Have you wondered whether your compliance program is sufficient to safeguard your business against potential penalties for non-compliance?
Taking the time to evaluate whether you have an effective compliance program can save you both money and time (and it may even improve your sleep).
Here, we offer you questions you may wish to ask yourself, as a business owner, to help determine whether your compliance program is effective. These recommendations emanate from the top dog in enforcement – the U.S. Dept. of Justice (DOJ).
The DOJ updated their directives to their prosecutors a few months ago. The evaluation methods used by the prosecutors, who issue those enormous penalties, are the same methods you can employ to make your own compliance program assessment. These guidelines can be used to insure against the finding of violations from any enforcement agency – OSHA, state inspectors, FTC, DOL – not just the DOJ. We have filtered through the questions to ease the process and help you focus on what matters most to you. If you wish, you may read the entirety of the DOJ Guidance. So, grab your favorite beverage and let’s review the following questions knowing that this is time well spent and all will be well:
HIGH LEVEL CONSIDERATIONS
RISK MANAGEMENT PROCESS
UPDATES AND REVISIONS
Does the company have a process for tracking and incorporating into its periodic risk assessment lessons learned either from the company’s own prior issues or from those of other companies operating in the same industry and/or geographical region?
POLICIES AND PROCEDURES
Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.
What is the company’s process for designing and implementing new policies and procedures and updating existing policies and procedures, and has that process changed over time?
Who has been involved in the design of policies and procedures?
What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of risks it faces, including changes to the legal and regulatory landscape?
RESPONSIBILITY FOR OPERATIONAL INTEGRATION
TRAINING AND COMMUNICATIONS
Another hallmark of a well-designed compliance program is appropriately tailored training and communications.
Some companies, for instance, give employees practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise. Other companies have invested in shorter, more targeted training sessions to enable employees to timely identify and raise issues to appropriate compliance, internal audit, or other risk management functions.
What training have employees in relevant control functions received?
Has the company provided tailored training for high-risk and control employees, including training that addresses risks in the area where the misconduct occurred?
Have supervisory employees received different or supplementary training?
What analysis has the company undertaken to determine who should be trained and on what subjects?
FORM/CONTENT/EFFECTIVENESS OF TRAINING
Has the training been offered in the form and language appropriate for the audience?
Is the training provided online or in person (or both), and what is the company’s rationale for its choice?
Has the training addressed lessons learned from prior compliance incidents?
Whether online or in person, is there a process by which employees can ask questions arising out of the trainings?
How has the company measured the effectiveness of the training?
Have employees been tested on what they have learned?
How has the company addressed employees who fail all or a portion of the testing?
Has the company evaluated the extent to which the training has an impact on employee behavior or operations?
AVAILABILITY OF GUIDANCE
What resources have been available to employees to provide guidance relating to compliance policies?
How has the company assessed whether its employees know when to seek advice and whether they would be willing to do so?
COMMUNICATIONS ABOUT MISCONDUCT
What has senior management done to let employees know the company’s position concerning misconduct?
What communications have there been generally when an employee is terminated or otherwise disciplined for failure to comply with the company’s policies, procedures, and controls (e.g., anonymized descriptions of the type of misconduct that leads to discipline)?
Now, this may take more than one cup of tea to fully digest. Consider breaking this list down into assigned days for consideration. And know that you have Regulatory Support Services on your team to assist you in any way that you determine would enhance your compliance program. We offer the following services, among others:
– Complete OSHA inspection of physical facility and OSHA related records
– Comprehensive written report and corrective action plan
– Review of existing OSHA workplace safety policies
– Conduct annual bloodborne pathogen and hazard communication training
– Provide for Continuing Education Hours with the State Dental/Medical Board
– Abatement service, if needed
– Technical assistance and consultation services for OSHA matters
Contact us for further information about how to enhance your compliance plan: (804) 784-7347 or firstname.lastname@example.org. We are here to help.