One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report, or any other manner, to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to address issues. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage.
These ongoing efforts demonstrate that your company is serious about compliance.
It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following the intentions set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement by using the following:
- Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
- Design an execution plan. The KISS method (Keep it Simple, Sir) is the best to move forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
- Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
- Schedule the next review of the plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.
Continuous monitoring is a key step, but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program.
Three key takeaways:
- Innovation can come through a new way of thinking about and using data.
- Have the plan to use the information garnered in your monitoring incorporated into your compliance program.
- Always remember that Document Document Document is critical if the regulators come knocking.