The second day of Hanson Wade Oil and Gas Supply Chain
Compliance conference in Houston packed as much solid information into it as
did the first day. One of the sessions dealt with utilizing other corporate
functions to assist a compliance department in implementing or enhancing a
compliance program. There are many resources which currently exist inside your
organization and if you are in the position where you must use internal rather than
external resources, this post will detail some of the functions which you may
be able to call upon inside your organization.
You should start with a basic approach which the speaker
termed "Get Out of the Ivory Tower". He explained that the compliance
department must obtain realistic input from geographies, cultures, business
units and corporate functions within the company. As he rather succinctly put
it to the audience "A procedure which may work in Texas may not work in
Indonesia." He also counseled to train in local languages. This may mean more
than translating your talk into one language. He gave the example of his
training in Spain where he had dual translations going, from English into
Spanish and Catalan.
Part of this translation issue led to his next point,
which was not to believe your own story or even worse, your own propaganda.
Simply because a Country Manager says something is true means does not mean
that it is true. Internal controls, monitoring and auditing are important to
test that you are actually doing compliance rather than simply saying you are
In determining what other departments might be able to
assist the compliance function, the speaker suggested that you should start
with three inquiries. They were:
What are some of the other corporate functions that might
assist the compliance department going forward? An obvious starting place is
Human Resources (HR). The speaker listed several areas in which HR can bring
expertise and, in my experience, enthusiasm to the compliance function. Some of
the reasons include the fact that HR is physically located at or touch every
site in the company, globally. HR is generally seen as more approachable than
many other organizations in a company, unfortunately including compliance. A
person's first touch point with a company is often HR in the interview process.
If not in the interview process, it is certainly true after a hire is made. Use
Obviously, HR has several key areas of expertise, such as
in discrimination and harassment. But beyond this expertise, HR also has direct
accountability for these areas. It does not take a very long or large step to
expand this expertise into assistance for compliance. HR often is on the front
line for hotline intake and responses. These initial responses may include
triage of the compliant and investigations. With some additional training, you can
create a supplemental investigation team for the compliance department.
Clearly HR puts on training. By 'training the trainers'
on compliance you may well create an additional training force for your
compliance department. HR can also give compliance advice on the style and tone
of training. This is where the things that might work and even be legally
mandated in Texas may not work in other areas of the globe; advice can be of
great assistance. But more than just putting on the training, HR often maintains
employee records of training certifications, certifications to your company's
Code of Conduct and compliance requirements. This can be the document
repository for the Document, Document Document portion of your compliance
Internal Audit is another function that you may want to
look at for assistance. Obviously, Internal Audit should have access to your
company's accounting systems. This can enable them to pull data for ongoing
monitoring. This may allow you to move towards continuous controls monitoring,
on an internal basis. Similarly, one of the areas of core competency of
Internal Audit should also be internal controls. You can have Internal Audit
assist in a gap analysis to understand what internal controls your company
might be missing.
Just as this corporate function's name implies, Internal
Audit routinely performs internal audits of a company. You can use this routine
job duty to assist compliance. There will be an existing audit schedule and you
can provide some standard compliance issues to be on each audit. Further,
compliance risks can also be evaluated in this process. Similar to the audit
function are investigations. With some additional training, Internal Audit
should be able to assist the compliance function to carry out or participate in
internal compliance investigations. Lastly, Internal Audit should be able to
assist the compliance function to improve controls following investigations.
A corporate IT department has several functions that can
assist compliance. First and foremost, IT controls IT equipment and access to
data. This can help you to facilitate investigations by giving you (1) access
to email and (2) access to databases within the company. Similar to the above
functions, IT will be a policy owner as the subject matter expert so you can
turn to them for any of your compliance program requirements which may need a
policy that touches on these areas. The final consideration for IT assistance
is in the area of internal corporate communication. IT enables communications
within a company. You can use IT to aid in your internal company intranet,
online training, newsletters or the often mentioned 'compliance reminders'
discussed in the Morgan Stanley Declination.
Finally, do not forget your business teams. You can embed
a compliance champion in all divisions and functions around the company. You
can take this a step further by placing a Facility Compliance Officer at every
site or location where you might have a large facility or corporate presence.
Such local assets can provide feedback for new policies to let you know if they
do not they make sense. In some new environments, a policy may not work. If you
company uses SAP and you make an acquisition of an entity which does not use
this ERP system, your internal policy may need to be modified or amended. A
business unit asset can also help to provide a push for training and
communications to others similarly situated. One thing that local compliance
champions can assist with is helping to set up and coordinate personnel for
interviews of employees. This is an often over-looked function but it
facilitates local coordination, which is always easier than from the corporate
There are many ways to implement or enhance a compliance
program in a company. If you do not have the luxury of creating an entire
compliance department with an unlimited budget, you may be able to call upon
other areas of corporate expertise to facilitate your role. Do not be an Ivory
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2013
For more information about LexisNexis
products and solutions connect with us through our corporate site.