|
CATEGORY |
SUB-CATEGORY |
TOPIC |
ASSESSMENT QUESTION |
|---|---|---|---|
|
Program design |
Risk Assessment |
Frequency |
Is a risk assessment of compliance and ethics risks completed on a consistent basis? |
|
Program design |
Risk Assessment |
Owner |
Is there a clear mapping within compliance of responsible parties for key risk areas? |
|
Program Design |
Confidential reporting structure and investigation process |
Confidential reporting |
Are employee-reported compliance issues tracked? |
|
Program design |
Policies and procedures |
Accountability |
Is there a policy for every key risk area? |
|
Program design |
Policies and procedures |
Accessibility |
Are policies, standards, and procedures (collectively, "policies") stored in a central location on the intranet? |
|
Program Design |
Third party management |
Screening |
Is effective due diligence conducted on third parties? |
|
Program Design |
Third party management |
Screening |
Is there a policy in place to ensure vendor and other third-party agreements are managed consistent with the terms of the agreement? |
|
Program design |
Training and communication |
Awareness |
Does compliance promote compliance awareness through newsletters, email blasts, or Yammer posts? |
|
Program design |
Training and communication |
Communications |
Are employees consistently surveyed on the effectiveness of compliance communications? |
|
Resources and empowerment |
Commitment by Senior and Middle Management |
Board of Directors |
Are all Committee and Board minutes reviewed to ensure active engagement in compliance issues? |
|
Resources and empowerment |
Commitment by Senior and Middle Management |
Board of Directors |
Is there a process detailing clear escalation channels for compliance issues to the appropriate oversight committee? |
|
Resources and empowerment |
Commitment by Senior and Middle Management |
Chief Compliance Officer |
Does the Chief Compliance Officer have the authority to start a working group to look at new or emerging compliance risks? |
|
Resources and empowerment |
Autonomy and Resources |
1st line of defense |
Is there a clear mapping of compliance champions throughout the company? |
|
Work in practice |
Continuous Improvement, Periodic Testing, and Review |
Audit |
Are all areas of compliance and ethics audited by internal audit? |
|
Work in practice |
Continuous Improvement, Periodic Testing, and Review |
Culture |
Does the company promote a culture of compliance and ethics? |
|
Work in practice |
Analysis and Remediation of Any Underlying Misconduct |
Analysis |
Have there been transactions or deals that were stopped, modified, or further scrutinized as a result of compliance concerns? |
|
Work in practice |
Continuous Improvement, Periodic Testing, and Review |
Planning |
Is the testing and monitoring plan based on the results of the risk assessment? |
Chapter 4: Measuring Effectiveness
Appendix 4-A: Compliance and Ethics Program Self-Assessment Questions
Don't show this message again
Navigation
Table of Contents
- Front Matter
- Chapter 1: Overview of Compliance and Ethics Practice
-
Chapter 2: Foundational Materials and Program Infrastructure
- Essential Elements of an Effective Ethics and Compliance Program
- Sample Letter to Vendors on Gift-Giving Limitations
- Model Anti-Retaliation Policy
- APPENDIX 2-C: Sample Compliance Officer Job Description
- Sample Compliance Audit Report Form
- Sample Compliance Committee Member Confidentiality Commitment
- Compliance Issue Report Intake Form
- Glossary of Compliance-Related Terms
- The History of the Organizational Sentencing Guidelines and the Emergence of Effective Compliance and Ethics Programs
- Beyond the Sentencing Guidelines: Governing Directives, Guidelines, and Standards from the United States
- Components of an Effective Compliance and Ethics Program
-
Chapter 3: Implementing a Program
-
Getting Started
- Initial Steps for Building a Compliance and Ethics Program
- Compliance Program Implementation Checklist
- APPENDIX 3-B: Compliance Job Description
- Compliance Program Risk Catalog and Assessment
- APPENDIX 3-D: Sample Compliance Committee Charters
- APPENDIX 3-E: Sample Policies and Procedures
- Making the Business Case: Selling Compliance and Ethics to Management
- Calculating the Value of Your Corporate Compliance Program
-
Compliance Standards and Procedures
- Creating an Effective Code of Conduct and Code Program
- Communicating Values Across Cultures: Globalizing Your Code of Ethics
- Considerations for Global Code Implementation and Rollout
- Developing and Implementing Policies for an Effective Program
- Model Policy Management Policy
- Sample Policy Template
- Sample Compliance Policy Management Checklist
- Sample Compliance Communications Plan
- Program Oversight and Management
- Delegation of Authority
-
Education and Awareness
- Essential Steps for Ethics and Compliance Program Branding and Marketing
- Appendix 3-M: Branding and Marketing Resources
- Training by Design
- Creating Effective Compliance Training
- Fraud Awareness Training: Enhancing a Low Cost, High Impact Control in Challenging Economic Times
- 3M’s Transparency Journey: Using Ethics and Compliance Cases as Teaching Tools
- Onboarding as a Key to an Effective Compliance Program
- Auditing and Monitoring
- Internal Reporting Systems
-
Investigation and Response
- Creating an Organizational Investigations Program and Conducting Effective Workplace Investigations
- Checklist of Core Internal Investigator Competencies
- Model Internal Investigations Policy
- Sample Upjohn Warning
- Sample Investigation Report Form
- Sample Investigator Script
- Independent Investigations Overseen by the Audit Committee: Procedures and Guidance
- Root Cause Analysis: A Critical Ethics and Compliance Practice for Getting to the Why
- What to Do When the Government Comes Knocking
- Discipline and Incentives
- Risk Assessment and Management
-
Getting Started
- Chapter 4: Measuring Effectiveness
-
Chapter 5: Specific Compliance and Ethics Risks
-
Anti-Corruption and Anti-Bribery
- Anti-Corruption and Anti-Bribery Compliance Programs
- APPENDIX 5-A: Additional Resources on Anti-Corruption and Anti-Bribery
- Considerations in Compliance Education Program Development
- Best Practices Checklist for Managing Third-Party Risk
- Common Red Flags Indicating Heightened Potential for Corruption
- The UK Bribery Act 2010
- APPENDIX 5-E: Bribery Act Resources
- A Global Standard to Address Bribery Risk: ISO 37001
- Anti-Corruption Laws/Regulations in Latin America
- APPENDIX 5-F: Latin America Anti-Corruption Resources
- Anti-Money Laundering
- Antitrust/Competition Law
- Conflicts of Interest
- Entity-Specific Risk Management
- Environmental Liabilities
- Government Contracting and Relationships
- Government Enforcement Actions and Disclosures
- Identity Verification
-
Labor/Employment
- Wage and Hour Compliance Under Federal and State Laws
- Harassment in the Workplace: Leadership Impact and the Role of the Compliance and Ethics Practitioner
- Building Cultures of Integrity in Remote and Hybrid Environments
- The Changing Landscape of Cannabis Legalization: Compliance and Ethics Program Challenges
- Mergers and Acquisitions
-
Privacy and Data Protection
- A Data Privacy Compliance Program Primer: A Snapshot of Data Privacy Regulations, Risks, and Compliance and Risk Management Effectiveness Strategies
- Does GDPR Apply to My Organization?
- The Role of the Data Protection Officer in Europe
- Privacy in the European Union: A Data Safekeeping Revolution
- A New Decade in Data Privacy: Complying with the CCPA
- Bring Your Own Device Policies and Practices
- Cybervigilance in Establishing Security Cultures
- Cyber Insurance Guidelines for Corporate Compliance and Ethics Executives and Boards of Directors
- Self-Assessment to Determine Cyber Insurance Risk
- Recommendations to Prepare for and Reduce the Cost of Cyber Insurance
- Common Cyber Insurance Mistakes to Avoid
- Data Mapping: A Necessary Risk Management Tool for Data Compliance
- Security Incident and Data Breach Response
- Records Management and Retention
- Social Media
- Supply Chain
- Technology and Compliance
- Trade Compliance
-
Anti-Corruption and Anti-Bribery