ADDITIONAL GUIDANCE

When your company invests funds and energy in implementing the 5STIL principles, ensure and monitor the effectiveness of your compliance programme and integrity culture. There are many examples of companies having a pro forma programme and even a compliance officer, but nevertheless experiencing a severe failure due to a poor ethical culture and serious compliance violations. In doing so, use the recommended indicators, which point to effective implementation and progress for an individual principle, and additional guidelines and explanations presented below.

When establishing a compliance programme and function, think about the following:

  • How are the presented compliance and integrity principles specifically linked to your operations, in what way they can they support the fulfilment of your mission, vision and strategy, how are they connected with your values and efforts to strengthen your brand. This will help with motivation.
  • Do you have an adequate plan for introducing the 5STIL principles in your organization, with a defined team, assigned specific tasks and deadlines and sufficient resources (human, spatial, financial, information)?
  • Does the compliance officer have adequate support: a clearly defined mandate and procedures of work, access to the resources needed for their work, adequate knowledge, expert and leadership experience, skills and character and a formal high-level position?

During the subsequent monitoring of the effectiveness of your compliance and integrity programme, leaders must regularly obtain the following information (preferably quarterly and annually):

  • Has a case of fraud occurred in the company; what costs and other difficulties did you suffer or are still threatening; what response activities have already been or should have been implemented?
  • What inspections or other supervisory/enforcement procedures did the company have; what were the established irregularities or insufficiencies; were fines or other measures imposed, or recommendations given; what action plan is needed as a remedy?
  • What important changes in the legal environment have been adopted or are perhaps being prepared; what effect will they have on the business operations of your company (administrative, information, human resources, direct financial … effects); are the adjustment activities and an action plan defined in order to comply in timely manner?
  • How many compliance reviews in specific processes and business activities have taken place; what were the findings and were the necessary measures for mitigating non-compliance and for better risk management implemented? Are these reviews risk – based and do they also include your associated entities and important contractual partners?
  • What are the 5-10 most important business compliance risks, in which processes or activities, markets; a description of these risks and how they are manifested; what are the risk drivers and related measures?
  • Are compliance risks evaluated and adequately managed in the process of planning of important changes, like changes in the business model, organisation, expansion of market or product lines, production, introduction of new products, major purchases, etc.?
  • Do the statistics on violations reported by employees (whistle-blowing) tell you that you have a good culture of open communication about problems and their effective resolution, or perhaps you have no reports at all (which is a bad indicator)?