Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls: COSO Objective III: Control Activities

In its Framework Volume, COSO Control Activities “are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.” They should be performed at all levels in an organization’s process cycle.

Principle 10: Select and develops control activities.
Principle 11: Selects and develops general controls over technology.
Principle 12: Control activities established through policies and procedures.

While the objective of Control Activities should be the most familiar to the CCO or compliance practitioner, this objective demonstrates the interrelatedness of all the five COSO Objectives and the corporate functions in your organization. It is your control environment and then risk assessment that should lead you to this point. The Control Activities objective lays the groundwork for a living, breathing compliance program going forward.

This objective requires new ways of capturing, gathering, and confirming the accuracy and completeness of the information and the controls reporting it. The Control Activities regarding the necessary policies and procedures are an important consideration going forward.

Three key takeaways:

  1. Think of a “second set of eyes” as a primary control activity.
  2. SODs must always be employed.
  3. Control Activities should be performed at all levels in the business process cycle, which speaks directly to operationalizing your compliance program.
Categories
Hill Country Authors

Marilyne Cizmich – Lessons from Sonia the Cat

Welcome to the award-winning The Hill Country Authors Podcast. In this podcast, Hill Country resident Tom Fox visits with authors who live in and write up the Texas Hill Country. In this episode, I visit with the children’s author and Hill Country resident Marilyne Cizmich.

Highlights include:

●      Growing up in the Bay Area

●       Traveling around North America

●       The Kerrville Folk Festival

●      Getting a Nursing Degree

●      School Nursing in Alaska

●       A trip to Ukraine and Sonia the Cat

●       Relocating to the Hill Country

Why your business needs a podcast?

Find out at this Lunch Workshop why your business needs a podcast. The Texas Hill Country Podcast Network hosts the podcast, which will be held on Friday, March 3, from 11:30 AM CT to 1:00 PM CT at the Kroc Center. For information and registration, click here.

Categories
Great Women in Compliance

Julie Bregnard – Moving on Up

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine. The Great Women in Compliance podcast’s guest for this week is Julie Bregnard, a Compliance professional who is relatively early into her career and going places fast.  Mary interviews Julie with a special focus on the job search, as Julie has just moved into a new role after five years at her first “real” job.  As discussed in the GWIC New Year episode several weeks ago to kick off 2023, the market for certain levels of Compliance staff is extremely favorable now.  Julie and Mary share some tips for further increasing job hunter success in the search.

 Julie also reflects on her time as a new graduate looking for her first job after university.  Mary asked Julie to give some tips on subject as she received a request to do an episode that is helpful to students.  Though further back in time, Mary still remembers how painful and demoralizing the search for your first professional full-time role can be and with this in mind, asked Julie to share some advice and encouragement for students on how to best stay motivated and on task throughout this time.

 As a Compliance practitioner who has been instrumental in strategizing on and delivering multiple Compliance Week events to her internal stakeholders, Julie provides some insights on what she thinks makes for a good Compliance Week and takes a broader view on how you can leverage them for ongoing dialogue in an organization.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Having a Values Conversation

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I take a deep dive into having a value conversation to help companies start a conversation about values. If companies do not focus on matters, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company’s best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a safety culture.

Key Highlights

  • The Importance of Workplace Safety [00:04:58]:
  • The Need for Embedding Conversations about Values in the Workplace [00:09:00]
  • Creating a Positive Corporate Culture. [00:12:26]
  • The Dangers of Not Doing Corporate Compliance Properly [00:15:56]

 Notable Quotes

 1.     “It makes a lot of sense to try to embed awareness of them initially, but it feels weird. It’s kind of outside of people’s comfort zone. It’s outside your comfort zone if you are not an ethics and compliance professional.”

2.     “These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this.”

3.     “It’s easy for senior executives. To talk about ethical values. I think for many low-level employees, and those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It’s your middle manager. It’s your boss. You pay attention to what they say.”

4.     “These questions are geared to help those managers, that audience, and their crucial tool.”

 Resources

Matt Kelly in Radical Compliance

Categories
Daily Compliance News

February 22, 2023 – The Going Dark Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Binance secretly moved money out of the US affiliate. (Reuters)
  • Is supporting DEI now illegal in Texas? (PracticalESG)
  • SEC is becoming increasingly opaque about the whistleblower program. (KU)
  • Does PCAOB have jurisdiction over crypto audits? (WSJ)
Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 2

In this three-part blog post series, we are ruminating on how to create an effective compliance program through  the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

Under Step 4, companies must quickly analyze their data quickly and efficiently to determine if they need to self-disclose any potential issues. By sharing the attributes across corporate siloes, companies can make their individual models perform better and improve their compliance programs. This allows companies to access the data quickly and easily, allowing them to identify potential risks and areas of improvement. It also provides insights into the effectiveness of compliance programs, allowing companies to make better informed decisions concerning their compliance.

Overall, having access to relevant sources of data is essential for an effective compliance program. Companies can gain access to data through on-premise platforms. By leveraging these sources of data, companies can ensure their compliance programs are up to date and compliant with applicable laws and regulations.

Step 5 is to conduct monitoring at the beginning and throughout the lifespan of any business  relationship or transaction cycle. This is an important step as it allows a company to identify potential issues with their compliance program and take corrective action. Monitoring should be conducted at the beginning of a relationship or transaction to ensure that all parties understand the expectations and that there is no potential for criminal activity. Monitoring should continue throughout the relationship as well, as this will allow a company to identify any changes in behavior or activity that could indicate a potential problem. This can be used to gain insights into a vendor’s financial and transactional data, which is often a key indicator of future or even potential compliance violations.

Having access to relevant sources of data and conducting monitoring throughout the lifespan of a third-party relationship will help an organization meet the expectations set by the DOJ for an effective compliance program. With the DOJ’s recent announcement of amendments to the Corporate Enforcement Policy, companies have even greater incentive to self-disclose if they uncover potential violations, all of which demonstrates an effective compliance program. A data analytics platform can help companies quickly identify understanding of the risks and monitoring these relationships regularly, companies can ensure that they are compliant with all applicable regulations and review potential issues.

With a comprehensive view of their activities, organizations can quickly identify any changes in activities, such as unusual patterns of payments or activities, which could indicate a potential problem. Through visibility into third party activities and transactions, companies are able to gain a better understanding of the compliance risk associated with their third-party relationships. Moreover, businesses have a mechanism to identify any financial or transactional red flags.

Interestingly Walden advocates having an “on-premise application” for data analytics, which is he step 6.  He believes “This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools.” It can be hosted and managed as a service, “meaning that companies can utilize the platform without having to move large amounts of data around each month.” This helps companies to gain insights from the model without compromising their data privacy. Furthermore, this platform can be used to identify anomalous payments that may be indicative of corruption or fraudulent activities.

Join us tomorrow where continue conclude our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance