Monday, December 28, 2015

"Being an ethical organization is not sufficient.

... Instead of saying 'mistakes happened or a decision was made in a diffuse manner,' [the Department of Justice, in its new initiative to pursue 'culpable individuals' as a part of corporate fraud cases] is moving toward 'who made the decision, who wasn't committed to compliance, who knew about it and looked the other way or shut something down, or who could have known but chose not to get involved?'"

— Attorney Frank Sheeder, of DLA Piper in Dallas, told a recent webinar sponsored by the Health Care Compliance Association.

1 comment:

  1. John,
    Thank you for sharing this. The regulators move toward finding individual culpability is another reason to have documented Ethics and an Anti-fraud Compliance Program that outlines the steps taken to identify significant fraud, ethical and generally suspicious and policy non-compliant activity. I am afraid the days of saying you have one that is in the mind of the VP Internal Audit or Legal are gone.

    Most companies have an ethics program and generally a way to report suspicious ethical behavior, but there are many who do not take the extra step to formalize how they detect and prevent fraud and not just the SOX fraud preventative and detective controls. In many of the frauds I have investigated, the controls were circumvented or the owners were not using them.

    It is important to document the steps, assign a strategic owner (senior management) and a tactical owner (Audit, Security or Ethics/Compliance) responsible for the program day to day and a field person (Manager to Director level) to perform the day to day work. The field person is responsible for reviewing and recommending control remediation. The programs also need to be reviewed annually to account for new threats and regulations.

    There is more to this topic and it is important to start reviewing now.
    George

    ReplyDelete