Confused about how to manage conduct risk?

 

 

There is a lot to think about when managing conduct risk. Many organisations struggle with “where do I start? ”, “how difficult is it to achieve? ”,  “how much will it cost? ” and more.

The fact is, not managing conduct risk is leaving your organisation vulnerable to issues occurring which can cause serious consequences. Although conduct risk is often considered as  a non-financial risk, the financial cost of a workplace misconduct event can be very significant, including losses from fraud, fines, and damage to brand and reputation.

Overview

Managing Conduct risk is an essential element of good governance and a strategic priority for most organisations today. The current economic, regulatory, social and ethical climate, coupled with increasing stakeholder expectations has pushed conduct risk compliance to the forefront of corporate priorities.

Organisations need to be focused on determining whether their conduct risk management infrastructure (programs, structures, people, processes, and controls) is effective in preventing and detecting non-compliance, and whether it is effectively integrated into business processes and everyday decision-making.

Every organisation, regardless of its size, industry or maturity is exposed to conduct risks such as fraud, corruption, conflicts of interest and employee misconduct.

Take the confusion out of managing conduct risk.

Managing conduct risk incorporates a number of elements which can vary depending on your type of business. The critical elements such as policy management and attestation, managing workplace certifications and managing workplace declarations and incidents are difficult to monitor collectively to identify key areas requiring immediate attention.
The multiple elements and detailed employee engagement data also make it difficult to assess the overall effectiveness of any conduct risk management initiatives.
The successful launch and implementation of a successful conduct risk program involves the following key steps that incorporate all the key elements required to manage conduct risk and provide engagement with all employees and contractors for their key employment, risk and compliance obligations.

 

Commitment from the Board and Management
The first step in managing conduct risk is to have the engagement of the senior management and directors or business owners in order for the employees to also become engaged.
The initial catalyst for a business to implement an integrity risk program may in many ways have been based on evolving legislative requirements, changes in societal expectations, or even a specific conduct risk event occurring. However, before a business embarks on the development of a conduct risk compliance program, there also needs to be a clear decision by the management team and directors on the role that conduct risk compliance has in the long term for their business.
This will also enable the business leaders to more easily express to their whole organisation why integrity is important for everyone.
In that way, the engagement of the business leaders will be the example for everyone in the business to follow.

Effective policies and procedures in place
To help protect against conduct risks, it is critical for organisations to ensure that they are compliant with their legal and regulatory obligations and have effective policies and procedures in place that align with their values, goals, and objectives.
Organisations need to use policies and procedures to set out their expectations of standards and behaviour. These policies provide clear direction for employees, contractors and suppliers to operate under and the organisation needs to enforce those standards of behaviour where required.
The policies and procedures need to be clearly communicated to all relevant stakeholders within the organisation to ensure that employees understand their roles and responsibilities in adhering to the policies.

Keep policies up to date
Conduct risk compliance policies need to be routinely reviewed and updated to ensure that they match the strategic direction of the organisation and current legislative requirements.

Ensure policies are easily accessible
All policies and procedures need to be easily accessed by employees, contractors and suppliers otherwise, they may not be aware of what is, or is not, acceptable behaviour in the workplace. That means storing policies on an internal intranet can be a problem as it does not allow contractors and suppliers to have access, plus employees will have difficulty with mobile accessibility to view policies whilst away from the organisation.
The best solution is to use a cloud based software platform to provide access for all employees, contractors and suppliers and to also allow access by mobile devices when not at the office.

Enforce policy attestation
Policy attestation refers to the process of verifying and ensuring employees, contractors and suppliers have read and understood the policies within an organisation.
It helps ensure that policies are understood, implemented, and adhered to, thereby promoting a culture of compliance and risk mitigation.
The best way to monitor policy attestation, is to record all user interactions with the policies and procedures and to keep a record of each employee, contractor and suppliers acknowledgement of having read and understood  the policies and procedures (policy attestation).
It is also important to be able to easily review and analyse attestation records so that there can be follow up when attestation has not occurred. 

Test knowledge
In addition to monitoring policy attestation, testing of user’s knowledge of policies is an additional method to confirm that policies have been read and understood.  This can be achieved by sending out surveys to each user containing questions relating to their relevant policies and then analysing the results to identify if there are any knowledge gaps. The results of the surveys need to be recorded to document the policy understanding for all employees, contractors and suppliers for future review and detailed analysis.

Create a register for all declarations
Many organisations have a policy requirement for their employees to declare any actual or potential conflicts of interest that may arise, and to also declare any gifts and entertainment that they may receive.

All declarations need to be recorded in a centralised register and managed with oversight by the appropriate leaders in the organisation. Approval of declarations should be recorded, and date stamped for review and future analysis (or investigation}.

Provide an easy process for incident reporting (including anonymous reporting)
All employees and contractors need a simple and easy process to report any incidents that occur in the workplace such as health and safety issues or any non-compliance with the organisations policies and procedures. Nominated investigators need to be alerted when a new incident  is reported, and the investigators need the ability to invite other people to assist with the Incident resolution. There needs to be 2-way communication with the person who lodged the incident so that they are kept up to date with the progress of the investigation and informed when there is an agreed resolution.
All incidents and investigation communication need to be recorded in a database to provide an audit trail for review, analysis and future investigations.
Many employees who would want to report on any inappropriate incidents occurring in the workplace, would want to do so anonymously and to be confident they will be protected as part of the reporting process.
This requires access to a 3^rd party reporting hotline and/or platform with provision for full access 24 hours a day, 365 days a year. The focus needs to be on security and creating trusted conversations, as well as providing a secure two-way communication with anonymous reporters. All reported incidents need to be stored in a database providing indelible audit logs of all interactions.

 Registration of workplace certificates
One of the more difficult areas for managing conduct risk is the recording and monitoring of workplace certificates.

All organisations have some workplace certificate requirements of their employees, contractors and even suppliers and it is possible that each person could have anywhere between 2 to 10+ certificates required for their function, each one expiring on a different date.
Therefore, the process of monitoring this is extremely difficult, time consuming, and in most cases poorly done. Yet the risk to the organisation of having uncertified employees or contractors in considerable. Effective monitoring of workplace certificates requires all required certificates to be uploaded by employees, contractors and suppliers and stored on a centralised database. This allows effective verification and oversight of certificates and providing a warning if certificates are expired or not in place at all. Fortunately, there are software platforms that include this capability with automatic email reminders to employees and contractors when certifications are due for renewal.

Regular review
The success of any program to mitigate conduct risk requires a regular review of all the key elements to proactively ensure compliance with policies and procedures and to identify in advance any potential problem areas.
Details of policies that need to be checked for compliance, employees’ attestation of policies, the results of employee policy surveys, employee conflict of interest, gift and entertainment declarations and the status of any incident reports that have been received should all be recorded and able to be easily analysed.

Best practice is to have a real-time dashboard with analytics to measure the effectiveness of a conduct risk program. The dashboards can provide a real-time display of all key data to allow proactive management, up to-date reporting and an audit trail of historical data.‍
This provides a very simple way to give organisations a real time view of employee engagement and to measure the effectiveness of an organisation’s conduct risk program.

Corethix takes the confusion out of managing conduct risk

Corethix addresses all of the challenges of managing conduct risk by providing a centralised cloud-based platform that incorporates all the key modules required to manage conduct risk and manages engagement with all employees and contractors for their key employment, risk and compliance obligations.

 

Corethix uses best practices for;

• policy management and attestation
• workplace certification compliance.
• management of declarations and incidents.
• creating and managing workplace surveys.
• creating a risk register to Identify and mitigate risks
• developing workflows to ensure consistency of business processes
• managing employee and contractor engagement.

 

 

Corethix also includes real-time dashboards displaying a holistic view of how conduct risk is being managed across your organisation. The dashboards highlight detailed data to allow administrators to quickly identify key reporting trends, proactively manage non-compliance, as well as provide a detailed audit trail for analysis and incident investigation.

Please contact us for further information including the option to do a free trial:

[email protected]

https://www.corethix.com/contact/

 

======================================================================================

About Corethix:

Corethix was created by a team of corporate executives and integrity risk experts who have experienced firsthand the complexities of managing risk and compliance programs across several industries and sectors.

The increasing need for organisations to protect themselves against integrity risk and the resulting damage to their people, reputation, and bottom line was the motivation for creating the Corethix software platform.

Every member of our experienced team is focused on helping your organisation create a culture of integrity using Corethix.