The LRN ethics and compliance risk management practices report

More documents

Recommendations

Info

We do not perform rform 13% 13% Don’t know 10% 10% 19% 58% 19% No 58% Yes % Respondents % Respondents Yes Managers Involved in Risk Assessments 56% 42% 60% 56% 42% The 2008 results demonstrate that a wide 20% range of functions are involved in risk 0% assessments, including ethics and compliance, legal, internal audit, HR and finance, 0% consistently leading Under the 5,000 pack of involved parties. Under 5,000 employees employees Over 10,000 employees 100% 80% 40% Over 10,000 % Respondents employees 3. What are your top ethics and compliance risks 100% 80% 60% 40% 20% % Respondents DETAILED RESULTS Electronic data protection and data privacy are the top two challenges of today’s compliance world. Frequency of Conducting Risk Assessments Conducting Risk Assessments Top Ethics and Compliance Risks Less than once a year Top Ethics and Compliance Risks Less than once a year I do not know % Respondents % Respondents 0% 20% 40% 60% 80% 100% More than 8% 5% once a year 0% 20% 40% 60% 80% 100% 8% 5% 9% Electronic Data Protection 52% Electronic Data Protection 52% 40% Annually Data Privacy 47% 40% Annually Data Privacy 47% 14% Intellectual Property 32% No formal or Intellectual Property 32% set schedule Environment Health and Intellectual Property 30% Environment Health and Intellectual Property 30% FCPA and Anti-bribery 27% 25% FCPA and Anti-bribery 27% Sexual Harassment 26% 25% Sexual Harassment 26% Export Controls 23% Periodically as Export Controls 23% cally as part of audit Conflicts of interest 21% audit Conflicts of interest 21% Supply Chain 20% % Respondents Supply Chain 20% Insider Trading 16% % Respondents Insider Trading 16% As discussed in Key Findings, electronic data protection and privacy are at the top of 2008 concerns for ethics and compliance professionals. One likely reason is that IT departments can no longer be solely responsible for the wide range of compliance regulations facing enterprises. New laws regarding data privacy in both the U.S. and Europe create need for additional compliance. Legal, HR, and ethics and compliance departments are needed to interpret and understand the laws, educate employees, and write corporate-wide policies on electronic data protection and privacy. 100% 80% 60% 40% 20% 0% espondents s 7% 21% Using information from Risk Assessment Using information from Risk Assessment 100% 80% 60% 71% 40% 20% 0% % Respondents 71% 51% Share findings Rank findings Map findings Apply findings to programs Share findings Rank findings Map findings Apply findings to programs Other metrics Don't know Other metrics Don't know 51% 43% 32% Another major challenge is conflicts of interest, ranked third highest Mapping risk area. Risks The category is broad and contains many gray areas that are often Mapping difficult Risks to educate employees about 50% beyond instructing them about rules and 50% regulations, rather providing clear corporate 40% values to aid their decision making when there is no definitive answer. Conflict of interest 40% concerns range from hiring and firing issues to contract 30% administration, to sales interactions. 30% There is a heightened government and public intolerance of situations in which employees 20% 29% have personal interests at stake when making 20% decisions on 29% behalf of their company, their 10% customers or taxpayers. Non-compliant companies face severe penalties and reputational risk. 43% 32% One additional 10% 3% observation about these results % is Respondents that, despite globalization and the 3% % Respondents increased correlation between a company’s reputation and the actions of its business Specific employees or Other groups metrics ecosystem, companies do not yet perceive their Supply Chain or extended ecosystem as Other metrics a major risk. Companies that depend heavily on extended alliances distributors should reevaluate communication and training for suppliers, agents and contractors, especially if they are located overseas and lack consistent supervision. 10% % Respondents % Respondents 0% 10% 20% 30% 40% 50% 0% 10% 20% 30% 40% 50% Inadequate resources 47% Inadequate resources 47% Obtaining accurate/ quantifiable info 35% Obtaining accurate/ quantifiable info 35% Conducting a global assessment 26% Conducting a global assessment 26% Analyzing and applying the findings 20% Analyzing and applying the findings 20% Insufficient technology 20% Insufficient technology 20% No significant challenges 12% 10% 0% 0% Top Risk Assessment Challenges Top Risk Assessment Challenges Specific employees or groups LRN | 2008 Ethics and Compliance Risk Management Practices Report | 24 11% 11%
Function 2008 Compliance 6300% Legal 2008 6200% Internal Audit 5900% 6300% Executive 6200% Team 5600% Human Resources 5900% 5100% Board of 5600% Directors 4700% Finance 5100% 4400% Business 4700% managers 4100% Ethics 4400% 3900% IT 4100% 3800% Data Privacy 3900% 3400% Risk Office 3800% 2300% External 3400% Auditors 2200% Consultants 2300% 1400% 2200% Managers 1400% Involved in Risk Assessments%Respondents Under 5,000 4200% Over 10,000 in Risk Assessments%Respondents 5600% 4200% 5600% Don’t know No 10% 19% 13% Don’t know 58% No Yes 10% 19% DETAILED RESULTS 4. What is the Frequency of conducting Ethics and Compliance Risk Assessment About 4 in 10 enterprises conduct risk assessments % Respondents annually Another 25% performing % Respondentsthem periodically as part of their audit procedures. 13% 58% Frequency of Conducting Risk Assessments Yes 42% Under 5,000 employees 56% Over 10,000 employees 42% Under 5,000 employees Frequency of Conducting Risk Assessments Less than once a year Top Ethics and Compliance Risks %Respondents Top Electronic Data Protection 5200% Data Privacy 4700% Less than once a year I do not know pliance Risks %Respondents Intellectual Property 3200% 5200% Environment Health and Intellectual Property 3000% I do not know 4700% More than FCPA and Anti-bribery 2700% 8% 5% 3200% Sexual Harassment 2600% once a year ellectual Property 3000% Electronic 0% 2 Export Controls 2300% More than 9% 2700% 8% 5% Conflicts of interest 2600% 2100% once a year Supply Chain 2000% 40% Annually 2300% 9% Electronic Data Protection 52% Insider Trading 2100% 1600% 14% Inte 2000% No formal 40% or Annually Data Privacy 47% Frequency of 1600% Conducting Risk Assessments Respondents set schedule Intellectual Environment Property Health 32% and Inte Annually 144No formal 39% or 14% Periodically as part of audit 90 25% FCPA g Risk Assessments Respondents set schedule No formal or set schedule 51 14% 25% Environment Health and Intellectual Property 30% 144 39% More than once a year 34 9% Se f audit 90 25% FCPA and Anti-bribery 27% edule I do not know 51 28 14% 8% 25% ar Less than once 34 a year 17 9% 5% Periodically as Sexual Harassment 26% 28 365 8% part of audit Co Export Controls 23% ar 17 5% Periodically as 365 part of audit Conflicts of interest 21% % Respondents Supply Chain 20% Using information from Risk Assessment%Respondents Share findings 7100% % Respondents Insider Trading 16% rom Risk Assessment%Respondents Rank findings 5100% Apply findings to programs 4300% 7100% Map findings 5100% 3200% grams Don't know 4300% 1000% Other metrics 3200% 300% 1000% 300% Companies conduct risk assessments on a regular basis, either once per year or scheduled periodically along with regular audits. The best practice is to conduct an ethics and compliance risk assessment as consistently as possible to keep awareness up with changing laws and regulations that affect the enterprise as well as to track changes from one period to the next. Map risks according to: % Respondents Specific employees or groups 2900% g to: % Respondents Other metrics 1100% r groups 2900% 1100% 5. How do you use or apply information from your ethics and compliance risk assessment 7 in 10 companies share risk assessments findings. Using information from Risk Assessment Ranking findings according to: % Respondents Probability of occurrence 4400% ccording to: % Respondents Monetary value 2700% Other metrics 2100% nce 4400% 2700% 2100% 100% 80% Using information from Risk Assessment 100% 80% 60% 71% Top Risk Assessment Challenges % Respondents Inadequate resources 4700% nt Challenges % Respondents Obtaining accurate/ quantifiable info 3500% Conducting a global assessment 2600% s 4700% quantifiable info Analyzing 3500% and applying the findings 2000% assessment Insufficient 2600% technology 2000% ing the findings No significant 2000% challenges 1200% y Don't know 2000% 800% ges Other 1200% 300% 800% 300% 60% 40% 20% 0% % Respondents Ranking Findings 71% 40% 51% 20% 0% % Respondents 43% Share findings Rank findings Map findings Apply findings to programs Other metrics Don't know 32% 51% 43% Share findings Rank findings Map findings Apply findings to programs Other metrics Don't know 32% 10% 3% 10% 3% % Res Top Risk Assessm Ranking Findings 50% 50% 40% 30% 20% 10% 44% 40% 30% 20% 10% 27% 0% 21% 44% 27% 21% 0% Inadequate 10% 20% resources Inadequate resourcesObtaining 47% accurate/ quantifiable info Obtaining accurate/ quantifiable info Conducting 35% a global assessment Conducting a global assessmentAnalyzing 26% and applying the findings 47% 35% 26% 20% 0% % Respondents % Respondents Probability of occurrence Monetary value Probability of occurrence Monetary value Other metrics Analyzing and applying the findings 20% Insufficient technology LRN | 2008 Ethics and Compliance Insufficient Risk technology Management 20% Practices No significant Report challenges | 25 No significant challenges 12% Other Other 8% Don't know 20% 12% 8% 3%
Page 1 and 2: ® Inspiring Principled Performance
Page 3 and 4: EXECUTIVE SUMMARY Increased global
Page 5 and 6: EXECUTIVE SUMMARY LRN’s Approach
Page 7 and 8: KEY FINDINGS To address these conce
Page 9 and 10: KEY FINDINGS 10 companies also offe
Page 11 and 12: 20 SIGNIFICANT RISK MANAGEMENT TREN
Page 13 and 14: 80% 52% 58% 60% 40% 20% TRENDS 42%
Page 15 and 16: TRENDS ondents man 900% 000% Respon
Page 17 and 18: Why Ethics and Compliance Risk Asse
Page 19 and 20: Educating a Diverse Workforce An In
Page 21 and 22: Avoiding the Pitfalls of Detection
Page 23: 2008 DETAILED RESULTS DEFINE 1. Is
Page 27 and 28: DETAILED RESULTS Lack of adequate r
Page 29 and 30: Ot Workforce Outreach Workforce Out
Page 31 and 32: DETAILED RESULTS terms of budget an
Page 33 and 34: Anonymous/Confidential Reporting Ch
Page 35 and 36: Top Challenges %Respondents No sign
Page 37 and 38: DETAILED RESULTS uantitative measur
Page 39 and 40: DETAILED RESULTS Quarterly 4100% An
Page 41 and 42: DETAILED RESULTS It’s also a posi
Page 43 and 44: LRN ETHICS AND COMPLIANCE MARKET MA
Page 45 and 46: ,000 es r 5,000 loyees an 2,500 s t
Page 47: RESPONDENT PROFILE Level of regulat

The LRN ethics and compliance risk management practices report

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?