How good is your whistle-blower hotline? Three crucial questions

How good is your whistle-blower hotline?  Three crucial questions

Ring. Ring. Ring…is anyone there?  Can you hear me now?  Have I reached the right number?  Nearly everyone with a compliance program has some sort of reporting mechanism, whether it’s a formal whistle-blower hotline or an email address for the compliance department.  But how good is your whistle-blower hotline?  To find out, answer these three questions.

1.     Who can call?

Do you want to hear about the ethical concerns of your employees?  Of course.  What about the concerns of your suppliers?  How about the compliance concerns of your customers?  Yes?  Yes.  Knowledge is power.  While it’s true that if you extend the availability of your whistle-blower hotline to the outside world, you may get some spurious complaints, a real concern that you can properly investigate is worth the irritation of a couple of consumer gripes about your product.

A mature compliance program’s whistle-blower hotline should be available to:

Read More

Accreditation Hits the Mainstream: ISO 37001

Accreditation Hits the Mainstream: ISO 37001

Imagine you’re really hungry.  You walk up the street and see two restaurants.  One has an “A” rating on the window for food safety, certified by the city’s health and safety body.  The other has a handwritten “A” on the window, without any information as to who gave the grade.  Which restaurant would you go into?

With respect to the ISO 37001 Anti-Bribery Management Systems Certification, many commentators have asked the question, “Who is doing the certification!?!”  Up until recently the answer was simply, “Certification bodies.”  But which certification bodies?  And how do you know whether a certification body has a quality process in place to ensure that it only certifies companies that meet the high threshold requirements of ISO 37001?  

When the anti-bribery ISO standard was published in Oct. 2016, a second standard was published with it.  This second Standard, ISO 17021-9, laid out the auditing criteria that was to be used to determine whether a company had met the standard, and specified that only anti-bribery experts could be auditors. While the auditing criteria could be applied immediately, verification that a certifying body was following that criteria would take longer to judge.  That is because, similar to companies seeking ISO 37001 certification, certification bodies can seek accreditation by proving that they are following proper ISO certification standards.

The Accreditation Process

ISO is a global NGO comprised of member bodies from all participating country.  Each country has what’s called an accrediting body.  This body evaluates certifying bodies and decides whether the certifying body is following the auditing criteria associated with various ISO standards, including ISO 37001. This is a rigorous process.  After reviewing audits, if the accrediting body is satisfied, it will accredit the certifying body

Read More

VIDEO: Tough Questions on ISO 37001 and Accredited Certification Bodies- They're Finally Here!

Last week I was in New York City, where I sat down with Richard Bistrong for the FCPA Blog to discuss the greatest new development in the ISO 37001 world - the rise of the accredited certification bodies.  Richard also challenged me with some touch questions regarding the criticisms about the ISO Standard.  In this video we tackle:

  • Why you should ONLY choose to work with an accredited certification body
  • How to seek out an accredited certification body
  • Whether prosecutors do or should value the ISO 37001 certificate, and how it helps in mitigation
  • What to look for in OTHER companies' (like your third-parties) ISO 37001 Certificates
  • The challenges of separating good certification bodies from not so good ones

I loved filming this and having the opportunity to share the good news about separating accredited certification bodies from imitators.  Enjoy!

The Four B's that Determine Whether You Should Take the Job

The Four B's that Determine Whether You Should Take the Job

Congratulations!  After an interview (or six!), you’ve finally been offered that new job.  Or perhaps you’re testing the waters – updating your LinkedIn profile and telling your network that for the right gig, you might be available.  But how do you know whether the job you’re considering is worth taking?  Here are the four B’s that can help you determine that.

1.      Budget

A compliance department cannot operate without a proper budget.  One of my friends describes her program as being put together with “bubble gum and duct tape.”  That is not a tenable situation, and the inability to afford travel, training programs, and enough staff to make the program work means one of two things: either the company isn’t really dedicated to compliance, or its financial situation isn’t good enough.  Either way- skip a job in a company without a decent compliance budget.

Read More

PODCAST: How to have a Wildly Successful Career in Compliance- on the Compliance Perspectives Podcast!

PODCAST: How to have a Wildly Successful Career in Compliance- on the Compliance Perspectives Podcast!

How much do I love the Compliance Perspectives Podcast?  Completely.  How much fun was it to be interviewed by Adam Turtletaub talking about how to have a Wildly Successful Career in Compliance?  Fantastic fun!  We cover:

  • Why creating a successful compliance career comes from the determining what you want to do

  • Whether it’s time to stay where you are, rise and grow, or change industries or jobs

  • Once you have a goal in mind, what to do to get busy. 

  • Why spending 10 minutes a month learning about an industry you want to potentially join can be enormously helpful

  • The value of planning

  • The importance of raising your profile

  • What to look for when interviewing and

  • How to negotiate a job offer

Here's the link - Enjoy!

Read More