Newsletter | Volume 1

Tone at the top is an overused phrase, but to enforce GRC issues management at all levels need to speak up forcefully. (Tone at the middle). No company can afford or tolerate any compliance violations, both financially and in terms of our reputation. The CFO's responsibility in implementing accountability, transparency to avoid non compliance

Simulating a Crisis thru Scenario Planning is one of the speeches at the conference next week

A Paris telecommunications giant doled out $8 million in bribes to "consultants" (including a well-connected perfume distributor in Honduras) to gain access to key government officials awarding lucrative contracts in four countries. When its actions came to light, subsequent prosecution under the Foreign Corrupt Practices Act (FCPA) led to fines estimated to exceed $130 million.

In December, the federal government cited a "lax corporate control environment" at Alcatel, which extended right up to the CEO and CFO, as a primary cause of the scandal. It was a finding that more companies should take to heart.

Nearly a decade after the passage of the Sarbanes-Oxley Act, and amid heightened FCPA enforcement, the responsibility for shaping what is often called a "culture of compliance" inside U.S. corporations falls heavily on the C-suite — and, more than ever, on the CFO.

A culture in which employees feel they can report illegal activities or abuses can prevent problems from becoming disasters. This pertains not only to financial controls under the CFO's purview but also to a broad range of operational risks, which can result in costly disasters like last year's oil-rig explosion in the Gulf of Mexico and the implosion of Enron. In both cases, employees accused top management of ignoring their concerns about dangerous internal practices.

Clear communication from the CEO is a critical first step, but it's hardly the only step needed. Changing a company's culture is extremely difficult, and often requires senior executives to untangle delicate in-house politics, agitate profitable operations overseas, and relentlessly police the entire organization's compliance program. No single e-mail or ethics training course will achieve that.

CFO interviewed more than a dozen experts and examined several notable legal cases and compliance failures to determine the five most effective things finance executives can do to prevent risky or illegal activities. 1) Acknowledge that You Are Responsible
While the actions of a salesperson on the other side of the globe may seem well outside a CFO's purview, Sarbox says otherwise. When CFOs sign off on financial statements, as they must do under the act, they are also verifying the accuracy of all corporate records.

Adding to the pressure, the federal government recently gave whistle-blowers a powerful incentive to snitch. The Dodd-Frank Act awards bonuses of up to 30% of enforcement penalties to individuals who provide "original information" about illegal activity by their employer. Understanding the implications of the new incentives and crafting a policy that encourages employees to speak up is essential.

2) Make the Corporate Counsel Your Ally
As every finance chief knows, there is a crackling tension between compliance and the company's or business unit's mandate to perform. CFOs who tackle compliance issues may feel they are entering a political minefield. In such cases, don't let it go alone.

CFOs establish a strong relationship with the general counsel, who typically has the credibility to make a strong case that a problem is serious and must be addressed. The corporate counsel wields enormous power within any corporation, any CFO who is not listening to the corporate counsel has got to be crazy.

3) Really Deliver the Message
Sending a message from on high is far more effective, when it's coupled with some face time. Making the effort to deliver this important message in person shows that you're a real person, and [your employees] can hear you say that it's important to have an ethical company.

The definition of "the top" is also changing. Regulators are demanding that boards of directors assume greater responsibility for shaping a company's culture. The U.S. Justice Department's recent bribery case against Panalpina blamed "a culture of corruption," which "trickled down" from the board and senior executives to "employees who accepted bribery as a part of Panalpina's standard business practice."

Employees even adopted a nickname - "apples" - for bribes, according to the November settlement by the global oil-industry logistics firm. Panalpina pleaded guilty to two violations of the FCPA regarding $49 million in cash bribes paid to customs and government officials in Angola, Azerbaijan, Brazil, Nigeria, Russia, and Turkmenistan.

Companies often make the mistake of putting responsibility for various compliance matters into various separate "silos." Compliance should be "woven throughout the fabric of the organization," including the board. Pollard adds that executives responsible for compliance should have "unfettered access to the board."

At DuPont, employees in 90 countries receive ethics and compliance training, often from the senior-most executive in each country. As a result, the culture is shaped "not just by someone saying this is important, but by demonstrating it. DuPont's message and values are constantly reiterated. During Chinese New Year, for example, the company highlights employees in China who refuse to accept customers' traditional offers of cash gifts.

4) Educate Front-Line Managers
While senior executives must set the tone, it is critical that front-line employees feel comfortable in the role of watchdog. When these employees raise potential issues, midlevel bosses and front-line supervisors should know how to respond. Otherwise, employees who know about illegal activities may not tell anyone, out of a fear of being retaliated against or fired. A raft of research has shown that an employee's behavior is far more influenced by his or her direct supervisor or operating-unit head, versus a C-level executive.

Many companies offer anonymous hotlines as a sort of workaround to that reality, yet only 5% of reports of misconduct come through such hotlines, says Patricia Harned, president of the Ethics Resource Center, a research nonprofit. "If supervisors aren't supportive" of compliance, she says, "it's likely employees will keep quiet when problems come up — or leave."

5) Simulate a Crisis
When a crisis occurs, consultants say that it can be extremely difficult for C-suite executives to subsume their type-A personalities and develop a consensus-driven plan that can minimize further damage. For top managers who want to learn how politics and personalities can lead to a cover-up that worsens a crisis, consultants recommend they walk through who would be in charge if a crisis occurred.

Ask the CFO a question: Could someone manipulate company records or processes to perpetrate a fraud, and if so, how?

After one such series of brainstorming sessions, 150 initial fraud risks for one public company were catalogued and opened their eyes to things they had never considered." Simulating a Crisis thru Scenario Planning is one of the speeches at the conference:
When a crisis occurs, it is too late to develop a consensus-driven plan that can minimize further damage.

Is it possible to simulate a customized crisis that provide recommendations and walk through the situation as if a crisis did occur?

A Simulating a Crisis series of brainstorming sessions, could catalogued several GRC risks for additional security and compliance. Source; CFO.com