100 likes | 113 Views
Learn about the role of the Office of Compliance and Internal Audit in promoting a culture of compliance and managing enterprise risk. Find out how they coordinate with internal stakeholders and communicate their activities to increase awareness and understanding.
E N D
ICGFMWorking in the Field in a Time of Increased OversightSean Temeemi, Chief Compliance Officer, FHI 360 November 7, 2012
Office of Compliance and Internal Audit (OCIA) MISSION STATEMENT “In partnership with internal and external clients, the Office of Compliance and Internal Audit promotes a world-wide culture of compliance through a value-added, independent, training-based, disciplined approach to evaluation of internal controls and processes in a systematic, integrated, and transparent manner.” Every FHI 360 Employee is an advocate, partner, and voice for compliance world-wide 2
QUICK FACTS ABOUT OFFICE OF COMPLIANCE & INTERNAL AUDIT (OCIA) • An independent, objective assurance & consulting function, managed by Chief Compliance Officer; • Preventative, proactive, collaborative&training-based approach with a focus on personal responsibility at all levels; • Field-based Compliance team - “First Responders” to reported issues; • Conservative position on credible evidence: early disclosure and prompt refunds to the USG; • Internal sourcing through leverage of FHI 360 field office and HQ staff, where independence is not compromised; • Coordination with project-funded compliance officers in the field; • Direct and unrestricted access to FHI 360 records, information and personnel and frequent and open communication with the Audit Committee.
OCIA ORGANIZATIONAL CHART Office of the General Counsel Director of Compliance (HQ) Regional Compliance Officers (Field 4) Risk Advisory Group Internal Audit Enterprise Risk Management Compliance Internal Audit Team (HQ & Field 9) Director of Internal Audit (HQ) Chief Compliance Officer 4
OCIA’S ROLE IN ENTERPRISE RISK MANAGEMENT Host industry round table discussions Define risk categories Define risk tolerance Host “Risk Advisory Group” Manage Institutional Risk Framework Develop Best Practices Define Institutional Risks Foster “Tone at the Top” Recommend actions on identified risks Advise leadership on risk universe Identify risk through collaborative interviews with key FHI 360 teams Monitor risks such as business diversification Compile and analyze data on risk & trends
Follow up on observations in 6-12 months after the visit of IA Coordination of activities with other functions (Ops Finance, Program, Contracts, etc.) Hands-on training to staff in the field at the time of the review Education and training (online training, modules) Guidance to programs on third party and funder-audits. Annual audit plan – risk-based approach InternalAudit Compliance After Audit Compliance Before Audit Management of Agreed Upon Procedures performed by outside audit firms Assistance to internal stakeholders on compliance initiatives (e.g., subaward management committee, etc.) Special Audits (time keeping, intercompany transfers) Compliance Reviews (Country office and project assessments in preparation for the IA visit) ~ 3 months before IA visit Assistance to projects during funder audits Hotline management (phone & web-based) ROLES OF COMPLIANCE & INTERNAL AUDIT INVESTIGATIONS (Compliance & Internal Audit) 6
OCIA COMMUNICATION STRATEGY A strong communication strategy is critical to increasing awareness of OCIA’s organizational role and instilling compliance as part of the culture of the organization AUDIT COMMITEE regular activity updates FUNDERS Visits to Missions & presentations EXECUTIVE/SENIOR MAGANGEMENT updates & discussions of organization-wide compliance trends TOOLS: OCIA BROCHURE PRESENTATIONS HOTLINE INFORMATION POSTERS ONLINE TRAINING MODULES (Conflict of Interest, Kickback, FCPA, etc.) DESIRED OUTCOME COUNTRY OFFICE/FIELD STAFF Presentations, visits, training ALL STAFF communication: quarterly e-newsletters and all staff town halls EXTERNAL AUDITORS – coordination of audit coverage, annual audit assistance • Increase awareness and understanding, both internally and externally, of OCIA’s existence, responsibilities, activities, and ways to report non-compliance • Uphold corporate standards & expectations of ethical behavior • Develop a trust-based relationship with all stakeholders • Build confidence in OCIA’s capabilities, approach, and work product. 7
COORDINATION WITH INTERNAL STAKEHOLDERS Global Portfolio Management (GPM) and Departments Operations Finance Procurement Program Finance Operations Support Human Resources Contract Management Services Quality Assurance Communications Information Management Project Management Standards Office Coordination expectations Advance notification of audit and compliance reviews Updates on new relevant evidence and recommended action items Communication on major notifications (i.e., IG notifications, etc.) In executing its mission OCIA coordinates with a variety of internal stakeholders, including (but not limited to): 8
KEY TO A SUCCESSFUL COMPLIANCE PROGRAM QUICK ACCESS & GEOGRAPHIC COVERAGE CONTINUOUS IMPROVEMENT FOCUS ON DETECTION & PREVENTION (ASSISTANCE TO STAFF IN MAKING ETHICAL DECISIONS) EMPLOYEE UNDERSTANDING OF POLICIES SUPPORT FROM THE BOARD OF DIRECTORS COLLABORATIVE RELATIONSHIPS WITH SENIOR MANAGEMENT & OTHER ORGANIZATIONAL STAKEHOLDERS OUTCOMES: Projected Strength through Compliance Reputation (a long-term investment) Better Employee Moral Guiding Principle: Compliance & ethics program is not just a “check the box” function – rather it is incorporated into the very fabric of all decision-making and actions.
QUESTIONS? 10