Perhaps akin to a summer re-run, here are six points about conducting C&E risks assessments, based on past articles from this column, that I think bear repeating.
1. Deploy assessment methodologies that are tailored to key compliance risk areas.
Risk assessment is not alone about measuring corporate culture; an effective assessment process will also examine closely “substantive” areas of law/policy, and this, in turn, necessitates having an analytic framework for each such area, as they do vary.
By way of example, here is an article on how to assess conflicts of interest risks and here is one on competition law risks. (Future articles in this column will explore assessment frameworks for corruption, insider trading and fraud, among other risk areas.)
2. Assess not only compliance risks, but also ethics ones.
The latter can be important to identifying the “risk around the corner” and otherwise maintaining an effective C&E program, as discussed here.
3. Think broadly.
By this I mean that the scope of an assessment should include risks occurring outside the “four walls” of a company. In this connection, here is a piece on the importance of assessing and managing C&E risks in joint ventures.
4. Think small.
For some organizations, a granular focus could be key for effective C&E risk assessment, as described here.
5. Design a mitigation process that ensures maximum use of risk-related information.
Assessment by itself does little good if the information developed is not rigorously put to use in designing and deploying C&E mitigation measures. Here’s a piece on how to avoid having key risk related information getting lost.
6. Recognize the risk implications of having a C&E “record.”
While a prior record might decrease the likelihood for a repeat offense (presumably because it sensitizes employees to the danger of such), it can increase the likelihood of prosecution and the impact of punishment, as discussed here.
About the Author
Jeffrey Kaplan, a partner in the Princeton, New Jersey office of Kaplan & Walker LLP, has practiced law in the compliance and ethics field since the early 1990’s.
Mr. Kaplan is also former adjunct professor of business ethics at NYU’s Stern School of Business, co-editor (with Joseph Murphy) of Compliance Programs and the Corporate Sentencing Guidelines (West Thomson), former counsel to the Ethics and Compliance Officer Association and co-author of a study by the Conference Board on the use of compliance and ethics program criteria in government enforcement decisions.