|
An ethical culture is the result of a continuous dynamic process that engages every employee as a corporate citizen, aligned with the company’s values and driven to do his or her part to see the company succeed. Companies with a strong ethical culture witness lower rates of observed misconduct and higher rates of overall satisfaction within the organization as a whole.
Based on over 25 years of experience in the ethics and compliance industry, The Network has developed this checklist to help organizations evaluate their ethics programs, identify strengths and weaknesses and areas where improvements could be implemented.
| Communication Regarding Ethics and the Hotline: | YES | NO | | Is ethics a focus in your organization’s new hire training? | | | | Do your employees certify they have received and understand: | | | | | | | - Ethics training materials
| | | | Do your communications define the roles and expected behaviors for employees? Are employees’ responsibilities – and company expectations -- specifically outlined? | | | | Do all of your employees receive training on: | | | | | | | | | | | | | | | | | | | - Accounting irregularities
| | | - Protection from retaliation
| | | - Internal theft (including theft of time)
| | | | | | | | Do supervisors receive specialized training regarding ethics and the hotline? | | | | Does your organization provide hotline awareness materials to: | | | | | | | | | | | | | | | | | | | | Has your organization designed a hotline communications campaign that reaches all employees on an ongoing basis (e.g., at least once a quarter)? | | | | What tools do you use to promote the hotline? | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Other print materials (e.g., posters, signs)
| | | | Does the content of your communications clearly explain the purpose of the hotline and the process of reporting concerns? | | | | Does the look and feel of your communications change up on a regular basis to keep the topic new and interesting? | | | | Are your communication materials translated into all of the languages that your employees speak (including those in international locations?) | | | | Is the content of your communications reviewed for cultural nuances as they relate to your international employees? | | |
| Anonymous Reporting Process: | YES | NO | | Has your organization established an anonymous reporting mechanism? | | | | Does your organization ensure confidentiality for those who wish to remain anonymous? | | | | Do interviewers ask probing questions to ensure a high level of detail and coverage of all pertinent information? | | | | Do interview questions change according to the type of unethical behavior being reported? | | | | Is there a well-defined process for immediate notification of time-sensitive issues, such as impending illegal activity? | | | | Is your hotline available 24/7/365? | | | | Does the hotline enable reporting in the native languages of all employees? | | | | Is there a process for maintaining ongoing communication with anonymous parties? | | | | Are multiple intake channels available for making a report including Web, phone, fax and mail options? | | | | Can your Web reporting form be customized to meet your exact specifications? Does it offer the ability to upload a database of locations to meet the needs of the organization? | | |
| Data Security: | YES | NO | | Are there processes in place to protect confidentiality of ethics case information, including secure storage of backup data? | | | | Is the data center that houses your organization’s data physically secure and protected from non-IT personnel? | | | | Does the system have firewalls and intrusion detection to protect against hackers? | | | | Does anyone other than IT department employees whose job function involves managing data files have access to information? | | | | Is report information encrypted to ensure the security of e-mail transmissions? | | | | Are temporary and contract employees prevented from accessing information? | | | | Is there a data retention policy that is well defined and followed? | | | | Is there a full disaster avoidance process in place? | | | | Is the organization SAS 70 Type II compliant? | | | | Is the organization Safe Harbor certified? | | |
| Investigations: | YES | NO | | Are investigation procedures: | | | | | | | | | | | | | | | - Reviewed by legal counsel to ensure they are appropriate?
| | | - Designed to protect confidentiality and prevent retaliation?
| | | | Has your organization developed relationships with an external party such as forensic accountants or independent certified fraud examiners? | | | | Do investigation procedures address the need to protect whistleblowers? | | |
| Handling Ethics Issues and Complaints: | YES | NO | | Is there a centralized database of all ethics issues or complaints, including “open door” reports? | | | | Does the case management system contain the following elements of an incident: | | | | | | | | | | | | | | | | | | | - Details regarding actions taken to investigate?
| | | - Caller identity (or anonymous)?
| | | - Classification of the type of allegation?
| | | - Investigation assignment?
| | | | | | | - Status (i.e., open, ongoing, closed)?
| | | | | | | | | | | | Does the case management system provide audit trails that describe the history of changes made to a case? | | | | Are users of the case management system trained regarding the type of information that should be included in case documentation? | | | | Does the system enable multiple users to document actions taken to investigate and resolve each case? | | | | Is data in the case management system protected in the same way that data is protected through the hotline? | | | | Does the system offer tiers of users with differing access rights so users can only view and change records that fall within the scope of their responsibilities | | |
| Analyzing Compliance Information: | YES | NO | | Does the system offer multiple standard reports that provide instant access to critical program data? | | | | Can users easily create custom reports allowing access to information that is unique to your organization? | | | | Does the system allow for identifying trends over time, across incident types, or geographic locations, organizational hierarchy, etc? | | | | Can program data be compared with benchmarking information for other organizations of the same size or within the same industry? | | |
| Creating an Ethical Culture: | YES | NO | | Has your organization conducted an employee survey to gain an understanding of the ethical environment? | | | | Does your organization discuss ethics and the code of conduct frequently (e.g., at least on a quarterly basis)? | | | | Do your employees receive ethics messages: | | | - In written communications from top officers?
| | | - On your corporate intranet?
| | | - In meetings with supervisors?
| | | - In meetings with top management?
| | | | Does your organization conduct ethics training: | | | | | | | - For all supervisory employees?
| | | - For top executives, including your board of directors?
| | | | Has an ethics statement been issued to all suppliers and subcontractors? | | | | Is corporate governance and integrity discussed on your corporate Web site? | | | | Do your ethics communications for employees include messages from top officers: | | | | | | | - In a live or pre-recorded address to all employees?
| | |
How did your organization score? If you said “no” to any number of the checklist questions, it’s time to re-evaluate your ethics program and take steps to improve it. Call The Network today for a custom ethics program evaluation. We can help you develop an ethics program that minimizes your risks, maximizes your compliance and enhances your ethical culture.
|