















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The key elements and best practices for an effective compliance and ethics program within an organization. It covers topics such as the role of the compliance and ethics professional, the seven elements of a compliance program, the importance of auditing and monitoring, handling investigations and disciplinary actions, and aligning the program with the organization's culture and governance. Guidance on regulatory frameworks like sarbanes-oxley, gdpr, hipaa, and the usa patriot act, as well as industry-specific standards like pci dss. It emphasizes the need for a comprehensive, risk-based approach to compliance and ethics, with a focus on individual accountability, consistent discipline, and continuous improvement.
Typology: Exams
1 / 23
This page cannot be seen from the preview
Don't miss anything!
















A compliance structural policy differs from a substantive policy in that a structural policy should: A.) Describe the risk areas to the organization B.) Describe how to operate within the regulations C.) Define the regulations that apply to the organization D.) Define the framework the program should operate within Correct Answer D.) Define the framework the program should operate within A problem was found in a routine accounting audit. Corrective action was taken and the policies and procedures were updated. Which of the following is the next step in the audit process? A) Report findings to the board of directors B) Prepare the final summary and storage of the audit results C) Review the process after a period of time to determine if the problem is resolved D) Conduct a risk assessment to identify other possible issues. Correct Answer Review the process after a period of time to determine if the problem is resolved.
A compliance and ethics program should include:
Policies and procedures must address what? Correct Answer Regulatory and legal requirements (e.g. Anti- money laundering policy for a mortgage lender) Compliance policies must address what in regards to third parties? Correct Answer Interactions with third parties (vendors, business partners, and competitors) (Conflicts of Interest, Gifts, Gratuities, and Entertainment, etc.) Compliance and ethics standards need to be included in what? Correct Answer Contractual agreement with third parties (e.g. vendors, business partners, agents) (e.g. anti- slavery clause in supply chain related contracts, data protection, etc.) Policies and procedures should be maintained around what? Correct Answer Specifically identified risk areas (conflicts of interest, privacy, anti-corruption, and anti- bribery) CEP reports compliance and ethics activity to who? Correct Answer Internal governing body (e.g. board of directors, audit committee) AND senior business leader (e.g. CEO, CFO) Who is on a Compliance Committee? Correct Answer Senior business leaders and representation from key compliance areas. Methods of internal benchmarking? Correct Answer Annual report, statistics (e.g. # of issues reported vs. # of
issues substantiated), collaborate internally with others to institute best practices Methods of external benchmarking? Correct Answer Compare yourself to other similar companies, use Gardner, Forrester or other independent sources of benchmarking reports, informally ask peers What is the annual compliance and ethics work plan based on? Correct Answer Risk assessment What is the role of the Legal department in compliance? Correct Answer Defines and advises on law Which of the following is the BEST outcome of a compliance and ethics program? Correct Answer Mitigating risk A compliance and ethics professional receives an anonymous complaint that an employee is receiving gifts from a vendor. An investigation finds the employee is not in violation of the current gift policy and the policy has not been reviewed in five years. Which of the following is the compliance and ethics professional's MOST appropriate action? Correct Answer Benchmark for vendor relation best practices What is the first step in the audit process? Correct Answer Identify a problem
board, each within its scope, to reach informed judgments concerning both the corporation's compliance with law and it's business performance." Correct Answer Principle II - Obligations to the Employing Organization (Fiduciary Duty) Do not agree to unreasonable limits that would interfere with your professional ethical and legal responsibilities (e.g. lack of resources, lack of access) Correct Answer Principle III - Obligations to the Profession Do not disclose without consent or compulsory legal process confidential information about the business affairs or technical processes of any present or former employing organization. Correct Answer Principle III - Obligations to the Public Whistleblower Protection Act Correct Answer Dodd-Frank Wall Street Reform Act - 1989 law that protects federal employees from being punished for reporting government/agency misconduct. Sarbanes-Oxley Act (SOX) Correct Answer Requires companies to review internal control and take responsibility for the accuracy and completeness of their financial reports. Foreign Corrupt Practices Act (FCPA) Correct Answer legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all
publicly owned corporations maintain a system of internal accounting controls Anti-Bribery Correct Answer The US's SEC and Department of Justice bring about hefty fines to corporations for bribery, including acts such as bribes to win contracts. Anti-Corruption Correct Answer Businesses should work against corruption in all its forms, including extortion and bribery. GDPR (General Data Protection Regulation) Correct Answer Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements. PCI DSS Correct Answer Payment Card Industry Data Security Standard, a security standard created by the Payment Card Industry Security Standards Council (PCI SSC) HIPAA (Health Insurance Portability and Accountability Act) Correct Answer law that protects privacy of resident's health information and identifies certain health information that must be kept private and confidential FERPA (Family Educational Rights and Privacy Act) Correct Answer A federal law that regulates the
when resolving corporate cases, and relevance of individual ability to pay. Monaco Memo Correct Answer significantly revised the DOJ's corporate criminal enforcement policies and procedures, including by putting a renewed focus on individual accountability and placing stricter requirements on corporate cooperation credit (focusing on the importance of prompt self-disclosure) Benczkowski Memo Correct Answer The contents of this memorandum provide internal guidance to Criminal Division attorneys on legal issues. its aim is to make clear to the public, our prosecutors, defense counsel, and corporations the standards, policy, and procedures for the selection of monitors in matters being handled by Criminal Division attorneys. SEC (Securities and Exchange Commission) Correct Answer an independent federal agency that oversees the exchange of securities to protect investors Sarbanes-Oxley Act of 2 002 Correct Answer requires that the CEO and CFO of large companies that have publicly traded stock personally certify that financial reports made to the SEC comply with SEC rules and that info in the reports are accurate. Dodd-Frank Act Correct Answer Governed by the SEC
Equal Employment Opportunity Commission (EEOC) Correct Answer Agency of the Department of Justice charged with enforcing Title VII of the Civil Rights Act of 1964 and other anti-discrimination laws Office for Civil Rights (OCR) Correct Answer Federal office established to uphold the rights of individuals, regarding rights to privacy and standards of care. Enforces HIPAA regulations. CFPB (Consumer Financial Protection Bureau) Correct Answer Regulatory agency charged with overseeing financial products and services offered to consumers Office of the Inspector General (OIG) Correct Answer investigates abuse, fraud, waste, and mismanagement within a government organization EPA (Environmental Protection Agency) Correct Answer an independent federal agency established to coordinate programs aimed at reducing pollution and protecting the environment (1970) DPA (Data Protection Act 1998) Correct Answer Legislation which protects individuals from unreasonable use of their store personal data. EU Data Protection Directive Correct Answer The EU Directive was adopted in 1995 and became effective in 1998 and protects individuals' privacy and personal data use. The Directive recognizes the European view that
purposes of obtaining or maintaining business. This policy will help the organization comply with Correct Answer Foreign Corrupt Practices Act (FCPA) A company's Code of Conduct has not been reviewed for over 2 years. HR recommended adding content that would double its size. The compliance committee members expressed concern that adding a significant amount of content could negatively impact its effectiveness. Which of the following is the compliance and ethics professional's NEXT step before consolidating revisions? Correct Answer Compare the content outline with other organizations According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for Correct Answer hiring and overseeing the external auditors According to the Sarbanes-Oxley Act of 2002, the Board of Directors is responsible for what? Correct Answer to establish and maintain the effectiveness of internal control. According to the Sarbanes-Oxley Act, which of the following corporate employees can be employed by a corporation's audit firm during the 1 year period preceding an audit? Correct Answer Compliance and ethics professional What are the 7 elements of a Compliance Program? Correct Answer 1. Standards of Conduct/Policies and
Procedures, 2. Compliance Officer and Compliance Committee, 3. Education/Training, 4. Monitoring/Auditing,
What is compliance's role in compliance? Correct Answer Develops controls, policies, procedures, and systems How would you demonstrate credibility and integrity of the compliance department? Correct Answer Discipline policy is applied regardless of rank (e.g. if a senior executive does something illegal or unethical, are they disciplined according to policy?) A compliance and ethics professional investigates a report of sexual harassment. The incident does not constitute sexual harassment but reveals the employee's misunderstanding of the harassment policy. Which of the following should be the FIRST step in a corrective action plan? Correct Answer Provide education and training on the policy A compliance and ethics professional investigates a report of sexual harassment. The incident does not constitute sexual harassment but reveals the employee's misunderstanding of the harassment policy. Which of the following should be the NEXT step in a corrective action plan? Correct Answer Consider surveying the workforce or providing additional team, departmental, division, or company training regarding sexual harassment. Compliance and ethics training should be required of employees... Correct Answer In all parts of the organization
In which of the following would an employee's obligation to report misconduct MOST likely be discussed? Correct Answer new employee orientation Which of the following is a key component of a compliance and ethics program? Correct Answer On-going training A hotline allows employees and third parties to: Correct Answer Report compliance and ethics violations Human Resources asks the compliance and ethics professional if the company can provide a vendor with names and email addresses of the company's sales employees to promote a new incentive plan. Some of the employees live and work in another country. Which of the following is the MOST appropriate action for the compliance and ethics professional to take? Correct Answer Consult the legal department for advice on applicable privacy laws to ensure compliance. A U.S. based company has recently acquired a subsidiary with offices in Europe. The compliance and ethics professional has been charged with implementing an anonymous hotline for the new subsidiary. Which of the following should the compliance and ethics professional do FIRST? Correct Answer Consult with resources to determine local laws. An employee allegedly embezzled funds during the course of operating the company's petroleum business. The
Who needs to be trained? Correct Answer Board members, employees, vendors, and other agents What do employees need to be trained on? Correct Answer Their obligation to report and HOW to report suspected misconduct! How should training be delivered? Correct Answer Target (risk specific, orientation, remedial) towards sales, buyers, department based vs. role based vs. individually based How to evaluate the effectiveness of compliance training? Correct Answer Has behavior changed? Pre and post training quizzes, trend analysis LESS important (# of attendees, # of hours of training, engagement (can be flawed and misleading) CEP is responsible for Correct Answer Promoting a culture of compliance and ethics Auditing and monitoring contribute to the effectiveness of a compliance program because of their ability to...... Correct Answer Detect criminal conduct Anonymity and confidentiality should be protected within Correct Answer Legal and practical limited for those reporting The reporting system should be publicized to... Correct Answer Employees, vendors, and third parties
Ensure systems exist to enable employees, vendors, and third parties to Correct Answer Report any noncompliance and seek advice (e.g. Hotline, Speak up line, helpline) Include compliance and ethics questions in Correct Answer Exit interviews Auditing Correct Answer Formalized, independent from management, provides objective assurance to board and others, concurrent vs. retrospective Monitoring Correct Answer Day to day process by management, not required to be independent Compliance Monitoring Correct Answer making sure the firms and companies that are subject to industry regulations are following those standards and provisions Auditing Correct Answer Analyze compliance and ethics related risks, analyze results (track, trend, evaluate, benchmark), ensure audit results from external entities are addressed. Compliance Plan Correct Answer Develop a period risk- based audit compliance plan A compliance and ethics professional receives a notification from the tax authority concerning revocation of the organization's tax-exempt status. The reason provided was that employees were speaking at political rallies while