In a stunning announcement on Saturday, Andrew Luck revealed his retirement from pro football. Robert Mays, writing in The Ringer, said, “Andrew Luck’s decision to walk away from the NFL is unlike any sports retirement news of this generation.” Yet as painful as Luck’s decision may have been it was also the right one for him. As Jerry Brewer noted in the Washington Post, “For all of Andrew Luck’s emotion and tears, for all the shock over his bombshell retirement, he exited football in a rational and calculated manner. This was no impulsive act born of fleeting frustration. He knew it was time.” Luck himself said in an impromptu news conference, “For the last four years or so, I’ve been in this cycle of injury, pain, rehab — injury, pain rehab — and it’s been unceasing, unrelenting, both in-season and offseason. And I felt stuck in it, and the only way I see out is to no longer play football. It’s taken my joy of this game away.”
What all this means for his (now) former team, the Indianapolis Colts, the rest of AFC South Division and for pro football remains to be seen. However, for the Colts former back up and now starter Jacoby Brissett, he is now the quarterback for a playoff winning team from last year. What will be his, or rather the Colts’ game plan going forward?
That final question informs today’s blog post. What would you do if had to take over as a Chief Compliance Officer (CCO) in short notice? More often the situation might be, what would you do if you became a CCO through the more traditional hiring process? Fortunately, to answer both queries, my colleague Jonathan Marks and myself recently published an eBook Compliance Program Game Plan. In this eBook, we lay out our thoughts on a guide for CCOs and those responsible for developing and implementing compliance policies and procedures for an organization. It is our vision that companies have more than a best-in-class compliance program going forward. It is broken down into four sections: (1) the first 30 days, (2) the first 90 days, (3) the first 180 days and (4) the first year.
First 30 Days
In the first 30 days, we suggest you (a) Review the compliance budget, (b) Meet with leaders from other corporate functions, (c) Review internal documentation and (d) Inventory compliance policies and procedures.
The role of the compliance policies is to prevent, detect and remediate any compliance related issue(s) which may arise with the organization, employees and third parties working on behalf of the company. Compliance policies provide a basic set of guidelines for employees and others to follow. Compliance policies should provide general prescriptions and be supplemented by more specific procedures. By establishing what is and what is not acceptable ethical and compliant behavior, a company helps mitigate the risks posed by employees who might not always make the right ethical choices. The key in this first phase is to obtain a full grasp on the basic state of your compliance program and meet with key stakeholders.
First 90 Days
In the first 90 days, you should continue your review of key documents and get out on the road. We suggest the following: (a) A worldwide listening tour to engage and educate throughout the organization, (b) Review past data and findings in all risk assessments, hotline reporting data, internal audits, culture surveys, internal investigations or other documents that discuss the state of your compliance program, (c) Begin the process to refine or develop training and delivery, (d) Improve communications from the compliance function to and through the organization and (e) Meet with outside compliance counsel, both those you utilize for investigations and those who focus more on the nuts and bolts work of compliance.
To introduce yourself and the compliance function to the company, we recommend you undertake a minimum two-week Listening Tour, to engage employees with the compliance function and to educate the workforce on the goals and objectives of the program. A listening tour should reach across the world of the company – both geographically and functionally. The goal of the listening tour is to both engage and educate employees.
First 180 Days
Here you are still in the learning phase but beginning to move actively move forward. We suggest you (a) Perform a gap analysis of the internal compliance controls, (b) Bring in an outside independent to administer a cultural survey, (c) Work with your Chief Financial Officer (CFO) and their team to review and analyze key financial processes to understand how compliance fits into that framework and (d) Hold a Compliance Retreat.
A gap analysis is mainly a document review or a “show me the proof” type activity, evidence which usually will come in the form of a record or document. During a gap analysis, there is some auditing accomplished, with key stakeholders providing the evidence they may have – or not – for each of the requirements set forth in the relevant internal controls standard. Conversely, by bringing an outside independent integrity consultant, a company is able to garner a broader picture of where its culture exists as, more usually than not, employees are more willing to open up to an independent outsider, rather than someone in their own organization.
First Year
In the first 365 days, we suggest that you engage in the following steps: (a) Create a Compliance Center of Excellence and (b) Provide training and coaching for your compliance team so that they can lead with the message of doing business ethically and in compliance.
The development of a Compliance Center of Excellence (CCE) would allow compliance to be more integrated into the overall strategic planning and allow for strategy discussions to stay tuned to the ever-changing risk profile of a company. Moreover, through an interdisciplinary approach, it would bring compliance knowhow to help employees and executives understand that compliance is, in reality, a business process that can easily be incorporated into business unit operating procedures going forward. Finally, you should consider retaining an outside consultant who can work with you, the CCO, and each team member to set up a personalized training and coaching program to help fine tune individual compliance expertise. While it would have a leadership training component, this program is not designed to focus on leadership development but on compliance development.
[View source.]
