Categories
31 Days to More Effective Compliance Programs

Day 15 – How do you evaluate a risk assessment?

After completing your risk assessment, you must translate it into a risk profile. If your estimate of where your bribery risk is greatest is wrong, it will be an effort to address it. As Ben Locwin explained in his  BioProcess International article entitled “Quality Risk Assessment and Management Strategies for Biopharmaceutical Companies”:
Once we have assessed risks and determined a process that includes options to resolve and manage them whenever appropriate, we can decide the level of resources with which to prioritize them. There always will be latent risks: those that we understand are there but that we cannot chase forever. But we need to make sure we have classified them correctly. With a good understanding of each of these, we are better positioned to speak about the quality of our businesses.

William C. Athanas, in his Industry Week article, “Rethinking FCPA Compliance Strategies in a New Era of Enforcement,” posited that companies assume that FCPA violations follow a bell curve in which most employees are responsible for most of the violations. However, Athanas believed that the distribution pattern more closely follows a hockey-stick distribution, where just a few people commit virtually all violations. Athanas concluded by noting that it is this limited group of employees, or what he terms the “shaft of the hockey stick,” to which a company should devote most of its compliance resources. With a proper risk assessment, a company can then focus its compliance efforts, such as intensive training sessions or detailed analysis of key financial transactions involving those employees with the greatest means and motive to commit a violation.
The priority risks are the most significant risks with the greatest likelihood of occurring. These become the focus of your most significant risk management efforts, coupled with ongoing audits and monitoring. A variety of tools can be used to monitor risk going forward continuously. Consider providing employees with substantive training to guard against the most significant risks coming to pass and to keep the key messages fresh and top of mind. It is important to create a risk control summary that succinctly documents the nature of the risk and the actions taken to mitigate it. Finally, let this risk assessment and evaluation inform your compliance program rather than letting the compliance program inform the risk assessment.
Three key takeaways:

  1. Even after you complete your risk assessment, you must evaluate those risks for your company.
  2. The DOJ and SEC are looking for a well-reasoned approach to how you evaluate your risk.
  3. Create a risk matrix and rank your risks; then remediate and monitor as appropriate.
Categories
Sunday Book Review

January 15, 2023 – The Top Business Books to Read in 2023 Edition

In the Sunday Book Review, I consider books that interest the compliance professional, the business executive, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest me. In today’s edition of the Sunday Book Review, we consider some of the top business books which every compliance professional should read in 2023:

·       How to Win Friends and Influence People by Dale Carnegie

·        Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini

·       The Compound Effect: Jumpstart Your Income, Your Life, Your Success by Darren Hardy

·        Tools of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers by Tim Ferriss

Resource

The Best Business Books to Read in 2023 By Hal Kitzmiller