Compartive study of FCPA and Indian Anti Bribery Laws

A comparative analysis of Foreign Corrupt Practices Act (FCPA) and Indian Anti Corruption Laws

With increasing globalization of businesses, increasing number of American corporations are operating in multiple geographies. Further with latest news reports of 4 employees of Rio Tinto from Australia being tried in Chinese courts on corruption charges certainly highlights the pitfalls of unbridled growth which most companies aim for.

Rio Tinto case clearly highlights that all the organization while being aggressive in their businesses should also be ethical in their conduct and business practices. Growth by all means needs to be ethical growth, a compliant growth……

Here I shall describe briefly describe the provisions of FCPA and Indian Anti Corruption Law more popularly described as Prevention of Corruption Act, 1988 and suggest some measures to comply with the Anti Corruption Laws.

FCPA – History

• In early 1970s, Watergate investigations revealed, American corporations engaged in systematic bribery of foreign government officials.

• U.S. foreign policy and economic interests abroad were harmed.

• 3 years of hearings and debate.

• Enacted in 1977.

FCPA – Who can be liable?

• Companies or agents of companies with registered securities.

• U.S. Citizens.

• U.S. residents.

• Companies organized under the laws of one of the states (in other words every corporation incorporated in US).

• Companies with their principal places of business in US.

• Foreign person(s) acting in furtherance of foreign bribe while in the US.

FCPA – Who is “NOT” liable?

• U.S. controlled foreign companies with principal place of business overseas.

• FCPA does not extend to Indian subsidiaries of US companies or its Indian employees.

• But Indian companies and employees of Indian companies are covered by Indian anti – corruption laws.

FCPA – Elements of “WHAT” is prohibited?

• A payment of, or even an offer to pay, “anything of value”, directly or indirectly; and

• To any foreign* official, foreign* political party, foreign* political candidate, or officers of a public international organization; and

• If the purpose of the payment is “corrupt” one of getting the recipient to act (or refrain from acting); and

• In such a way as to assist the company in obtaining or retaining business directly or indirectly to any particular person(s) to secure an improper advantage.

* from U.S. perspective

FCPA – What is prohibited?

• Mere offers are violations;

• Even if payment is made but no results shall still be a violation;

• Paying through third parties shall be a violation;

• Indian subsidiary cannot be a shield for U.S. corporation;

• “Conscious disregard” of indications of a highly likely violation itself is a violation.

FCPA – What is “NOT” prohibited?

• “Grease” or “Facilitation” payments to foreign government officials to perform duties which are essentially clerical (i.e. officials lack decision making or discretionary authority and are such powers are merely ministerial in nature);

• Illicit payments to private foreign parties (other than political party officials or politicians);

• Payments specifically allowed in the written laws of foreign country or under the Laws of U.S.

FCPA – Criminal Penalties?

• Upto US$ 2 million fine per violation for public companies and domestic concerns;

• Upto US$ 100,000 and 5 years in prison for officers, directors or stockholders;

• Note: A company cannot indemnify an officer, director, stockholder, consultant, or employee for fines assessed in connection with violation of the FCPA;

Indian Anti Bribery Laws – Relevant Laws

• Prevention of Corruption Act, 1988 (PCA);

• The Indian Penal Code [Relevant section of IPC i.e. Section 161 to 165-A are deemed to be omitted since the coming into effect in 1988 of the PCA, 1988].

• Constitution of India.

PCA – Applicability

• Entire territory of India;

• Indian Citizens (as defined in the Act);

• Indian Citizens residing abroad;

PCA – Liability of Foreigners

• Foreigners or Aliens, as the Act describes non-nationals, are not privileged under the Act, or for that matter any criminal statute, except during war where Martial Courts shall exert jurisdiction.

PCA – Three requisites of bribe

• The receiver must be a present or prospective Public Servant;

• He must solicit or receive an illegal gratification;

• It must have been received as a motive or rewards for doing any official act which he was empowered to do.

PCA – Gratification

• Gratification is defined in terms of anything, which gives satisfaction to the recipient of any kind. Thus gratification implies the passing of inducement, incentive to a public servant that may be money or other than money;

PCA – Gratification in relation to public servant

• Public servant taking gratification other than legal remuneration in respect of an official act;

• Taking gratification, in order, by corrupt or illegal means, to influence public servant;

• Taking gratification for exercise of personal influence with public servant;

PCA – Offenses and Liabilities public servant

• Public servant taking gratification other than legal remuneration in respect of an official act:

• Imprisonment of not less than 6 months and which may extend to five years and/or fine;

• The offence under this section is non-cognizable, bailable and non-compoundable.

• Taking gratification, in order, by corrupt or illegal means, to influence public servant

• Imprisonment of not less than 6 months and which may extend to five years and/or fine;

• The offence under this section is non-cognizable, bailable and non-compoundable.

One must remember that giver of bribe is equally guilty and responsible as taker of the bribe. Giver would be guilty as abettor of the crime

Organization – Conflict of Interest

• When a business decision, action or practice is influenced by an employee’s personal interest or relationship, a situation of conflict of interest may arise.

• Employees are obligated:

• to avoid conflict of interest; or

• the appearance of potential conflict of interest.

• Examples:

• Misuse of company time and resources; or

• Special treatment to relatives; or

• Supporting a competitor of organization; or

• Competing outside employment;

(The list is merely indicative and not exhaustive).

• Gifts from Suppliers / Customers:

• Should be of nominal value.

• If greater than nominal value, return it tactfully and explain company policy.

• Supplier paid trips or participation in events should be approved by Manager.

• Gifts to Suppliers / Customers.

• Should be limited to lunch, dinner or promotional item of nominal value.

• General Guidelines:

• Do not engage, directly or indirectly, in any conduct, action or decision that is or may be perceived as disruptive, competitive, or damaging to the Company.

• If unsure, consult your manager or Legal Department.

FCPA – Effective Compliance

• Communicate procedures to all directors, employees, agents, contractors and business partners;

• Set tone and responsibility at top;
• Provide regular mandatory training(s);

• In person and online;

• Use case studies and real scenarios;

• Require and maintain annual certifications.

• Conduct due diligence prior to engaging third party representatives, consultants, distributors, joint venture and business partners;

• Include in agreements:

• Anti-bribery representations, clauses and undertakings;

• Right to audit books and records;

• Right to terminate for breach;

• Monitor third parties after engaging them.

FCPA – Investigating Red Flags

• Mark Mendelsohn – Deputy Chief, Fraud Section, Department of Justice:

“If you have an effective, robust compliance program, you ought to be finding violations if you are doing business globally”

If you find violation, they must be investigated adequately.

• Improper payments may be made in numerous ways but will always be either:

• On the book; or

• Off the book.

• If the improper payments are on the book, then you have a violation under FCPA;

• If the improper payments are off the book, in addition to violation under FCPA, you have an additional violation of books and records.

FCPA – Investigation

• Should be overseen by the Audit Committee and comprised solely of independent directors.

• Undertaken by reputable law firm with no ties to management.

• May include forensic accountants.

• Investigators should be given sufficient latitude.

• Disclosed to outside auditor at the outset and auditor kept informed.

• Consider the need for voluntary disclosure.
• Take timely and appropriate remedial action.

One aspect needs to emphasized that every ethics and compliance program should contain certain fundamental aspects. First, the effort must have the active support of the most senior management in the organization. To instill a commitment to ethics and compliance, a clear and outspoken commitment to such purposes by organization is a must. Second, an ethics and compliance program is fundamentally about organizational culture, about instilling a commitment to observe the law and, more generally, to do the right thing. Third, ethics and compliance are responsibilities of operating management (sometimes called line management).

Contact Information

LOKESH RAJPAL

advocate_lokesh@yahoo.co.in

+919036033535

Dossier to effective Ethics and Compliance Programme

DEVELOPING A COMPREHENSIVE ETHICS AND COMPLIANCE PROGRAM

Executive Summary

 How can an organization improve the public’s confidence in the conduct of its business operations?

 What can it do to ensure that it can thrive despite being the subject of public and governmental scrutiny and doubt?

 Organizations must establish standards of conduct that are above reproach and ensure that those standards are clearly articulated and strictly adhered to.

 Here I shall describe the merits of a comprehensive ethics and compliance program, suggests five basic elements of such a program i.e. organizational support/structure, setting standards, creating awareness, establishing a mechanism for reporting exceptions, and monitoring and auditing and then demonstrates how those elements should be applied in several high-risk areas.

4 Frontiers of Compliance programme

 Fundamentally, an ethics and compliance program has two purposes: to ensure that all individuals in an organization observe pertinent laws and regulations in their work; and to articulate a broader set of aspirational ethical standards that are well-understood within the organization and become a practical guideline for organization members making decisions that raise ethical concerns. Every ethics and compliance program should contain certain fundamental aspects. First, the effort must have the active support of the most senior management in the organization. To instill a commitment to ethics and compliance, a clear and outspoken commitment to such purposes by organization is a must. Second, an ethics and compliance program is fundamentally about organizational culture, about instilling a commitment to observe the law and, more generally, to do the right thing. Third, ethics and compliance are responsibilities of operating management (sometimes called line management). Although, staffs such as compliance officers are obligated to provide the necessary resources for a successful program and to design the program, such staff officers cannot achieve implementation and execution. Only operating managers can do that. Fourth, ethics and compliance effort should be about the conduct of individuals, not about checking the boxes in a model plan or generating attractive written or educational materials. Such an effort is about individuals on a day-to-day basis knowing what is expected of them and doing it and about never compromising integrity, regardless of pressures faced.

 OBJECTIVES

 Fundamentally, compliance efforts are designed to establish a culture within an organization that promotes prevention, detection and resolution of instances of conduct that do not conform to central and state law, and organizations ethical and business policies. In practice, the compliance program should effectively articulate and demonstrate the organization’s commitment to the compliance process. The existence of benchmarks that demonstrates implementation and achievements are essential to any effective compliance program. Eventually, a compliance program should become part of the fabric of routine organization’s operations.

 The model guidance is a beginning point however each organization must determine its objectives with respect to its particular ethics and compliance program, tailoring the program to its own needs and aims.

 ELEMENTS

 The model guidance articulates seven elements that a comprehensive compliance program should include:

1.  The development and distribution of written standards of conduct, including policies and procedures .that promote the organization commitment to compliance and that address specific areas of potential fraud.
2. Designation of a chief compliance officer;
3. Development and implementation of education and training;
4. Maintenance of a process for reporting exceptions;
5. Development of a system to respond to allegations of improper activities, accompanied by appropriate discipline;
6. Development of an audit and monitoring system; and
7. The investigation and remediation of identified systemic problems and the development of policies addressing the non-employment or retention of sanctioned individuals.

 Organization should assess these elements and determine whether additional elements are necessary, and then determine how the elements chosen can best be accomplished within the organization’s structure. One method of organizing the elements is by identifying organizational structure/supports, setting standards, creating awareness, identifying exceptions, and monitoring program performance and auditing.

 Identifying Organizational Structure and Supports

 Within its particular structure, the organization should determine how to assign responsibility throughout the organization for elements of the compliance program.  At a minimum, organization should:

1. Establish an ethics and compliance committee of its board of directors or board of trustees (Board Committee);
2. Establish an ethics and compliance committee comprised of organization senior managers (Organization Committee);
3. Appoint an ethics and compliance officer (ECO) (Organization ECO) who should be a senior executive with accountability to the chief executive officer (CEO) and/or board of directors;
4. Identify responsible executives throughout the organization who are the subject matter experts in compliance risk areas and whose responsibilities should include developing policies and procedures, developing and delivering compliance education and training, and monitoring compliance activities; and
5. If the organization is a multi location organization, identify local ethics and compliance officers (local ECO’s) to oversee the implementation of the program at the local level.

 Each organizational component must be given distinct objectives and clear instruction as to how to achieve them. Committees, for instance, the board and organization committees should have charters that specify their activities and duties, and should keep minutes of their meetings. Additionally, the committees should periodically report their activities to the entity or individual to which they report, and such entities or individuals should monitor the activities of the committees and provide leadership and direction where necessary.

Organization ECO: The organization ECO should be responsible for the overall development and implementation of the ethics and compliance program and should be required to report regularly regarding the status of the program to the organization’s CEO and the board committee. He or she should be responsible for overseeing the work of the organization committee, responsible executives, and local ECO’s, and should provide the vision and leadership for the program and be involved in the monitoring and evaluation of the program.

 Responsible Executives: The responsible executives should be led and coordinated by the organization ECO. They should be required to develop detailed compliance plans for their respective areas of responsibility that, at a minimum, address the basic risks (statutory / regulatory / internal policies and procedures), set standards (policies and procedures), create awareness (training and education) of those standards, and establish monitoring mechanisms. To be successful, responsible executives should view the relationship with the organization ECO as an additional line of accountability.

 Local ECO’s: The local ECO’s should be responsible for carrying out the program at the local level. At a minimum, they should establish facility ethics and compliance committees (facility committees) when the facility is of sufficient size to make such a committee appropriate, develop mechanisms for distributing policies and procedures, conduct and track ethics and compliance training and education, assist in investigating and resolving exceptions that are reported to the organization’s ethics line or that are otherwise brought to the local ECO’s attention, monitor and evaluate ethics and compliance efforts at the facility, and report to the organization ECO as to the ethics and compliance activities and issues at the hospital or other local unit of activity.

 Setting Standards

 A vital element of an effective ethics and compliance program is the development and dissemination of consistent ethics and compliance standards. Formal standards usually take the form of a code of conduct and policies and procedures.

 Code of Conduct: To be most effective, a code of conduct should be easy to understand and must be written in a simple, straightforward style. Many codes suffer from being overly legalistic in their approach. The code must reflect an assessment of the compliance risks that have been identified in the organization. It should also include a statement of the organization’s commitment.

 Topics for a Code of Conduct

 1. Regulatory compliance;

 2. Dealing with accrediting bodies;

 3. Confidentiality and preservation of business information and information systems;

 4. Workplace conduct and employment practices, including conflicts of interest, diversity, harassment, health and safety, insider trading (if the organization involved is a publicly held corporation), and personal use of organization resources;

 5. Marketing practices;

 6. Environmental compliance;

 7. Business courtesies; and

 8. Political activities.

 9. Mission and values, a summary of the standards of conduct that are expected of the organization’s employees, a statement that discipline will be imposed for failure to adhere to the code, and

 10. Identification of the resources available to the organization’s employees to ask questions and obtain additional information or clarification of the standards, including some practical questions and answers is helpful.

 An organization that is developing a code should provide the opportunity for large segments of the organization to have input into the code. A draft could be circulated and comments incorporated where practical. That the organization’s employees feel a sense of ownership of and pride in the code is most important. The process described is intended to get buy-in (express or implied) throughout the organization and prevent the appearance that the code has been imposed by a handful of senior managers. Employees will be more likely to be committed to the code if such is the case.

 Policies and Procedures: Policies and procedures should be developed in each major area of compliance risk, and each organization must assess its particular needs. Many policies will be based on pertinent laws and regulations, though some will be at the election of the organization and reflective of its values rather than an externally imposed legal obligation.

 Topics for Policy and Procedure Development

1.  Coding;
2. Confidentiality of information;
3. Prohibiting employment, vendor, and billing relationships with sanctioned individuals or entities;
4. Self-reporting;
5. Business courtesies;
6. Environmental compliance;
7. Information security and related topics; and

 written in a manner that is clear and concise, thereby creating more likelihood that they will be understood and followed. Most policies should be able to stand on their own, but in some instances it may be necessary to develop implementation guidelines, checklists, or other materials to assist in further explaining and operationalizing policies and procedures. Additionally, to the extent feasible, policies should include a mechanism for testing the employees understanding of and adherence to them. A self-audit or monitoring tool for some policies is very helpful.

 How the policies are developed will vary from organization to organization, but in any case the subject matter experts who are responsible for the given area of risk in the organization should have primary responsibility for drafting the policy and any accompanying materials, which should be circulated to affected individuals (or, for to all facilities) for feedback and input. The organization committee should review the policy and determine whether to adopt it. Once adopted, the policy should be distributed or notice should be provided, letting employees know where the policy can be found. Brief explanatory material can be helpful when the policy is transmitted. If an organization has a number of policies, a short summary of each may be helpful for employees who are seeking guidance on a particular issue. Additionally, if employees are likely to access policies or related information on the organization’s intranet, the policies should be included there as well.

 Creating Awareness

 Once an organization has adopted standards, it must ensure that each standard is communicated and understood by all who are affected by the standards. The organization must determine the best methods for articulating those standards and for educating employees regarding the expectations established by the standards, realizing that one method may not address every need. If the organization’s compliance training needs are extensive, it may be helpful to develop a training architecture that identifies categories of employees and the training that each needs to receive. The architecture should include learner taxonomy (the different levels of knowledge the employees will need e.g., awareness training versus application training), the methods of delivery (e.g., in-person, video, CD-ROM, or Internet), the methods for testing employees learning, and the mechanism for tracking the training.

 Once the needs for the training and delivery method(s) are determined, the content for a particular session must be developed. In some instances, content may already exist and may be purchased. When the organization must develop its own content, it is best to rely on subject matter experts within the organization to do so. The organization may also find that the content does exist but is not in a format that works well with the training delivery systems in place (e.g., content is in a video format but the most effective or efficient delivery method for the organization is the Internet) or that is affordable to the organization. In some instances, the vendor may be able to convert the content to another delivery mechanism. A final consideration in developing training materials is whether any special needs should be addressed for example, does the organization need to develop closed-captioned videos, should it print the code of conduct in Braille or have it available audibly, or do any of its materials need to be available in a second language?

 Beyond formal training programs, an organization should consider other methods of communication both internal and external that will advance the objectives and share the accomplishments of the organization’s ethics and compliance program. Senior managers may communicate a consistent message at various opportunities, such as at regular meetings of managers and through written communications with organization staff. If an organization has an intranet system, a site that includes its code of conduct, compliance policies and procedures and descriptions of other elements of its program could be established to ensure internal communication of the program. Similarly, an organization with an Internet website should consider developing an ethics and compliance site that includes important program information to assist with external communication of its program. Participation in professional associations and other organizations can provide opportunities for public discussion of the organization’s program (with the added benefit of having the opportunity to learn from others in such organizations). To the extent that organizations have developed innovative or creative approaches to ethics and compliance, they fulfill an element of organizational social responsibility by making such materials available to others, thereby promoting enhanced values and standards among all organizations.

 Identifying Exceptions

 Even the most effective compliance training program will not prevent a small number of employees from engaging in activity that does not comply with the organization’s policies and procedures or with the law. Every ethics and compliance program needs a method for identifying and resolving this type of conduct. Various methods to achieve this can be use of hotlines (including anonymous hotlines), e-mails, written memoranda, newsletters, and other forms of information exchange to maintain these open lines of communication. If the organization establishes a hotline, the telephone number should be made readily available to all employees and independent contractors, possibly by conspicuously posting the telephone number in common work areas. Employees should be permitted to report matters on an anonymous basis. Matters reported through the hotline or other communication sources that suggest substantial violations of compliance policies, regulations or statutes should be documented and investigated promptly to determine their veracity. A log should be maintained by the compliance officer that records such calls, including the nature of any investigation and its results. In addition to meeting the expectations by providing a formal method to report exceptions, other benefits result from operating a formal internal-reporting mechanism. The mechanism reduces the frequency of litigation. A formal internal-reporting mechanism provides an outlet for employee and other concerns. Some of these concerns are either remedied or addressed as part of the exception-reporting process. For those concerns that are remedied, pursuing litigation is unnecessary. For some of the concerns the explanation provided will sufficiently diminish the caller’s concerns and eliminate the need for litigation. In all instances an internal method for employees to raise concerns outside the employee’s chain of supervision provides an additional alternative to litigation. The mechanism promotes compliance and constructive resolution of complaints. On occasion, supervisors take a shortcut or ignore an employee concern possibly because they believe nobody will ever know. An internal-reporting mechanism serves as a check on such behavior by providing the possibility that someone outside the supervisor’s organization might examine the issue and find the supervisor’s conduct lacking. Further the mechanism improves employee morale. Establishing a credible internal-reporting mechanism sends a strong signal to employees that the organization is committed to ethical conduct and that it values employees input. Policy goals for an internal-reporting mechanism should include handling cases in a manner that protects the privacy of the caller investigation in a timely manner by persons with a sufficient level of expertise and who are not implicated in any wrongdoing described in the initial call and ensuring effective disciplinary or corrective action for all cases where misconduct or inappropriate activity occurred.

 For an internal-reporting mechanism to be effective, employees and others must have an underlying confidence that reporters will not be subjected to retaliation if they make a good-faith report of potential misconduct. The prohibition on retaliation for good-faith reports of potential misconduct should be unequivocally stated in the Organization’s code of conduct and reinforced both by management statements and vigorous investigation and enforcement of reports of retaliation. However, callers may still perceive a necessity to protect their identity prior to expressing their concern. For those callers, the reporting mechanism must provide methods to protect their identity. As a rule of thumb, cases should be assigned to an investigator who is at least two levels of supervision above the alleged wrongdoer. Some allegations of a particularly serious nature or that present particular issues would be most appropriately investigated by someone from outside the organization or someone with specialized expertise. If an investigation determines that misconduct or wrongdoing occurred, the appropriate corrective or disciplinary action needs to taken. All of the above actions should be documented before a case is closed. As the case is closed, the caller who initiated the matter should be contacted with a summary of the results of the investigation and a brief description of the corrective action, if any. However, the internal-reporting mechanism is only one means to determine where exceptions may be occurring. An organization with a thorough ethics and compliance program will additionally focus energy and resources on monitoring and auditing to learn where additional exceptions may exist.

 Monitoring and Auditing Program Performance

 Auditing and monitoring are not the same concept. Monitoring uses the control systems, as designed and implemented by management, to direct and correct day-to-day operations. Monitoring systems should be real-time and broad in scope to facilitate appropriate management action. Auditing, in contrast, predominantly consists of retrospectively testing the established monitoring systems to ensure they are functioning as prescribed.

 Placing reliance upon the results of retrospective, sample-based audits is an unwarranted attempt to use the audit function as a monitoring tool. Auditing should also include a periodic review and challenge of the designed monitoring systems, to ensure those systems continue to properly address the issues facing the organization. Finally, auditing should be proactive in attempting to identify new potential risks to the organization, for which monitoring systems may yet need to be developed.

 Monitoring

Monitoring differs from organization to organization and, particularly in large organizations, may even differ within segments of the organization. The tools that will be used to measure a program’s effectiveness should be well-defined. More detail is included below in the discussions of several particular risk areas, but basically an organization must establish processes that review how policy and legal requirements are being implemented. If monitoring mechanisms can be built directly into systems and business processes that is the most desirable approach. The organization should consider whether appropriate automated monitoring systems are available and, if available, are affordable for the organization. If automated monitoring systems are not available or cannot be developed, the organization should consider developing manual processes to check compliance rates and implementation effectiveness. The organization should also consider who would be responsible for ensuring that appropriate corrective action is taken when the monitoring reveals exceptions. Roles and responsibilities should be clearly defined to determine the root cause of the problem, determine the method of correction, and communicate the appropriate standards more effectively.

 Auditing

Even the best-planned monitoring processes will result in some exceptions, and thus those processes should be audited using the organization’s internal auditing staff, assuming that the organization is of sufficient size to have such a capability. Just as the organization needs to consider the nature of various compliance risks to develop its code of conduct, the internal audit function independently should consider the risks and then determine what areas of concern demand audit priority. As part of this risk analysis, the internal audit function should consider existing control structures and the effectiveness of those controls in minimizing or eliminating the potential risks. An internal auditor’s greatest contribution to an organization is identifying areas of risk exposure and helping to define appropriate corrective internal control and monitoring systems.

All organizations must deal with the reality of limited resources, and internal audit functions are not exempt from this constraint. Generally, resources will not be available to test all risk areas and existing monitoring systems annually. Thus, the internal audit function’s work priorities must be set according to risk. This ranking or proposed audit plan, based on information from various sources, should be presented to the organization’s management, including the compliance officer, chief operating officer, and CEO or administrator. After this process, the audit committee of the board of directors or board of trustees should review the audit plan and approve it. The approved audit plan is then executed. However, the audit plan should allow some flexibility or be subject to approved modifications to permit reallocating resources for any new issues identified during the year to be of more significant risk. Internal audit functions are most effective when viewed as team members or a helpful resource within the organization, rather than as a management police force. This perception can be accomplished by assuming a customer relations posture with the auditee. Throughout the audit process, open communications with the auditee and any other affected department(s) are required. An organization’s internal audit staff would be wise to solicit the auditee’s input during the audit engagement planning phase, explain organization policies and compliance risks, gather the concerns of the auditee and work with the auditee to understand how any existing monitoring systems are used by management. The steps to be performed during a particular internal audit should be explained to the auditee. Periodic updates (daily, if necessary) on the progress of the audit should be provided to appropriate management personnel to communicate issues or control deficiencies, jointly consider possible corrective actions, or (in some instances) solicit management assistance for audit completion. A closing conference marks the conclusion of audit fieldwork and summarizes the work and results for management. Recommended monitoring systems or system enhancements are formally presented for management consideration at the closing conference, and exceptions necessitating rebilling or self-reporting are communicated. The auditee should be required to prepare a written action plan that addresses each audit finding what will be done, when, and by whom.

This written action plan allows the internal auditor a final opportunity to ensure that the auditee understood the audit issues and will pursue appropriate corrective actions. Failure to document an appropriate course of action should be immediately addressed with the auditee and, if necessary, more senior management in that organization. Follow-up of compliance issues is critical, and written action plans can provide the basis for limited follow-up audits or, as is sometimes used, auditee management attestation statements (i.e., that the corrective actions have been implemented).

Overall summary reporting of audits and results must be communicated to executive management, including the ethics and compliance department and the audit committee of the board. The challenge in this process is summarizing diverse and often detailed information into a format that clearly depicts the status of the organization’s ethics and compliance program. Again, open and frequent communication with the report users will facilitate their understanding of the outstanding risks to the organization and the effectiveness of the compliance monitoring systems currently in place.

ORGANIZATIONAL ETHICS

An effective ethics and compliance program is more than just compliance with laws, regulations, and policies. An important aspect of a successful program is the balance of compliance and ethics. Programs that seem to be focused only on legal compliance are inevitably less effective overall than programs that concentrate on organizational ethics as well. In part, such ineffectiveness results because the majority of the staff in An organization is not involved in a direct fashion with many areas of legal compliance risk. If an ethics and compliance program is to resonate throughout the institution, it must speak to the needs, interests, and concerns of caregivers who may see a limited relevance to their work of issues. An effective ethics and compliance program should balance regulatory compliance standards and education with an ethical decision-making structure that promotes the organization’s value system as to business decisions. The program should be part of an effort to build a culture that supports not only doing what is legally required, but also what is right in the broadest sense of that word. Promoting organizational ethics requires an articulation of expectations and some formal training, but most importantly it requires the reflection of such values in the daily leadership example set by management. An organization that is committed to operating ethically should adopt a values statement and should determine its commitments to its stakeholders. Emphatic leadership statements must be made to the effect that no operating pressures are ever an acceptable rationalization for failing to meet the ethical and compliance standards that have been set.

 

CONCLUSION

Organizations that devote the time, energy, and resources to implement the type of ethics and compliance program will benefit substantially from such an effort. The author believes that such an effort will not only maximize the likelihood that complex legal rules will be observed, but will also establish an overall culture that will support the general mission of the organization. This type of program protects the organization and its members and, just as importantly, articulates aspirations of right conduct that inevitably cause individuals to be proud to be organization members.

Lokesh
advocate_lokesh@yahoo.co.in
+919036033535