the investigation. A pre-screening policy helps maintain consistency between each member of the investigative team and helps avoid decisions that could potentially increase investigative costs.

Investigation Software Solutions

The proper management of case loads also helps reduce the costs associated with workplace investigations. Implementing a system, such as i-Sight Investigation Software, allows companies to complete cases in a centralized system that can be accessed from any location, as long as there’s an Internet connection available. i-Sight is a flexible, fully customizable solution, combining  functionality with affordability. Outdated processes, such as the use of spreadsheets, slows down the investigative process and can be a nightmare to update when new regulations and laws are implemented to govern particular industries. i-Sight helps reduce redundancies throughout the investigation process– for example, i-Sight can pull information from previous cases or employee databases to save time by automatically populating the data into the case file.

With i-Sight, investigators receive case and task assignment alerts via e-mail, and if tasks are left inactive, another alert is sent to the investigator, drawing attention back to the case. The use of customized workflow rules allows investigation managers to maintain control over each investigation and check in on case progress when using i-Sight dashboards, drilling down to the case level. Setting deadlines for tasks during assignment allows cases to be completed on time, reducing the costs associated with investigations that drag on longer than necessary. Incoming cases can be assigned manually or automatically, either way, each case must be accounted for, reducing the risks and costs tied to cases that get abandoned once reported.

Properly managing investigations greatly impacts the costs of workplace investigations. i-Sight provides companies with the ability to identify trends and pin point problem areas within the organization for prompt correction. i-Sight helps reduce the time spent on each case by allowing investigators to collaborate on cases in real time, having centralized access to case information and evidence attachments. This function reduces communication time, allowing each investigator to complete their part of the investigation without waiting on work from other team members.

Kickbacks, payroll fraud, false reimbursement claims and the use of company credit cards and accounts for personal use are all issues of employee embezzlement that employers are faced with on an all-too-frequent basis. As employees try to become more creative with their schemes for embezzling company money into their own pockets, employers can fight back and put up internal “road blocks” to help deter employees from getting their hands on money that is not theirs.

One of the harshest realities about employee embezzlement is that it’s usually conducted by employees who have gained significant levels of trust from their superiors. Embezzlers usually begin by taking small sums of money, and if they realize they have yet to be caught, can continue taking money for many years, equating to significant losses to your company.

Signs of Embezzlement

There are many different signs that signal the presence of embezzlement. Sometimes it’s can even be company policies and the roles and responsibilities outlined in employee job descriptions that make it easier for embezzlement to take place.  According to the article “Embezzlement: Everything You Need to Know “ by Stephen Linker, organizational conditions that create an open door for embezzlement to occur include the inadequate segregation of duties, lack of employee training and understanding regarding company policies and the consequences for violating them, high turnover rates, failure to consistently enforce standards and policies or punish violators and operating in an environment that frequently acts in “crisis” mode.

Aside from the organizational conditions that increase the opportunity for embezzlement, you can also observe changes in employee habits and discrepancies in financial reporting and accounting statements to identify embezzlement. In the FindLaw.com article “Embezzlement Warning Signs“, they state that other key signs that point to the occurrence of embezzlement within the workplace include:

• Untimely and unorganized financial statements and reports.
• Unbalanced accounts, altered check amounts and the occurrence of duplicate payments.
• Creation and payments made into false accounts that have matching addresses to that of an employee.
• Unexplained losses of company funds.
• Missing documents related to account, payments, etc.
• Unexplained or unauthorized charges to company accounts.
• An employee refuses to take vacation, works long hours.
• Alterations in an employee’s lifestyle- high medical bills, divorce, gambling problems, living beyond means for salary level, etc.
• Bank deposits delayed or made on an inconsistent schedule.

Embezzlement Prevention

There are a number of measures that employers can take to reduce the number of opportunities within the workplace that allow embezzlement to occur- the chance that you can prevent embezzlement altogether is a bit of a stretch. The separation of duties and task rotation are some of the best measures an employer can use to reduce the opportunity for employee embezzlement. When rotating tasks, if an employee is guilty of embezzlement, chances are, they will protest and try to remain in control of any process that involves access to or the handling of money, so that another employee cannot uncover their scheme.

When creating job descriptions, outlining employee responsibilities, company codes of conduct and ethics, as well as any other policy governing your workplace, you will want to conduct a risk assessment that identifies vulnerabilities that may expose the company to to embezzlement, pressures or tasks that could motivate an employee to turn to embezzlement, money handling procedures that do not require enough checks throughout the process, compliance with legal guidelines and any other weaknesses that increase the risk of embezzlement.

Another way to help detect and prevent embezzlement is through the use of internal reporting systems. Internal reporting systems allow employees to report any issues of observed misconduct or awareness of financial fraud that is occurring within the organization. Sarbanes-Oxley requires financial firms to have an anonymous reporting system in place, making employees more comfortable when reporting misconduct, since their name isn’t attached to the allegations. Internal hotlines and reporting systems are the number one tool for identifying misconduct within the workplace, as it is usually an employee’s peers who are aware of any forms of misconduct before they make their way up to top level executives to deal with.

Solutions such as i-Sight Investigation Software make it easy for new cases to be documented and reported through a variety of intake channels. i-Sight is a customizable solution, designed to meet the unique needs of each individual company and has built in rules to maintain compliance with legal regulations throughout the investigation process. i-Sight uses alerts and centralized case information, making it easier to manage the investigation process from the time a new misconduct tip is received, through to the reporting stages and conclusion of the investigation.

The article “Embezzlement Prevention and Detection” by Vincent Ruocco, LLC, CPA, advises management to conduct the following three steps when establishing policies to make embezzlement difficult for employees to conduct:

• Adopt a policy of mandatory vacations and mandatory duty rotations.  It is not uncommon for the embezzler to interfere with the customary workflow to effect the embezzlement.  However, if your policies require the embezzler to give up control of his/her work, he/she will recognize that the fraudulent scheme might be more easily detected, and thus be detoured from committing the illegal act.
• Don’t hire thieves.  This means that if you intend to place an individual in a position of trust, you should conduct a background check.  The typical background check involves employment and education verifications, reference checks, criminal conviction checks, drug screenings and a credit check.  You may need the candidate’s consent prior to conducting some components of your background check, so you should seek the advice of a qualified attorney.
• Conduct periodic surprise internal audits.  These are most effective after identifying high risk areas and designing procedures to achieve the desired objectives.  It is not uncommon for management to engage a qualified CPA to help them plan the audits and perform the procedures.  It is important to note that simply knowing that the organization has a policy of conducting surprise internal audits can act as a deterrent to the would-be embezzler.

Allow complaints/misconduct to be reported through a variety of channels. This investigation technique makes it easier for employees to select and access a method for reporting a case and allows cases to be reported anonymously. For many, having to report misconduct in person to a senior level manager can be intimidating, and if it’s the only option for entering an incident, many incidents may never get reported. Face-to face reporting could potentially create a hostile work environment for the employee that’s fallen victim in the incident or lead to excessive money stolen from a company if an employee is to afraid to report that they have witnessed workplace theft.

Investigative software solutions, such as i-Sight Investigation Software , allows for multi-channel case entry, with all of the cases then being filtered through the centralized case management system. i-Sight Investigation Software is a web-based solution, which means that cases can be added at all times, and is accessible with a computer and an Internet connection. This type of accessibility also allows employees to report misconduct as soon as they have observed it- keeping the details fresh in their mind at the time of reporting.

Entry Channels:

When using i-Sight, cases can be created from these channels:

It seems to be that each week is busier than the last. Here are some of the things we blogged about this week- as well as some other pieces that caught our attention regarding internal investigation, human resources and ethics:

Monday:

• Blog Post- Employee Relations and Ethics Best Practices: General Mills

“In 2009 alone, General Mills received over 20 awards recognizing the company for their corporate reputation and human resource and employee relations leadership - including awards for managing diversity, working mothers, ethics and corporate citizenship. General Mills was listed to the Glassdoor.com “Employees’ Choice -50 Best Places to Work” and after reading employee comments and rankings for General Mills on the Glassdoor.com website, employees consistently give the company high ratings and praise the company for employee benefit and wellness programs, rates of pay, flexibility for employees with families, commitment to employee development and growth and its supportive culture.”

Tuesday:

• Blog Post- Corporate Responsibility Magazine’s Black List

“The Corporate Responsibility Magazine Black List has arrived! The 30 companies that have found themselves on the Black List have landed there due to a lack of transparency when providing the public with important information related to company practices. Included in the list are American retailer Abercrombie & Fitch, Weight Watcher’s and Fidelity National Financial. The CR Magazine reported that 161 of the companies listed on the Russell 1000 large-cap firms did not provide any public information regarding basic employee benefit programs. With consumer demands for company information and the competition striving to become as transparent as possible with their practices, companies cannot afford to dismiss the importance of providing the public with basic company information.”

• Blog Post- 5 More Tips for Conducting Risk Assessments

“Before you start designing and implementing policies within your workplace, it’s important that you conduct a proper risk assessment to make sure that your policies and procedures help to reduce the risks of potential threats within the workplace. Each company faces different threats based on factors such as location and industry type, but there are certain elements that need to be included in all risk assessments. Similar to conducting a basic SWOT analysis, risk assessments make you think harder about different threats and opportunities for your business, allowing you to define clearer goals and make your investment in the risk analysis worthwhile.”

Wednesday:

• Blog Post- Top 12 Compliance Concerns From Global Companies:Part 1

“Integrity Interactive Corporation conducts an annual study identifying the trends and concerns faced by today’s business leaders. As issues of compliance and ethics become a focal point of businesses and policy development, these 12 concerns are the areas that business leaders from around the world feel are the greatest concerns for any globally active company. As laws and cultures differ between both countries and businesses, the number of risks has greatly increased. Here are concerns #1-6 from their list, as well as a discussion surrounding some of the main concerns with in each of these areas and some of the solutions that companies have been using to help mitigate the risks associated with global business.”

Thursday:

• Blog Post- Top 12 Compliance Concerns From Global Companies: Part 2

“Integrity Interactive Corporation conducts an annual study identifying the trends and concerns faced by today’s business leaders. As issues of compliance and ethics become a focal point of businesses and policy development, these 12 concerns are the areas that business leaders from around the world feel are the greatest concerns for any globally active company. As laws and cultures differ between both countries and businesses, the number of risks has greatly increased. Here are concerns #7-12 from their list, as well as a discussion surrounding some of the main concerns with in each of these areas and some of the solutions that companies have been using to help mitigate the risks associated with global business.”

Integrity Interactive Corporation conducts an annual study identifying the trends and concerns faced by today’s business leaders. As issues of compliance and ethics become a focal point of businesses and policy development, these 12 concerns are the areas that business leaders from around the world feel are the greatest concerns for any globally active company. As laws and cultures differ between both countries and businesses, the number of risks has greatly increased. Here are concerns #7-12 from their list, as well as a discussion surrounding some of the main concerns with in each of these areas and some of the solutions that companies have been using to help mitigate the risks associated with global business.

The 2010 Report: Top Compliance Concerns of Global Companies, is a free download offered by Integrity- you will simply need to fill out the short web form to get your copy.

7. Sexual Harassment

Sexual harassment is a violation of anyone’s basic human rights, and in many cases, is also illegal. The study states that the concerns surrounding sexual harassment have risen in the US because many states have created laws that make it mandatory for supervisors and managers to undergo specific amounts of training to help identify, prevent and properly handle claims of sexual harassment in the workplace. Managers may also want to integrate this rule into their own companies to ensure that all employees receive the training necessary to reduce workplace sexual harassment. In order to maintain an environment and culture of mutual respect and support, sexual harassment, and retaliation against those making allegations of sexual harassment, needs to be eliminated. Companies must encourage employees to report instances of sexual harassment through internal and anonymous reporting systems. Executives and managers at other levels must observe for any signs of retaliation that an employee could face for reporting sexual harassment and report the retaliation to the appropriate department. For more on preventing sexual harassment, one of our previous posts “Preventing Sexual Harassment in the Workplace,” provides some great investigation tips and tools for your HR department.

8. Proper Use of Computers

Each company has a different opinion regarding the use of computer in the workplace. Whether employees use computers to waste time at work or for committing illegal acts, each company must determine what the limitations of employee computer usage will be within the workplace. The use of company laptops that exit the workplace is also an important matter as they are company property but many employees wind up using them for personal use. The use of computers has become a growing concern in recent years, as many employees rely heavily on computers and other technological devices that use Internet connections to conduct basic daily tasks.

9. Global Competition Law

Similar to the development of the US Anti-trust Laws, other countries have developed their own laws for handling global competition. These types of laws govern business actions both in a national and international scope. Competition laws exist to protect industries from domination by a single organization, as well as addressing the issue of unfair business practices. In order for an organization to maintain their reputation, compliance to these laws is extremely important. Companies must keep in mind the impact that their decisions have to their consumers and the public in order for fair business to exist. Each country has their own laws regarding global competition- to see some of the different laws, the Global Competition Forum from the International Bar Association is an informative site to turn to.

10. Insider Trading

Insider trading has made the list because of the increased attention and enforcement of laws and policies prohibiting the act of insider trading. Issues surrounding insider trading interfere with SEC regulations, including the Fair Disclosure Act. Avoiding insider trading helps maintain investor confidence for trading in the market and also helps maintain fairness. To avoid insider trading a simple solution is required: share company information with the public as soon as it’s available and document any trades made by those considered “insiders”. Different countries have different laws and enforcement levels regarding the consequences of insider trading.

11. Records Management

Companies are required to keep certain pieces of information for specified periods of time. Employee information, internal policies and procedures, client files, as well as numerous other important documents must be accounted for and accessible at any point in time. This is particularly important if a company must investigate allegations. The company must preserve case evidence and make reference to other documents that already exist within the company in order to fulfill their obligations during the investigative process. Records management and the protection of information can make or break an investigation.

12. Certification and Disclosure

This means that employers are collection confirmations from employees that they have received, read and understand company policies that have been distributed. Employees are asked for these statements because it tends to reflect on an employee’s commitment to governing themselves by the policies and taking them more seriously. In many cases, requiring these confirmations means that employees will be more apt to actually read and apply the policies to their daily work because they know that they are now being held accountable for their actions in the workplace. This form of accountability also increases the likelihood of internal disclosure when an employee observes misconduct or actions that go against company policies.

Integrity Interactive Corporation conducts an annual study identifying the trends and concerns faced by today’s business leaders. As issues of compliance and ethics become a focal point of businesses and policy development, these 12 concerns are the areas that business leaders from around the world feel are the greatest concerns for any globally active company. As laws and cultures differ between both countries and businesses, the number of risks has greatly increased. Here are concerns #1-6 from their list, as well as a discussion surrounding some of the main concerns with in each of these areas and some of the solutions that companies have been using to help mitigate the risks associated with global business.

The 2010 Report: Top Compliance Concerns of Global Companies, is a free download offered by Integrity- you will simply need to fill out the short web form to get your copy.

1. Code of Conduct

It makes sense that a company’s code of conduct would be their #1compliance concern. This document determines the rules you establish to govern your company by and sets both the tone and the top and the tone of your corporate culture. A lot of time and energy goes into creating a code of conduct that addresses the needs of both the company and its employees. Check out our posts “Tyco’s Guide to Ethical Conduct” and “Best Practices: Code of Ethics” to see how you can get the most out of your code of conduct.

2. Mutual Respect

Respect for your workplace and others continues to be a growing concern, as human rights violations and other similar types of issues seem to make headline news on a daily basis. Mutual respect must be addressed in the code of conduct for every organization and should also become an anchor to your company’s corporate culture. In order to keep a better eye on mutual respect in the workplace, many companies have also chosen to establish internal reporting systems, encouraging employees to report any instances of observed misconduct. Reporting systems make it easier to identify misconduct in its earlier stages and begin prompt investigations if required. Provide a safe, happy and supportive workplace that your employees are proud to work for- for a best practices example, see what General Mills offers their employees and what the company has done to become an employer of choice by reading our post “Employee Relations and Ethics Best Practices: General Mills.”

3. Competition Law- US Anti-Trust

These types of laws govern business actions both in a national and international scope. Competition laws exist to protect industries from domination by a single organization, as well as addressing the issue of unfair business practices. In order for an organization to maintain their reputation, compliance to these laws is extremely important. Companies must keep in mind the impact that their decisions have to their consumers and the public in order for fair business to exist. The public looks for disclosure from companies, as they want to know about the processes used in the creation of the products they consume, as well as the environment in which the production took place.

4. Anti-Bribery- US Foreign Corrupt Practices Act (FCPA)

Recently, there have been numerous developments surrounding the level of accountability and types of reprimands handed out to individuals or companies that have violated anti-bribery policies or the FCPA. Many countries have made it a priority to adopt various forms of anti-bribery laws, as well as becoming part of the OECD Anti-Bribery Convention, to criminalize the act of bribing foreign public officials involved in international business deals. Many well known companies have landed themselves in high profile lawsuits for committing acts of bribery. Bribery contributes to the inability for economic development in emerging nations, as well as the creation of unfair competition within the international business landscape. Companies must develop, communicate and train employees on their anti-bribery policies, informing them of the consequences bribery has on both the company they work for and the nation receiving the bribe. Compliance concerns related to bribery remain an area of concern, as companies continue to increase their global presence, therefore, facing greater risks, including the risk of bribery.

5. Conflicts of Interest and Gifts

Conflicts of interest can be difficult to avoid during certain situations- reducing the risk of any perceived conflict of interest has become the goal of many companies to protect their reputation.  If a company or an individual tries to influence the outcome of an event or business transaction, the conflict of interest now has legal implications.  Many of these issues relate to the ethics of a company. Today, companies are placed under great pressure to gain recognition for ethical business practices, as well as transparency and disclosure of company policies and information related to subjects such as internal policies regarding conflicts of interest and gift giving/ accepting. Establish a corporate code of ethics that outlines examples and explanations of what conflicts of interest are and the impact they can have on the company, measures taken to remove these types of conflicts, how to avoid conflict of interest situations, what is considered a gift, as well as any other actions that the company has taken and tat employees can take to further avoid these types of situations.

6. Financial Integrity

A major emphasis has been placed on accounting accuracy and stricter financial reporting guidelines, as the number of companies committing acts of financial fraud continue to climb.  Many companies have started using internal reporting systems, where employees or individuals outside of the company can report suspected or observed financial fraud. Reporting systems allow for earlier detection of fraudulent schemes, putting an end to them as soon as possible. Internal audits have also been used to help catch financial fraud early on to avoid financial collapse or major lawsuits. In order to maintain financial integrity, it’s important that companies put a series of checks and balances in place to oversee accounting practices and reduce the ability for financial integrity to be compromised. Legal frameworks, including Sarbanes-Oxley, have also outlined a number of steps companies must take in order to comply with the regulations of SOX to help ensure financial integrity.

Before starting to design and implement policies within an organization, it’s important to conduct a proper risk assessment. Risk assessments ensure company policies and procedures help reduce the risks and potential threats within the workplace. Each company faces different risks based on factors such as location and industry type. There are certain elements that need to be included in all risk assessments. Similar to conducting a basic SWOT analysis, risk assessments encourage HR managers and executives to think harder about different threats and opportunities for the business. A SWOT analysis assists in defining clear goals, making a risk analysis investment worthwhile.

In our previous post, “5 Simple Steps to Conduct a Risk Assessment“, we focused on safety based tips for conducting workplace risk assessments, however, in today’s post we are focusing in on 5  risk assessment tips that help with setting the tone at the top and governing policies.

1. Evaluate ALL Areas of Misconduct

To conduct a proper ethics and compliance risk assessment, address all potential areas of risk- not just the most common or obvious ones. To ensure that all of the bases have been covered, evaluate risks that are specific to both the company and the industry that it operates in. As a starting point, go through previous files or cases relating to complaints or problems that occurred within the company and then focus on risks that are a bit harder to identify.  It’s important to examine the factors causing these risks to occur, as well as the ability company’s have to plan for and reduce the impact of risks. This analysis will helps with policy creation, aiding in the development of effective policies fostering an ethical corporate culture.

2. The More The Merrier

During the ethics risk assessment, gather opinions from as many employees as possible. Also, make sure they come from different levels within the company. There are different risks present at different levels and faced by different employees. Including a number of employees allows for a more complete picture of the company’s ”risk landscape,” as these employees can identify and communicate risks they encounter on a day-to-day basis. Depending on company size and the number of people included in this step, the article “Maintaining a Robust Ethics and Compliance Program in Today’s Business Climate: A Necessity to Minimize Your Organization’s Risks” recommends using methods such as distributing surveys, holding focus groups or other forms of meetings or individual interviews, to gather information.

3.  Benchmarking and Comparison

A useful resource for identifying risks and evaluating ethics and compliance program is to benchmark against competitors or industry leaders. This helps to ensure policies keep companies ”in check” with industry laws and standards. When observing the ethics program of an industry leader, look at their code of ethics, corporate culture and corporate social responsibility statements that can be easily accessed on corporate websites. Pay attention to the areas of risk they focus on and see if the policies they have put in place actually work as intended.

For example, Johnson and Johnson is an industry leader in the consumer health care field. If a company is one of their competitors or are looking for a superior quality ethics and compliance program, look at their corporate governance guidelines, annual reports and code of ethics to get an idea of issues that are important to them and how they handle them. Benchmarking is similar to leading by example. Industry leaders and companies known for their commitment to ethics and compliance want to lead the way for other companies to follow and incorporate best practices into their workplace.

4. Training and Awareness

The article “Maintaining a Robust Ethics and Compliance Program in Today’s Business Climate: A Necessity to Minimize Your Organization’s Risks” states that it’s also important to evaluate employee training related to the compliance and ethics program to make improvements to the training program:

“Measure employee knowledge. The ethics and compliance risk assessment should include a measurement of employee knowledge and awareness of the compliance program and supporting controls. Doing so can help pinpoint where training and communications programs need to be improved.”

In our post, “How to Encourage Employees to Use Internal Reporting Tools“, we discussed the impact of increased ethics and compliance program training and awareness at BAE Systems. BAE Systems credits increased employee awareness of compliance and reporting systems as a contributing factor in the increased use of internal reporting systems to help detect and uncover workplace misconduct. Employees must be aware of all policies and procedures that govern employee actions in order to create an ethical corporate culture.

When evaluating and developing training programs, consider the interests of the audience and make training interactive. Taking those two factors into consideration will lead to increased employee engagement and retention of information communicated- take a page out of the books at Cisco Systems, their ”Ethics Idol“ training program really got employees talking!

5. Set a Re-Evaluation Date

I know that this point was already included in our post “5 Simple Steps to Conduct a Risk Assessment“, but it’s just to important to leave out. Select a time or times each year where to re-evaluate corporate risk assessments. This allows companies to keep policies and procedures up to date and remain inline with updated laws and regulations. As the workplace evolves, adapt policies to these changes to help mitigate risk. To provide an idea of the frequency required for re-evaluation, the authors of the article “Maintaining a Robust Ethics and Compliance Program in Today’s Business Climate: A Necessity to Minimize Your Organization’s Risks” recommend that:

“The frequency with which an organization chooses to conduct ethics and compliance risk assessments depends on the nature of the organization’s industry, but if the methodology and process is adequately defined, it can reasonably be conducted on an annual basis where year-over-year results can be appropriately compared. Since operating environments, regulations and government enforcement priorities routinely change, it is inadvisable to conduct compliance risk assessments on a less frequent basis than every two years.”