Joe Murphy – May 19, 2014
At the SCCE European Compliance and Ethics Institute in London today I heard a speaker from BT explain how they did an evaluation of their helpline. They brought in someone from outside to do a deep dive into the operation. They examined the processes for handling the calls and the nature of reports to the board – which they concluded were too short. They also realized they were not keeping track of how long investigation cases were open. They also discovered that they were not checking on the status of whistleblowers to see, for example, if they were still employed by the company. They found that awareness of the helpline was not high. As a result of this they took action to fix the findings. For example, they found that a poster campaign helped to raise awareness.
This is a good example of something we do not see often enough: companies doing ongoing assessments of their compliance programs by looking at different parts of the program. Thus, compliance officers should be asking: when was the last time we evaluated our investigation processes and results? When did we last test out the helpline? Have we examined actual awareness of the code of conduct? I also talked with another attendee of the conference who said she surveyed employees on their actual awareness of provisions in the code. She did not just rely them to tell the truth, but actually tested their knowledge of code provisions.
Bottom line, even if you are not ready to do a full-blown assessment of the design, implementation and impact of your entire program, you should be looking at the elements and specific risk areas and doing assessments of each as your time and resources allow. A “perfect evaluation” should not be the enemy of good evaluations on an ongoing basis.