DOCSLIB.ORG

Pwc State of Compliance Study 2016 Laying a Strategic Foundation for Strong Compliance Risk Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Pwc State of Compliance Study 2016 Laying a Strategic Foundation for Strong Compliance Risk Management pwc.com/us/stateofcompliance PwC State of Compliance Study 2016 Laying a strategic foundation for strong compliance risk management PwC State of Compliance Study 2016 PwC State of Compliance Study 2016 Welcome Table of contents Welcome to our State of Compliance report for 2016—2016 marks our 6th annual Introduction 2 Delve into the study which is designed to give corporate compliance officers benchmarking data full analysis of to help them understand common industry practices today and plan for more the PwC State of effective, more efficient compliance operations in the future. The study aims to Compliance Study give compliance leaders a view into organizations’ tone at the top, process to assess Tone at the top 4 2016 at pwc.com/us/ risk and compliance and ethics oversight structure and scope. These compliance stateofcompliance program elements, representing the business strategy elements of compliance and ethics, are among the most frequently debated topics by compliance practitioners. Risk assessment 8 We extend our sincere thanks to the more than 800 executives globally who participated in this year’s survey. Respondents represented a great diversity of company sizes, industries and responsibilities. This year, just over a third of respondents came from companies with anticipated revenues of more than $5 Oversight and responsibility 13 billion. Banking and Capital Markets organizations showed a particular interest (15% of total respondents), just as in 2015. A third of our respondents are either a Chief Compliance Officer (CCO), Chief Ethics and Compliance Officer (CECO), Chief Legal Officer or General Counsel and a fourth described themselves as a Chief Audit A look at those with the strongest compliance commitment 17 Executive or equivalent. Additional respondents are senior legal counsel or directors or managers of compliance, ethics, audit, or risk. We hope you find the information in this PwC State of Compliance Study 2016 report insightful and valuable in helping you improve the effectiveness of your Conclusion 18 organization’s corporate compliance function. Sincerely, Andrea Falcione Seth Cohen Managing Director, PwC Director, PwC [email protected] [email protected] +1 617 530 5011 +1 646 471 0105 Laying a strategic foundation for strong compliance risk management 3 PwC State of Compliance Study 2016 PwC State of Compliance Study 2016 Introduction State of Compliance Study 2016 at a glance In our 6th annual State of Compliance programmatic performance essential business processes and to assess the Study, we took a slightly different to determining the effectiveness of effectiveness of compliance efforts Embedding compliance into both strategy and everyday operations begins with effectively establishing the tone at approach than in prior years—this risk and compliance processes and against strategic objectives. By focusing the top, assessing compliance and ethics risks in efficient collaboration with other risk functions and building the time, focusing on the elements identifying potential blind spots in our study more closely on these three governance and oversight structure that provides a high level of confidence over regulatory matters. represented in the business strategy oversight or management. strategic elements of an effective portion of PwC’s proprietary compliance and ethics program, we Tone at the top: Strategic We focused this year on business Risk assessment: Coordinated compliance and ethics framework, hope to provide CECOs and other involvement approach depicted in Figure 1 and refreshed strategy because the connection of compliance leaders with meaningful since first introduced in our 2015 study. compliance to business strategy— information against which they may Senior executives support compliance and ethics Compliance and ethics is aligning activities with including tone at the top, risk benchmark and further develop programs, but are less visibly engaged in leading other assurance functions, but more coordination Within the framework, business assessment, and oversight and the strategic cornerstones of their their companies’ programs is possible strategy refers to the approach and responsibility—lays the strategic compliance and ethics programs. In have senior leadership that is committed to tenor the organization takes to align foundation for both a culture 98% 54% conduct compliance and ethics-specific risk subsequent studies, we will look more compliance and ethics assessment activities beyond ERM efforts risk and compliance with its business of compliance and ethics, and closely at the business management indicate senior leadership provides only ad hoc strategy and to manage associated management programs that help and business performance elements of 55% In their risk assessment, compliance and ethics program oversight or delegates most compliance and risks. Business management refers to ensure the organization conforms to the framework, all of which are needed teams may be missing valuable “bottom up” ethics oversight activities how risk and compliance management all necessary regulatory requirements to drive effective compliance and ethics information… is owned by the business and and ethical standards. Without strong programs. integrated into the business processes alignment of compliance management Deficiencies in measurement may contribute to 21% use employee surveys to gather information for and culture. Business performance is to business strategy, it is difficult to lagging leadership engagement their risk assessments the measurement of operational and efficiently integrate compliance into 48% report their organization assesses its “tone at …and, in execution, falling short on getting the top” business units to own compliance risk Figure 1: PwC’s compliance and ethics framework To align compliance to business strategy, 67% have a process to identify owners of specific compliance officers will need to be more actively compliance and ethics-related risks involved in strategic discussions Legal or compliance “owns” 11 of 17 compliance Business strategy Tone at 36% are “inherently integrated” or “play a key role” and ethics-related risks most frequently the top in strategic planning Risk assessment Oversight & responsibility Policies & procedures Oversight and responsibility: Focused and efficient Business management Board-level oversight committees demonstrate a rising focus on compliance and ethics Training Communication 20% have Boards of Directors that formed a separate, stand-alone compliance/ethics committee Monitoring, analysis, & response Dedicated business unit compliance officers are keenly focused on monitoring activities have dedicated business unit or business area compliance officers Reporting 72% Business oversight 89% select compliance monitoring as a primary area of responsibility Enforcement Resource & Auditing & discipline performance In-house compliance committees are becoming more streamlined management In-house committees do 11 of 14 activities less frequently than in 2015 2 PwC Laying a strategic foundation for strong compliance risk management 3 PwC State of Compliance Study 2016 PwC State of Compliance Study 2016 Tone at the top An organization has established more accountable for participation, Figure 2: Sample compliance and ethics executive scorecard effective tone at the top when senior which is motivating some innovative “Our program goal is to leadership demonstrates personal organizations to incorporate executive manage global risks that We have adapted the following compliance and ethics executive scorecard from a similar version developed by one of our more and organizational commitment to metrics into their compliance and ethics innovative clients. It is a great example of how one organization holds executive leadership accountable for its critically important compliance and the compliance and scorecards (Figure 2). Such scorecards impede meeting strategic role in the company’s compliance and ethics program. ethics program, and this commitment enable both senior leadership and goals while not adding To use such a scorecard, a company might first require the executive to provide a self-rating, followed by a blind rating by the permeates all levels of management. compliance and ethics department unnecessary cost and compliance and ethics department—similar to many organizations’ general performance management processes. In the event that leadership to stay focused on the burden to the bottom line.” an executive is found to be deficient, the CECO might co-develop an action plan designed to increase the executive’s compliance Executive commitment. Senior elements that matter most to actively leadership proficiency. Should there be a lack of improvement on a year-over-year basis, the individual’s incentive compensation executives appear to be supporting driving a culture of compliant behavior 2016 study respondent may be affected, and he or she may be otherwise held to task by the CEO or the Board. their compliance and ethics programs, and ethical decision making. They but they are less visible as actively enable senior leadership to be more Compliance and Associated metrics Executive’s self Compliance and frequent reinforcement. However, our engaged leaders of their companies’ attuned to what is happening with the ethics program rating ethics department’s study revealed that only 26% of senior element(s) rating programs. An overwhelming majority compliance and ethics program and, as executives speak of compliance and Tone at the top; 1) Incorporates
Load more

Recommended publications
  • Tone-At-The-Top-December-2019.Pdf
    ® TONE at the TOP Providing senior management, boards of directors, and audit committees Issue 96 | December 2019 with concise information on governance-related topics. The Governance Benchmark There is a significant disconnect between our assessments of governance and true governance effectiveness. It’s time to determine why our governance evaluations are often wrong and what we can do to fix the problem. We have entered an age of nonstop performance measurement. Throughout the world, teams of managers, auditors, and consultants are using disciplined, data- driven approaches such as Six Sigma, Kaizen, and Lean to evaluate business performance. The reason is simple: The Measurement Challenge Running a company without measurement is like trying to improve your golf game without keeping score. You’ll It is difficult to measure corporate governance. It probably get results, but they are unlikely to be what you encompasses all of the systems by which organizations wanted. As management guru Peter Drucker pointed out, are directed and controlled, and some of those systems if you can’t measure it, you can’t improve it. That’s why are difficult to quantify. Governance is more than policies we use standards, benchmarks, evaluation forms, and and procedures. It’s about how we make decisions, scorecards to evaluate virtually every aspect of business establish objectives, and monitor their achievement. performance — with one very significant exception. It’s about working relationships and how we motivate, discipline, and reward behaviors. What’s more, effective Most companies still don’t measure their overall system of governance is constantly under construction. Regulations corporate governance.
    [Show full text]
  • Corporate Compliance and Business Conduct Program
    CORPORATE COMPLIANCE AND BUSINESS CONDUCT PROGRAM 2020 ANNUAL REPORT CONTENTS Introduction Monitoring and Auditing Welcome from the CECO . .1 Confidential Reporting ...................................9 Xcel Energy’s Vision, Mission and Values ...................1 Anti-Retaliation........................................10 Purpose .............................................2 Allegations of Wrongdoing ..............................10 Significant Allegation Process ............................10 Oversight Investigation Data .....................................10 Tone at the Top........................................3 Audit Services . 10 Investigations Governance...............................3 Board of Directors .....................................4 Incentives and Discipline Audit Committee ......................................4 Positive Discipline .....................................12 Governance, Compensation and Nominating Committee (GCN) . 4 Incentives............................................12 Chief Ethics and Compliance Officer.......................4 Quarterly Connections..................................12 Director of Corporate Compliance .........................4 Violating the Code of Conduct............................12 CCBC Council.........................................4 Investigations Governance Committee .....................5 Due Diligence VP Oversight Team ....................................5 Conflict of Interest Disclosure ............................13 Compliance Tools......................................5
    [Show full text]
  • Accounting Fraud at Xerox Corporation: Ethical Considerations1
    Accounting Fraud at Xerox Corporation: Ethical Considerations1 Amy Butala Eastern Michigan University Zafar U. Khan Eastern Michigan University Management at Xerox Corporation faced with strategic mistakes and tough economic environment resorted to creative accounting to meet financial targets and Wall Street expectations. This case presents a brief history of Xerox Corporation, followed by Xerox’s corporate culture in the 1980s & 90s, and the SEC investigation. The focus of the case is the actions of an assistant treasurer that top management used to guide Xerox through tough economic times and help make financial results appear more favorable. A teaching note is included. The case may also be used for exploring strategic issues or accounting issues and the mechanics of GAAP violations. Keywords: Xerox, Accounting Fraud, Ethical Issues, Code of Ethics, Professional Behavior XEROX HISTORY Xerox Corporation (Xerox) was founded in 1906 in Rochester, New York as The Haloid Company. It started making and selling photographic paper. Chester Carlson made the first xerographic image in his lab in Astoria, Queens, New York City in 1938 and was granted a patent for his electro-photography technology, which was later, changed to xerography (for the ancient Greek words for “dry and “writing”). In 1942 Carlson perfected a process for transferring electrostatic images from a photoconductive surface to paper. In 1948 the word “Xerox” was trademarked. Haloid commercialized xerography in1949 with the Model A copier and the Xerox Copyflo in 1956. By that time xerographic products represented 40% of sales. The company name was changed to Haloid Xerox in 1958. In 1959 the first simplified office photocopier was developed, called the Xerox 914, bringing the company major recognition.
    [Show full text]
  • Call for Papers Accounting Ethics and Tone at the Top Centre for Accounting Ethics, University of Waterloo Journal of Business Ethics Special Issue Symposium
    Call for Papers Accounting Ethics and Tone at the Top Centre for Accounting Ethics, University of Waterloo Journal of Business Ethics Special Issue Symposium Dates: 18-20 April, 2013 Location: Toronto, Canada Symposium Link: http://accounting.uwaterloo.ca/ethics/EthicsSymposium.htm Guest Editors: Sally Gunz, Centre for Accounting Ethics, School of Accounting and Finance, University of Waterloo, Canada Linda Thorne, Schulich School of Business, York University, Canada Organizing Committee, Centre for Accounting Ethics University of Waterloo, Canada: Sally Gunz Theresa Libby Linda Robinson Scope of Special Issue: The theme of this Issue and its supporting Symposium is an intentional challenge to the academic accounting ethics discipline. There is a growing literature exploring issues of tone at the top particularly as it impacts governance. An understanding of managerial values and intent goes to the heart of the services the accounting profession provides and this is reflected in at least two distinct streams in the literature. The challenge laid down by this Symposium and call for papers is to consider tone at the top in its broadest sense; to identify those questions to date unexplored and to investigate the interactions between existing paradigms. The role of tone at the top and its interaction with accounting has a long history. The first recommendation of the Treadway Commission for the public company in 1987 addressed ‘the tone set by top management’ (NCFFR, 1987). It was one of three key elements the Commission identified ‘within the company of overriding importance in preventing fraudulent financial reporting’ with the other two being Internal Audit and Audit Functions and the Audit Committee (p.
    [Show full text]
  • Internal Audit of Tone-At-The-Top and WFP's Leadership Arrangements
    Internal Audit of Tone-at-the-Top and WFP’s Leadership Arrangements Office of the Inspector General Internal Audit Report AR/20/01 January 2020 Office of the Inspector General | Office of Internal Audit Contents Page I. Executive Summary 3 II. Context and Scope 6 III. Results of the Audit 8 Annex A – Summary of Observations 27 Annex B – Definitions of Audit Terms: Ratings and Priority 29 Annex C – Acronyms 32 Report No. AR/20/01 – January 2020 Page 2 Office of the Inspector General | Office of Internal Audit I. Executive Summary Tone-at-the-Top and WFP’s Leadership Arrangements 1. As part of its annual work plan, the Office of Internal Audit conducted an audit of Tone-at-the-Top in WFP that focused on the period 1 October 2018 to 30 September 2019. The audit team conducted the fieldwork from 14 to 25 October 2019 at WFP Headquarters in Rome, Italy. The audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing. One of internal audit’s key responsibilities is to assess the adequacy and effectiveness of the internal control environment directly impacted by tone-at-the- top and culture, and the conduct that arises from employees acting out and exhibiting their interpretation of the values of that culture. 2. The culture of an organization drives how it conducts business and executes its strategies. Tone-at-the-Top is one of four points of focus for the Control Environment of an organization applying the COSO1 Internal Control Framework. This Framework states: In ‘setting the Tone-at-the-Top’ the board of directors and management at all levels of the entity demonstrate through their directives, actions and behaviours the importance of integrity and ethical values to support the functioning of the system of internal controls.
    [Show full text]
  • Transparency Report 2020
    Transparency Report 2020 January 2021 kpmg.co.im © 2021 KPMG LLC, an Isle of Man limited liability company and a member firm of the KPMG network of independent member firms 0 affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Document Classification: KPMG Confidential Contents 1. Message from our Senior Partner 2 2. Who we are 4 2.1 Our businesses 5 2.2 Our strategy 5 3. Our structure and governance 6 3.1 Legal structure 7 3.2 Name, ownership and legal relationships 7 3.3 Responsibilities and obligations of member firms 7 3.4 Governance structure 8 4. System of quality control 9 4.1 Tone at the top 11 4.2 Leadership responsibilities for quality and risk management 11 4.3 Association with the right clients 12 4.4 Clear standards and robust audit tools 14 4.5 Recruitment, development and assignment of appropriately qualified personnel 21 4.6 Commitment to technical excellence and quality service delivery 23 4.7 Performance of effective and efficient audits 25 4.8 Commitment to continuous improvement 27 5. Financial information 31 6. Partner and Director remuneration 33 7. Network arrangements 35 7.1 Legal structure 36 7.2 Responsibilities and obligations of member firms 37 7.3 Professional Indemnity Insurance 37 7.4 Governance structure 37 7.5 Area Quality & Risk Management Leaders 37 8. Statement by the Board of KPMG Isle of Man on the effectiveness of quality controls and independence 38 Appendix 1 Key legal entities and areas of operation 40 Appendix 2 Board of KPMG LLC 42 Appendix 3 EU Public interest entity listing at 30 September 2020 44 Appendix 4 The KPMG Values 46 Appendix 5 Quality in our Tax Practice 48 © 2021 KPMG LLC, an Isle of Man limited liability company and a member firm of the KPMG network of independent member firms 1 affiliated with KPMG International Limited, a private English company limited by guarantee.
    [Show full text]
  • COSO Internal Control Framework Summary with RF Examples Component Principles Point(S) of Focus Examples
    COSO Internal Control Framework Summary with RF Examples Component Principles Point(s) of Focus Examples Management attitude, values and control, 1.1 Tone at the Top consciousness of personnel; Importance of integrity and ethical values 1.2 Mission Statement Identifies organization's purpose 1. Demonstrate commitment to integrity and ethical Expectations of Board and Sr. Mgmt values concerning integrity and ethical values are defined and understood by all levels of 1.3 Standards of conduct organization, aw well as outside sources with processes in place to evaluate performance against expected conduct Unethical, immoral, etc. activities 1.4 Address deviations timely addressed appropriately and timely Board of Directors, Supervisory Board, 2.1 Oversight structure defined etc. Appropriate decisions to achieve 2.2 Applies relevant expertise objectives 2. Exercise oversight of the internal control program 2.3 Operates independently Independent from organization Oversees management design, 2.4 Oversight of the internal control program implementation, operation of the internal control program Document the "Who, What, Where, 3.1 Internal Control Program documented When, Why" of the internal control program Control Environment 3. Establish structure, reporting, authority, 3.2 Reporting lines established Reliably report quality information responsibilities Provides ownership of the control 3.3 Assign responsibility and delegation of authority program and ensures segregation of duties Appropriate policies and procedures 4.1 Establishes Policies
    [Show full text]
  • Leading with Integrity
    Leading with Code of Integrity Conduct Dear Sprint team , Success is only meaningful when it is achieved the right way, with the right values. It’s more important than ever that we act with integrity, put our customers first and adhere to high ethical standards in our business conduct. I’m proud that we’re known as a trustworthy company, which requires each of us to do the right thing every day. The Sprint Code of Conduct outlines our ethical and legal responsibilities as employees, as well as our interactions with customers, competitors and suppliers. One of our most valuable assets is our reputation for honesty and fairness, and I appreciate your commitment to uphold this responsibility. By creating an environment of trust and understanding, we also are respecting each other. When in doubt, don’t hesitate to speak up, ask questions and take action. Thank you for everything you do to take pride in your work and help Sprint stand out as an ethical leader. Page 2 Ethics Helpline: 913-794-1666 or 800-788-7844 Table of Contents Leading with Integrity – Employee Privacy 12 Investments and Financial Opportunities 22 The Way We Do Business Employee Relations and Discrimination 12 Investments in Competitors 22 Investments in Other Companies 23 Harassment 13 Initial Public Offerings or 23 Workplace Safety 13 Foundation of Integrity 4 Preferential Allocations Safety and Health 13 Sprint Code of Conduct 4 Procurement 23 Drugs and Alcohol 14 Making Ethical Decisions 4 Violations and Consequences 5 Integrity with Our Customers Integrity in Our Communities
    [Show full text]
  • CODE of ETHICS Sept 2014 FINAL
    CODES OF CONDUCT: HOW TO ESTABLISH THE RIGHT TONE It is important that nonprofit leaders maintaining high standards, this attitude maintain the highest ethical standards for could be observed and mirrored by their organizations. Given today’s employees and volunteers. difficult business climate and greater scrutiny of nonprofits, an organization’s B. Duty of Obedience reputation for integrity and good stewardship are more critical than ever. The first expectation that the directors must meet and set for others is the duty One basic step an organization can take of obedience. As part of the duty of to establish and maintain high ethical obedience, directors, officers, employees standards is to adopt a code of conduct, and volunteers must act in a manner also known as a code of ethics. The consistent with the code of conduct, as purpose of the code is to set forth the well with as the provisions of the organization’s values and to make clear organization’s articles of incorporation, that everyone involved in the bylaws, and the organization’s tax- organization is expected to act in exempt status. They should be familiar accordance with those values. with the organization’s mission and strive to uphold that mission at all times. A. The Tone at the Top Finally, they must comply with all federal, state and District of Columbia The first step is for the Board to laws as they apply to the organization. establish an appropriate “tone at the top.” The “tone at the top” refers to the C. Contents of the Code ethical climate created in an organization by its leadership.
    [Show full text]
  • Setting the Tone at the Top
    New standards Setting the tone at the top 30 March 2017 10 questions for audit committees In a matter of months, the biggest changes in accounting for more than a decade will come into effect, but our research shows that the vast majority of companies aren’t ready. Progress varies by geography and by industry. But overall, it’s clear that a considerable amount of work still needs to be done. You, as an audit committee member, have a crucial part to play. Regulators are expecting high-quality implementation, and your role is to set the right tone at the top Mark Vaessen and oversee implementation. Partner KPMG International Urgency calls for action For companies with December year ends, the new revenue and financial instruments requirements are effective in less than nine months, so it’s time to step up your efforts on the implementation of these mandatory requirements. Management will implement the new requirements, but the audit committee is tasked with the crucial oversight role: to evaluate management’s progress, challenge the judgements and assess the controls. You need to be on top of the judgements I regularly speak with regulators and clients about the challenges of implementation. My key recommendation is not to underestimate the sheer volume nor the complexity of new judgements and estimates that the new standards introduce – whether in the context of the new expected credit loss model under IFRS 9, or in determining how many performance obligations a customer contract contains and how much revenue to allocate to each performance obligation under IFRS 15.
    [Show full text]
  • The Tone at the Top Ten Ways to Measure Effectiveness
    The tone at the top Ten ways to measure effectiveness Deloitte Forensic Center 1 in 4 to 1 in 20.”1 (The Importance of Ethical Culture, If an entity’s “tone at the top” could be measured and Increasing Trust and Driving Down Risks, p 8, Ethics correlated with higher earnings quality and lower rates of Resource Center, 2010) financial reporting fraud and other serious wrongdoing, Research and the evolution of practices suggest that evaluating the tone at the top is well established in what directors would not want to measure that tone? certain entities, but there are still many entities that do not do it. Also, the evaluation methods used may be If similar techniques could be used to identify a division, able to be improved in many cases. a subsidiary, or a geographic area where employees 1 The Importance of Ethical Culture, Increasing Trust and Driving Down believe management is paying lip service to compliance Risks, p. 8, used with permission of the Ethics Resource Center. and ethics but did not “walk the talk” in their day-to- day actions, what compliance and risk management executives would not want to know where that was occurring and take remedial action before serious “The findings also indicate that tone wrongdoing could affect the entity as a whole? at top perceptions and audit A supplemental research report for the 2009 National committee quality are positively Business Ethics Survey states that, “In stronger as opposed to weaker cultures, pressure [to commit associated with earnings quality.” misconduct] is reduced from 16 to 4 percent…; rates of misconduct are roughly halved from 77 to 40 percent; Professors James E.
    [Show full text]
  • Internal Controls: the Key to Accountability*
    Internal Controls: The Key to Accountability* *connectedthinking Internal Controls: The Key to Accountability By John A. Mattie, Paul F. Hanley, and Dale L. Cassidy About the Authors John A. Mattie is PricewaterhouseCoopers' National Education & Nonprofit Practice Leader. He has over 25 years of diversified audit and consulting experience with particular expertise serving public and private research universities as well as independent schools and other types of not-for-profit organizations. Previously, John led PricewaterhouseCoopers' education consulting practice. His current role combines his audit and consulting leadership skills. Paul F. Hanley is a PricewaterhouseCoopers audit partner who specializes in serving colleges, university, not-for-profit and government organizations. He is one of the Firm’s top national technical consultants, especially concerning issues affecting public colleges and universities. Dale L. Cassidy is a director in PricewaterhouseCoopers’ Education Advisory Services practice. He specializes in advising colleges and universities about risk and control issues, such as those raised by the Sarbanes-Oxley Act of 2002. The authors have written numerous publications including: The upcoming second edition of Understanding Financial Statements: A Strategic Guide for Independent College and University Boards, which is expected to be published by the Association of Governing Boards of Universities and Colleges (AGB) in 2005 Meeting the Challenges of Alternative Investments, published by PricewaterhouseCoopers in 2004
    [Show full text]