Question

In: Operations Management

1. Compare the implementation of a compliance program with the risk management process. a. Describe the...

1. Compare the implementation of a compliance program with the risk management process.

a. Describe the procedures that should occur after a compliance program is implemented.

b. Dwight is the new Chief Risk Officer (CRO) and head of internal audit for a large, multi-national organization. When he reviews the organization’s compliance program, he finds that the procedure in the employee handbook directs employees to report questionable practices to their direct supervisor. Explain whether Dwight should change this reporting practice

Solutions

Expert Solution

1. A compliance program is a set of internal policies and procedures of a company to comply with laws, rules, and regulations or to uphold business reputation. A compliance team examines the rules set forth by government bodies, creates a compliance program, implements it throughout the company, and enforces adherence to the program.

In business, risk management is defined as the process of identifying, monitoring and managing potential risks in order to minimize the negative impact they may have on an organization. Examples of potential risks include security breaches, data loss, cyber attacks, system failures and natural disasters. An effective risk management process will help identify which risks pose the biggest threat to an organization and provide guidelines for handling them.

Most boards of directors are keenly aware that they need to oversee compliance regulations to protect the company from risks. With the board of directors covering the bases of compliance oversight, you may be wondering if there is any work left for risk managers to do.

It’s true that risk managers need to be aware of compliance risks, but the bulk of their role needs to focus on risks as they pertain to strategic planning. This is where strong and clear communication between the board of directors and the risk managers is vital.

One of the primary duties of the board is strategic planning, which is a continual process. As the board explores new avenues for the company to increase its market share, new risks are bound to accompany those new opportunities.

The risk management team needs to work in tandem with the board of directors as they discuss strategic plans. Risk managers have the task of asking and evaluating the hard questions about who, what, where, how and why new planning strategies pose new risks to the company. Their findings form a new basis for discussion for management and the board of directors from the perspective of whether certain new directions are worth pursuing.

a) For organizations looking to build a new compliance program, this lack of uniformity makes the process of building all the more difficult. There is no reference program to start with or set of guidelines around the number of people, technology, focus, etc. Implementing a compliance program is more about empowering the organization to do the right thing and ultimately protect the company from risk rather than avoiding prosecution.

Establishing effective policies and procedures does not begin and end with regulations. It takes the right amount of collaboration, the right types of distributive mediums, and the right methods to measure understanding. All of these things take an enormous amount of time and energy, but automating them with a software solution can increase efficiency, and ensure compliance with company policies and procedures. Following are the steps to ensure the compliance program;

  • Meet with divisional managers to ensure the policies and procedures being created are feasible for individual departments.
  • Determine the best format of policies for different audiences.
  • Make Policies and Procedures easily accessible to the employees.
  • Set deadlines for each policy and procedure to be acknowledged.
  • Determine the best way to measure the understanding the employees have of policies and procedures.

Meet with divisional leaders to ensure the policies and procedures are feasible

The first step to ensuring compliance begins with involving the leaders of each section of the organization. Policies are often created by someone within an organization that does not have a comprehensive understanding of the daily tasks within each department. Involving others, even if just for a 30 minute interview surrounding a policy, ensures that the new policies:

Are not misunderstood

Use the correct terminology

Make sense to the employee

Determine the best format of policies for the audience

Different departments contain different personalities, schedules, and daily experiences. To ensure compliance with policies and procedures, make sure that it delivered to the employees through vessels they are comfortable with. A benefit to meeting with divisional manager is that we can leverage more information from them, including how the policies will be best received. Examples of different vessel requirements include situations where employees do not access computers during the work day but may have a company smart phone, making them a better candidate for a video presentation of their policies and procedures.

Make Policies and Procedures easily accessible to the employees

Not only should spend time ensuring that the organization of your policies and procedures makes logical sense, should also make sure that an employee from any department, and any level of management, should be able to find the policies that apply to them within 3 clicks. This will help ensure they do not get frustrated and abandon their attempt at being compliant.

Structure your folders by:

Department

Type of Policy (EX: Management “ Fire Drill Procedure)

And give links to these shared drives to the appropriate managers.

Set deadlines for each policy and procedure to be acknowledged

Setting deadlines for acknowledgment does not just mean establishing an Outlook Calendar reminder on their effective date.

Once the policies and procedures have been created and are accessible, set up weekly meetings with all managers to ensure they have a successful plan in place to ensure their employees compliance understanding.

If company send out surveys to each employee, send scheduled email reminders for them to guarantee they have received the policies and procedures, and know the deadlines.Include a contact number and email address within their reminders in case they have questions.

To manage this process without slowing down the email servers, consider using a software solution for policies and procedures. Solutions such as ConvergePoint are built into SharePoint, stay behind the firewall, and access Active Directory, so there is no need of worry about working an entirely new program into the company.

Determine the best way to measure understanding

Each policy and procedure is an individual, and should be treated as such. Standardized all accepted responses are okay for some standard policies, but ensuring compliance with procedures should go a step further to guarantee understanding. Depending on the task or field, taking quizzes, scheduling practice runs, or the combination of both can dramatically increase the employee compliance with policies and procedures.

b) Mr. Dwight should change its reporting practice of employees. In a corporate any grievance about collegues can be reported to supervisor and he will report to the higher management after some basic investigation. A corporate compliance program is generally defined as a formal program specifying an organization’s policies, procedures, and actions within a process to help prevent and detect violations of laws and regulations. It goes beyond a corporate code-of-conduct since it is an operational program, not simply a code of expected ethical behavior. Clearly, a code-of-conduct is an important component of a compliance program and ethics remains the heart and soul of all corporate compliance programs. Any questionable practice against this should be reported to Compliance Officer. A compliance officer is an individual who ensures that a company complies with its outside regulatory and legal requirements as well as internal policies and by laws.Compliance officers have a duty to their employer to work with management and staff to identify and manage regulatory risk. So employees should directly report to the Compliance Officer rather than Supervisor.


Related Solutions

Contrast and compare the different approaches to building a comprehensive strategic risk management process.
Contrast and compare the different approaches to building a comprehensive strategic risk management process.
Define business risk and explain its two dimensions. Describe the steps in the risk management process...
Define business risk and explain its two dimensions. Describe the steps in the risk management process in small firms. Discuss the many types of risk in a business such as shoplifting (both internal and external), and theft, name some more.
Describe and apply steps in implementation process of ROI.
Describe and apply steps in implementation process of ROI.
Describe the process of STP from implementation to convergence.
Describe the process of STP from implementation to convergence.
1. What is the implementation process of ERP 2. Whyatt the implementation process of CRM
1. What is the implementation process of ERP 2. Whyatt the implementation process of CRM
List the five steps in the risk management process (in order) and describe each one in...
List the five steps in the risk management process (in order) and describe each one in at least one sentence: (5 pts.) ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ The following is the probability distribution of rate of return for a particular stock: (5 pts.) Rate of Return Probability 20% 0.30 5% 0.40 -10% 0.30 What is the expected return of this stock? What is the standard deviation of the expected return? What is the confidence interval of the expected return within...
A. Plan Risk Management is the process of defining how to conduct risk management activities for...
A. Plan Risk Management is the process of defining how to conduct risk management activities for a project. As the project manager describes the content of the output which will be the risk management plan.   
Define risk management in the context of the five-step risk management process. Why is it so...
Define risk management in the context of the five-step risk management process. Why is it so important to manage risk?
How can risk management be described as a process? Discuss portfolio of risk management with suitable...
How can risk management be described as a process? Discuss portfolio of risk management with suitable examples.    Risk analysis after risk recognition is a complete step for risk management. If not, then discuss complete steps of risk management. What do you understand by risk management approaches? Give your opinion on each approach as to whether they are perfect to manage the risks? What do you mean by risk aversion? Discuss about your attitudes of risk with evidences and examples. Discuss...
1.) Describe compliance reporting with public health statutes for communicable diseases. 2.) Describe compliance reporting with...
1.) Describe compliance reporting with public health statutes for communicable diseases. 2.) Describe compliance reporting with public health statues in abuse, neglect, and exploitation. 3.) Describe compliance reporting with public health statue sounds of care.  
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT