67%(3)2 out of 3 people found this document helpful
This preview shows page 11 - 13 out of 19 pages.
■ ■■The amount of tangible evidence.■ ■■The degree of detail and specificity contained in the allegation.■ ■■The seriousness of charges.■ ■■Related complaints.Best practice is for the assessment to be made by a committee rather than by the CCO or the CAE act-ing alone. Many organizations use committees composed of a representative from the compliance, human resources, internal audit, and legal functions. It is important to include human resources personnel on the committee because allegations of misconduct often involve issues such as disgruntlement with supervisors, perceived unfair treatment, or other personnel matters. Only about 13 percent ultimately pertain to cor-ruption or fraud, while another 38 percent relate to company or professional code violations, employment law violations, or environment, health, or safety.10Performance incentives and disciplinary actions.Organizations must not only “talk the talk” of com-pliance and ethics, but “walk the walk” by actually enforcing their policies and procedures through disci-plinary actions and by providing incentives to act ethically. The organization should take a “zero tolerance” position by removing personnel who commit fraud and demonstrate serious misconduct from the organi-zation and prosecuting them as appropriate. As is the case with all disciplinary actions, dismissal from the organization should be consistently applied to all personnel regardless of position. While compliance and ethics programs in most organizations tend to focus on negative incentives, positive incentives are also important. Most importantly, the organization’s compensation and incentive structure should be designed to support the compliance and ethics program.Response to criminal conduct and remediation.Appropriate steps should be taken when an organiza-tion discovers an incidence of potential misconduct. Best practice suggests that, at least inlarge organiza-tions, a formal response plan should be developed. The response plan should define the specific actions to be taken when a potential case of serious misconduct is uncovered. The plan should outline the steps to be taken and articulate specific remediation roles and responsibilities. The plan should address, for example, who is responsible for investigating the potential misconduct, when and how the board should be notified, who will inform outside parties, and who will determine and implement remedial action. It is particularly important that organizations develop a process for recording responses to both actual and potential mis-conduct. This record allows the organization to demonstrate to regulators, prosecutors, and the courts that itis committed to compliance and to maintaining a strong ethical culture.