Skip to content
Contact Us

Ethisphere’s Guide to Ethics and Compliance Program Assessments: Strategies, Tips, and Tools

External review of your ethics and compliance program is not only a best practice, but also an expectation by regulators, enforcement authorities, and other standards setting bodies. An independent assessment provides valuable insights into whether your program aligns with evolving standards and informs your resource allocation and priorities.

In this overview, you’ll learn how to approach an ethics and compliance program assessment: what guidance you should follow, how to ensure your program assessment yields actionable information, ways to avoid common pitfalls when working with an external partner, and best practices. You’ll also learn from examples of how other organizations conduct program assessments.

Introduction to Program Assessments

A program assessment is a comprehensive evaluation of an organization’s ethics and compliance program to ensure its effectiveness and alignment with regulatory requirements. Key components and the elements of an effective compliance program include:

  • Written standards: Well-written and clear code of conduct, supplier code, and policies that reflect current laws and best practices.
  • Risk Assessment: Risk management controls, including conflicts of interest, gifts & entertainment, and third-party risk management.
  • Training and Communication: Employee knowledge of compliance requirements.
  • Monitoring and Auditing: Frequency, scope and follow-through of compliance audits.
  • Reporting and Incident Management: Processes for reporting compliance issues and managing incidents.
  • Measurement of Culture: Employee perceptions of the company’s ethical culture.
  • Board of Directors Oversight: Board involvement and oversight in compliance.
  • Program Structure and Resources: Organizational structure of compliance efforts and adequate resource allocation.

Why Conduct an Independent Program Assessment?

Many organizations don’t consider conducting an independent program assessment due to budget constraints, lack of resources to manage it, or push-back from others in the organization. However, an independent ethics and compliance program assessment offers a range of benefits that align with broader strategic business objectives. These include:

  • A Business Imperative
    • An independent program assessment is crucial for ensuring its defensibility. Leaders today require data-driven decisions and metrics for resource allocation. Quantitative insights provide valuable information for your executive leadership team and Board, showing how your program aligns with leading practices.
  • Informed Decisions
    • Aligning your compliance program with best practices, industry standards, and your peers can help prioritize initiatives that align with your business strategy. By defining improvement areas for budget and resources, you can ensure that your program is on the right track for success.
  • Risk Reduction
    • Is your organization facing potential risks due to areas that need improvement in your programs? Program assessments can help identify these areas and provide valuable insights for risk mitigation. By benchmarking against peers, you can gain valuable perspectives and learn from others in similar industries. External program validation can offer an objective viewpoint to ensure your efforts are on track. 
  • Meeting Stakeholder Expectations
five year ethics premium
Most Ethical Companies outperformed a comparable index of global companies over a five-year period by 12.3%.

Questions That a Program Assessment Should Answer 

When it comes to evaluating your company’s ethics and compliance program, an independent program assessment by an external partner can be invaluable. This type of assessment helps your organization align with best practices, provides an unbiased measure of your program’s effectiveness, and produces a data-driven report for senior leadership and the Board of Directors. Such assessments are common across businesses, with about 79% of the World’s Most Ethical Companies performing a comprehensive review every 1-3 years.

So, what kinds of questions does a program assessment answer? When working with an external partner on an ethics and compliance program assessment, the results should yield answers to the following questions.

Does the ethics and compliance program align to best practices?

  • Do your program and practices meet expectations from regulators and standards organizations?
  • Does your program align with current business standards and the interests of other stakeholders – employees, investors, communities, etc.?

Does your program compare favorably to peer practices?

  • Is your organization addressing evolving expectations in a similar way to peers?
  • Are there areas where others are leading and lessons that can be learned by their approach?

Are you allocating resources effectively?

  • Is the ethics and compliance function sufficiently resourced to have necessary impact?
  • Are resources going to the right initiatives to support broader business goals?

Department of Justice Guidance and Expectations for Program Assessments

The Department of Justice’s Evaluation of Corporate Compliance Programs also defines specific questions that they would like answered.

  • Is Your Company’s Compliance Program Well Designed?
    • A solid compliance program should have policies and procedures that reflect your ethical standards and help tackle the risks you’ve identified in your risk assessment. Does your company have a code of conduct that sets forth, among other things, your company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees? Does your company have established policies and procedures that incorporate the culture of compliance into its day-to-day operations?
  • Is your Company’s Compliance Program Adequately Resourced and Empowered to Function Effectively?
    • Even a well-designed compliance program may be unsuccessful in practice if implementation is lax, under-resourced, or otherwise ineffective. Auditing the compliance program to learn specifically whether a program is a “paper program” or one implemented, resourced, reviewed, and revised, as appropriate, in an effective manner.
  • Does your company’s Compliance Program Work in Practice?
    • To determine whether a company’s compliance program is working effectively consider whether the program evolved over time to address existing and changing compliance risks. In test scenarios it’s important to consider whether there is an adequate and honest root cause analysis to understand both what contributed to the misconduct and the degree of remediation needed to prevent similar events in the future.

It’s important that you program and practices not only meet expectations from the US Department of Justice, but also fulfills expectations of assessing the effectiveness of programs, as outlined in guidance issued by the US Federal Sentencing Guidelines for Organizations, the OECD, and the UK Ministry of Justice.

How to Avoid Common Program Assessment Challenges

Embarking on a program assessment often brings to light several common challenges that organizations need to navigate. From effectively utilizing data and keeping pace with shifting regulations to securing buy-in from leadership, these hurdles can impact the overall success of your assessment. This section explores common program assessment challenges.

  • Generating Actionable Data – There are a range of providers that offer independent program assessments. In this data-driven world, it’s important to ensure that your program assessment generates data that can not only inform program improvements, but also offers a way to explain your approach to the Board or senior leadership and show how your program aligns to regulatory expectations, best practices and also compares to peer practices. Challenges in leveraging data effectively throughout the program assessment cycle include lack of industry benchmarking, collecting important data points, and effective analysis of results for key findings.
  • Aligning to Evolving Trends and Regulatory Expectations – As technology, social issues, and economic challenges shift, regulations and legislation also evolve. For example, new regulations, recently in the tech sector, are becoming action items by the Department of Justice, which means upskilling, hiring new talent, or bringing in outside experts for many compliance program managers. Additionally, the AI Act has recently passed in the EU will likely have repercussions across businesses globally.
    • When considering a partner for a program assessment, ensure that their expertise and approach align with the latest guidance, and also reflect the changing ethics and compliance remit. Ethisphere’s experts include lawyers, auditors, data analysts, and senior ethics and compliance leaders. Their collective experience, including both in-house compliance roles and outside counsel and consultant representation, provides our clients with more than 10 decades of helping companies with their ethics and compliance programs.
  • Making the Case to Leadership: To get executive leadership on board with investing in an independent program assessment, it’s crucial to highlight that external reviews are not just best practices but also increasingly expected by regulators and other standards bodies. An independent assessment helps ensure your program stays aligned with evolving standards and provides critical insights into resource allocation and priorities.
  • Importance of Investing in a Program Assessment: A program assessment offers an objective evaluation of your ethics and compliance efforts. It helps align your practices with industry best practices, provides a clear, data-backed report for senior leadership and the Board, and supports strategic decision-making and stakeholder engagement. This kind of assessment is also key for meeting the expectations set out by bodies like the US Federal Sentencing Guidelines, the DOJ, the OECD, and the UK Ministry of Justice. Companies can end up losing around $5.87 million in revenue from just one non-compliance issue.

Non-Compliance is Costly

  • $119,715,686: Average monetary settlement amount since 2015
  • $1,824,304: Average monthly cost for FCPA-related investigation
  • 38 Months: Average length of an FCPA investigation
  • $13,146,439,983: Monetary sanctions paid to foreign governments in FCPA-related enforcement actions

Considerations When Selecting a Program Assessment Partner

When evaluating a partner to conduct an independent program assessment, it’s important to ensure that you will receive actionable data and insights that you can use to share with leadership and inform your program and priorities. Here are some questions to consider:

  • Is the methodology credible?
    Each consultant has a different approach to program assessments. Some approaches can be very subjective. It’s important to understand if the methodology can uphold scrutiny by stakeholders, such as the Board.

    For example, Ethisphere’s Program Assessments feature the Ethics Quotient (EQ) framework, the questionnaire used in the evaluation of the World’s Most Ethical Companies. The 240 multiple-choice and text questions evaluates a company’s performance in an objective, consistent, and standardized way.

  • What benchmarking is available?
    After a program assessment, it is inevitable that senior leaders will ask: how does our program compare in the industry? Robust benchmarking against a solid dataset offers context to your program maturity and offers an understanding of how peers are addressing key issues. Benchmarking against leading practices also can inform improvements and budget allocation.

    For example, Ethisphere offers the ability to benchmark against an established data set featuring the practices of the World’s Most Ethical Companies across 44 industries. Ethisphere’s online portal, The Sphere, provides a way to benchmark by company size and industry across 240+ datapoints and offers on-demand access 24/7.

  • Does the approach align with evolving stakeholder expectations?
    How do you ensure your ethics and compliance program aligns with leading guidance? It’s important that you program and practices not only meet expectations from the US Department of Justice but also fulfills expectations of assessing the effectiveness of programs, as outlined in guidance issued by the US Federal Sentencing Guidelines for Organizations, US Department of Justice, the OECD, and the UK Ministry of Justice. Ethisphere’s Ethics Quotient framework is reviewed annually to ensure that it aligns with the ever-changing expectations of employees, managers, shareholders, regulators, and the public at large. This approach enables benchmarking to peers and leaders recognized for excellence and offers an understanding of how your organization aligns to the evolving regulatory landscape.

Examples of Successful Program Assessments

Curious about how leading companies excel in their program assessments? Check out these standout examples. See how Uber earned top marks with its commitment to ethics and smart use of data, how Unum Group ramped up its ethical culture and compliance through a thoughtful approach, and how WSP scored big with its global network and innovative practices. These stories show how companies are advancing ethics and compliance, and they might just inspire some fresh ideas for your own program.

UBER

Ridesharing pioneer Uber worked with Ethisphere to perform a Program Assessment and earned the coveted Compliance Leader Verification. This was earned for in recognition of Uber’s alignment with ethics & compliance best practices, program monitoring, and use of data analytics to ensure program effectiveness. “Our team was impressed by the ethics and compliance team’s commitment to advancing a program that aligns with best practices, and in particular, their program monitoring and use of data analytics to ensure the program is effective.” said Leslie Benton, Senior Vice President and Deputy General Counsel, Ethisphere.

UNUM

Unum Group, a leading employee benefits provider, desired to elevate its ethical culture and compliance awareness across its dynamic business environment. The company sought to build upon its program of fostering a robust speak- up culture, building strong partnerships across departments, and ensuring strategic alignment in risk management. Unum Group implemented a multi-faceted approach to elevate its ethics and compliance program.

WSP

WSP is one of the world’s largest professional services firms, providing strategic advisory, engineering and design services to clients seeking sustainable solutions in the transportation, infrastructure, environment, building, energy, water, and mining sectors. Ethisphere granted the Compliance Leader Verification to WSP for a second time, in recognition of its exceptional ethics and compliance program. Marie-Claude Dumas, President and Chief Executive Officer of WSP in Canada, and Julianna Fox, WSP’s Chief Ethics and Compliance Officer, explain how WSP used cross-functional collaboration, innovative speak-up culture, and a global network of champions to build the ethics and compliance capabilities that lead WSP from strength to strength.

Conclusion

A Program Assessment should highlight the strengths of your program and spot areas of risk that need attention. These valuable insights allow you to focus your resources effectively and prioritize key areas for improvement. Lisa O. Monaco, Deputy Attorney General at the Department of Justice, emphasizes the importance of corporate executives prioritizing compliance programs in today’s business landscape. The value of a robust program assessment offers a comprehensive look at your current program’s performance and potential for growth. By comparing your program to peers and industry expectations, you can make informed decisions for future initiatives.

Gone are the days when executives could view corporate enforcement matters as the cost of doing business. In this new era, corporate executives need to redouble time and attention to compliance programs, compensation programs, and diligence on acquisitions. Failing to do so can have dire consequences for companies, shareholders, and our nation.

Lisa O. Monaco
Deputy Attorney General, Department of Justice
Remarks made about the Policy Designed to Encourage Disclosure of Misconduct and Hold Individual Wrongdoers Accountable

Start Your Program Assessment Journey Today: Take the Free, Short Self-Assessment

Is your compliance program up to par? Find out with Compliance Program Self-Assessment. Your overall compliance program score will highlight strengths and areas that could use improvement.

After taking the short assessment, consider a comprehensive program assessment from Ethisphere to uncover all opportunities for growth and enhancement. Our industry experts will provide you with a roadmap for improvement and highlight industry best practices. Take the next step towards a more effective ethics and compliance program today.

 

Start Measuring And Improving Today



 

This will close in 0 seconds