6.5 Questions About Ethics and Compliance for the Board
Building a culture of ethics and compliance is an imperative for today’s board directors. This requires senior management involvement, organization-wide commitment, an effective communications system, and an ongoing monitoring system. To ensure total commitment, directors must ask the right questions that will assist them in assessing whether an effective program is in place. The following set of questions is suggested as a starting point:
- Does the tone at the top, as communicated by senior management, demonstrate to every employee that ethics and compliance are vital to continued business success? Does the organization’s culture support making ethical and compliant choices?
- How has the organization supported the ethics and compliance program through training and communication efforts?
- Can you describe the process for assessing ethics and compliance risks within the organization? Has the organization ever performed a cultural assessment?
- How is the current ethics and compliance program structured? Does it cover the organization’s global operations? Has it addressed the high-priority areas? Has the organization’s ethics and compliance program and code of ethics or conduct been updated to comply with the requirements of Sarbanes-Oxley? Has the organization reevaluated its internal reporting mechanisms in light of Sarbanes-Oxley?
- Does the organization have an ethics and compliance officerA senior executive within a corporation who is charged with ensuring that the company and the individuals it employs behave ethically and in ways that help the company succeed.? Is a senior executive with adequate time, financial resources, and board access in charge of the program? Are there dedicated, full-time resources?
- Does the ethics code include statements regarding responsibilities to employees, shareholders, suppliers, customers, and the community at large, and is it distributed to all relevant parties, including the board, employees, management, and vendors?
- Does a reporting process exist to keep the board informed on ethics and compliance issues, as well as the actions taken to address those issues? Is ethics and compliance a regular board agenda item?
- Is there an effective and utilized reporting mechanism in place to let all employees raise ethics and compliance issues without fear of retribution? Is there an anonymous reporting mechanism or helpline? Who fields the follow-ups on concerns raised through the helpline? Are audit committee members or the audit chair named as an additional outlet for employee concerns?
- What type of ongoing monitoring and auditing processes are in place to assess the effectiveness of the program? Are the code of ethics and compliance program reviewed at least annually by senior management to determine if they need updating due to business, legal, or regulatory changes? Does the internal audit function conduct reviews? Are employee surveys conducted? Has the program been reviewed by outside consultants or experts for possible improvement?
- Does the organization regularly and systematically scrutinize the sources of compliance failures and react appropriately? Does management take action on reports? Are employees appropriately and consistently disciplined?