Connect with us

Basic list of tracking issues and data

Building a Compliance Dashboard (Part I of II)



This is a topic that every compliance professional has to address in one form or another.  Chief compliance officers are so busy that they often cannot even take the time to tackle this difficult issue.  This is a real practical issue of importance. 

Just to define terms and the focus of this blog posting — we have to define the issues and purposes of the compliance dashboard.  We are not proposing a new automated technology service; rather, we are attempting to assemble a relevant list of measurements, assign a frequency for collection and review, and establish a basis for compliance trends. 

In doing so, we also have to consider the exact means by which the data can be collected and made available to the CCO.  This capability may vary across organizations and depend on the exact IT systems employed.  Some systems and products can collect and report data on an ongoing or regular basis.  CCOs may have a wish list of data they would like to monitor but the reality of access and technology may create some limitations.

My outline of issues assumes that IT does not limit access or restrict the frequency of reporting.  We have seen rapid changes in technological capabilities and I expect we will see many more.  CCOs have to stay current on these capabilities and adjust their monitoring dashboard in response.

Let’s start with a basic list of topics that we should ideally include in a dashboard.  Depending on the organization’s risk profile, the industry, its geographic footprint and related factors, this list may change.  Within each issue, the specific measures will change based on specific circumstances.

With all these caveats, here is a basic list:

  • Incident and Investigation Tracking
  • Employee Discipline
  • Compliance Communications
  • Training
  • Culture Tracking
  • Conflicts of Interest
  • Third-Party Risk Management
  • Policies and Procedures
  • Internal and Financial Controls (Charitable and GMET)
  • Governance: Board, Senior Management and Compliance Committees
  • Compliance Risk Assessment Monitoring and Mitigation Status

It would be easy to add several other topics such as Mergers & Acquisitions, if this is a part of your company’s business strategy, or add an Ethics and Compliance highlights section to capture certain events that may not occur each period.

Incident and Investigation Tracking: the monitoring of this category would center on the opening of “matters,” defined to include “incidents and investigations” to distinguish between incidents that result in an investigation and those that do not require an investigation, e.g. a routine employment matter that was handled without an investigation. For each matter, the following issues would be tracked on a regular (e.g. weekly, monthly or quarterly):

(1) Status (open, pending, closed, substantiated or not substantiated);

(2) Type (e.g. conflict of interest, theft, bullying, harassment, violation of specific policy, retaliation);

(3) Category of Actor (employee, manager, executive, senior executive, board member);

(4) Source of Concern (hotline, anonymous, human resources, compliance, legal, business, compliance application, other);

(5) Geographic Source (region and country);

(6) Line of Business; and

(7) Feedback (satisfaction of source/complainant)

Discipline: For each matter, the disciplinary process should be monitored to include:  

(1) Time to Close: from matter opening to resolution;

(2) Resolution: verbal, written, suspension, resignation, discharge, and other;

(3) Category of Actor (employee, manager, executive, senior executive, board member);

(4) Review and Approval: approval of resolution by — human resources, disciplinary committee, senior management, board of directors, and other;

(5) Geographic (region and country); and

(6) Line of Business.

Compliance Communications: To track communications messaging, CCOs should track:

(1) Sources: senior management, middle management, legal, compliance and other sources;

(2) Type (oral, written/electronic);

(3) Geographic (region and country);

(4) Line of Business; and

(5) Tracking (clicks, opens).

Training: To measure training the operation of the training program, CCOs should track:

(1) Number: employees who have been trained on a specific topic

(2) Eligible: total number of employees who are required to complete training;

(3) Type: in-person or on-line;

(4) Topic: risk area(s) covered;

(5) Hours: number of hours per employee;

(6) Testing: number, success rate and percentage;

(7) Geographic (region and country);

(8) Line of Business; and

(9) Survey: employee feedback.

Culture Tracking: An important factor to measure on a regular basis should include:

(1) Survey(s): annual, quarterly, and pulse;

(2) Results on Key Factors: perception, knowledge of misconduct, reporting of misconduct and other factors;

(3) Geographic (region and country); and

(4) Line of Business.

Conflicts of Interest: Assuming that a company maintains an automated conflict of interest program, and an internal oversight committee function, CCOs should collect:

(1) Number and Type Disclosed (personal and family relationship, financial relationship or service and other)

(2) Result (resolved, mitigated, pending);

(3) Category of Actor (employee, manager, executive, senior executive, board member);

(4) Source: self-disclosure, complaint (anonymous or identified)

(5) Geographic Source (region and country); and

(6) Line of Business.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Basic list of tracking issues and data

Tracking Ethics and Compliance Program Performance (Part II of II)




Chief compliance officers rely on several important sources for feedback — internal data and communications (reviews with board, senior managers, employees); and benchmarking against comparable organizations.  An internal compliance dashboard is an important part of this feedback loop and brings consistency to measurement and trend analysis.

Policies and Procedures: Assuming that the organization has adopted a policy management program (often using an automated program), for each policy, a CCO should track:

(1) Subject: legal, compliance, safety and health, human resources

(2) Last review: review, revisions and updating;

(3) Future Review;

(4) New Policy(ies);

(5) Internal Dissemination: communication, posted on internal website, and posted on external website.

(6) Tracking Data: Click data on internal website by policy, user and other data available.

Third-Party Risk Management: Assuming an automated platform, which is fast becoming an operational minimum, CCOs are able to generate important data from the platform to track:

(1) Number, Type and Status: total, new, pending, renewed; agent, distributor, reseller, dealer, vendor, supplier and other direct or indirect categories;

(2) Risk Level

(3) Geographic Location and Changes: (US, international region and country);

(4) Line of Business;

(5) Contract: contract, purchase order, or other;

(6) Due Diligence & Screening: completed, in process, or none;

(7) Monitoring: sources, type, number of notices, resolution, time to resolution; and

(8) Audit and Review: number, location and type reviewed or audited, type of audit (desk, sampling, testing, onsite).

Financial Controls: Depending on the risk profile, there are a variety of internal controls that can be monitored.  For example, assuming that the CCO’s company relies on a network of distributors to resell its product in another country, and assuming that specific controls exist with respect to discounts, rebates and marketing allowances, control testing could be tracked to ensure compliance with internal procedures, such as a discount and/or rebate approvals, or marketing allowance audits.

Additionally, specific compliance controls might exist with respect to charitable contributions, or gifts, meals and entertainment reimbursement.  These can be tracked for control testing purposes. 

With respect to third-party risk management, invoice-to-payment processes should be implemented and then tracked for compliance purposes. For example, a specific third party should be monitored for issues such as the existence of a contract or purchase order, invoice review and approval process.

Board, Senior Management and Compliance Committees: It is important to measure governance activities relating to the oversight and monitoring of the ethics and compliance program.  Starting with the board and continuing with senior management compliance committee, the number of meetings, the length of time, and topics covered should be tracked.

Risk Assessment and Mitigation: A critical part of the ethics and compliance program is the risk assessment, mitigation and adjustment of the risk profile in response to changing circumstances.  The CCO tracking function in this area corresponds to broad enterprise risks.  In many cases, the risk enterprise function should focus on the top-10 risks for measurement and monitoring purposes.

As an example, the top-10 risks could include anti-corruption, antitrust, code of conduct violations, data privacy and protection, employment and labor relations, environmental health & safety, export compliance, financial report (SOX and tax compliance), quality and regulatory/product integrity, and third-party risks. 

For each of these risks, the initial collection would focus on five specific issues:

(1) Overall Risk Status;

(2) Liability Exposure;

(3) Reputation Exposure;

(4) Regulatory Exposure; and

(5) Impact to Business Operations.

By risk category, a second set of data should include:

(1) Incidents, Disciplinary Actions

(2) Violations of Laws and Regulations and Resolution

(3) Policy Review

(4) Last Risk Assessment

(5) Training

Source link

Continue Reading
New York5 months ago

Sendomeng Remèt Lapolis Towo a- Bandi Izo 2 Gwo Zam Sou Lestomak – Yo pa Touyel – Demwazèl la Febli

Civil Rights Violations5 months ago

See No Evil (2022) ❤️Snatched on Camera❤️❤️ See No Evil July 02, 2022 FULL EPISODE

Blogs3 months ago

Boost Your Rankings and Attract More Customers with AiLOQ Digital Marketing Platform!

Police Brutality5 months ago

#michael They Don't Care About Us😍❤

Civil Rights Violations5 months ago


Military Corruption5 months ago


Civil Rights Violations5 months ago

DON'T WATCH THIS 🙈 If You Believe the Market is Crashing! | GREY MARKET

Military Corruption5 months ago

নারকেল ফাটানো কেলেঙ্কারি | Hasir Video | Bangla Cartoon | Pass Entertainment

Police Bribery5 months ago


CopWatch4 months ago

Bronx man and police watchdog says cops roughed him up for filming them, plans to sue NYPD – New York Daily News

Military Corruption5 months ago


Civil Rights Violations4 months ago

RAW CHASE VIDEO: Camaro vs Police After Game Stop Robbery in Houston

New York5 months ago

🔴 Koudyè | EN DIRECT | 5 JUILLET 2022 – 3H

New York5 months ago

At US/Mexico Border With Texas Sheriff (exclusive access) 🇺🇸 🇲🇽

Military Corruption5 months ago