Sign up to save your podcasts
Or
Share Day 2 - Continuous Monitoring and Continuous Improvement
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Day 2 - Continuous Monitoring and Continuous Improvement
Continuous monitoring and continuous improvement are two of the most important phrases for any compliance program. These twin concepts were perhaps the biggest modifications in the 2020 Update to the Evaluation of Corporate Compliance Programs. In 2021, all companies’ risks changed as we moved from Working From Home to Return To Office and now a hybrid work model. These changes in our basic work location drove home perhaps the most prescient comment I heard during the pandemic year of 2020, which was by Jed Gardner, who said “We have moved from disaster recovery to business continuity to business as usual.” What this means is that risks will change in ways you may not see at speeds you not anticipate. Your compliance program must be ready to respond to whatever those risks might be going forward.
In the 2020 Update, the DOJ it began to address this from the compliance program perspective with several questions. “Is the risk assessment current and subject to periodic review? Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls? Do these updates account for risks discovered through misconduct or other problems with the compliance program?”
The next area for continuous monitoring and continuous improvement was in an area of compliance which is not normally associated with those concepts, Policies and Procedures. Here questions included “When was the last time your policies and procedures were updated? Perhaps more importantly under the 2020 Update what was your process for doing so? Was there any rigor around your process? Did that rigor include incorporating information and data collected through continuous monitoring, real-time monitoring or continuous access to operational data and information across functions?”
The final area in the 2020 Update for consideration is appropriate called Continuous Improvement, Periodic Testing and Review. Here the question included the following, “How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?”
Three key takeaways:
1. How has your company’s risks changed over the past year?
2. What is your process for continuous monitoring and improvement?
3. What sources of information do you use come from outside your organization?
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By Thomas Fox
5
11 ratings
Continuous monitoring and continuous improvement are two of the most important phrases for any compliance program. These twin concepts were perhaps the biggest modifications in the 2020 Update to the Evaluation of Corporate Compliance Programs. In 2021, all companies’ risks changed as we moved from Working From Home to Return To Office and now a hybrid work model. These changes in our basic work location drove home perhaps the most prescient comment I heard during the pandemic year of 2020, which was by Jed Gardner, who said “We have moved from disaster recovery to business continuity to business as usual.” What this means is that risks will change in ways you may not see at speeds you not anticipate. Your compliance program must be ready to respond to whatever those risks might be going forward.
In the 2020 Update, the DOJ it began to address this from the compliance program perspective with several questions. “Is the risk assessment current and subject to periodic review? Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls? Do these updates account for risks discovered through misconduct or other problems with the compliance program?”
The next area for continuous monitoring and continuous improvement was in an area of compliance which is not normally associated with those concepts, Policies and Procedures. Here questions included “When was the last time your policies and procedures were updated? Perhaps more importantly under the 2020 Update what was your process for doing so? Was there any rigor around your process? Did that rigor include incorporating information and data collected through continuous monitoring, real-time monitoring or continuous access to operational data and information across functions?”
The final area in the 2020 Update for consideration is appropriate called Continuous Improvement, Periodic Testing and Review. Here the question included the following, “How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?”
Three key takeaways:
1. How has your company’s risks changed over the past year?
2. What is your process for continuous monitoring and improvement?
3. What sources of information do you use come from outside your organization?
Learn more about your ad choices. Visit megaphone.fm/adchoices