Ethics and Compliance Program

SAMPLE TEMPLATE
Assessment Guide

2 - Operational
Improvement
Compliance Program Hallmarks

1 - Needs
Assessment Template

Practice
3 - Best
Standards and Procedures
A company's written standards of conduct should be comprehensive, well-written, organized and
accessible in order to meet their fundamental goal of preventing misconduct and ensuring
compliance.
[organizational mission,
[comprehesnive Code of Conduct; CEO Introduction; audience-appropriate vision
writing andlearning
level; values]
aids used]
[highest risk policies or procedures]
[policy management process/governance]
[non-retaliation policy availability and prominence]
[policy comprehensiveness; ease of access; easy to understand; contain clear guidance]
Program Oversight
Overall responsibility for the compliance program should be delegated to high-level personnel with
proper resources and authority, inluding access to the Board. In addition, the company's governing
authority should be knowledgeable about and practice oversight of the compliance program.
[program resources/personnel and reporting structure are documented; adequate resources and
authority]
[access to the Board or subcommittee with documentation of interaction]
[Board training on Code; overall program; and risk areas like COI]
[ethics and compliance managament committee]
Due Care
A company needs to take reasonable steps to exclude individuals who have engaged in illegal
activity or misconduct from positions of authority. Care should also be taken to prevent conflicts of
interest.
[conflict of interest training; disclosure process]
[annual conflict of interest certification]
[background checks]
 Ethics and Compliance Program
SAMPLE TEMPLATE
Assessment Guide
Training & Communications
Company employees (including senior management) and agents should receive mandatory
compliance training. The curriculum plan should be formalized and periodically reviewed and
updated.
[training plan and cadence; risk topic coverage; periodic curriculum review process]
[communication plan]
[new employee onboarding process]
[Code of Conduct certification]
[Tone at the Top messaging/actions]
Monitoring & Auditing
Monitoring and auditing mechanisms, including anonymous reporting channels, should be in place to
detect misconduct and allow employess raise concerns or seek guidance. In addition, an
organization should periodically assess both compliance risk areas and the effectiveness of its
compliance program.
[hotline and reporting channel availability and use; anonymity [auditing and monitoring
and confidentiality systems]
safeguards in
place]
[mechanism for employee questions or guidance]
[results of period risk assessments used to update controls, training and policies]
[third party due diligence]
[Board and management reporting]
[employee surveys]
[availability and use of internal and external benchmarks]
[coordinated audits or oversight by Internal Audit]
Enforcement & Internal Investigations
Compliance is encouraged through consistently applied disciplinary measures and appropriate
incentives.
[standardized investigation process]
[discplinary framework]
[employee incentives/performance management incentives]
Remediation
Responses to allegations of misconduct should be made quickly and consistently, with program
modifications made in order to prevent reoccurence as needed.

[documented response process]

[review process to prevent reoccurrence]
[regular audits to ensure consistent response]
 Ethics and Compliance Program
SAMPLE TEMPLATE
Assessment Guide

Process Maturity Scale & Program Assessment

Transformatio

Prioritization
Aggregate

(H/M/L)
Rating

Action
Action
Plan Action Plan Owner
nal
4-

(Y/N) (BU or Individual) Remedial Status

[in process]
[complete]
 Ethics and Compliance Program
SAMPLE TEMPLATE
Assessment Guide