Categories
Jamming with Jason

Ineffective Controls – Case Study from a Large Bank

As auditors we audit the effectiveness of controls and make recommendations for improving controls. If we are not careful, what we may actually do is recommend ineffective controls or try to over control our organizations, effectively strangling the organization and making it more difficult to achieve objectives. Here’s a case study showing some ineffective and over control from one of the largest banks in the world that should know better. Makes me want to scream “give me a break.”

Jason Mefford is a Rock Star – Internal Audit, Risk Management and Compliance. He helps Chief Audit Executives (CAE) and professionals with technical & soft-skills training and coaching to navigate the mine fields of audit, risk and compliance in organizations. http://www.jasonmefford.com/ and http://www.meffordassociates.com
Apple Podcast: https://itunes.apple.com/us/podcast/jamming-with-jason-mefford/id1456660699
PodBean: https://jammingwithjason.podbean.com/
#internalaudit #internalauditpodcast #jammingwithjason #internalcontrols #cae #chiefauditexecutive

Categories
Innovation in Compliance

How Strong HR Processes Can Mitigate Risk with Deb Muller


Do you have HR processes in place? Join us on this episode of the Innovation with Compliance Podcast with Deb Muller, the CEO and Founder of HR Acuity, and we’re chatting about how human resources related technology and processes can help mitigate risks and create a safer workplace for everyone.

No rhyme or reason
Deb noticed that most of the investigations being done within HR in an organization had no rhyme or reason. There were no processes as to how they should be done. Talking to clients, she recognized the need to incorporate technology and consistency into the investigation lifecycle, because someone can just walk in the door with something to tell you and upend your entire day — not to mention pose an incredible amount of risk for the organization.
Having a system
Human resources are your most expensive resources, yet most companies don’t think about it when they think about risk or compliance. What happens when someone makes an allegation?  A proper compliance process will make sure you get to the right result, stop the behavior, and mitigate the risk.
What HR Acuity’s system allows you to do is identify if you’ve had similar issues in the past, spot the trends in behavior, and get ahold of them before they lead to something else. You can nip situations in the bud, and the data allows you to get smarter about your people and figure out how you’re going to train them.
Interpreting data
What’s great about the data is that you can see the outliers. Once you know your norm or your benchmark, you’ll be able to spot the spikes and dips — things that are unexpected. You might now know what that actually tells you, but what that does is it gives you the information to go and ask the questions and find out what’s going on. What changed? What’s different? Did something happen internally? Externally?
10 Ways Technology Can Impact Your Employee Relations Strategy
This blog entry goes through all the different things you can get from technology. Many clients rely on the data to see if they’re at risk for class action suits, for example, where legal can just check the data as a “single source of truth,” go through historical information, and see if there’s anything they need to get on top of before it becomes a bigger issue.
It’s not the issue, it’s how you handle it
If a process exists that people see and believe in, they are going to be more accepting of the outcome. We hear that 75% of people don’t come forward, and Deb believes it’s not because they don’t know how to come forward. It’s because they don’t know what to expect when they come forward. It can be scary: Am I going to be retaliated against? Am I going to have to recount my story in front of the person? Are they not going to do anything about it at all? Will it be held against me?
One important thing about having a process in place is sending a message that you have a process in place. When someone has an issue, they’re going to feel much more comfortable coming forward, so having processes in place is so important in helping to create that safe workplace.
Resources
Deb Muller
HR Acuity
10 Ways Technology Can Impact Your Employee Relations Strategy

Categories
Jamming with Jason

The Future of Internal Audit and an Update to Sawyer’s Internal Auditing with Dan Clayton

Jason Mefford is joined by Dan Clayton, for a discussion of how internal audit is evolving and changing, driving some of the updates to Sawyer’s Internal Auditing, 7th edition.
Information in the International Professional Practices Framework (IPPF), the Internal Audit textbook, and CIA Review Course materials, provide a basis for how to practice internal auditing, but Sawyer’s Internal Auditing (one of the most influential books in the profession) fills in some of the gaps, and shows where internal audit is headed.
Dan Clayton is the Director of Strategy and Knowledge Management for the System Audit Office at The University of Texas System, and was the project leader for the update team to Sawyers Internal Auditing, 7th edition.

#jammingwithjason #internalaudit #sawyersinternalauditing
Check out more episodes and full episode videos at Jasonmefford.com, and don’t forget to subscribe on your favorite podcast platform!

Categories
Innovation in Compliance

Leading with Accountability with Sam Silverstein


What does it mean to be accountable and lead with accountability? Sam Silverstein is a consultant and author whose mission is to empower people to live accountable lives, transform the way they do business, and thrive at extraordinary levels. Join us as we take a deep dive into the subject of accountability and how it can impact the way we live and work. 

Accountability vs. transparency
These are two totally different elements.
Transparency is being open and honest: admitting that you have made a mistake and saying you’re on it and fixing it. You’re not trying to hide it or pretend it didn’t happen, you’re just being human. This is critical, and transparency is an element that will help you toward a life of accountability as an individual or as a leader.
But accountability is keeping your commitment to people. We talk about it a lot but many people have yet to figure out what it is. Accountability is not a way of doing, it’s a way of thinking, specifically, how we think about people. It isn’t just keeping your commitments to appointments and deadlines; it goes far deeper, like your commitment to the truth and to your values.
Accountability Index
The Accountability Index is a tool that measures an organization’s culture across 15 different indices. This gathers valuable information that ranges from engagement to an actual accountability score, and, using this data, helps an organization fine-tune their culture so they’re inspiring accountability up and down the organization.
It’s the leadership’s responsibility to be accountable first, and then create that environment that inspires accountability. In a culture like this, accountability isn’t coerced. It’s simply that people want to take it upon themselves to get the job done and do it right.
Culture
Every organization has a culture, either a culture by default, or a culture by design. Most organizations have cultures by default. When leadership takes the time to decide that this is what our culture is going to be, and creates an environment that values people and allows people to feel like they’re a part of the conversation and the solution, then that is a culture that inspires them to want to do their best. That’s the real power of accountability.
The Accountability Movement, The Accountability Roundtable, and The Accountability Community Project
The Accountability Movement is about trying to get people on board with wanting to live a more accountable life individually, as well as being part of a more accountable world.
The Accountability Roundtable is when, for example, clients who have already gotten on board with accountability invite leaders from different segments of the community, and, with Sam, talk about accountability over breakfast or lunch, discussing what it can do for their organizations and how it can impact the community.
The Accountability Community Project is where they work with civic leaders in the community. This is when they roll up their sleeves and make an investment in time and energy resources, helping them put these principles into action to build a more accountable community.
Resources for Sam Silverstein
LinkedIn
Website
YouTube

Categories
Shakespeare on Compliance

Shakespeare on Compliance –The Fool (In theater and in business)

In this podcast series, I have used the current Broadway performance by Glenda Jackson as King Lear to introduce several compliance topics. Today, I want to discuss the role of The Fool. Initially I should note that the actor who played it, Ruth Wilson, also played Cordelia; which in and off itself is rather amazing. The Fool did well to speak truth to power during the play and Wilson was excellent in both roles.

Wilson’s performance as The Fool added a shading of interpretation that certainly works. It also informs today’s review topic which is who was the fool and who was the criminal in one of the most notorious acquisitions in recent memory, the Hewlett-Packard (HP) acquisition of the UK company Autonomy.  The matter is now on trial in London, it being the largest UK civil trial in history with HP claiming some $5 billion in damages. The former Autonomy CEO Mike Lynch is in the dock as he will be in the US when his criminal case goes to trial sometime after the conclusion of this civil action.
The trial began last month and the fireworks have already started, with HP claiming Lynch and his former CFO engaged in massive fraud; the trial judge asking HP what accounting standards they used to evaluate HP and Lynch basically saying HP dropped the ball completely in both the acquisition and after closing for a variety of reason. Based upon all of this tomfoolery I thought a review of HP actions was warranted today.
Perhaps the simple truth is that everyone involved in this matter was a Fool.

Categories
Daily Compliance News

Daily Compliance News: April 12, 2019-the Uber FCPA investigation edition

APRIL 12, 2019 BY TOM FOX


In today’s edition of Daily Compliance News:

Categories
This Week in FCPA

This Week in FCPA-Episode 149 – the White Privilege edition

After a week hiatus, the lads are back. While debating white privilege and the Varsity Blues scandal, they also take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. Guilty pleas begin in the Varsity Blues scandal. Antonio Blumberg report in the Huffington Post. For those who did not plead guilty, additional charges filed. Melissa Korn reports in the Wall Street Journal. Jay interviews Justin Paperny about the Varsity Blues sting, in Corporate Compliance Insights. For one of the best and fullest explanations of the white privilege component, see Caitlan Flanagan’s article in The Atlantic.
  2. Does your company lack integrity? Mike Volkov gives 5 signs which show it does, on Corruption, Crime and Compliance.
  3. Standard Chartered joins the $1 bn fine club. Emily Flitter reportsin the New York Times. Jon Rusch takes a deep dive in Dipping Through Geometries.
  4. What is the intersection of DD and AI? Merritt Smith considers in the FCPA Blog.
  5. OFAC enforcement action demonstrates need for pre-acquisition due diligence? Lawyers from Paul, Weiss in the NYU Compliance and Enforcement Blog.
  6. What is ethical AI? Tom Austin explores on the Analyst Syndicate.
  7. What are the shifting reasons for FCPA enforcement? Kevin Keller on the Global Anti-corruption Blog.
  8. What are the risks to investors in Uber? Shannon Bond reports in the Financial Times. (sub req’d)
  9. This week Tom explores the intersection of Shakespeare and Compliance through the lens of King Lear. Check out the following: Part 1-Innovation;Part 2– Changing Your Focus; Part 3– Engaging Your Audience; Part 4-a Different Interpretation; and Part 5-The Fool.The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotify and Corporate Compliance Insights.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Innovation in Compliance

Making Compliance Training Fun with Andrew Rawson


What if compliance training didn’t have to be boring? Joining us on this episode is Andrew Rawson, the Chief Learning Officer for Traliant, a compliance training company. Today we’re talking about the future of compliance training: how to make it truly effective, useful, and even fun.

The importance of training
The last couple of years have seen the intersection of two seismic forces that have created tremendous demand for quality training. The first was the #MeToo movement, which has brought up the whole topic of compliance training around sexual harassment — so much so that it’s become a need to have instead of a nice to have, even in states where it isn’t required. The second was a change in regulations in different states across the country, now requiring more than 10 million people to be trained.
Effective compliance training
There is a difference between teaching people about the law and teaching them what to do. At Traliant, they wanted to train people how to behave. What do you do when you’re faced with a particular situation? That should be the focus.
The training is also intentionally more modern: well-designed interfaces, interactive videos, professional actors, point systems, getting senior management to record training segments for their peers  — all of which help make learning more engaging.
An important part of making training effective is making sure that people are encouraged to speak up, and that when they do, they’ll be protected. You might not be able to stop bad actors, but you can encourage witnesses to point out the behavior.
Moving away from check-the-box training
Much of compliance training is very check-the-box: a once-a-year thing that companies do to get it over with. But that’s not an effective approach. Traliant has gone from doing one-and-done sessions to creating a more holistic training approach. Examples are 15-20 minute courses for managers involved in investigations and two-minute training videos on dating in the workplace that they call “sparks” — because they’re meant to spark conversations.
Preventing Workplace Sexual Harassment: 4 Top Trends for 2019

  1.  The Equal Employment Opportunity Commission (EEOC) is keeping workplace harassment training front and center, remaining one of its top priorities.
  2. Harassment training continues to evolve, and we’re seeing a shift from helping companies avoid liability to helping people behave properly.
  3. Training is highly state-driven, given their different requirements. So Traliant has built a platform where people can access the training relevant to them, instead of a one-size-fits-all course.
  4. There is a focus on building respectful, inclusive work cultures that embrace compliance training not because they have to, but because they want to.

Resources
Andrew Rawson (LinkedIn)
Traliant (Website)
Preventing Workplace Sexual Harassment: 4 Top Trends for 2019

Categories
Shakespeare on Compliance

Shakespeare on Compliance – A Different Interpretation

I recently saw the performance of King Lear with Glenda Jackson as the mad king. It was a magnificent production and if you have the chance to see, I would certainly urge you to do so. The production had many interesting features and interpretations which seemed to be great entrees into several compliance topics. The play was directed by Sam Gold and it was scored by Phillip Glass but the star power was derived from Jackson as King Lear. It was a fabulous take on the story and one that will resonate directly to our turbulent times. Therefore, inspired by octogenarian Jackson and her performance, I am going to use King Lear as a deep dive into several compliance topics this week. In this episode, I want to discuss how Jackson, starring in the role of King Lear, added a new level of complexity, nuance and interpretation to the entire play.

Jackson is an octogenarian, the oldest person I have ever seen play Lear. Having seen my two parents age, I have some understanding that a person does not gain in stature, power or strength after they cross the 80-birthday mark. In other productions I have seen Lear roar and rail at Cordelia however, Jackson played it understated with nary a raised voice.
Even after the intermission, one of the most powerful scenes is when Lear carries of the lifeless body of Cordelia. Lear is in shock, bereaving and clearly quite mad. Yet to pull this off this scene requires an actress playing Cordelia to be of a size that the actor playing Lear can physically carry. Jackson is far too frail to do so. In this penultimate scene she sat on the stage with Cordelia’s head cradled in her lap, gently stroking her dead daughter’s hair. It was one of the most tender, loving and affectionate presentations I have ever seen in Lear.
The same week as the Mobile TeleSystems PJSC (MTS) Foreign Corrupt Practices Act (FCPA) enforcement action was announced there were two significant speeches by Department of Justice officials. The first was by Deputy Attorney General Rod Rosenstein. The second was by Assistant Attorney General Brian Benczkowski.
I want to focus on how both speeches explain what many found to be the stunning result Cognizant Technology Solutions Corporation (CTSH) received when it obtained a declination for its FCPA violations, both from the strategic and tactical levels.
Taken together, these two speeches made clear the reasons why the DOJ handed a declination to CTSH. The company engaged in the type of conduct, after it discovered its FCPA violation, that the DOJ wanted to reward and encourage going forward. Rosenstein made this crystal clear in his remarks, when he stated, “We aim to incentivize companies to report crimes, disgorge illegal proceeds, take remedial actions, and identify accountable officials so we can prosecute them – and do it all promptly. That will result in less corporate crime in the future.” This is not going soft on corporate crime; this is bringing corporate America into a role in the global fight against bribery and corruption.
Yet the Benczkowski speech had equal import for the compliance professional. The DOJ rewarded CTSH for not only its quick decision to self-disclose and then doing so; they also rewarded the company for having a robust pre-existing compliance program even though C-Suite executives led the bribery effort. This recognition by the DOJ makes even more important the corporate compliance function and a corporate compliance program to protect an organization if nefarious actors arise.

Categories
Compliance Into the Weeds Daily Compliance News

Compliance into the Weeds: Episode 118-Hotline Metrics

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recently released NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report. We consider the details from the report and ask the following question “are you using all the right intake channels to capture a true sense of misconduct and corporate culture at your organization?” Some of the highlights include:

Some of the highlights include:

  • What are the intake channels available to your organization?
  • If you are only tracking complaints through a formal system, you may well be missing a wider variety and rich source of information.
  • Moving your intake past simply what the law requires will give you a much better accounting of your organization’s culture.
  • How can you improve your intake?
  • Has closure time for reported increase or decrease?
  • What has been the continued impact of #MeToo?

For more reading check out Matt’s blog post “Hotline Metrics-are you missing any?”
To read the full NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report, click here.