Statistically, more reports about fraud and potential compliance & ethics deviations are made through the management chain of command than through a “hotline.” While chain-of-command reporting is, in my opinion, the better path, it could also remove a significant compliance control feature – assuring that the compliance officer is made aware of such complaints.
As a corporate monitor, I routinely look for and test awareness of a compliance policy that requires managers, department heads, etc. to timely report to the compliance officer any complaints made to them that include or relate to potential compliance and/or ethics violations. Such a policy is the first step in helping assure that the compliance officer is made aware of such complaints. Not only is this important in that the compliance officer should have a lead role in any investigation involving compliance and ethics violations, but it also helps the compliance officer remain abreast of new or developing compliance and ethics risks that he or she may need to address and/or incorporate in their annual risk assessment.
Once such a reporting policy is formalized, the next step is to frequently and clearly train and communicate with management about the policy. While this can be done in the context of traditional compliance training sessions, it may be more effectively communicated by incorporation into routine management meetings, management communications, etc. A few comments about this during every such meeting or communication can be highly effective.
It is also important that management be held accountable when they don’t report a compliance- and/or ethics-related complaint to the compliance officer. Line level supervisors may receive many such complaints that they, in their sole discretion, determine need not be reported to the compliance officer. Objectivity is a real concern and line level supervisors may not want to report such complaints for many reasons, including, but not limited to:
A policy that requires such reporting removes their discretion. If they then do not report such complaints, they have technically violated a compliance and ethics policy and should face consequences commensurate with the violation, up to and including termination of their employment.
It is much better for the organization as a whole that the compliance officer is made aware about all compliance- and ethics-related complaints. If a compliance officer is not made aware of such complaints, he or she cannot assure that they are investigated in accordance with the company’s internal investigations policy, which should be designed to assure not only that a thorough and effective investigation occurs, but that the findings are appropriately reported (internally and externally) and any failures in internal controls are appropriately remediated.
Presence of mind is peace at heart and “better the devil you know than the devil you don’t!”
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
John “The Fraud Guy” Hanson is the founder and executive director of Artifice Forensic Financial Services LLC. He has over 20 years of fraud investigations, forensic accounting, and corporate compliance/ethics and audit experience. John has applied his extensive experience in these areas across a wide array of areas and industries, frequently assisting counsel, government agencies and companies with internal corporate investigations and other sensitive matters arising from alleged fraud or misconduct. In addition to being an expert on fraud, John is a recognized thought leader and expert in the field of independent corporate monitoring, a relatively new and highly specialized practice area involving the imposition of an independent third-party by a government agency or department upon an organization to verify that organization’s compliance with the terms of a settlement agreement between the organization and the government. John has previously served in a leadership role in a federal monitorship and is currently involved in three significant federal monitorships, two as the named monitor. John’s practical experience as a corporate monitor and extensive knowledge in this area was recognized by the American Bar Association, which appointed him to the Criminal Justice Section’s Ad-Hoc Task Force on Corporate Monitors, responsible for creating “best practices” and formal standards for corporate monitors. John is the only nonlawyer member of the task force and a frequently sought speaker on the topic. He has provided practical advice, ideas and strategies to lawyers, government officials and corporate executives involved in such matters as well as newly appointed corporate monitors. John’s diverse corporate compliance & ethics, fraud investigations, audit, accounting, finance, legal, regulatory, business operations and management, internal controls, professional training, international, fraud risk & vulnerability, interviewing, and quality control experience combined with his actual experience as a corporate monitor and passionate commitment to best practices in monitorships uniquely qualifies him as a premier advisor and provider of monitorship services. Prior to Artifice, John spent nearly six years as a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm, where he focused on helping organizations prevent, detect, respond to and resolve issues associated with fraud or questions of corporate integrity. John was also a special agent with the Federal Bureau of Investigation (FBI), where for nearly ten years he specialized in white collar crime and investigated a wide variety of complex fraud schemes and financial crimes. For his last two years as an FBI Agent, John served as an instructor in the Investigative Training Unit at the FBI Academy, where he developed and facilitated fraud and investigative training curriculum for new agent trainees and conducted advanced fraud related in-service trainings for experienced FBI agents. Prior to the FBI, John was the director of internal audit and quality control for a large privately held mortgage origination and servicing company, where he designed and implemented the internal audit program from the ground up. In the course of his internal audit work, his techniques and instinct for fraud identified numerous instances involving borrowers attempting or involved in fraud schemes, which he helped resolve, at times using creative techniques not customary in the early 1990s to do so. John is a licensed Certified Public Accountant (Louisiana), a Certified Fraud Examiner and a Certified Compliance & Ethics Professional. Keep up with John on the web:Inside the Mind of a Corporate Monitor, for CCI.