Seven Cost Effective Ways Small Companies Can Reduce Their Risk and Meet Government Requirements Without Breaking the Bank
In large companies and government/non-profit organizations, there is an increasingly strong trend to to invest significant resources to prevent violations of law and unethical conduct by employees and managers alike. Many of these programs have dedicated staffs, often at the Corporate Vice-President level (or above), high dollar budgets, extensive codes of conduct, and multimedia Ethics training and communication products. Many of these programs are effective; some are not. How can a smaller company with limited resources approach the myriad of ethics requirements promulgated by State and Federal regulatory agencies, the Federal Acquisition Regulations, and the Department of Justice?
The truth is, there are only two basic things required to put together an effective Ethics program: a management commitment to doing the right thing, and the processes and procedures for making that happen. Its about making sure that everyone who works for the company knows what to do, and how to do it. The same level of effort that goes into making sure a company is financially successful needs to go into making sure that it is ethically above reproach.
Here are seven basic, cost-effective ways that small companies can demonstrate their due diligence and commitment to ethics and integrity and establish a size-appropriate Ethics and Compliance Program:
1. Conduct a Risk Assessment to identify the most likely vulnerabilities and ethical challenges facing your industry and your business. Establish and document internal controls that address those risks.
2. Develop a Code of Conduct that addresses your company's core values and the most likely risks. Make sure the Code is easy to read and understand, identifies both company and employee responsibilities, and the consequences of failing to follow the rules.
3. Create an Ethics and Compliance training class for new hires, and for all employees at least once per year. Focus on the requirements contained in the Code of Conduct. Use a combination of off-the-shelf compliance training available from multiple vendors, and live training that underscores the CEO's commitment to ethics and integrity in your business.
4. Assign a senior executive in the company the additional duties of Chief Ethics and Compliance Officer (CECO). Ensure that the CECO reports directly to the CEO for this purpose. This person must be trusted by the employees, be accessible, and be empowered to operate in an independent manner. The CECO should develop and implement a regular program of corporate communication that emphasizes the company's commitment to ethical behavior. The CECO should regularly involve and brief the Board of Directors on all aspects of the Ethics and Compliance program.
5. Establish an anonymous, 24-hour employee Hotline/Helpline (both telephone and internet accessible). Small companies might be best served by outsourcing this function to one of the many low-cost, professional firms to ensure complete anonymity.
6. Document procedures for how you will investigate allegations of wrongdoing, including who will conduct the investigation; what kind of report will be produced; and who in the organization will make a decision on disciplinary action.
7. Require all companies and contractors you do business with to have their own Code of Conduct, training program, and internal controls. Thoroughly check out all potential business partners and subcontractors to ensure that they have operated with a record of ethics and integrity, and don't pose a potential risk to your reputation.