uarc jhuapl compliance presentation 2008-05 · pdf file09.05.2008 · a compliance...

2008 UARC Administrative Challenges Meeting, May 9, 2008

Compliance Programs

Gene David Johns Hopkins UniversityJohns Hopkins University Applied Physics Laboratory

OOverviewA brief history (To set a context for what follows)A brief history (To set a context for what follows)

What constitutes an effective compliance program

JHU/APL’s compliance program — an example of one organization’s approach to compliance

Foreshadowing of coming changes, new mandates

What may (?) / will (?) constitute an effective complianceWhat may (?) / will (?) constitute an effective compliance program in the near future

Highly interactive discussion on alternate approaches,Highly interactive discussion on alternate approaches, structures, and implementations by other UARCs

A Compliance Time Line: Genesis and Evolution

The Military – Industrial Compliance Abyss Growing from Post-WW II 1950s to Post-Vietnam 1970s



Office of Federal Procurement Policy Act of 1974(Resulted in the creation of the Federal Acquisition Regulations)



Start of $2.2 Trillion Defense Buildup Program 1980 to 1990


Operation Ill Wind 1986 to 1988Operation ILL Wind 1986 to 1988

GAO Report: “Fraud in Government Programs: How Extensive Is It? How Can It Be Controlled?” GAO/AFMD-81-57, May 1981





Operation Ill Wind 1986 to 1988

Procurement Integrity ActAddition of Section 203.70 to the DFAR

●

Operation ILL Wind 1986 to 1988


Packard Commission Report 1986

●●●1988-91

p

Creation of Organizational Sentencing Guideline(Amend 60,Chapter 8) 1991

What Constitutes an Effective Compliance ProgramDFARS 203.7001

A contractor’s system of management controls should provide for —

(a) A written code of business ethics and conduct and an ethics training program for all employees;

(b) Periodic reviews of company business practices, procedures, policies and internal ( ) p y p , p , pcontrols for compliance with standards of conduct and special requirements of government contracting;

(c) A mechanism, such as a hotline, by which employees may report suspected i t f i d t d i t ti t l t k h tinstances of improper conduct and instructions to employees to make such reports;

(d) Internal and/or external audits as appropriate;

(e) Disciplinary action for improper conduct;( ) p y p p ;

(f) Timely reporting to appropriate Government officials of any suspected or possible of violation of law in connection with Government contracts or any other irregularities in connection with such contracts;

(g) Full cooperation with any Government agency responsible for investigation or corrective actions.

(Or, if contract ≥$5M and performed in US, then display DoD Hotline Poster)

What Constitutes an Effective Compliance Program Part 1

(1991 Federal Sentencing Guidelines, Commentary to Chapter 8A1.2, captioned “Applicable Notes”)

(1) The organization must have established compliance standards and procedures to be

Part 1

followed by its employee and other agents that are reasonably capable of reducing the prospect of criminal conduct.

(2) Specific individual(s) within high-level personnel of the organization must have been assigned overall responsibility to oversee compliance with such standards andassigned overall responsibility to oversee compliance with such standards and procedures.

(3) The organization must have used due care not to delegate substantial discretionary authority to individuals whom the organization knew, or should have known throughauthority to individuals whom the organization knew, or should have known through the exercise of due diligence, had a propensity to engage in illegal activities.

(4) The organization must have taken steps to communicate effectively its standards and procedures to all employees and other agents, e.g., by requiring participation in training programs or disseminating publications that explain in a practical manner what is required.

What Constitutes an Effective Compliance Program Part 2

(1991 Federal Sentencing Guidelines, Commentary to Chapter 8A1.2, captioned “Applicable Notes”)

(5) The organization must have taken reasonable steps to achieve compliance with its

Part 2

standards e.g., by utilizing monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents and by having in place and publicizing a reporting system whereby employee and other agents could report criminal conduct by others in the organization without fear of retaliation.

(6) The standards must have been consistently enforced through appropriate disciplinary mechanisms, including as appropriate, discipline of individuals responsible for failure to detect an offense. Adequate discipline of individuals responsible for an offense is a necessary component of enforcement; however theresponsible for an offense is a necessary component of enforcement; however the form of discipline that will be appropriate will be case specific.

(7) After an offense has been detected, the organization must have taken all reasonable steps to respond appropriately to the offense and to prevent further similar offenses –steps to respond appropriately to the offense and to prevent further similar offensesincluding any necessary modifications to the program to prevent and detect violations of law.

What Constitutes an Effective Compliance Program (1991 Federal Sentencing Guidelines, Commentary to Chapter 8A1.2, captioned “Applicable Notes”)

(1) Must (have) established compliance standards and procedures.

My Condensed Version

(2) High-level personnel of the organization must have been assigned overall responsibility to oversee compliance.

(3) (Do) not delegate substantial discretionary authority to individuals whom engage in ill l i i iillegal activities.

(4) Communicate (the) standards and procedures to all employees by requiring participation in training programs or disseminating publications.

(5) Must (take) reasonable steps to achieve compliance with its standards by utilizing monitoring and auditing systems by having and publicizing a reporting system (to) report criminal conduct without fear of retaliation.

(6) Must have consistently enforced through appropriate disciplinary mechanisms, including, discipline of individuals responsible for failure to detect an offense. the form of discipline will be case specific.

(7) Must (take) all reasonable steps to respond appropriately to the offense and to(7) Must (take) all reasonable steps to respond appropriately to the offense and to prevent further similar offenses.

A ComparisonA Comparison DFAR 203.7001 vs. 1991 Sentencing Guidelines

(a’) A written code of business ethics (1) and conduct and an ethics training program for all employees (4)

(l) Must (have) established compliance standards (a) and procedures (no DFAR requirement)

(b) Periodic reviews of company business practices, procedures, policies and internal controls for compliance with standards of conduct and special requirements of Government contracting (no Guidelines requirement)

(c) A mechanism, such as a hotline, by which employees may t t d i t f i d t d

(2) High-level personnel of the organization must have been assigned overall responsibility to oversee compliance (no DFAR requirement)

(3) (Do) not delegate substantial discretionary authority to individuals whom engage in illegal activities (no DFAR requirement)report suspected instances of improper conduct and

instructions to employees to make such reports (5)

(d) Internal and/or external audits as appropriate (5)

whom engage in illegal activities (no DFAR requirement)

(4) Communicate (the) standards and procedures to all employees by requiring participation in training programs or disseminating publications (a)

(e) Disciplinary action for improper conduct (6)

(f) Ti l ti t i t G t ffi i l f

(5) Must (take) reasonable steps to achieve compliance with its standards by utilizing monitoring and auditing systems (d) by having and publicizing a reporting system (to) report criminal conduct (c)without fear of retaliation (no DFAR requirement)

(f) Timely reporting to appropriate Government officials of any suspected or possible of violation of law in connection with Government contracts or any other irregularities in connection with such contracts (no Guidelines requirement)

(6) Must have consistently enforced through appropriate disciplinary mechanisms (e), including, discipline of individuals responsible for failure to detect an offense the form of discipline will be case specific (no DFAR requirement)

(g) Full cooperation with any Government agency responsible for investigation or corrective actions (no Guidelines requirement)

(7) Must (take) all reasonable steps to respond appropriately to the offense and to prevent further similar offenses (no DFAR requirement)

What Differentiates Effective Compliance pPrograms

DFAR 203.7000 and .7001:“Size of organization” “Extend of involvement in Government contracting”Force of specification:

Policy stated in body of DFAR (strong form)How specified “ . . . should . . .” (weak form)No supporting clauses in Subchapter H (weak form)

1991 F d l S t i G id li1991 Federal Sentencing Guidelines:“Size of organization” “Likelihood that certain offenses may occur because of the nature of the business” “Prior history of the organization”Force of specification:

P li t t t d i b d f d t b t l t d t tPolicy not stated in body of document but relegated to a note contained in a supporting commentary section (weak form)How specified “ . . . must . . .” (strong form)

APL’s Approach to an Effective Compliance Programg“An Example – not The Model”

Written standard of ethics and conduct [203 7001(a)]Written standard of ethics and conduct [203.7001(a)]

Ethics training program /Instruction for reporting violations [203.7001(a)&(c)]

Periodic reviews of business practices / procedures / policies [203 7001(b)]Periodic reviews of business practices / procedures / policies [203.7001(b)]

Process to report/investigate violations [203.7001(c)]

I t l/ t l ditInternal/external audit program [203.7001(d)]

Disciplinary action process [203.7001(e)]

Timely reporting of violations of law / contract Irregularities [203.7001(f)]

Full cooperation with Government investigation and direction [203.7001(g)]

JHU/APL’s Written Standards of Ethics and Compliance

First distributed to APL Staff as a stand-alone document in August 1988 as part APL’s compliance program rollout

Is intended to be a living document, stable in principles, but adaptive to regulatory changes or how business is conductedadaptive to regulatory changes, or how business is conducted

Intentionally brief (< 20 pg.) and written in simple, understandable terms with references to specific APL policy, practice, or p p y, p ,procedure documents

Available as a stand-alone printed document, online as a searchable document or as separate section of the APL Staffsearchable document, or as separate section of the APL Staff Handbook

JHU/APL’s Compliance Training

An integral part of APL’s New Staff Orientation Programg p gOne-quarter of full-day program dedicated to compliance related topics

On-Line compliance training - 11 Modules*

Standards of Ethics and ConductTimekeepingEEO for Supervisors (All APL Supervisors and Managers)

EEO for Employees (Quiz optional for Supervisors/Managers)

Annual Security Briefing (E ll l d t ff)Annual Security Briefing (Every year, all cleared staff)

Export Control (All staff & leased workers [some exceptions])

Public Release of Unclassified Info (All staff & leased workers [some exceptions])

Information Technology SecurityQuality Management Audit Prep (All Space Dept Staff, plus selected Business/Tech Service Personnel)

Intellectual Property (Those staff working with such entities)

Nondisclosure Agreement (Those staff working with such agreement)

Oth ifi t i i ( ll t ff i di id l ) t dOther specific training (all-staff, group, or individuals), as requested or “needed”

*All staff and leased workers repeat classes every 2 years unless otherwise noted

Periodic Reviews of Business Practices, Procedures, and Policies

APL maintains a document entitled “APL Practices and Procedures Manual” (Commonly referred to as “the P&P”)Manual (Commonly referred to as the P&P )The P&P compiles all APL administrative processes, together with their related policies, procedure, and practices, in a single-source reference (Available to all staff members on-line)reference (Available to all staff members on line)It is both comprehensive, covering the principal 95 functions that make up the Laboratory’s administrative process, as well as detailed, running into several hundreds of pages.g p gEach major section has a single individual assigned for oversight responsibilityEach section is reviewed annually and updated as neededEach section is reviewed annually, and updated as neededAll updates are reviewed before release by the cognizant Department Head, the Audit Liaison Office, the Office of Counsel, and the Director’s OfficeDirector s Office

Program for Reporting and Investigating Violations g g g gof APL’s Standards of Ethics and Conduct

Compliance Officers are appointed by the Laboratory Director and report to the Assistant Director, Operations Five separate Compliance Officers

Officers are distributed among several Laboratory departmentsEach received external training in how to conduct compliance investigationsEach maintains a private hot-line phone (including one toll-free 24/7 hot-line) Officers may not conduct investigations within their own department or investigations involving staff with whom they workinvestigations involving staff with whom they work Assignment as a Compliance Officer is a collateral duty with their other Laboratory assignments

Responsibilities include:Conducting investigations Responding to hot-line calls or queries about standards/policies Maintaining

Standards of Ethics and ConductStandards of Ethics and Conduct, Compliance web site, Logs & case files

Coordinating and conducting training

Characteristics Desirable In a Compliance OfficerIs perceived to be an honest and trustworthy personKnows how to handle sensitive informationPossesses strong inter-personal skills; able to put people at ease and make them comfortable discussing delicate informationHas sufficient flexibility in scheduling personal workload such that he/she can accommodate immediate demands on timeIs willing to invest substantial amounts of time and bring cases to closureExhibits good judgment with a clear understanding of Laboratory organizational valuesWilling to address issues that may be individually or organizationally

f t bl t diuncomfortable to discussBackground and experience dissimilar to any of the current compliance offices in order to bring diversity and broader perspective to the table

After selection, Officer will receive formal investigative training and apprentice for at least a year

Monitor and Audit Business Processes

Oversight vested in APL’s Audit Liaison Office Annually interviews Laboratory Management, Office of Counsel, Compliance, Office of Advising and Counseling, Ombudman’s Office and other Laboratory stake-holders to identify potential audit areas Final audit plan takes into account additional factors including:

Last time auditedResults of last auditMaterialityRisk if audited system/process failsChanges to the system/process since lasted auditedg y p

Results of audit shared with Laboratory management, government auditors, as well as primary stake-holdersCorrective action plan developed and enacted to correct any defectsCorrective action plan developed and enacted to correct any defects

Monitor and Audit Business ProcessesFUNCTIONAL AREAS

► ► ► MATERIALITY RISK ENVIRONMENT GOVERNMENT ASSESSMENT

CHANGES IMPACTING RISK ENVIRONMENT

FY08 AUDIT

PRIORITY

MAJOR SYSTEMS: Regulatory or legal risk assessment

Regulatory and APL changes including new Internal (APL/OHIA) Results External Results

▼ ▼ ▼ including organizational risk management initiatives Last audited Last audited

INTERNAL AUDIT

HISTORY

EXTERNAL AUDIT

HISTORY

Accounting System

FUNCTIONAL AREAS MATERIALITY RISK ENVIRONMENT GOVERNMENT ASSESSMENT

CHANGES IMPACTING RISK ENVIRONMENT

FY08 AUDIT

PRIORITY

MAJOR SYSTEMS: Regulatory or legal risk assessment Regulatory and APL Internal (APL/OHIA) Results External Resultsincluding organizational risk changes including new Last audited Last audited

management initiatives

Accounting System

5 796

05 9 5

8 09

7796 3 9 05 65 9 6

9 04 9 3 5 09654 5

04 4 5

7796 8 09 4 5

964 09 69℡

6 0 69 9 0 0 0

65 796

0

05 5 0 3 4 5

9 0 0 065 796 05

8 0 05

796 6 7 9 69405

6 5 05 4 0

05

99 5

0

8

05

M

Billing System

5 79 7 9

05 60 05 46 5 6

8 09

7796 3 365 0 644 5

9 9 05

6 5 05 4 3 6 09 033

7796 5 9 05

6 0 790 5 7

65 9 05

6473 03305

4 0

05 0 56 05 05

8

H

Budget & Planning System

5 796 05

05 09 7 5 5 0

9 765 0 3 69 79 7 9 065

8 09 7796 3

69 69 4 9 0 0

79676 3 05 69 5 0

7796 5 9 47 0 65

6 65 054 5

5 9 4 5 4 5

7 9 694 0 05

8

9 644 5065

7 9 694

4 0 05

8

L

Compensation System (& Benefits)

5

4050 9 5 0 05

46 5 6 0 05 3

5

8 09

7796 3 69 6 46

0 50 5 6 3 4 5 033 6

6 954 5

7796 7630 0

5 796 9 0 05

9 9 05 3 474 4 90

73 5 69

6473

05 95 3 0

8

7 9 694 647 5 065

4 0 05 5

9 769 56

8

H

Estimating System

5

79676 3 9 40

6 305 6 0 9

6 9

8 09

7796 3 69 69 4

9 0 0 79676 3 05

69 5 0

7796 5 69 5

0 7630 9

9 8 09 6 9 0

3

7 9 694

5 04 05 4 9 0

05 5 5 5 9

79676 3

69 6

0

6 4 5

065

7 9 694 04 05

4 9 0 05

5 0 07

8

M

INTERNAL AUDIT

HISTORY

EXTERNAL AUDIT

HISTORY

Accounting SystemBilling System

Budget & Planning System

Compensation System (& Benefits)

Estimating SystemIndirect & ODC System

(CAS 402 & 418)6 9 69 5 0 3 79676 3 065 5 0 07

Indirect & ODC System (CAS 402 & 418)

5 46 5 6 05 09 6

6 33

8 09 7796 3 694 33

0 90 2 9 7 5 05 65

9 5 6 7630 0 5

7 05 7796

964 65 9 3 964

0

5 9 4 5 4 5

6 65 6 65 963

7 9 694 9 0 6

65 0 5 6 6

9 05 05

6 9 05

8

0 9 644 5

7 9 694 5

0 0 05 09 5

09 6 05

8

M

Information Technology (IT) System

7769 33 05 4

90 5

3 644 50 065 5 6 3

6

8 5 9 3 65 963 5

047 65

8 6 6 9 33 05 5 0 3

7730 065

7796 9 0 0 50 0 5

5 6

79 7 9 69 0 9

9 6 9 5

7 694 5 0 6

9 3

05 95 3 65 963 05

5

9 3 8

50

0 90 2

9

6473

0

5 9 3 5 95 3

65 963

8

M

Labor System

5

04 9 796 6 3

7 9633

8 09

7796 3 65 9 692 0 7904 903

6 9 5 04 305 6

0 9 04769 5

7796 05 95 3

3669 2 9 8 09

6 4 05 05 69

4

7 9 694

3 69 4 0

5 6 3669 2

05

36692

8 0

9 644 5

3 69

4 0 05 796

3669 2 6479 5 0

3 69 9

99 5

0

8

0 05

M

Material Management System

05 30

9 4

8 09

7796 3

69 30

9 4

6 5 6 05 64730 5

0473 4 5

5 6 29664 5 69

0 05 5 69

7 9 694

0 6

30 9 4

8

0

9 644 5065

7 9 694

4 90 3

7 9 0 5 5

65 47 065 0

6

05 05

M

Property System

5 9 765 0 3 69

4 05 0505 6

7796 04 3

7967 9

8 09 7796 3

0 690 3 0 0

7967 9

3 0 0 065

0 7 9 694 6

7967 9 4 05 4

0 69

5 30

9 5 050 0 0

05 95 3 8 30 0

4 65 5

64730 5

8 0

9 644 5065

7 9 694

6 954 5 967 9

65 963

4

8

M

Purchasing System

5 796

9 5 065

55 33 6 3 6440 4 5 9

8 09

7796 3 5 0 1 6

9 0 7796 3 6 33

65 9 0

7796 5

30 9 5

050 0 0 6 9

30 5 05

7 9 694

6336 7 0 05

05 95 3 8 30 0

7 9 694 05

8 0

9 644 5065

0

05 05

7796

M

Cost Accounting Standards

346 33 6 6 9

65 9 6 9 1 6 33

64730 5

6 0

33 6 6 5 05

5 9

65 64730 5 0 1 6

99 5 3

0 64730 5

9 05

796 6 9 63 05

7 9 694

0 7 9

9 65

05 0 0 3 5 9

8

6 9

99 5 3

9 0

M

Fixed Asset System (CAS 404 & 409)

5 6 3

0 5 662 3 6

4769 5 4 05 05

65 0 5 05 9

70 3 6 09 0 790

70 30 065

6 5 0 3

64730 5

7 9 694 0 6

90 796 9

69 5 3 7 67 05

8

05 05

7 9 694

5 0 05

65 473

64730 5

H

Patents (CAS 410)

9

336 3 05

9 63

96 5 05 979 065 6

3 5 5 699 9 05 6

30

05 7 5 6

4 9 09

6 0

65 05 6

4650 6905 6 0 065

6705065

99 5 6

7 9 694

0 55 33 6

0 6 5

65 6473

0 5 065

6

H

( )Information Technology

(IT) SystemLabor System

Material Management System

Property SystemPurchasing System

Cost Accounting 699 9 05 6

7 5 6 0

09

4

0 065

05 63 05

6

9 05

5

6 5 3

6

Technology Transfer (CAS 410)

4050 9

30 5 05 5 67 065

9 4 5 69 96 3 0 0

7 5 0 9

0 0 5 3

7 5 9 0 5 7630 0

9 8 0905 5 4 69

9 205 30 5 05

30

6 3 7 302

50 3 7 9 4 5 5

09 6

9 5 9

6 0 694 05

5 9 3

7 5

6 0

65 05 6

4650 6905 6 0 065

05 63 05

6705065

99 5 6

9 05

7 9 694

0 55 33 6

0 6 5636

9 5 9

65 6473

0 5 065

6

H

CASB Disclosure Statement

8 09 4 5 6 6 6 5 05

5 9 2 7 99 5

0 7 40 6

6 5 9 0 6473 05 0

0 0 36 6 5 05

79 0 65 64730 5 5

0 065 7796

0 065 40 65

99 5 3

0 05 9 0 065

99 5

0 8

05

M

Construction Management

5 9 7 65 0 3 69

4 5 05

65 9 065 6 6

9 0 6440

6 99 5 3

64730 5 0

50 9 0 05

5 9 4 5 4 5

6 65

65 963305 65 9 065

6

7 9 694 70 3

7961

0 05

6 05 05

7 9 694 65 9 065

0 05

8

M

Contracts Management

5

9 765 0 3 69

4050 9 0 796

030 05

65 9

565 64730 5 5 76 05 5 0 3

90 2 6 6 336 030

9 7 05

9 8 0905

90 9 5 6

3040 065

05 95 3

8 30 0 4

65 5

64730 5

8

9 644 5

065 M

Cost Management System (RMIS)

5 9 0

7 5

4 5 7 5 05 73 5 6

0 2 047 6

796 9 4 5 5

6 765 69 9 3 065 964

05 9 9 769 05 6

5 9 05

46 05 6

05 9 4 5 4 5 M

Disbursement System (A/P)

5 796 05

0 9 4 5

04769 5 64765 5 6

6 5 05 4

7 9 694 9 0 6

9 5 05

8

M

Export Control (Public Release & Visitor Control)

5 9

64730 5 0 769

9 8 09 4 5

0 50 0 5 05

5 05 63 69 063 065 6 769

65 963

1 6

9 0 7 9 4 5

3

9 8 0 6

7 30 9 3 796

33 6336

769

65 963 0 0 05 796

7 9 6 73 5

M

Integrated Investment Planning (IIP)

6

765 69 5 4 5

5 9 4 5

05 73 0 6 954 5 69

7 5 05 05

3040 6 9 4 5 033 9 3 05

0 50 0 5

05 9 05 5 05

3674 5

7 5 05 65 065

0 05

03 9 6 5

05

3674 5 5

8 065

5 05

H

Procurement (VISA) Card System

5 6 3 46 5 6 9 0

9 7 9

5 9 9 30 5 5 6 9

4769 5 9 9 653

5 9 9 0 9

796 9 4 5

7 9 694 6336 7 05

6 9 0 05

8

05 05 M

StandardsFixed Asset System (CAS

404 & 409)Patents (CAS 410)

Technology Transfer (CAS 410)

CASB Disclosure Statement

Construction

Export Control (Public Release & Visitor Control)

Integrated Investment Planning (IIP)

Procurement (VISA) Card System

05 63 05 9 5 065

69 09 05 5 7 976 5 56

Security Services

4050 9 90 6

3 0 0 5

5 3 0 0 765 0 3 69

5 905

4 9 8 09 7796 3

6 954 5

64730 5 0 90 0 3 69 6

65 05 6 6 6

7796 7 9 694 55 3

64730 5

0

0 5 6 3 46

9 5

05 9 5 0 0 0 6

90 0

7 9 694

0 6 4

55 33 65

7796

M

Subcontracts

5 796

65 9 5 6 9

36 6 05 63 05

6 65 9

0 065

5 9 7 9 05 4 3 6

65 9 6 04 05 5

4 169 0 0

5 9

63 4 6 65 9 05

0 0

7 9 694

0 6 6 6 66

9 0 65 9 05

05 05

5 905

6473 065 6 65 9

4 5 4 5 67 9 065

0

05 9

M

Travel System

5 796 6 9

7 5 9 769 5

7 5 9 04 9 4 5

1 6 7796 3 6 9

03 0 65 55 3

0

7796 9 9 065

4 7 05 73 05

5 3 4736 6

7 9 694 6336 7

9 0 05 6

0

8 0

05 05

7 9 694

9 3 4 0 05

8

M

E.E.O.C.

6 5 9 64730 5 0

9 3 5

3 5 9 3 065

65 64730 5

1 6 7 6

69 9 0 L

Environmental, Health & Safety

765 0 3 69

5 905 64730 0

906 6 954 5

9 3 065 0

6 6473 0

9 8 09 4 5 0 2 6

565 64730 5 9 3 05 05

3 6 565 64730 5

4 8

9 0

6

05 9 5 90 2 05 9 6

5 09654 5 3 3 5

0 0

7 9 694 0 05

8

L

major system/high dollar

drastic consequences if system fails

inadequate significant changes

> 4 years ago inadequate

2 years ago (FY05)

inadequate

minor system moderate consequences if system fails inadequate in part

potential significant

changes2 -4 years ago inadequat

e in part1 year ago

(FY06)inadequate in part

other/low dollar minor consequences if system fails adequate

stable environment/no

changes< 2 years ago adequate current year

(FY07) adequate

Construction Management

Contracts ManagementCost Management System

(RMIS)Disbursement System

(A/P)

ySecurity Services

SubcontractsTravel System

E.E.O.C.Environmental, Health &

Safety

major system/high dollar

drastic consequences if system fails inadequate significant changes > 4 years ago inadequate 2 years ago

(FY05) inadequate

minor system moderate consequences if system fails inadequate in part potential significant

changes 2 -4 years ago inadequate in part

1 year ago (FY06)

inadequate in part

other/low dollar minor consequences if system fails adequate stable environment/

no changes < 2 years ago adequate current year (FY07) adequate

Disciplinary Action Process

Oversight vested in APL’s Office of Advising and CounselingResponsible for all discipline actions throughout the Laboratory based on APL’s Progressive Policy:

Performance/Behavior issues raised by supervisorsViolations of APL’s Standards of Ethics and Conduct

Serious infractions that can result in immediate termination M i i h i d b f i ff i d dMaintains a comprehensive database of prior staff misconduct and resulting discipline actions to assure all staff are treated equally and fairly Also serves as a resource to supervisors to assist in addressingAlso serves as a resource to supervisors to assist in addressing performance and behavior issues before they rise to the need for formal discipline





Operation Ill Wind 1986 to 1988

Procurement Integrity Act, et al 1988


Packard Commission Report 1986p

Creation of Organizational Sentencing Guideline(Amend 60,Chapter 8) 1991

Revised Federal Organizational Sentencing Guideline(Amend 673) 2004

Federal Acquisition Regulations (Case 2006-007) Effective. 2007

Federal Acquisition Regulations (Case 2007-006) Under Review

Foreshadowing of Coming Changes and New g g gMandates - Federal Sentencing Guidelines

Federal Sentencing GuidelinesAmendment 673 effective Nov. 2004Stronger and more detailed characterization of whatStronger and more detailed characterization of what constitutes an effective compliance program

Comparison of 1991 to 2004 Federal Sentencing Guidelines

1991 Federal Sentencing GuidelinesCommentary to §8A1 2 Note 3(k)

1994 Federal Sentencing Guidelines§8B 2 including CommentaryCommentary to §8A1.2, Note 3(k) §8B.2 including Commentary

Due Diligence Minima Due Diligence Minima

Must have established compliance standards and procedures. Shall have established compliance standards and procedures.

High-level personnel assigned oversight responsibility

(A) Governing authority shall be knowledgeable on operation of compliance & ethics programsHigh-level personnel assigned oversight responsibility (B) High-level personnel shall be assigned oversight responsibility(C) Specific individuals shall be delegated operational responsibility

No delegation of discretionary authority to individuals with a propensity for Illegal activities

Do not include individuals with substantive authority who have engaged in illegal activity or other conduct inconsistent with a compliance & ethics program

Communicate the standards and procedures to all employees through(A) Communicate periodically standards & procedures as well as other aspects of the programCommunicate the standards and procedures to all employees through

training programs or publications. aspects of the program (B) Training should extend to all employees including the governing body

Achieve compliance by utilizing monitoring and auditing systems. Have and publicize a system to report criminal conduct without fear of retaliation.

(A) Include monitoring and auditing to detect criminal conduct(B) Periodically evaluate effectiveness of the compliance program(C) have mechanisms anonymous reporting without fear of retaliation

Enforced through appropriate disciplinary mechanisms, including, Promote and enforce through discipline of individuals responsible for failure to detect an offense. the form of discipline will be case specific.

(A) Appropriate incentives (B) Disciplinary Measures

Take steps to respond appropriately to any offense and to prevent further similar offenses. Modify program to improve detection/prevention

Take steps to respond appropriately to any offense and to prevent further similar offenses. Modify program to improve detection/prevention

Factors Factors

Size of organizationLikelihood that certain offenses may occur because of nature of the business

Too many factors to summarize here Full text provided in appendix

Prior history of the organization

Foreshadowing of Coming Changes and g g gNew Mandates - FAR Case 2006 – 007 (Effective: Dec. 24, 2007)

New FAR Policy 3 1002 mirrors DFAR 203 7000 Policy [almost1]New FAR Policy 3.1002 mirrors DFAR 203.7000 Policy [almost ]

New mandatory contract clauses under new 3.1004 [with some limited exceptions]

52.203-13 Contractor Code of Business Ethics and Conduct [no DFAR clause]

Shall establish distributed and promote a written code of business ethics andShall establish, distributed, and promote a written code of business ethics and conduct Shall establish an on-going business ethics and conduct awareness programShall establish an internal control system to facilitate the timely discovery andShall establish an internal control system to facilitate the timely discovery and correction of improper conduct - with “shoulds” for DFAR counterparts of:

(2) Business/compliance process review, (3) Violation reporting mechanism, (4) Audits(5) Appropriate disciplinary actions for improper actions

52.203-14 Display of Hotline poster(s) [approximates DFAR clause 252.203-7002]

Shall prominently display hotline posters… [with some exceptions]

1 Item “(2) Promote such Standards,” was not used in the body of text, although it was included in Part 52 contract clause)

Foreshadowing of Coming Changes and g g gNew Mandates - FAR Case 2007–006Background

Submitted by DoJ, May 2007Commentary period closed Jan. 14, 2008Currently under review

Proposed changesTo include compliance program as part of contractor’s obligation to have a satisfactory record of integrity and business ethicsAllow relief to small businesses with contracts ≥$5M from 52.203-13 requirement for ethics awareness program and internal control systemTo make Far 52.203-13 (created by case 2006-007) more closely match U.S. sentencing Commission Guidelines Manual, Section 8B2.1sentencing Commission Guidelines Manual, Section 8B2.1To debar/suspend contractor for failing to disclose a known violation of Federal criminal law in connection with a government contract in a timely mannerTo provide for flowdown of Far 52.203-13 to subcontracts ≥$5M pTo require that internal control systems provide full cooperation with government agencies responsible for audit, investigations, and corrective actions

AppendixAppendix

Click Icon to open 1991 2004 Federal Sentencing Guidelines on WhatClick Icon to open 1991-2004 Federal Sentencing Guidelines on What constitutes an effective compliance program (condensed version)

Microsoft Word Document

uarc jhuapl compliance presentation 2008-05 · pdf file09.05.2008 · a compliance...

Documents