Besteiro on Compliance Program Work Plans


A Work Plan is helpful when re-evaluating or updating a Compliance Program to assure that this phase of the life of a Program receives the attention and time required to fulfill the essential tasks necessary to prove that the Program is "effective." In this Emerging Issues Analysis, Donna Besteiro outlines the key components of this very important organizational tool. She writes:
 
WORK PLAN FOR UPDATING THE CORPORATE COMPLIANCE PROGRAM
 
PHASE 1: PRELIMINARY STEPS
 
▪Create a timeline for completion of the overall Work Plan and the drafting of specific Departmental Work Plans to address identified high risk or "gap" areas.
▪Review the Best Practice Gaps Analysis.
▪Draft Assessments; select relevant employee base to participate in assessments; choose outsourcing company to perform tabulation tasks; draft communication to employees.
▪Conduct BETA testing and then refine/analyze Assessment criteria based on testing results.
▪Gain final approval of Ethics Committee, CEO and other relevant Executive Committee members.
 
COMMENTS ON PHASE 1:
 
     1. It is important to build in flexibility within the timeline documented for completion of the re-evaluation process to allow for competing company priorities and unforeseen glitches, whether economic, labor-related or some other source. To draft an appropriate timeline, it will be necessary to review the hotline history as well as crisis records and Human Resources incidents to obtain an understanding as to which specific sub-departmental Work Plans will need to be created. For example, if the company experienced a crisis or hotline calls with respect to the Purchasing Department awarding questionable bids, a specific Work Plan should be developed to review the various processes and procedures of the Purchasing Department with a specific focus on bid awards.
 
     2. Review of the Best Practice Gaps Analysis should focus on the risks that had been previously identified during the initial investigation of company records, policies, processes, etc., conducted for rollout of the Program. A determination should be made as to whether these risks were sufficiently addressed to prevent further exposure to the company. The review does not end here, however, as there may have been additional gaps created since the initial gaps analysis was conducted. There are a number of reasons that new "gaps" could have been created. Perhaps the company has expanded into new areas of business or has acquired new personnel through acquisition who may have brought with them a different culture. The re-evaluation process is a check as to the current state of affairs within the corporation and an analysis as to whether new risks may have arisen since the initial rollout that require compliance attention. Review of documentation that was identified during the initial investigation as "missing" or insufficient should be made to determine if complete documentation has been put in place along with new processes, as appropriate, and the relevant employee base has been trained with respect to that documentation or those processes.