Compliance programs come in many shapes and sizes depending on the organization and industry. Compliance professionals rely on the U.S. Federal Sentencing Commission’s Effective Compliance and Ethics Program guidelines, along with the U.S. Department of Justice’s Evaluation of Corporate Compliance Programs. Government contractors use the Federal Acquisition Regulation’s Contractor Code of Business Ethics and Conduct. All are great resources and have come a long way in helping compliance professionals figure out how to formulate and tailor their programs.
But what happens if you are in a smaller organization? With 500 employees in a less-regulated sector, having a robust compliance program as outlined in these guidelines might seem like overkill.
The first step should be to take an inventory of where your organization currently stands:
-
Which regulations govern your industry?
-
How many employees do you have?
-
Are there plans to grow with more employees or perhaps a bigger footprint?
-
What do you currently have in place in terms of compliance?
Once you have done your inventory—using the seven elements of a corporate compliance program from the Sentencing Commission—conduct a gap analysis to understand shortcomings and opportunities for improvement. From there, start simple and slow to build out the program.
Policies and procedures
As a first step, ensure you have set standards; these include all your policies, procedures, and related documents, such as forms, guidelines, standard operating procedures, and the like. All organizations—regardless of size—need some form of standardized rules.
You might be an organization with only three policies or one with dozens, but it is something all organizations should have standardized. You cannot hold employees accountable for compliance without first telling them what the rules are—even though they might seem self-evident.
Start by taking inventory of all your policies and chart out when they were last reviewed. Are they still relevant? Are they missing anything? Then, ensure you put them in a standardized format and have a review cycle with an owner and approver. This might be one department, like human resources, or might be divvied up between different departments. One of the first policies you should ensure you have is a policy on policies; here, you will set the expectation on how policies are written, who must review them, and the review cadence.
Getting your policies in order is an arduous task. It’s time-consuming and tedious, but it’s very much worth it in the end. Once you build out policies and procedures, you then work to standardize your forms and other documents.
Policies—especially well-thought-out ones—provide employees with a framework for the standards and serve as a tool to help them make decisions. They can also help create a cohesive, safe, and productive work environment, which will eventually serve as the foundation of your compliance program.