|
Topic |
Task |
Function Responsible |
Next Steps |
Completion Date |
|---|---|---|---|---|
|
Policy approval process |
Create “policy on policies” that defines approval process for policies, including any intermediary approval requirements and who has final approval authority | |||
|
Outline policy approval process steps and approval “gates,” including approval by policy owner, Legal, and final approver (e.g., senior management and/or compliance governance committee) | ||||
|
Communicate policy approval policy and process to relevant stakeholders | ||||
|
Policy drafting |
Create standard policy format | |||
|
Identify risk(s) for which a policy is needed (i.e., which risk will this policy help mitigate?) | ||||
|
Determine scope of persons affected by the risk (e.g., size of audience, geographical locations, job functions, departments) to determine policy audience | ||||
|
Identify relevant subject matter expert(s) to assist in drafting of new policy | ||||
|
Create initial draft of policy using standard policy format and identified policy audience | ||||
|
Assign policy owner (may be the subject matter expert) | ||||
|
Circulate initial draft for comment from relevant stakeholders | ||||
|
Create final policy draft and submit through policy approval process | ||||
|
Following approval, determine whether translations will be needed and if so, obtain them | ||||
|
Policy implementation |
Determine appropriate communication method based on urgency and audience, including consideration of any translations needed for communication pieces | |||
|
Create communication plan with rollout dates and effectiveness measures | ||||
|
Draft communication pieces and submit for approval through corporate communications approval process | ||||
|
Once approved, obtain any needed translations | ||||
|
Launch policy communication campaign and assess effectiveness | ||||
|
Ensure new policy is posted to policy library and easily accessible to all affected persons | ||||
|
Policy maintenance |
Create versioning protocol to track revision dates and versions of policies | |||
|
Assign an owner for each policy | ||||
|
Choose a review cadence for review of each policy based on comparative risk | ||||
|
Policy review |
Review policies based on a set review cadence for each (e.g., annually) | |||
|
Ensure subject matter expert/policy owner conducts content review for each policy to ensure adequate risk mitigation | ||||
|
Conduct legal review for each policy to ensure policy language is adequate and current | ||||
|
Document all revisions, including reasoning/basis for each change | ||||
|
Implement versioning protocol to track and communicate current version and replace/archive outdated versions |
Compliance Standards and Procedures
Sample Compliance Policy Management Checklist
Don't show this message again
Navigation
Table of Contents
- Front Matter
- Chapter 1: Overview of Compliance and Ethics Practice
-
Chapter 2: Foundational Materials and Program Infrastructure
- Essential Elements of an Effective Ethics and Compliance Program
- Sample Letter to Vendors on Gift-Giving Limitations
- Model Anti-Retaliation Policy
- APPENDIX 2-C: Sample Compliance Officer Job Description
- Sample Compliance Audit Report Form
- Sample Compliance Committee Member Confidentiality Commitment
- Compliance Issue Report Intake Form
- Glossary of Compliance-Related Terms
- The History of the Organizational Sentencing Guidelines and the Emergence of Effective Compliance and Ethics Programs
- Beyond the Sentencing Guidelines: Governing Directives, Guidelines, and Standards from the United States
- Components of an Effective Compliance and Ethics Program
-
Chapter 3: Implementing a Program
-
Getting Started
- Initial Steps for Building a Compliance and Ethics Program
- Compliance Program Implementation Checklist
- APPENDIX 3-B: Compliance Job Description
- Compliance Program Risk Catalog and Assessment
- APPENDIX 3-D: Sample Compliance Committee Charters
- APPENDIX 3-E: Sample Policies and Procedures
- Making the Business Case: Selling Compliance and Ethics to Management
- Calculating the Value of Your Corporate Compliance Program
-
Compliance Standards and Procedures
- Creating an Effective Code of Conduct and Code Program
- Communicating Values Across Cultures: Globalizing Your Code of Ethics
- Considerations for Global Code Implementation and Rollout
- Developing and Implementing Policies for an Effective Program
- Model Policy Management Policy
- Sample Policy Template
- Sample Compliance Policy Management Checklist
- Sample Compliance Communications Plan
- Program Oversight and Management
- Delegation of Authority
-
Education and Awareness
- Essential Steps for Ethics and Compliance Program Branding and Marketing
- Appendix 3-M: Branding and Marketing Resources
- Training by Design
- Creating Effective Compliance Training
- Fraud Awareness Training: Enhancing a Low Cost, High Impact Control in Challenging Economic Times
- 3M’s Transparency Journey: Using Ethics and Compliance Cases as Teaching Tools
- Onboarding as a Key to an Effective Compliance Program
- Auditing and Monitoring
- Internal Reporting Systems
-
Investigation and Response
- Creating an Organizational Investigations Program and Conducting Effective Workplace Investigations
- Checklist of Core Internal Investigator Competencies
- Model Internal Investigations Policy
- Sample Upjohn Warning
- Sample Investigation Report Form
- Sample Investigator Script
- Independent Investigations Overseen by the Audit Committee: Procedures and Guidance
- Root Cause Analysis: A Critical Ethics and Compliance Practice for Getting to the Why
- What to Do When the Government Comes Knocking
- Discipline and Incentives
- Risk Assessment and Management
-
Getting Started
- Chapter 4: Measuring Effectiveness
-
Chapter 5: Specific Compliance and Ethics Risks
-
Anti-Corruption and Anti-Bribery
- Anti-Corruption and Anti-Bribery Compliance Programs
- APPENDIX 5-A: Additional Resources on Anti-Corruption and Anti-Bribery
- Considerations in Compliance Education Program Development
- Best Practices Checklist for Managing Third-Party Risk
- Common Red Flags Indicating Heightened Potential for Corruption
- The UK Bribery Act 2010
- APPENDIX 5-E: Bribery Act Resources
- A Global Standard to Address Bribery Risk: ISO 37001
- Anti-Corruption Laws/Regulations in Latin America
- APPENDIX 5-F: Latin America Anti-Corruption Resources
- Anti-Money Laundering
- Antitrust/Competition Law
- Conflicts of Interest
- Entity-Specific Risk Management
- Environmental Liabilities
- Government Contracting and Relationships
- Government Enforcement Actions and Disclosures
- Identity Verification
-
Labor/Employment
- Wage and Hour Compliance Under Federal and State Laws
- Harassment in the Workplace: Leadership Impact and the Role of the Compliance and Ethics Practitioner
- Building Cultures of Integrity in Remote and Hybrid Environments
- The Changing Landscape of Cannabis Legalization: Compliance and Ethics Program Challenges
- Mergers and Acquisitions
-
Privacy and Data Protection
- A Data Privacy Compliance Program Primer: A Snapshot of Data Privacy Regulations, Risks, and Compliance and Risk Management Effectiveness Strategies
- Does GDPR Apply to My Organization?
- The Role of the Data Protection Officer in Europe
- Privacy in the European Union: A Data Safekeeping Revolution
- A New Decade in Data Privacy: Complying with the CCPA
- Bring Your Own Device Policies and Practices
- Cybervigilance in Establishing Security Cultures
- Cyber Insurance Guidelines for Corporate Compliance and Ethics Executives and Boards of Directors
- Self-Assessment to Determine Cyber Insurance Risk
- Recommendations to Prepare for and Reduce the Cost of Cyber Insurance
- Common Cyber Insurance Mistakes to Avoid
- Data Mapping: A Necessary Risk Management Tool for Data Compliance
- Security Incident and Data Breach Response
- Records Management and Retention
- Social Media
- Supply Chain
- Technology and Compliance
- Trade Compliance
-
Anti-Corruption and Anti-Bribery