compliance and ethics leadership council
TRANSCRIPT
Compliance and Ethics Leadership Council
Assessing Global Readiness: Adapting the Corporate Core to New Markets
Jennifer Childs Kugler
Compliance and Ethics Leadership Council
SCCE Annual Conference
Sunday, 14 October 2012
A FRAMEWORK FOR MEMBER CONVERSATIONS
The mission of The Corporate Executive Board Company and its a�liates (CEB) is to unlock the potential of organizations and leaders by advancing the science and practice of management. When we bring leaders together, it is crucial that our discussions neither restrict competition nor improperly share inside information. All other conversations are welcomed and encouraged.
CONFIDENTIALITY AND INTELLECTUAL PROPERTY
These materials have been prepared by CEB for the exclusive and individual use of our member companies. These materials contain valuable confidential and proprietary information belonging to CEB and they may not be shared with any third party (including independent contractors and consultants) without the prior approval of CEB. CEB retains any and all intellectual property rights in these materials and requires retention of the copyright mark on all pages reproduced.
LEGAL CAVEAT
CEB is not able to guarantee the accuracy of the information or analysis contained in these materials. Furthermore, CEB is not engaged in rendering legal, accounting, or any other professional services. CEB specifically disclaims liability for any damages, claims or losses that may arise from a) any errors or omissions in these materials, whether caused by CEB or its sources, or b) reliance upon any recommendation made by CEB.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�3
16%
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�4
27 7 27
23 13 25
23 17 13
30 17 3
18 15 15
30 7 10
14 9 19
25 7 7
17 13 7
29 8
894
824
498
532
620
683
735
784
838
872
932
989
997
1,012
THE FUTURE OF CORPORATE INVESTMENT
Foreign Direct Investment Inflows (2008–2014)US Billions
Source: “Global FDI–The Rocky Road to Recovery,” Economist Intelligence Unit, 15 March 2010.
Emerging markets will continue to receive about half of all global foreign direct investment flows.
Developed Countries
Emerging Markets
Brazil
India
China and Hong Kong
Korea
Canada
Australia
United Kingdom
United States
Russia
Japan
Source: A. T. Kearney Foreign Direct Investment Confidence Index, 2010; PricewaterhouseCoopers 2010 CEO Survey.
Top 10 Countries in Which Corporate Jobs Are Being AddedPercentage of CEOs Increasing Headcount in 2010
Increase Jobs by Less Than 5%
Increase Jobs by 5–8%
Increase Jobs by More Than 8%
n = 467 of 1,198 CEOs. Multiple responses allowed.
2008 2009 2011 2012 2013 20142010
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�5
EMERGING MARKET CHALLENGES
Barriers to Expansion in Emerging MarketsIllustrative
Di�culty of Management
Like
liho
od
of
Occ
urre
nce
High
Medium
Low
Easy Di cult Very Di cult
Increasingly Protectionist Government Strategies
(Policy Risk)
Political Instability
Economic and Financial Instability
Fraud and Corruption
Lack of Local Talent and Leadership
Cultural Risk
Regulatory Risk
Emergence of “National Champion” Firms�1
Threat of Asset Seizure/Expropriations
Increased Competition from Domestic Rivals
Currency Fluctuations
Ill-fitting Business Model
Lack of Contract Enforceability
1 Government promotion or favoritism of key economic sectors resulting in uneven playing field.Source: Gibson Dunn, “FCPA and International Anti-Corruption Enforcement—Trends in 2010.”
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�6
A SHIFTING COMPLIANCE ENVIRONMENT FOR COMPANIES (AND THEIR EMPLOYEES)
Key Trends Driving Future Compliance Risks Compliance Implication
Competing Regulatory DemandsCompanies face a more complex and aggressive regulatory environment, creating inconsistent compliance expectations.
2. Growing and Fragmented Regulatory and Enforcement Environments Notwithstanding the fact that regulators in di�erent countries are focused on common issues, increasing the volume of legislation and regulation in key areas (e.g., anti-bribery, anti-trust, data privacy), they are often using di�erent standards to enforce these issues.
Growing Focus on Information RisksEmployees now have more opportunities and incentives to disclose information outside of the company. In addition, customers and other third parties are demanding greater protection from data leakage and disclosure.
3. Explosion of Information and Transparency The exponential growth in the amount (and types) of data creates new risks and opportunities for how companies and employees create, use, and dispose of information.
Changing Employee Value PropositionMillennial-generation employees are motivated di�erently and desire, in general, more open, flexible, and socially interactive workplace environments.
4. Shifting Employee Demographics Companies increasingly hire Millennial-generation employees (characterized by an increased familiarity and informality with digital technologies and online communications).
Increasing Global Compliance RisksAs operational centers shift to new markets, compliance departments must learn to manage new (and often more volatile) political, legal, and cultural risks across geographies.
1. Company Growth into New Markets With slow growth expected in developed markets, companies are more rapidly expanding their businesses (and their value chains) into foreign jurisdictions.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�7
CHALLENGE #1: HARD TO ASSESS RISKS IN RAPIDLY CHANGING ENVIRONMENTS
Over the Past Two Years, How Have the Following Changed in Emerging Markets?Number of Respondents Indicating an Increase
Source: GCR and CELC Pre-Meeting Survey, June 2010.
75%
72%
63%
45%
44%
30%
30%
Business Volatility and Complexity (e.g., Increased Deal-Making,
Di�erent Creative Deal Structures)
Speed and Volume of Local Regulatory Changes
Financing and Solvency Concerns
Local Regulatory Activism in Emerging Markets
Business Pressure to Approve Deals Quickly
Governmental Favoritism Toward Local Competitors
(e.g., Lack of a Level Playing Field)
Willingness of Local Governments to Cooperate
with Foreign Companies
n = 59.
n = 54.
n = 57.
n = 55.
n = 55.
n = 48.
n = 46.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�8
CHALLENGE #2: HARD TO INFLUENCE LOCAL CULTURES What Is the Primary Challenge in Managing Legal and Compliance Risks in Emerging Markets?
What is the Best Measure of (Compliance and Ethics) Success in Emerging Markets?
Ensuring Employee Adherence to Corporate
Policy and Standards
Integrating Legal and Compliance into Local
Business Decision Making
Identifying (Trustworthy) Local Third Parties
Understanding Local Regulatory Expectations
n = 26.
27%
19% 19% 19%
CELC research indicates culture substantially drives local compliance success
n = 22.
Improvements in Corporate Culture
Reduced Misconduct
Business Partner Satisfaction
Reduced Damages, Settlements and Fines
50%
27%
14%
5%
Source: CELC Pre-Meeting Survey, June 2010.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�9
CHALLENGE #3: HARD TO KNOW THE STATE OF COMPLIANCE IN LOCAL MARKETS
How Significant a Challenge Is Gathering Quality Information on Compliance Performance?Percentage of Regional Respondents Answering “Very Significant” or “Fairly Significant”
Latin America Far East Middle East and Africa
Central and Eastern Europe
n = 279.
Source: Ernst & Young, 11th Global Fraud Survey.
88%
75% 74%
56%
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�10
THE ROLE OF COMPLIANCE AND ETHICS IN SUPPORTING GLOBAL READINESS: KEY QUESTIONS TO ADDRESS NOW
Program “Bones”Risk Identifi cation
Compliance Oversight Outreach
Do we know what our key risks, including cultural hot spots, are in these new markets? How are we mitigating those risks? And what is the upside of getting this right?
Do we have the resources and program structure in place to enable us to adapt and respond quickly?
What oversight do we need to put in place to ensure we are reducing the likelihood of misconduct?
Have we targeted the high-risk audiences with appropriate (and appropriately-timed) outreach, training, etc.?
For another day:
■ Managing Third-Party Risks in New, Emerging Markets ■ Measuring the Success of your E� orts
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�11
1. What insight does CELC data provide?
2. What do I need to know about Asia?
3. How are leading companies proactively managing these risks?
4. What about cultural risks?
THE ROLE OF COMPLIANCE AND ETHICS IN SUPPORTING GLOBAL READINESS: KEY QUESTIONS TO ADDRESS NOW
Program “Bones”Risk Identifi cation
Compliance Oversight Outreach
Do we know what our key risks, including cultural hot spots, are in these new markets? How are we mitigating those risks? And what is the upside of getting this right?
Do we have the resources and program structure in place to enable us to adapt and respond quickly?
What oversight do we need to put in place to ensure we are reducing the likelihood of misconduct?
Have we targeted the high-risk audiences with appropriate (and appropriately-timed) outreach, training, etc.?
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�12
LEVELS OF OBSERVED BUSINESS MISCONDUCT
Percentage of Employees Who Report to Us Observed Business MisconductCELC Cultural Diagnostic�1 Data: All Employees by Country, 2009–2010
�� %
��% ��%
1�%
1�% 1�%
1�%1�% 1�% 1�% 1�%
11%
Brazil
n = 11,749.
Mexico
n = 3,693.
Latin America
n = 5,070.
Eastern Europe
n= 3,601.
U.S.A.
n = 109,755.
Africa
n = 721.
China
n = 7,028.
Scandinavia
n = 2,030.
India
n = 11,511.
UK
n = 6,616.
Western Europe
n = 11,197.
Russia
n = 335.
15%Global Average
Rates of observed misconduct substantially higher across Mexico, Central, and South America
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�13
0%
5%
10%
15%
0%
5%
10%
15%
BUSINESS MISCONDUCT ELEVATED IN MOST EMERGING MARKETS
Observed Misconduct by TypeCELC Cultural Diagnostic Data: Distribution of Misconduct by Type
Global Averagen = 210,999.
Indian = 5,962.
Chinan = 4,473.
Braziln = 3,513.
Har
assm
ent
or
Bu
llyin
g
Pre
fere
nti
al
Trea
tmen
t
Dat
a P
riva
cy
Vio
lati
on
Bu
sin
ess
Info
rmat
ion
V
iola
tio
n
Dis
crim
inat
ion
Mis
use
of
Org
aniz
atio
n’s
T
ime/
Res
ou
rces
Inap
pro
pri
ate
Giv
ing
/Rec
eivi
ng
o
r G
ifts
Ste
alin
g
Env
iro
nm
enta
l V
iola
tio
n
Co
nfl i
ct o
f In
tere
st
Inap
pro
pri
ate
Beh
avio
r
Imp
rop
er S
ales
Hea
lth
or
Saf
ety
Vio
lati
on
Imp
rop
er
Pay
men
ts
Alc
oh
ol a
nd
/or
Dru
g A
bu
se
Acc
ou
nti
ng
Ir
reg
ula
riti
es
Fra
ud
Insi
der
Tra
din
g
HR-Related Sales and Finance Legal ViolationsMisuses of
Corporate Assets
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�14
54%61% 63% 64% 65% 66% 68% 71%
88%
THE VAST MAJORITY OF MISCONDUCT GOES UNREPORTED
Non-Reporting Rate of Observed Business Misconduct at MNCsCELC Cultural Diagnostic Data: All Employee Reporting by Country, 2009–2010
MexicoEastern Europe
Western Europe
U.S.A. Russia ChinaIndia
Why Don’t People Report?
■ Globally, the two reasons cited most by employees as to why they failed to report misconduct are “Fear of retaliation” and “I did not think the company would do anything about my report.”
■ In Asia, the top two reasons are “Did not think I had enough information” and “Not certain it was a violation,” indicating some uncertainty about what constitutes misconduct.
UK Brazil
61%Global Average
Employees in China are four times less likely to report business misconduct than employees in the United States.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�15
ARE WE GETTING OUR MESSAGE THROUGH?
Percentage of Employees Witnessing Misconduct Who Observe Confl icts of Interest
Country Management Status Yes Don’t KnowU.S.A.n = 17,561.
Manager 24.8% 8.3%Non-Manager 22.5% 15.9%
UKn = 794.
Manager 22.0% 8.0%Non-Manager 20.2% 16.9%
Braziln = 2,585.
Manager 35.6% 13.4%Non-Manager 47.5% 17.5%
Chinan = 914.
Manager 29.1% 37.9%Non-Manager 26.9% 43.3%
Indian = 1,381.
Manager 21.9% 29.0%Non-Manager 22.4% 33.2%
Country Management Status Yes Don’t KnowU.S.A.n = 17,561.
Manager 1.9% 6.9%Non-Manager 1.6% 13.6%
UKn = 794.
Manager 1.9% 9.1%Non-Manager 2.1% 16.0%
Braziln = 2,585.
Manager 2.7% 18.2%Non-Manager 5.1% 26.1%
Chinan = 914.
Manager 14.5% 52.0%Non-Manager 14.1% 55.6%
Indian = 1,381.
Manager 6.4% 28.3%Non-Manager 4.8% 33.1%
Percentage of Employees Witnessing Misconduct Who Observed Improper Payments Including Bribes, Kickbacks, or Inappropriate Payments
China and India
High levels of “don’t know” suggest the importance of providing meaningful awareness training and setting clear expectations for local employees.
Of non-managers who observed misconduct in China, only 29.8% are confi dent that they did not observe a confl ict of interest.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�16
SUMMARY OF CULTURAL FINDINGS: BRIC COUNTRIES
Observed misconduct most signifi cantly above global average—Preferential treatment, confl icts of interest, misuse of time, harassment/bullying, stealing
Reporting rate—36%Most frequent “don’t know”—Accounting IrregularitiesTop drivers of ethical culture—Organizational Justice, Openness of Communications, Departmental Climate
CELC Recommendations ■ Focus on compliance training, with HR–support, on interpersonal relations and topics such as harassment and bullying.
■ Focus training on group dynamics and business pressures (since relatively low-levels of “don’t knows” suggest employees understand expectations, but sometime willfully ignore).
Observed misconduct most signifi cantly above global average—Improper sales, fraud, data privacy, accounting irregularities
Reporting rate—32%Most frequent “don’t know”—Accounting IrregularityTop drivers of ethical culture—Organizational Justice, Openness of Communications, Departmental Climate
CELC Recommendations ■ Focus compliance training and mitigation e� orts on sales sta� . ■ Provide local training that focuses on Corporate values, organizational justice, and open communications.
Observed misconduct most signifi cantly above global average—Business information violation, improper sales, fraud
Reporting rate—39%Top drivers of ethical culture—Organizational Justice, Openness of Communications, and Mood in the Middle
CELC Recommendations ■ Focus on role of and interactions with the State (especially if product might be considered a State asset).
■ Employees place unusual importance on peer behaviors and perceptions of culture. Build training and communication around established peer networks.
Observed misconduct most signifi cantly above global average—Confl ict of interest, misuse of time, stealing, improper payments, inappropriate giving or receiving of gifts
Reporting rate—12%Most frequent “don’t know”—Accounting IrregularitiesTop drivers of ethical culture—Organizational Justice, Direct Manager Leadership, Comfort Speaking Up
Brazil India
China Russia
CELC Recommendations ■ Focus on corruption training. ■ High levels of “don’t knows” suggest employees need to enhance basic understanding of laws and expectations.
■ Focus on speaking-up and
comfort with investigations process.
■ Employees value strong direct manager leadership. Local leadership must understand and reinforce compliance messages.
�17
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
Brief Spotlight on Asia
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�18
HIGH PROPORTION OF EMPLOYEES IN ASIA UNSURE OF HAVING OBSERVED MISCONDUCT
Percentage of Employees
n = 131,089 United States; 9,745 United Kingdom; 12,753 India; 7,551 China; 2,087 Singapore; 1,874 Malaysia; 399 Indonesia.
Don’t Know
Have Observed Misconduct
Have Not Observed Misconduct
United States
United Kingdom
China Malaysia IndiaIndonesia Singapore
Source: CELC RiskClarity Survey Data, 2009–2010.
�� �
���
���
���
���
��
���
��
���
�� �
���
���
���
���
���
���
���
���
���
���
���
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�19
32%
41%
49%51%
56%
MOST MISCONDUCT GOES UNREPORTED IN ASIA
Reporting Rate of Observed Business MisconductPercentage of Respondents Who Reported Observed Misconduct
n = 4,538 India; 3,962 China; 905 Malaysia; 809 Singapore; 182 Indonesia.
China Malaysia Singapore India Indonesia
Asia Average
46%
Global Average
58%
Source: CELC RiskClarity Survey Data, 2009–2010.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�20
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
FEAR OF RETALIATION TOP REASON FOR NOT REPORTING MISCONDUCT IN ASIA
Top Three Reasons for Not Reporting MisconductPercentage of Employees
Singapore
China
Malaysia
India
Indonesia
Global Average
Asia Average
Fear of Retaliation I Did Not Think the Company Would Do Anything About It
I Did Not Think I Had Enough Information About the Misconduct
37%
24%
49%
16% 15%
20%
n = 12,753 India; 7,551 China; 2,087 Singapore; 1,874 Malaysia; 399 Indonesia.
Source: CELC RiskClarity Survey Data, 2009–2010.
Note: The list of top fi ve reasons for not reporting misconduct by country is included in the appendix.
�21
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
How Are the Best Companies Adapting Their Risk Assessments to Local Conditions in Order to Stay on Top of Risks?
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�22
RISK MANAGEMENT INEFFECTIVE IN EMERGING MARKETS
Legal and Compliance Department Ranking of Ability to Manage Risk, by RegionPercentage Ranking as Ine� ective, GCR Legal Risk Diagnostic, 2010
n = 112.
��
��
������
������
���
���
North America
Western Europe
Eastern Europe
Central America
South America
Asia-Pacifi c
Africa Middle East
Five to seven times more legal and compliance departments report being ine� ective in these regions than in North America
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�23
OVERVIEW: ADAPTING RISK ASSESSMENT TO LOCAL CONDITIONS
Scope of the Risk Assessment
Assessment FrequencyRisk Criteria and
Information Sources
Distinct Emerging Market Challenge for Compliance O� cers
■ Local culture, as well as political, economic, and regulatory policy greatly impact business conduct
■ Companies often quickly enter markets via acquisition or partnership
Uncertain political and social environment quickly render static assessments inaccurate or outdated
Volatility of socioeconomic and political conditions dramatically shifts and accelerates risk impact
Implications in Emerging Markets
Consider multiple factors a� ecting local risks (e.g., legal, regulatory, economic, political, social, cultural) and method of entry (e.g., acquisition)
Provide the framework to regularly update assessments and “price” compliance, thereby reducing undue business pressures
Select indicators that are relevant to your business and consider the speed at which local risks may change
Leading Approaches for Discussion
11
1 Pseudonym.
�24
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
COUNTRY-BASED COMPLIANCE EVALUATION
OVERVIEW
Trier follows a structured process to identify and mitigate the country and company-specifi c compliance risks that jeopardize the value and synergies of potential acquisitions in emerging markets. Beginning with target due diligence, Trier rapidly integrates the acquisition into its existing risk management framework.
KEY INSIGHTS
1. Country-Based Review—Compliance and Ethics should, in advance of market entry, develop a robust sense of the political, cultural, and business conditions that will impact operating success and the achievement of, in the case of an acquisition, desired synergies.
2. Integrate Acquisition into Existing Compliance Framework—Compliance and Ethic’s involvement in the due diligence process should assess business risks and the control environment with an eye towards rapid integration into existing company controls systems and risk management framework.
3. Identify Employee Pressure Points—Especially in emerging markets, legal and compliance risks stem from pressure points throughout operations. Compliance and Ethics must work to highlight these pressures (interactions with government o� cials, familial ties, etc.) that infl uence behavior and provide employees the requisite bu� er and support to act on the company’s behalf.
COMPANY SNAPSHOT
Trier Corporation Industry: Chemical2009 Sales: US$5–20 Billion2009 Employees: 5,000–20,000
1 Pseudonym.
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�25
ACQUISITION PROCESS OVERVIEW
Market Entry and Acquisition Process Plan
Acquisition Working Team
Composition: ■ Corporate Development Group,
Legal, HR, Finance and a business representative
■ The Acquisition Working Team size is sta� ed according to the size of the deal
Target Identifi cation Team
Composition: ■ One or two employees from
Corporate Development group and relevant business
■ May include employees from Technology, Marketing, and/or the Strategy group
Integration Working Team
Composition: ■ Business, HR, Finance, Legal, IT,
Health, Safety and Environment, Manufacturing, Technology, and Supply Chain
■ Additional employees of the region where assets or business is located
Market ReviewStrategy Defi nition
Target Identifi cation
Initial Due Diligence and Valuation
Due Diligence and Valuation
Negotiation and Execution
IntegrationPost-Signing
Final Integration Planning
Risk Tracking and Accountability
Compliance Role ■ Begins initial review of
country-specifi c political risks
■ Reviews and validates Target Identifi cation Team business and operating model assumptions
Compliance Role ■ Identifi es local employee
“assets” willing to e� ectively support compliance initiatives
■ Holds local management accountable for compliance integration objectives
Compliance Role ■ Begins initial integration planning
by reviewing the target’s compliance infrastructure and evaluating the available resources for improvement
1
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�26
REVIEWING COUNTRY-SPECIFIC COMPLIANCE RISK
1. Political risk
2. Human capital
3. Expropriation risk
4. Contract repudiation rates (enforceability of contracts)
5. Government stance toward business
6. Intellectual property piracy
7. Business environment (corruption risk)
8. Supply chain e� ciency
9. Competitive intelligence
10. Market Size
Before entering Vietnam, Trier’s Compliance O� cer interviews three law fi rms (one international, two local) and two forensic accounting fi rms about the country:
■ Political Risk Questions – What political risks have you seen in the last three years? – Could you tell me about litigation in this country? How long does it take to receive a judgement?
– Are contracts enforced here? Can I domicile operations in a more favorable location? – Have military budgets been increased/decreased? Could decreased military budgets provoke civil unrest?
■ Business Culture Questions – Can you tell me about corruption in the government? – What are employee perceptions of confl icts of interest in this country? – What local customs do Western companies run afoul of?
■ Business Risk Questions – Who are my local and international competitors in this market? Do you know and can you trust the behavior of your competitors
– How reliable is electricity (utilities and infrastructure) in this market? – Tell me about the three to fi ve business mistakes I’m going to make?
Preparing for Business Change “By the time a new deal is proposed. I typically have an understanding of the political, cultural, and business environment we are entering. This ensures the proper compliance consideration through due diligence and integration.”
AGC, Ethics and Compliance O� cerTrier Corporation
1
Key Market Entry Considerations Country Risk Review: Case in Point
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�27
ACQUISITION RISK REVIEW
List of Reviewed RisksIllustrative
1. Map Compliance Risks—Maps the acquired line of business workfl ows to compliance risks (e.g., personnel who interact with government o� cials)
2. Assess Control Environment and Compliance Infrastructure—Follows COSO framework to audit entity-level processes and controls (e.g., testing presence of corruption policies, obtaining documentation from key process owners, reviewing policies and procedures, manufacturing safety procedures and posters).
Strategic Objectives ■ Become the number one supplier in Russia ■ Generate revenue synergies of US$8 million by year two ■ Reduce shipping costs
Country Risks1. Corruption risk2. Size of gray market3. Expropriation risk or government interference
4. Unforeseen tax liabilities
Line of Business/Compliance Risks5. Product quality
6. Product classifi cation and export7. Interaction with government o� cials8. Logistics and third parties
9. Compliance software and system integration delays10. Fraud11. Intellectual Property12. Relations with local unions13. Loss of key talent14. Poor cultural integration15. Control environment
Acquisition Risk Assessment
Acquisition Risk Heat MapIllustrative
Critical (> 20%)
Major (5-20%)
Manageable(< 5%)
Remote(< 10%)
Possible(10-50%)
Likely(> 50%)
Likelihood
Imp
act
(on
Eco
nom
ic P
rofi
t)
10
9
8 7
6
5
4
3
2 1
1112
15
1314
Medium High
Medium
Medium
High
LowLow
Low
CRITICAL
Although most companies do not consider these factors in integration planning, the fi nancial impact and likelihood of the occurrence have serious repercussions on value capture success.
1 Pseudonym.
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�28
COMPLIANCE INTEGRATION PLAN
Compliance Integration Plan: Vietnam AcquisitionIllustrative
1 Pseudonym.
1
Compliance Integration Milestone
Task # Description Timeframe
Develop and introduce a unifi ed Code of Conduct
101.01 Introduce Trier’s Code of Conduct to acquired employees.
Establish plan for end-state Ethics Helpline
101.02 Deploy helpline system to location (subject to local laws).
Integrate software systems and controls
101.03 Test target’s software controls and/or integrate into SAP system.
Review external board service of target execs for potential confl icts of interest
101.04 Review existing confl icts and confi rm adherence to Trier’s policy.
Implement compliance standards in new acquisition
101.05 Determine whether acquisition possesses compliance standards as set forth in federal sentencing guidelines.
Designate appropriate employees for training
■ Anticorruption ■ IP protection ■ Competition law
101.06 Ensure proper compliance training for high risk employee segments.
Trier creates a fi rm compliance integration timeline prior to deal close.
�29
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
PROJECT-BASED COMPLIANCE ASSESSMENTS
OVERVIEW
Fluor identifi es and assesses the impact of potential compliance and ethics risks before bidding on projects, helping it prepare more realistic risk mitigation plans that factor in the business costs of e� ectively managing risk.
KEY INSIGHTS
1. Analyze Compliance Risks Up Front—Review business opportunities to consistently and thoroughly identify potential risks, including export and corruption compliance and ethics risks inherent in typical operations based in emerging markets.
2. Account for the Costs of Compliance—In addition to capturing and documenting potential areas of compliance exposure, account for the time, e� ort, and resources the business will need to invest in to proactively manage risks. Use cost information to inform cost-benefi t decisions about business opportunities.
3. Update Ongoing Risk Management Plans—Regularly assess changes to local operating conditions and other factors that positively or negatively a� ect existing risk mitigation plans, updating compliance processes as appropriate to maintain adequate and ongoing risk coverage.
COMPANY SNAPSHOT
Fluor CorporationIndustry: Engineering and Construction
2009 Revenue: US$21.9 Billion
2009 Employees: 36,152
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�30
ENSURING COMPREHENSIVE RISK MANAGEMENT
Overview of Fluor’s Business Risk Management FrameworkIllustrative
Business Risk Management Framework (BRMF)The Business Risk Management Framework is a formalized and systematic process for assessing, managing and monitoring Fluor’s business risks for high-risk projects the company considers or executes, including investments and acquisitions.
Develop and Execute Risk Management Plan
Monitor and Report on Risk Management Performance
Continuous Performance Improvement
Select Risk Management Strategy for Each
Risk Identifi ed
Weight Potential Risks and Costs ■ Begin when the project is still a prospect ■ Identify potential risks that may threaten the project
■ Weigh potential risks against profi tability
Potential High-Risk Project
Note: Fluor executes engineering, procurement, construction, and maintenance work, typically in the form of discrete projects, for commercial and government clients around the world.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�31
CAPTURING THE COST OF COMPLIANCE RISK
Case in Point: Export Compliance Risk, Emerging Market Construction ProjectIllustrative
Potential Risk List
1. FCPA violation by subcontractor
2. Export compliance permit delays
3. Labor disruptions
4. Supply chain disruptions
Projected Costs: Export compliance permit delays
Cost 1: Additional three months added to project timeline.
Cost 2: Potential penalty of dollar per day imposed by client for breaching contractual schedule.
Project Scoring Worksheet (If yes, provide cost estimate) Projected Cost (Time, Money, etc.)1. Anticorruption/Government InteractionWill this project require us to work with agents or new subcontractors?If this is a public contract, would there be fewer than two bidders or is this a repeat bidding process?
2. PermitsDoes the project require permits from US export authorities?Does the project require permits from local country authorities?
3. LaborWill we need to use labor brokers to hire employees? Would pay or terms of service for newly-hired employees be di� erent to existing employees?
4. Supply ChainWould this project require us to rely on two or fewer suppliers?
Total
Project Price
�32
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
LOCAL CORRUPTION RISK MITIGATION
OVERVIEW
Capri selects local risk indicators that directly relate to the nature of their business, operating model, and the inherent risks posed by the country. Capri then uses predetermined risk thresholds to assess local business risk and appropriately plan mitigation e� orts.
KEY INSIGHTS
1. Customize Local Risk Approach—Customizes mitigation activities according to the risk category of the business, streamlining local implementation and maximizing limited legal and compliance resources.
2. Identify Country Specifi c Controls and Processes—Identifi es the organizational and country-based issues that pose the greatest risk to the business, minimizing gaps and overlaps in risk assessment and management.
COMPANY SNAPSHOT
Capri CompanyIndustry: Diversifi ed European Multinational 2009 Sales: US$75–125 Billion2009 Employees: 200,000–300,000
1
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�33
COMPONENT #1: IDENTIFY RELEVANT LOCAL RISK INDICATORS
Basic Requirements of the Foreign Corrupt Practices Act
Relevant Risk Indicator
Who ■ Any individual, fi rm, o� cer, director, employee, agent, or
stockholder acting on behalf of the business in FCPA violations ■ Anyone who engages in conspiracy to violate the FCPA
Corrupt Intent ■ Intention of inducing the recipient to misuse his/her o� cial
position ■ Intention of infl uencing a foreign o� cial in his/her o� cial capacity
Payment ■ Any payment ■ O� er or promise to pay ■ Money or anything of value ■ Directly or indirectly
Business Purpose ■ Obtaining or retaining business ■ Directing business to anyone ■ Improper advantage
– Avoid customs duties – Reduce taxes – Increase profi ts – Prevent action – Obtain approvals – Engage in espionage – Get money due
Receipt ■ Foreign o� cials ■ Government employees ■ Employees of government-owned or controlled enterprises ■ Foreign political party ■ Candidate for foreign political o� ce
1. Level of Investment and Board Membership in Local A� liates, Subsidiaries, etc.
2. Country Risk Ranking (Based on TI Corruption Perception Index Scores)
3. Business Model (e.g., Sales, Financing)
4. Percentage of Business That Is Government-Facing
1
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�34
COMPONENT #2: ASSESS LOCAL BUSINESS RISK BASED ON RISK THRESHOLDS
Risk Classifi cation of Business Based on Risk IndicatorsIllustrative
Risk Category of the Business
1 (Highest Risk) 2 3 4 5
(Lowest Risk)
1. Level of Investment and Board Membership
Majority-Owned Business
Majority-Owned Business
Majority-Owned Business
Minority-Owned Business
Minority-Owned Business with Board Membership
2. Country Risk TI CPI Score 5.2 TI CPI Score 5.2 TI CPI Score 5.2 TI CPI Score > 5.2 TI CPI Score > 5.2
3. Business Model Sales Business Sales Business Sales BusinessNon-Sales Business
Non-Sales Business
4. Percentage of Business That Is Government-Facing
More Than 3% in High-Risk Country
Between 0–3% in High-Risk Country
> 25% in Low-Risk Country
< 25% in Low-Risk Country
0%
1
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�35
Risk Category of the Business
1 (Highest Risk)
2 3 45 (Lowest
Risk)
Mitigation Activities Required
Compliance Consultation Desk
Yes Yes Yes Yes No
FCPA Relevant Policy and Guidelines
Improper Payments and Other Benefits Yes Yes Yes Yes No
Retention and Use of Intermediaries in Sales and Distribution Yes Yes Yes Yes No
Compliance Due Diligence
Compliance Due Diligence in New Sales Intermediaries Yes Yes Yes Yes No
Compliance Due Diligence on Existing Sales Intermediaries (with concerns/change of ownership) Yes Yes No No No
Internal Controls
Implementation of Compliance Package Yes Yes Yes No No
Self-Assessment Yes Yes Yes No No
HR Compliance
Specific Anti-Bribery Compliance Targets for CEO, CFO, etc. Yes Yes Yes No No
HR Checklist for Screening Applicants (CEO, CFO, etc.) Yes Yes No No No
Training and Communication
Communications (e.g., Newsletter, Intranet) Yes Yes Yes Yes No
Code of Conduct Training Yes Yes Yes Yes No
Anti-Bribery Standard Classroom (and Refresher after 24 Months) Yes Yes No No No
Anti-Bribery Standard e-Learning (and Refresher after 24 Months) Yes Yes Yes Yes No
Local Compliance Manager Network
Implementation of Local Compliance Manager Yes Yes Yes No No
Government Business Controls
Implementation of Mandatory Consultation Process Yes Yes No No No
Reporting on Governmental Business Yes Yes Yes Yes No
COMPONENT #3: EMBED CATEGORY-BASED MITIGATION PLANS
Mitigation Plan According to Risk CategoriesIllustrative Excerpt
Businesses in a lower risk category (i.e., four or above) have fewer mandated mitigation activities. These mostly consist of policies, training, due diligence, and HR requirements.
Businesses in a higher risk category must appoint a local compliance manager and participate in the mandatory consultation process.
1
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�36
HOW TO MAXIMIZE YOUR IMPACT ON COMPLIANCE RISK
Compliance and Ethics O� cers Role in Assessing Emerging Markets RiskMoments of Greatest Potential Impact
Critical Point 1: Market Entry
■ New market entry substantially elevates compliance risk, introducing new economic, political, legal, cultural, and acquisition/partnership risks
Compliance Role ■ Use the market entry decision
process to assess new country risks and ensure integration of new processes into the existing compliance risk framework
Critical Point 2: New Projects and Product Lines
■ New business launches expose the company to new customers, competitors, partners and regulatory requirements
Compliance Role ■ Consistently assess risks
associated with new project or product launches, integrating specifi c compliance criteria into investment decisions to appropriately “price” risks and establish clear operating expectations
Critical Point 3: Operating Environment
■ Changes in operating environment (enhanced enforcement, changes in internal processes) may increase compliance risk levels
Compliance Role ■ Customize compliance
requirements by local risk conditions, streamlining local implementation and maximizing limited compliance resources
Extending Compliance Infl uenceWhile Compliance and Ethics may not participate in every business decision, it can insert key considerations into the critical risk points.
�37
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
Why Should We Focus on Risks to Our Culture and Integrity as We Expand Into New Markets?
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�38
850,000+ EMPLOYEES WORLDWIDE, 185 GLOBAL COMPANIES: CEB’S RISKCLARITY SURVEY
RiskClarityEmployee Survey and Scale
Multiple IndustriesParticipating companies represent the following industries: Energy, Drilling and Gas, Insurance, Pharmaceuticals and Medical Supplies, Financial Services, Non-Profi t, Professional Services, Retail, Construction and Building Materials, Manufacturing, Food Services, Chemical, and Consumer Product Goods.
Global CoverageRespondents work in more than 115 countries across North America, Europe, Asia, the Pacifi c Rim, and Latin America.
All Employee LevelsEmployees at all levels, from the CEO and senior management to middle management and frontline employees.
All Business FunctionsRespondents represent all business functions, including Finance, Sales, Marketing, Information Technology, Call Centers, Human Resources, and Manufacturing.
Key Demographics of Survey Participants to Date
1 3
2 4
Survey StatementsStrongly
Agree AgreeSlightly Agree Neither
Slightly Disagree Disagree
Strongly Disagree
I can report unethical behavior or practices without fear of retaliation.
My company responds quickly and consistently to verifi ed or proven unethical behavior.
I am often exposed to situations that could lead to inappropriate conduct.
Note: All questions were coded or recorded in such a way to directionally be on the same scale.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�39
1 The 18 questions of the integrity index are scored on a seven-point scale from 1 (weakest value) to 7 (strongest value) and collectively serve as a proxy for the cultural health of organizations.
DECONSTRUCTING THE COMPONENTS OF INTEGRITY
The RiskClarity Survey Analyzes the Strength of Key Attributes That Impact a Culture of Integrity
INTEGRITY INDEX�1
Clarity of Expectations
Comfort Speaking Up
Openness of Communication
Trust in Colleagues�
Organizational Justice
Direct Manager Leadership
Tone at the Top
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�40
IMPROVING CULTURE REDUCES MISCONDUCT
Distribution of Employees By Overall Perception of CulturePercentage of Respondents in Each Category and Their Corresponding Observation/Reporting Rates
n = 180,548 from 2010.
1 Percentage of employees within category who observed misconduct in past year.2 Percentage of employees within category who responded “Don’t Know” when asked if they had observed misconduct over the past year.3 Percentage of employees within category who reported the misconduct they observed.
9.6% 22.6% 63.0%
"I Saw Misconduct"�1 61.3% 33.7% 16.5% 7.4%
“I Don’t Know if I Saw Misconduct”�2
22.1% 30.3% 21.8% 8.0%
”I Reported What I Saw”�3
47.2% 46.5% 53.3% 73.8%
4.8%
Least Favorable
Neutral
Moderately Favorable
Most Favorable
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�41
FINDING RISKS IN BUSINESS UNITS
Impact of Culture on Misconduct and Reporting RatesFindings from Alpha Company1
Highest Integrity Business Unit
Management
Integrity Index = 6.21
Observation Rate = 7%
Reporting Rate = 75%
Non-ManagementIntegrity Index = 5.82
Observation Rate = 13%
Reporting Rate = 50%
Lowest Integrity Business Unit
Management
Integrity Index = 5.40
Observation Rate = 20%
Reporting Rate = 46%
Non-ManagementIntegrity Index = 5.15
Observation Rate = 29%
Reporting Rate = 39%
Company-Level ResultsActual RiskClarity Data
Integrity Index = 5.59
Observation Rate = 18%
Reporting Rate = 50%
17 Business Units
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�42
UNDERSTANDING THE CULTURAL COMPONENTS OF RISK
Year One ■ Establish a Baseline
Launch survey to establish a baseline measure of corporate culture
■ Deploy Enterprise-Wide CommunicationsCommunicate survey results to employee base, emphasizing organizational commitment to values
Year Two ■ Analyze Survey Results at Multiple Levels
Analyze cultural results at di� erent organizational levels to highlight specifi c areas of potential ethical risks
■ Conduct Cultural AuditsPerform cultural audits at low scoring business units to validate survey fi ndings and uncover the hidden cultural dynamics
■ Integrate Cultural Measures into Risk AssessmentsIntegrate business unit specifi c cultural information into quarterly risk reports
Testing Corporate Culture Developing Culture Mitigation Plans
Functional Area 1
Functional Area 2
CEO
Division 1 Division 2
Business Unit A—Senior
Management
Business Unit B—Senior
Management
Business Unit C—Senior
Management
Centene tests culture at di� erent organizational levels, highlighting specifi c areas of potential ethical risk.
RiskClarity Tests
■ Employee Comfort Speaking Up
■ Organizational Justice
■ Trust in Colleagues
■ Direct Manager Leadership
■ Tone at the Top
■ Openness of Communications
■ Clarity of Expectations
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�43
YEAR 2: CONDUCTING LOCAL CULTURAL AUDITS
Cultural Audit Process Map
Identify In-Scope Business Units
for Cultural Audit
Hold Key Stakeholder Discussions
Conduct Focus Groups and Interviews
Create Corrective Action Plan
The four lowest-scoring business units receive a compliance-led cultural audit.
The Ethics and Compliance O� cer interviews business unit leaders to discuss the local cultural audit and the business context to understand if the low score presents a signifi cant risk.
Compliance leads focus group sessions with senior, mid-level, and line employees to better understand the local cultural dynamic.
A corrective action plan is created and owned by the business, supported by compliance, and tracked across the year.
Key Focus Group Questions
1. Have you observed misconduct?
2. Do you believe that senior management shares the appropriate amount of information with employees?
3. Do you believe the culture encourages open and honest communication?
4. Do you understand the company’s expectations for behavior and disciplinary guidelines?
5. Do you feel comfortable reporting concerns to your direct supervisor without fear of retaliation?
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�44
1 Remaining risk exposure is calculated as (risk severity × risk likelihood) × (1 – level of control).
INTEGRATING CULTURE INTO RISK ASSESSMENTSMonthly Risk Assessments for Business Unit A
Legal Risk Risk LikelihoodScale:
10 = High Risk1 = Low Risk
Risk SeverityScale:
10 = High Risk1 = Low Risk
Level of ControlScale:
100% = E� ective Control 0% = Ine� ective Control
Remaining Risk Exposure�1
Competition Law 4.0 10.0 60% 16
Contract Compliance 8.0 7.0 95% 3
Fraud 4.0 6.0 50% 12
Privacy Laws 8.0 5.0 40% 24
Corporate Culture: ■ Serves as a mitigating control supporting integrity in business practice ■ Is a forward-looking indicator of misconduct ■ Improves prioritization of corrective action planning ■ Identifi es the root cause of underlying systemic compliance failures
RiskClarity results are one of several standard rating criteria (including policies, training, and controls testing) Centene uses to measure “Level of Control.”
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�45
TAKE A QUICK PULSE OF MICROCULTURES
Tapping the Line
1. Hearing a True Voice—Tyco uses RiskClarity questions to gather readings on subculture concerns
2. Surfacing Outliers—As opposed to focus groups, polling ensures “group-think” will not infl uence individual responses
3. Teaching in the Moment—Aggregate responses are displayed in real-time, enabling spontaneous educative discussions about fl agged issues
Analysis of Firmwide Polling ResultsIllustrative
Internal and External Benchmarking
By polling using questions about comfort speaking up, perceptions of management, and training e� ectiveness, Tyco can tap into the local climate of individual factories, o� ces, and regions.
Do You Feel Comfortable Speaking Up?
Does Management
Have High Integrity?
Have You Heard of These
Regulations Before?
0
20
40
60
100
80
Tyco Plant A
Tyco Company Mean
Average Across Tyco Subsidiary
Tyco’s Polling SessionIllustrative
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�46
SMALL DIFFERENCES, BIG CONSEQUENCESIn
teg
rity
Ind
ex S
core
Individual Company Score
Relative to Employees at Top Quartile Companies, Employees at Bottom Quartile Companies Are…1.6 times as likely to observe misconduct.
Two times as likely to observe HR–related misconduct.
Three times as likely to observe misconduct in high-risk compliance areas such as confl icts of interest or accounting irregularities.
Bottom Quartile (25th Percentile)
Top Quartile (75th Percentile)6.2
6.0
5.8
5.6
5.4
5.2
5.0
4.8
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�47
HIGHER INTEGRITY, STRONGER LONG-TERM TOTAL SHAREHOLDER RETURNS
Average 10-Year Total Shareholder Return for Bottom and Top Quartile of 48 Companies
Top Quartile of RiskClarity Integrity Index
Bottom Quartile of RiskClarity Integrity Index
Correlation (r) = 0.58Signifi cance level of Correlation: P-value < 0.01
n = 48.
Culture as Competitive Advantage?
While promoting a culture of integrity may not always be a high corporate priority, failure to properly engage with employees represents a strategic (as well as compliance) risk that threatens long-term competitive advantage.
(7.4%)
8.8%
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�48
1. What insight does CELC data provide?
2. How are leading companies proactively managing these risks?
THE ROLE OF COMPLIANCE AND ETHICS IN SUPPORTING GLOBAL READINESS: KEY QUESTIONS TO ADDRESS NOW
Program “Bones”Risk Identifi cation
Compliance Oversight Outreach
Do we know what our key risks, including cultural hot spots, are in these new markets? How are we mitigating those risks? And what is the upside of getting this right?
Do we have the resources and program structure in place to enable us to adapt and respond quickly?
What oversight do we need to put in place to ensure we are reducing the likelihood of misconduct?
Have we targeted the high-risk audiences with appropriate (and appropriately-timed) outreach, training, etc.?
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�49
WHY IS THIS SO HARD FOR ME?
Greatest Barrier to Achieving Program SuccessPercentage of Respondents Selecting as Greatest Barrier, 2010
n = 157.
Compliance and Ethics Resources
Corporate Culture
Poor Information
Sharing
Ambiguous Regulatory
Expectations
Mismatch of Skills and
Needs
Technology Constraints
Lack of Useful Performance
Metrics
Other
32%
��%
��%
�% �%�% 3%
��%
32%
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�50
HOW ARE C&E TEAMS STRUCTURING TO MANAGE RISKS IN NEW MARKETS? PART 1: EMBEDDING
Percent of Compliance and Ethics Full-Time Employees Embedded in the Business
n = 134.
56%C&E Employees Embedded in the Business
44%C&E Employees in the
Corporate Center
Source: CELC’s 2012 State of the Compliance and Ethics Function Survey Results.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�51
HOW ARE C&E TEAMS STRUCTURING TO MANAGE RISKS IN NEW MARKETS? PART 2: LIAISONS
Use of Part-Time Compliance and Ethics Liaisons 2012
n = 231.
57%Yes
43%No
Source: CELC’s 2012 State of the Compliance and Ethics Function Survey Results.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�52
Source: CELC’s Global Compliance Program Management Forum.
OF INTEREST TO CELC MEMBERS: ARE YOU ROTATING YOUR LIAISONS? HOW OFTEN?
“The term is 18 months, a� ording others the opportunity to grow in this role and growing the number of employees who have had exposure to this area.”
Anonymous
“We do not have a formalized network of ethics liaisons, but it is part of role responsibilities embedded in our Employee Relations roles. The individuals in those roles may rotate every 2–3 years, and the responsibilities are assumed by their successors.”
Anonymous
“My company does use liaisons in other business units to help with the compliance e� ort, which is a role over and above their day-to-day operational responsibilities. We do not have a set time period for people in these roles. However, there is some movement due to people taking other jobs in the company.”
Ethics and Compliance Manager
“Our analysis shows that due to changing job responsibilities as people move through our company, there is a natural time limit for most of our Ethics and Compliance Manager (ECM) positions of about two to three years. Former ECM are excellent champions for our Ethics and Compliance Program. We are considering whether to include ECM ‘alumni’ in our ECM updates.”
Associate General Counsel, Manufacturing
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�53
CELC MEMBER PERSPECTIVE: ROLES OF CORPORATE COMPLIANCE COMMITTEE AND REGIONAL COMPLIANCE COMMITTEES
Percentage Ranked by Respondents as Top Role
1. Oversee implementation of compliance initiatives (41%)
2. Identify areas of potential risk (22%)
3. Review allegations and monitor investigations (13%)
4. Review company policies and procedures (11%)
5. Monitor compliance with policies and procedures (9%)
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�54
CELC MEMBER PERSPECTIVE: CORPORATE COMPLIANCE COMMITTEE MEMBERSHIP
Who Are the Members of Your Corporate Compliance Committee (Check All That Apply)?
�� �
��� �� � ����� �
��� �� � ������
���
General Counsel
Head of HR
Head of Internal Audit
Business Unit
Leaders
CFO CEO CRO COO Head of Sales
Other
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�55
REGIONAL COMPLIANCE COMMITTEE SEMI-ANNUAL REPORT CHECKLIST: MOTOROLA’S APPROACH
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�56
1. What insight does CELC data provide?
2. How are leading companies proactively managing these risks?
THE ROLE OF COMPLIANCE AND ETHICS IN SUPPORTING GLOBAL READINESS: KEY QUESTIONS TO ADDRESS NOW
Program “Bones”Risk Identifi cation
Compliance Oversight Outreach
Do we know what our key risks, including cultural hot spots, are in these new markets? How are we mitigating those risks? And what is the upside of getting this right?
Do we have the resources and program structure in place to enable us to adapt and respond quickly?
What oversight do we need to put in place to ensure we are reducing the likelihood of misconduct?
Have we targeted the high-risk audiences with appropriate (and appropriately-timed) outreach, training, etc.?
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�57
RISK MANAGEMENT INEFFECTIVE IN EMERGING MARKETS
Legal and Compliance Department Ranking of Ability to Manage Risk, by RegionPercentage Ranking as Ine� ective, GCR Legal Risk Diagnostic, 2010
n = 112.
North America
Western Europe
Eastern Europe
Central America
South America
Asia-Pacifi c
Africa Middle East
Five to seven times more legal and compliance departments report being ine� ective in these regions than in North America
��
��
������
��� ���
������
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�58
CURRENT STATE OF LOCAL COMPLIANCE OVERSIGHT
How Often Does Compliance/Internal Audit Assess Compliance in Emerging Markets? Percentage of Respondents, CELC Pre-Meeting Survey, 2010
Do You Require Local Business Self-Assessments of Compliance and Ethics E� ectiveness? Percentage of Respondents, CELC Pre-Meeting Survey, 2010
Depends Upon Local Risk Level
AnnuallyQuarterly OtherEvery OtherYear
Semi Annually
n = 25.
No Yes, Annually Yes, QuarterlyYes, Less Frequently
Than Annually
Other
n = 25.
���
���
��
���
�� ��
�� �
�� ����
�� ��
�59
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
FACILITATE BUSINESS SELF-ASSESSMENTS
OVERVIEW
To help the business meet its compliance and ethics obligations, Intel’s corporate Ethics and Compliance Program O� ce ensures implementation of oversight and operational execution, including providing the necessary tools and guidance for business partners to e� ectively monitor and improve their compliance and ethics processes.
KEY INSIGHTS
1. Enable the Business-Led Assessment Process—Provide the business with a framework and tools to help it gauge the e� ectiveness of local ethics and compliance initiatives in mitigating local internal and external risks.
2. Review and Improve Business Mitigation Plans—Create opportunities for corporate review of business self-assessments to deliver constructive feedback to the business while creating visibility into the state of the local ethics and compliance program and reinforcing senior management commitment to ethics and compliance.
3. Advance Business Goals Through E� ective Risk Management—Demonstrate the long-term business value of identifying and correcting compliance and ethics risks by tying compliance and ethics improvement to overall business performance.
COMPANY SNAPSHOT
IntelIndustry: Technology2009 Sales: US$35 Billion2009 Employees: 79,800
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�60
REPORTING ON LOCAL RISK MANAGEMENT
Intel’s Ethics and Compliance Program
Comprehensive Risk Assessment Review
Business groups, which range from entire business lines to country-specifi c operations, prepare for the review using a self-assessment questionnaire to identify local risks and proactively address potential gaps.
Delivering fi ndings in-person to the ECOC enhances corporate visibility into local conditions, fosters dialogue between the business and senior leaders from across the company, and reinforces senior management commitment to compliance and ethics.
Review Topics1. Internal and External Environment
2. Compliance, Controls, Ethics, and Code of Conduct
3. Periodic Risk Assessment Results
4. Business Continuity Plans
5. Review Process Feedback and Learning
Selected Program Components
■ Tone from the CEO
■ Code of Conduct
■ Ethics Training and Communications
■ Ethics and Compliance Oversight Committee (ECOC)1
■ Business-Led Risk Assessments – Periodic Risk Assessments
– Comprehensive Risk Assessment Review
■ Ethics and Compliance Business Champions
■ Ethics and Compliance Advocates
■ Reporting Mechanisms
■ Annual Employee Survey
1 The ECOC reports to the Audit Committee of the Board and is co-chaired by the VP and Director of Corporate Legal and Director of Internal Audit. Other members include Vice-Presidents or Directors of Legal Compliance, Finance, HR, HR Legal, Technology and Manufacturing, Architecture (Platforms and Products), Sales and Marketing; and the Directors of IT, Corporate A� airs, and EH&S.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�61
Feedback and Learning
Internal and External Environment
GAUGING BUSINESS OWNERSHIP OF COMPLIANCE AND ETHICS
Intel’s Self-Assessment Questionnaire (Excerpt)
1 Ethics and Compliance Business Champions—Business or functional leaders in each business group responsible for advocating for and monitoring ethics and compliance within their groups.
Periodic Risk Assessment
Business Continuity1. How often does the business review business continuity plans to ensure they are current with
respect to peer audits, integrated drills, and other related activities?
Compliance, Controls, Ethics, and Code of Conduct
Section B. Responsibility and Structure Questions
1. What framework does the business have in place for the Ethics and Compliance (E&C) program? What are the local E&C roles and responsibilities?
2. How does senior management visibly support this initiative? To what extent do they visibly participate in, lead or support E&C discussions and activities?
3. How does senior management ensure that the local E&C Business Champion has the support and resources needed to carry out E&C activities?
4. How is the business ensuring and monitoring that managers (senior through fi rst line) send consistent tone? How are managers reviewing and sharing case studies and specifi c compliance topics with their sta� ?
5. To what extent is ethics and compliance embedded in business performance dashboards and management objectives, with ownership for delivery by line management? Is E&C embedded into performance expectations?
Promoting Culture
Open-ended questions focus on ascertaining management’s role in promoting and supporting a culture that drives sustainability of E&C initiatives.
Promoting Business Success
Including questions about business continuity in the self-assessment helps assess business management objectives and compliance and ethics goals in the same exercise.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�62
TESTING LOCAL SELF-ASSESSMENTS
Overview of the Comprehensive Risk Assessment Review
Providing Feedback and Taking Action
■ The ECOC meets after the presentation to discuss fi ndings and make formal recommendations or pose additional questions to the business.
■ Business groups draft action plans and send these to the Manager of the Ethics and Compliance Program for fi nal approval.
■ On a case-by-case basis, some business groups may be required to provide additional updates or make subsequent presentations to the ECOC.
3Delivering Findings in Person
■ The General Manager of each group delivers a two-hour presentation; other business managers and business champions also participate.
■ During the presentation, the ECOC fosters open dialogue and focuses the discussion on any identifi ed compliance and ethics gaps and proposed mitigation steps.
2Preparing for the Presentation
■ Business groups prepare for the presentation 4–5 months in advance, using self-assessment results to build PowerPoint slides.
■ Each group is assigned an Audit Manager and ECOC Sponsor (a senior leader who sits on the ECOC) to answer questions and facilitate the review process
■ The ECOC identifi es specifi c areas of concern in each business group and prepares probing questions for the review.
1
�63
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
ASSESSING GLOBAL PROGRAM EFFECTIVENESS
OVERVIEW
Through location-based program self-assessments, Amalfi Company compares regional performances to identify lagging business units and ensure the adequacy of its overseas compliance program.
KEY CONCEPTS
1. Conduct Monitoring at a Granular Level to Raise Performance Levels—Monitor individual locations to test whether the compliance and ethics program is e ectively deployed across the far corners of the organization and ensure that lagging locations quickly improve to operate at the level of their highest performing peers.
2. Adopt Consistent Program Evaluation Standards to Enable Cross-Company Comparison—Establish consistent objectives and minimum expectations for program evaluations to enable meaningful comparison across business locations and identify performance laggards.
COMPANY SNAPSHOT
Amalfi Company�
Industry: Manufacturing
2009 Revenue: US$10–20 Billion
2009 Employees: More than 50,000
1 Pseudonym.
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�64
1 Pseudonym.
ACHIEVING GREATER COMFORT
Key Components of Annual Compliance and Ethics Program Review at Location-Level
I. Location-Based Program Assessment
II. Consistent and Explicit Standards
III. Compliance Risk Identifi cation
Locations
Business Units
Objectives Minimum Expectations Tests
1. Program Deployment
2. Management Commitment
3. Employee Understanding
Compliance and Ethics Program Self-Assessment Score Review
Business Unit A
Satisfactory Scores Across Locations
Business Unit B
Non-Satisfactory Scores Across Locations
Business Unit C
Excellent Scores Across Locations
Key Attributes ■ Detailed assessments help to validate whether program e� orts reach the lower levels of the organization and whether local management embraces a culture of compliance and ethics
■ Granular assessment scope helps to identify systemic business unit risks or emerging enterprise-wide weaknesses that may have been missed in a broader review
Key Attributes ■ Adoption of consistent program objectives and minimum expectations to ensure appropriate deployment of compliance and ethics programs across locations and to enable meaningful comparisons against a uniform standard
Key Attributes ■ Use of compliance and ethics program audit results to highlight meaningful trends or emerging risks across a business unit or region, that warrant senior management attention and response
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
65
1 Pseudonym.
Mandatory Self-Assessment Audit ProgramCoverage of 500 Locations, Illustrative
Key Learnings from Location-Level Program Assessments
REACHING THE COMPANY’S FAR CORNERS
Key Attributes
■ Self-assessment of major functional areas performed by local audit sta� , with assistance from corporate audit
■ Action plans determined by local self-assessors: follow-up action for priority gaps approved by corporate audit
■ Audits cover typically 40% of total locations each year
Compliance and Ethics Program Self-
Assessment Objectives
Has the program been fully deployed? Is management committed to the program? Do employees understand the program?
Annual Self-Assessment Audit Program
Areas Reviewed
Number of Audit Objectives
Finance 30
IT 20
Environment 15
Procurement 5
Compliance and Ethics
3
Brazil Operations: Self-Assessment Audit Program
Location assessment unearths whether employees at the local factory-level understand their basic compliance and ethics obligations and have access to resources to gain further awareness.
Employee Understanding of the Program
Criteria Knowledge of Compliance Requirements Familiarity with Code of Conduct Awareness of Helpline
3
Commitment to Culture of Compliance
Location assessment helps to demonstrate whether the next generation of company leaders (current location managers) proactively encourages a culture of compliance in their actions and communications.
2
2010 Initiatives ■ Compliance Bulletins ■ Compliance 101 for
New Employees ■ Web-Based Ethics
Training
Deployment of Corporate Initiatives at Location Level
Location assessment identifi es whether corporate compliance and ethics initiatives actually are implemented at the company’s operational level.
1
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�66
Self-Assessment Objectives
Minimum Expectations to Meet Objective
Standard Tests to Demonstrate Minimum Expectations (Selected)
I. Has the program been fully deployed at this location?
1. Provision of recurring ethics training2. Provision of compliance and ethics
materials to new sta� 3. Existence of e� ective issue escalation
and reporting mechanisms4. Dedicated location ethics and
compliance liaison
Program Deployment Checks
II. Does local management demonstrate an active commitment to the program?
1. Full adherence with anticorruption policy
2. Full disclosure of any confl ictof interest
3. Active encouragement of compliance and ethics mandate across location
Location Management InterviewIn-depth interviews with top-four location managers to evaluate possible confl icts of interest, knowledge of policy violations, and proactivity in encouraging ethical and compliant behavior across location
III. Do local employees understand the program?
1. All sta� is trained on code of conduct2. Compliance and ethics posters are
visible throughout all locations3. All sta� participated in recent ethics
training session
On-Site Inspection of All Factoriesand Facilities
Program Elements
■ Communications ■ Risk Assessment ■ Training ■ Reporting
Key Tests
Are compliance and ethics materials distributed to all factory fl oors? Is new sta� educated on code of conduct? Do factory workers certify code of conduct?
Evidence Needed
Percentage of sta� trained Existence of compliance liaison position Code of conduct certifi ed by percentage of sta� Awareness levels of help line call system
1 Pseudonym.
COMPARING APPLES TO APPLES
Annual Compliance and Ethics Program Self-Assessment at Business Location LevelIllustrative
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�67
FINDING OUTLIERS
Program Self-Assessment Score Reporting to Corporate ManagementQuarterly Compliance Council Meeting, Illustrative
Quarterly Compliance Council Meeting
Breakdown of Self-Assessment Scoresby Business Locations
CCO
CEO
GC
CFO
Compliance and Ethics Self-Assessment Scores by Business Unit
Self-Assessment Scores(1 = Poor, 5 = Excellent)
ObjectiveLocation 1 Score
Location 2 Score
Location 3 Score
Has the program been fully deployed?
3 3 2
Is management committed to the program?
1 2 1
Do employees understand the program?
4 3 1
Compliance and Ethics Program Self-Assessment Score Review
Business Unit A
Satisfactory Scores Across Locations
Business Unit B
Non-Satisfactory Scores Across Some Locations
Business Unit C
Excellent Scores Across Locations
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�68
FOCUSING INTERNAL AUDIT RESOURCES
Source: CEB, Audit Director Roundtable, 2012.
Extensive Internal Audit Review
Internal Audit leverages the intelligence gathered by peer reviewers to perform a more in-depth audit.
Extensive Audit CharacteristicsIncreased FrequencyYearly audits on high risk unitsLonger Engagement DurationMore extensive sampling and testing on prevent-and-detect controlsFocus on Vulnerable AreasBalance Sheet, Cash Cycles, Sales, Purchasing/Inventory Management
5
Produce Peer Report
The peer report drives fraud risk awareness of Audit sta� and clients by identifying areas of potential concern and capturing the unique context of the business unit.Sample Peer ReportCtrl. No.
Control Statement Status Recommendation Response
A-1 Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
A-5 Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
Tat. Ut lore dolorer senim accum dolortin vel ulputem nulputpatem inim qui essim autpat ad doloborem ero etue dionse modoloborper sum zzriliq uatuerit.
4 Perform Peer Review
Peer review engagements are intended to identify potential control exceptions, evaluate business process e� ciencies, and assess the control environment.
Peer Review CharacteristicsFlexible Test Program Includes fraud testing; program provides suggested steps only and reviewer can change scopeConsultative EngagementNon-policing nature facilitates auditee transparency and receptiveness
3
Identify Peer Reviewer
Internal Audit relies upon specially selected local peer reviewers to more e� ectively gain visibility into local operations in advanceof auditsPeer Reviewer CharacteristicsBusiness Familiarity: Operates similar processes as auditee and understands KPIsCultural Familiarity: Familiar with or from regionIndependence: Does not have a working relationship with auditeeControls Expertise: Frequently has an audit background
2
Target High Risk Units
Cookson considers several factors to identify the business units for special review.
1
Fraud Risk Factors ■ Smaller remote business unit
■ Receives less management attention
■ High risk country
■ Unit not in central ERP system
■ Unique business practices
■ Unit manages its own cash
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�69
PARTNER TO MONITOR HIGH-RISK LOCATIONS
Key Benefi ts ■ Having two representatives from corporate instead of one brings new perspectives to the table and helps generate
potential solutions in real-time. ■ Joint audits provide more action-oriented advice, helping local functional heads implement solutions more rapidly.
Duplication of Audit Work Across Functions Joint Audits of Local Units
Source: CEB, General Counsel Roundtable, 2012.
Local PlantManager
Corporate LegalRepresentative
Health and SafetyRepresentative
“Yes, here’s thechecklist I created.”
Initial Questions“Do we have a process in place to comply with this regulation? Is itdocumented?”
Legal and Compliance Follow-Up“It looks like we’re misinterpreting these guidelines, we can actually need to change our process a bit to protect the company from liability.”
Legal Risk Assessment: ThailandMake sure the business is complying with all new local regulations.
Health and Safety Quality Control Checks: ThailandEnsure quality control at all manufacturing sites.
1
2
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�70
BUILDING CROSS-REGIONAL COMPLIANCE NETWORKS
Council Implementation GuidanceSelected Member Approaches
Questions for Discussion ■ Are compliance and ethics sta� at my company, including functional partners and ethics liaisons, communicating e� ectively with
each other?
■ How can I leverage existing activities (e.g., quarterly management meetings) to improve knowledge-sharing between compliance sta� and other assurance functions? How do I know when I need to add compliance sta� in emerging market locations?
■ What can I do at the corporate o ce to facilitate the e� ectiveness of knowledge networks? Are there any compliance and ethics issues that shouldn’t be shared across these networks?
Compliance Leadership ForumDell’s Compliance Leadership Forum is a group of compliance program subject matter experts who meet quarterly to identify critical risk domains and help set priorities. They also collaborate with Legal, Procurement, and Audit partners to collect compliance materials, policies, and programs that already exist.
1. Utilize Local Information Sources—Solicit risk information from subject matter experts in emerging markets who already handle compliance duties.
2. Include Other Stakeholders—Add representatives from the business and other functions to cross-regional compliance and ethics committees and discussions, especially if there are no compliance sta� in-country.
Online Communities of PracticeEni’s online Communities of Practice connect the legal department, spread across 30 countries. Community members actively discuss new ideas, work on companywide problems, and respond to help requests from colleagues across the globe.
3. Improve Cultural Awareness—Build an understanding of local cultural norms and business customs in compliance and legal team members.
4. Facilitate Collaboration—Leverage technology—including shared work spaces and video conferencing—to maximize coordination and communication across geographies and time zone di� erences.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�71
1. What insight does CELC data provide?
2. How are leading companies proactively managing these risks?
THE ROLE OF COMPLIANCE AND ETHICS IN SUPPORTING GLOBAL READINESS: KEY QUESTIONS TO ADDRESS NOW
Program “Bones”Risk Identifi cation
Compliance Oversight Outreach
Do we know what our key risks, including cultural hot spots, are in these new markets? How are we mitigating those risks? And what is the upside of getting this right?
Do we have the resources and program structure in place to enable us to adapt and respond quickly?
What oversight do we need to put in place to ensure we are reducing the likelihood of misconduct?
Have we targeted the high-risk audiences with appropriate (and appropriately-timed) outreach, training, etc.?
�72
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
CULTURAL FRAMEWORK FOR DRIVING ETHICAL BEHAVIORS
OVERVIEW
Realizing that employees often view corporate values—and accompanying ethical guidelines—as lofty and abstract, Wal-Mart disaggregates its corporate values into 26 “plain language” topics that are easily understood by ordinary employees. Each topic explains one aspect of the company’s values in simple words, addresses specifi c workplace behaviors, and sets clear expectations for employees. Ethics-based topics blend in with those unrelated to ethics, and therefore appear as an integral part of the corporate culture. To reinforce the topics and underlying behaviors in employees’ daily activities, Wal-Mart China uses a stage-gated training process, values-based business policies, proactive coaching and modeling by senior leaders, and a variety of culture promotion programs.
KEY INSIGHTS
1. Translate Corporate Values into Employee-Friendly Terms—To be locally meaningful, corporate values should be articulated as a series of actionable goals to which individual employees, at their location, can reasonably aspire.
2. Integrate Ethics into Business Messaging—Business ethics and integrity works best not as separate messages, but as part of how business is conducted. Make ethics an integrated component of all operation and strategy-focused employee sessions.
3. Consider the Impact of Collective Pressures—To address the collective work pressures that increase the likelihood of misconduct in a given location, conduct discussion-based ethics refresher courses which focus on the behaviors that alleviate pressure and prevent misconduct.
4. Devolve Ethics Responsibility to Local Employees—To foster a problem-solving culture where local employees and management proactively address ethical issues, create opportunities for employees to discuss critical behaviors in an open environment that encourages discussion.
COMPANY SNAPSHOT
Wal-MartIndustry: Retail
2008 Employees: 86,000 (Mainland China)
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�73
MAKING CORPORATE VALUES MEANINGFUL FOR EVERYONE
Foundation of Wal-Mart Culture
Three Basic Beliefs
Integrity
■ Respect for the Individual
■ Service to Our Customers
■ Strive for Excellence
■ “What do these concepts mean to our associates�1 in their daily work?”
■ “How do we deliver our values to customers, associates, vendors, and the community on a day-to-day basis?”
1. “Sundown Rule”2. Open Communication3. Servant Leadership4. Empowerment5. Teamwork6. Grass Roots7. Open Door Policy8. Associate Ownership9. People Development10. Confi dentiality11. “Ten Foot Rule”12. Aggressive Hospitality13. Friendly Atmosphere14. Pleasant Shopping Experience15. Everyday Low Price16. Sense of Urgency17. Quality Always18. Community Minded19. Satisfaction Guaranteed20. Continuous Improvement21. Result Oriented22. Integrity Always23. Competitive Spirit24. Failure Allowance25. Risk-Taking Encouraged26. Expense Control
Wal-Mart’s 26 Cultural Topics
1 Wal-Mart refers to its employees as “associates.”
Source: CEB,Asia HR Executive Board, 2012.Wal-Mart copyright. All rights reserved.
Other Stakeholders
Corporate Leaders
HR
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�74
Integrity Always: Honesty Is the Best PolicyIntegrity is a cornerstone of the Wal-Mart culture. All of us must have it in all our business dealings as well as our personal lives. At Wal-Mart, we do not make excuses for our mistakes. We take responsibility and learn, so that we do not make the same mistakes again.
Confi dentiality: Keep It Under Your Hat!All confi dential or sensitive information pertaining to the Company should not be disclosed to persons that are not Wal-Mart associates. If you are unsure whether any information that you have is confi dential in nature, you should assume that it is confi dential and take measures to guard that information.
PROMOTING (AND CLARIFYING) ETHICAL BEHAVIOR AS A VALUE
Training Material: 26 Cultural Topics (Excerpt)Wal-Mart China
Wal-Mart copyright. All rights reserved.
Topics on Ethics ■ Explain in simple terms. ■ Set clear expectations for employees. ■ Refer to specifi c behaviors.
Wal-Mart copyright. All rights reserved.Wal-Mart copyright. All rights reserved.
Source: CEB, Asia HR Executive Board, 2012.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�75
BUILDING AN INFRASTRUCTURE TO INFLUENCE BEHAVIORS
1 Wal-Mart refers to its employees as “associates.”
Source: CEB, Asia HR Executive Board, 2012.
Corporate Culture Support ChannelsWal-Mart China
Practice Snapshots
POLICY Monitoring and Enforcement
■ Open Door Policy
■
■ Ethics Violation Hotline and Mailbox
■ “Statement of Ethics”
CULTURE PROMOTION PROGRAMS Ongoing Awareness and Participation
■ “Integrity Star” Award
■ Award for Ethical Courage
■ Integrity-Themed Community Services
■ Integrity-Themed Company Festival (“Integrity Quarter”)
EDUCATION Learning and Absorption
■ 1 Orientation Training
■ Cultural and Ethics E-Learning Modules
■ New Associates Cultural Training
■ Integrity Management Training
LINK CONCEPTS WITH BEHAVIORSGoal: To help employees internalize the company’s values and convert theory into action.Solution:session in which they do the following:
1. Review the corporate values and cultural topics learned during orientation training.2. Share observations on how corporate values and culture have shown up in their work
experience so far.3. Create individual action plans on incorporating cultural and ethical behaviors into daily work.
EXPLAIN ETHICS IN THE BUSINESS CONTEXTGoal: To ensure associates understand what “integrity” entails in Wal-Mart’s business transactions and work environment.Solution: The “Statement of Ethics” code explains to employees the company’s relationships with
the individual.1. “Integrity” in Business
■ Impartial Competition ■ Fraud Prohibition ■ Integrity Financing ■ Anti-Insider Trading ■ No Trade Restriction
TRANSFORM MANAGERS INTO ETHICS STEWARDSGoal: To equip managers with knowledge and skills to recognize misconduct and promote ethical behaviors among direct reports.Solution:
1. Learning Agenda ■ Internal Challenges to Integrity Management ■ External Challenges to Integrity Management ■ Skills of Integrity Management
– Understanding Laws, Regulations, and Corporate Policies – Violation Risk Analysis – Integrity Leadership
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�76
A LOCAL TRAINING FORCE
Train the Trainer Program for Anticorruption and Antibribery PolicyTyco International
321
Main Features
■ Half-day training session to make local managers part-time compliance coaches
■ Led by Chief Compliance Counsel
■ Participants include managers selected from legal, human resources, and local business operations, with specifi c language expertise
Classroom Management
■ Managers are instructed in facilitating thoughtful discussion rather than lecturing to employees
Understanding the Substance of the Policy
■ Managers gain knowledge of policy
Dress-Rehearsal
■ Given di� culty of training delivery and start-up, managers practice their opening with colleagues
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�77
PENETRATING LOCAL CULTURES
Key Strategies Used in Delivering Anticorruption and Antibribery Training RegionallyTyco International
Training Linked to Local Laws and Perceptions
■ Make content less US–centric by including anticorruption laws and regulations from region
■ Share business community’s perceptions about corruption levels within the region
Training Content Standardized, but Delivery Made Flexible
■ In China, to get employees more engaged, the trainer uses an audience response system
■ In India, due to desire by employees for much discussion, training sessions for employees included extra time for Q & A
■ Training provided to audiences in local language
Discussion Focused on Actual Experiences
■ Invite managers to share stories of ethical courage and dilemmas
■ Provides deeper understanding of real life situations
■ Strengthens culture of “doing the right thing”
Elicit Discussion of Alternative Business Practices
■ Introduce policy tools, such as the anticorruption matrix and the FAQ document, to begin discussion of alternatives to longstanding, sometimes illegal, practices
4
3
2
1
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�78
MOVING BEYOND CALENDAR-BASED OUTREACH
Timing of Compliance and Ethics TrainingIllustrative
Ro
le-C
hang
e Tr
aini
ngTr
adit
iona
l Tra
inin
g
Drawbacks of Traditional Approach
■ Unaddressed Risks: Employees are not always prepared for new risks they may face.
■ Unclear Compliance and Ethics Expectations: Employees may lack awareness about what conduct is expected of them.
Advantages of Role-Change Approach
■ Increased Employee Receptivity: Employees will be more receptive to training messages if they receive them soon after a role change.
■ Greater Applicability: In-the-moment training better addresses changes in employees’ risk profi les, increasing applicability.
Employee A Changes Job
Function
Employee A Changes Job
Function
Employee B Is Promoted
Employee B Becomes a Manager
Employee C Relocates to High-
Risk Country
Employee C Moves to New
Geography
Employee A Receives Training
Employee B Receives Training
Employee C Receives Training
Quarter 2 Quarter 3 Quarter 4 Quarter 1
Annual Online
Training Deployment
Nine-month gap until next training
Six-month gap until next training
Three-month gap
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�79
1. Identifying High-Risk Employee Training Needs
Potential Risk: With a Corruption Perceptions Index (CPI) score of less than fi ve, Mexico meets Johnson Controls’ objective defi nition of a high-risk country.
HR System: Sends an alert to Compliance LMS, as well as Human Resources and Compliance contacts in Mexico.
Timeline: Alert sent within 24 hours of employee’s move.
DELIVERING ADDITIONAL TRAINING WHEN NEEDED
Illustrative Case in Point: Employee Moves from the United States to Mexico
Key Benefi ts ■ Timely Training Delivery: The system ensures employees receive relevant training in a timely manner
and therefore always stay current on training. ■ Global Reach: The global nature of the system ensures all employees can be tracked and targeted across the enterprise. ■ Ongoing Visibility: E� cient sharing of data between the HR and LMS systems provides corporate compliance
and local management updated information about employee training needs and completion rates.
2. Delivering In-Country Guidance
LMS: Sends an e-mail to employee notifying him or her of online training requirements, if employee’s responsibilities also change.
Local Compliance Contact: Sets up a one-on-one meeting with employee to discuss country and region-specifi c risks. Typical discussion topics cover:
– Navigating local regulations
– Working with local government o� cials
– Avoiding corruption exposure
Timeline: Local compliance contact typically meets with employee as quickly as possible, but not more than 90 days after employee’s move.
AB
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�80
LOWER-RESOURCE OPTIONS FOR TARGETING ROLE CHANGES
Administer a Role-Change Survey Deploy a Training-Needs Questionnaire
On a quarterly basis, e-mail a three-question survey to employees with a recent change in their HR fi le (e.g., promotion, change in manager), inquiring about the nature of the change. Use responses to determine whether the change indicates a need for additional compliance and ethics training.
Embed a mandatory “Training Needs Questionnaire” at the end of the annual Code of Conduct training module to identify material compliance training and knowledge gaps that may have resulted from changes in employees’ roles.
1
1 Pseudonym.
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�81
THE ROLE OF COMPLIANCE AND ETHICS IN SUPPORTING GLOBAL READINESS: KEY QUESTIONS TO ADDRESS NOW
Program “Bones”Risk Identifi cation Compliance Oversight Outreach
Do we know what our key risks, including cultural hot spots, are in these new markets? How are we mitigating those risks? And what is the upside of getting this right?
Do we have the resources and program structure in place to enable us to adapt and respond quickly?
What oversight do we need to put in place to ensure we are reducing the likelihood of misconduct?
Have we targeted the high-risk audiences with appropriate (and appropriately-timed) outreach, training, etc.?
For another day:
■ Managing Third-Party Risks in New, Emerging Markets ■ Measuring the Success of your E� orts
© 2012 The Corporate Executive Board Company. All Rights Reserved. CELC4150612SYN
�82
HAVE QUESTIONS AFTER TODAY’S SESSION?
Contact CELC (part of the Legal and Compliance Practice of CEB)
E-Mail: [email protected]: 1-866-913-8103Web: www.celc.executiveboard.com www.executiveboard.com
Compliance and Ethics Leadership Council