7 Elements of a Corporate Compliance Program
What is the state of your compliance program?
A strong focus on compliance can make or break an organization where risk and exposure are concerned. Every organization should have a written compliance program that aligns with their specific vision, mission, and strategic plan. Identifying risk, defining goals, and addressing compliance best practices are inclusive steps in building a strong compliance program.
What are the 7 elements of a strong compliance program?
Written policies, procedures and standards of conduct. - Effective compliance begins with written documents that provide the framework for the organization to perform the work that is inclusive of the overall organizational effort. As a Sr. Management Consultant, a common concern arises when I work with organizations regarding corporate compliance program initiatives - the "unwritten expectations, assumptions, and verbal policies that cannot be found in the organizational documents". During a recent consulting effort, a total of 277 policies were identified that were not in written compliance documents but were known and narrowly applied across the organization. Obviously, a compliance program update was needed. Policies need to be written in order to be followed. Compliance is not designed to be bent, subverted, or ignored. In some way or another, the heart of the policy impacts the delivery of service, ethical standards, and best practice behaviors. Written policies allow for the development of effective training programs and the promotion of collective understanding. Compliance programs should at minimum include written policies/procedures for operations, standards of conduct for professionalism, and ethical guideposts to support decision making.
Designating/appointing a Compliance Committee and a Compliance Officer - Compliance committees should be comprised of key leaders and members of the workforce across the organization to achieve a representative view of the organization as a whole. The compliance officer provides the guidance to the committee for reviewing current policies, establishing new policies, and addressing compliance concerns as they arise. Routine compliance audits should be part of the committee and compliance officer's ongoing responsibilities. Audits should include assessing documentation needed for compliance, assessing delivery of service or best practices within the organization, and regularly reviewing how compliance program aligns with the vision, mission and strategic plan of the organization. In some cases, stakeholders or advisors may serve on the compliance committee to expand perspective and input.
Training and Education - How are organizational participants trained regarding compliance program details? Training and education are key to building a strong compliance culture. Compliance program elements should be included in general new hire orientation, departmental or divisional training opportunities, and routine or annual education initiatives. A key failure of training occurs when training is reverted to listening or reading alone. Demonstration of learning should be the primary goal of the compliance training program - to assess understanding, fluency, and clarity of training goals and objectives. From experience, the element of assessing understanding can be a fun group challenge to a pre-test or post-test skills analysis model. The importance is to train, assess, and empower the workforce to achieve excellence and best practice competency. We have all heard the stories that involved managers indicating the "I have told them so..." response; but, the reality of being told is often not enough to prove understanding - assessment brings forth that reality and reinforces the goals of compliance.
Effective Communication - What lines of communication are available for reporting or notifying the compliance committee or compliance officer of a potential non-compliant concern or issue? Organizations need effective lines of communication that afford confidentiality, feedback, and guidance for good-faith reporting. Communication and engagement are essential for risk to be reduced and compliance to be promoted. The elements for how communication should occur need to be part of the written framework within the compliance program manual.
Performance and Compliance Disciplinary Practices - How does your organization reinforce compliance and address compliance concerns through evaluations, disciplinary actions, and re-training efforts? What universal standard is utilized for outlining the consequences for non-compliance and are these practices part of the overall written policies of the organization? Non-compliance increases risk and can negatively influence the delivery of service resulting in a poor consumer or customer experiences. The objective of a strong compliance program establishes what should be done, and it should address what happens when policies are not followed resulting in non-compliance.
Corrective Action - corrective action can include reinforcing training/education opportunities, disciplinary action, and indication of the need for policy updates. Corrective action can simply be defined as the steps taken when non-compliance becomes known to ensure compliance is reinforced. Policies should indicate who is responsible for the corrective actions needed as they are made known and the corresponding disciplinary actions for non-compliant behavior. Corrective action is responding to non-compliance with accountability and responsibility.
A strong recommendation for organizations who desire a fresh view of compliance is to consider a third-party review of the current compliance program by having a compliance assessment completed. At The Osborn Group, LLC, organization's are assisted in their compliance program goals and objectives by completing such an assessment of current compliance program components and receiving a written summary of compliance gaps, recommendations, and compliance concerns. The compliance assessment utilized by our management consulting team includes a review of the "7 Elements of Compliance Programs" and any specific considerations that may be specific to the organization requesting the review. If your organization would desire a "Compliance Program Assessment" feel free to reach out to us for a specific program proposal. To learn more about our specific efforts with organizations view our "case stories" at our website.
Copyright 2020 - The Osborn Group, LLC - All rights reserved. Sharing is permitted and appreciated.
About the Author- Timothy G. Osborn is the Senior Management Consultant/Founder - CEO at The Osborn Group, LLC where "We build top talented teams to create next level solutions and practical strategies that inspire, nurture and empower leading companies in their pursuit to deliver exceptional experiences and achieve peak performance while maximizing profitability. We put the wow in business! ™"