Georgia System Operations Corporation (GSOC) Case Study

Georgia System Georgia System Operations Corporation Operations Corporation

(GSOC) Case Study(GSOC) Case Study

Developing an Ethics & Compliance Developing an Ethics & Compliance Program for SmallProgram for Small-- to Mediumto Medium--Sized Sized

BusinessesBusinesses

GSOC E&C Program

September 2006 SCCE Conference 2

• A brief introduction of GSOC

• Considerations for a small/medium company

• How we began and got this E&C effort moving

• Issues encountered and how we solved them

• Key aspects of our E&C program

• Lessons learned

Today’s Agenda

GSOC E&C Program


A Brief Introduction to GSOC

• Part of the electric utility industry

• Not-for-profit owned by 38 of GA’s electric membership corps.

• Control and monitor electric system assets owned by Members

• One of three companies in the “family”

• Relatively flat organization

• 200+ employees = CEO + 5 execs + managers + staff

• NOT an SEC filer; SOX not required

• Sounds simple? … Not really!

Considerations for a Considerations for a SmallSmall-- to Mediumto Medium--Sized Sized

CompanyCompany

GSOC E&C Program


Considerations & Approaches• Few staff

• Low budget

• Why the need?

→ Involve reps from all areas

→ MUST have CEO/CCO support

→ Web is a treasure trove

→ Do internal work

→ Pay only for review

→ May be more important simply because people don’t think it matters

→ Misnomer that you’re too small, flying under the radar

GSOC E&C Program


Considerations & Approaches• Tailor-made

• Focus

• Designed based on

→ Breadth – address all key areas from FSGs and experts

→ Depth – based on risk and need

→ Web is a treasure trove

→ A program that’s comprehensive, low-cost (now and future), effective

→ Size of company

→ Laws

→ Level of regulation of the industry

→ Company’s compliance history

→ Company’s risk profile

GSOC E&C Program


More considerations• Give yourself a helping hand

– Web– Articles– Best practices– Advice from experts– Federal Sentencing Guidelines

GSOC E&C Program


Consider These Key Components1. Standards of conduct (a.k.a. Code of Ethics)2. Written ethics & compliance policies & procedures3. Senior management support, designation of compliance officer,

establishment of committee, clear roles4. Training and education programs5. Use of monitoring audits and other evaluation techniques6. Investigation and remediation of identified compliance problems7. Maintenance of a hotline to receive complaints / whistleblower protection8. Ethics & compliance as a performance criteria in employee evaluations9. Record creation, retention, and destruction10. Background checks11. Use of disciplinary procedures against those who violate 12. Periodic updates to the programRemember – breadth vs. depth – do what’s right for your particular company

Developing the ProgramDeveloping the Program

The School of Hard Knocks

GSOC E&C Program


How We Began – The Early Days• A compliance effort only; we conducted business

ethically but no direct mention of ethics

• One dedicated compliance staff member; Mgr and CCO as needed

• Focused on regulatory compliance – making sure we were covered– Home-grown system to track regulatory filings– Software compliance reviews

• Often seen by managers as another administrative chore, extra “work”, a policeman

• 2003/2004

GSOC E&C Program


Coming of Age• March 2005

– Moved compliance role to another dept.– Better “fit” with other functions– Directly assigned a manager for more focus

• Shift from compliance only to “ethics & compliance”• At first, seemed like a “new day”

– Either rose-colored glasses or the honeymoon

• As time went on, tougher and tougher – more on that later…

• What was fueled with excitement became fueled by sheer guts and determination

GSOC E&C Program


What Seemed Like a Fresh Start• One-on-one meetings with each exec to get their perspectives,

issues, needs• All seemed well and positive• Simply needed some structure for input

– Visibly show desire for input– Ensure all key parties were included– Regular meetings to keep in the loop

• Structure– E&C Steering Committee = all execs + ad hoc members (HR,

Audit, Accounting) + E&C staff– E&C Focus Team = rep from each group + E&C staff– Also informed managers and Board along the way

• Structure allowed for input but not direct control – therein lies the rub

GSOC E&C Program


First Hurdle – Why an E&C Program?• We’re small, non-SEC, non-SOX

• So why an E&C program?

• Explanation / discussion with all Steering Committee, Focus Group, Board, Managers regarding– “Effective” E&C programs rely on “tone at the top”– E&C Program is voluntary but …

• Must be proactive in detection and investigation of fraud and abuse

• Potentially lighter sentence and reduced risk of being placed on probation if effective program is in place

• Our program – protection and doing the right thing

• Jumped this hurdle without too much struggle

GSOC E&C Program


Helping Us Over the First Hurdle: FSGs• Relied on US Federal Sentencing Guidelines to provide framework / authority:

– Standards and procedures to prevent criminal conduct– Oversight by high-level person(s) (e.g., Chief Compliance Officer)– Care in delegation of authority (e.g., background checks)– Effective communication of standards and procedures; requires all

employees to participate in training programs– Reasonable steps to achieve compliance (e.g., monitoring, auditing,

reporting systems)– Consistent enforcement of disciplinary mechanisms– Appropriate response after detection of offense

• Must be in place before an offense was committed• Can reduce civil damage liability, lower levels of regulatory oversight,

convince prosecutors not to file charges in cases of employee misconduct, reduce harshness of fines and other sentences

• Fosters due diligence and self-assessment

GSOC E&C Program


Helping Us Over the First Hurdle: Benefits• “Apple pie” benefits of an E&C program

• The up side when properly implemented:– Will allow the corporation to detect misconduct at an early stage – Will be a cost-savings device by avoiding criminal / administrative

fines and civil damage awards and settlements– Avoids “soft” costs such as lost employee productivity, disruption

to business operations, decreased employee work rate and heightened scrutiny by government agencies

– Demonstrates good faith and therefore minimize possible government action against the corporation

• Throw in examples of reduced penalties b/c of program in place

• Who can argue these?

GSOC E&C Program


Second Hurdle – Why E&C?COMPLIANCE is “letter of the law”, obeying & enforcing the law & regs

ETHICS is “spirit of the law” = expressed intent to do right, ethical environment

• Each employee is responsible for both– Previous program spoke of “an effective program to prevent and detect

violations of law”– Meeting reg requirements (C) ≠ knowing how someone will act (E)

• Both E&C are part of Fed Sentencing Guidelines:– Have virtually eliminated the distinction between the two– Now calls for “the promotion of an organizational culture that

encourages ethical conduct and a commitment to compliance with the law” … all applicable laws

GSOC E&C Program


Helping Us Over the Second Hurdle: More Positive• Ethics is more proactive and empowering than compliance• Provides a “framework within which to approach the myriad [of] decisions

that they must make on a day-to-day basis, along with tools …”• Puts ethics & compliance obligations in a better light• Not just “thou shall not” obligations• Builds employee and customer loyalty• A foundation for the control environment referred to in many laws• Helps avoid stiff penalties (corporate & personal)

– “Since 1991, companies that create, communicate, enforce, and promote effective compliance programs, as defined by the US Federal Sentencing Guidelines … have been given favorable treatment by the Department of Justice, even when misconduct by employees … has been proven. … Savings, in terms of mitigated fines, has totaled hundreds of millions of dollars.” (Deloitte)

• Jumped this hurdle without too much struggle

GSOC E&C Program


Third Hurdle – Why a Code?• Code of Ethics emphasizes cohesive corporate stance on ethics &

compliance

• Tangible evidence and central point of an E&C program

• A place employees can go for initial direction on key risk areas

• What are we trying to achieve?– Minimize risks– Establish clear roles for key risk areas– All through a comprehensive, effective, low-cost program

• This hurdle was much tougher because specifically touched many areas– More on the Code later

GSOC E&C Program


Helping Us Over the Third Hurdle: Myth

• Dispel the myth of “Our organization is not in trouble with the law, so we’re ethical”– One can often be unethical, yet operating within

the limits of the law (e.g., withhold info from superiors, fudge on budgets, constantly complain about others, etc.)

– However, breaking the law often starts with unethical behavior that has gone unnoticed

– “Boil the frog” phenomena

GSOC E&C Program


More Help in the Third Hurdle: Risks• At least think about these for your company

• Opens up minds to the potential land mines• Fraudulent financial reporting• Employment areas• Subcontractors and contract labor• Procurement of goods / services• Gifts and gratuities• Workplace safety / OSHA• Lobbying, political contributions,

political activities• Tax exempt status• Insurance and other licensures• Certification standards• Conflicts of interest

• Intellectual property• Government contracting• Affirmative action• HIPAA• USA Patriot Act• Sexual harassment• Employee benefits• Security / wiretapping /

privacy of communications• Records management /

protection• Regulatory / legislative• Anonymous reporting

• Whistleblower protection• Tax and accounting• Tax liability for employees• Wage & hour requirements• EEO• ADA• Other legal concerns• Industry “hot spots”• Areas the company knows

about• Etc.

GSOC E&C Program


More Help On the Third Hurdle: Open Minds

• Now that minds are open to the negative possibilities…

• Remind them of what you have in place already – probably a lot you’re not aware of

• What’s the gap?

• Focus on closing the gap– “Eat the elephant one bite at a time”– Address each major risk area

GSOC E&C Program


Other Hurdles• Resistance on each and every initiative

– Some areas more resistant than others– Those with perhaps the most “skin in the game”

• Why the strong opposition? Some guesses:– Fear that someone was going to police them – yet self-police– Fear that someone would take their job responsibilities – yet functional

ownership– When “fight or flight” takes over, resistance is based on emotion not

reason– The crux: Input ≠ control

• Key learnings / reminders:– Just trying to do the best job for the company

• but intent has no bearing on others’ fears or concerns – Can’t please everyone all the time

• competing interests; must make best decision for the company & move on

• The eternal optimist– Still hoping to win them over ☺

Key Aspects of Our Key Aspects of Our ProgramProgramPress onward!

GSOC E&C Program


Accomplishments Thus Far (1.5 years)

• Board policies – Updated / developed & obtained Board approvals – Handled some aspects directly through Board policies

• Code of Ethics – developed; obtained Board approval

• Ethics Statement – developed; included as part of Code

• Roll-out of E&C program – developed key roll-out elements (promo, skit, Code, web page); rolled out in January

• Web page – one-stop-shop for E&C

• Training – all employees attended legacy “Ethical Business Conduct” by 2005

• Departmental / functional areas – monitor and research issues as needed

• Software compliance – new system; quarterly reviews and clean-up; audit

GSOC E&C Program


In Progress and To Do (2006/2007)• Update E&C training

– Mix on-line, in class, and manager follow-up– Finalize visual for overall GSOC E&C focus on training & roll out– Use logo as “good housekeeping” seal; develop process

• Refresh on-line regulatory content (home-grown ARMS)– Add bells and whistles – Line functions responsible for content

• Record retention / destruction – implementing all portions of policy this year except destruction next year; BIG culture shift

• Company newsletter – column for regular reminders about ethical issues• Energy Policy Act of 2005 – technical team reviewing; will update any aspects of

E&C program as necessary• Continue administrative functions – software compliance, conflict of interest

certification, etc. • E&C risk assessment – determine areas that may need more focus and training

GSOC E&C Program


Let’s Look Further into Some Aspects

• Involvement in program development

• Board policies

• Code

• Logo

• Web page

• Roll-out

• Training

GSOC E&C Program


First & Foremost: Involvement of Key Parties• Depends on your culture• Ours is a “representative form of government”

• E&C Steering Committee • Focus Group• Compliance Officer, Manager, Administrator

• Where issues can be “retried”• Lesson learned: Just because it’s approved doesn’t mean it’s final

• Eat your Wheaties!!

• Key player and huge help: Communication & Training Dept –creative support and assistance with training development

GSOC E&C Program


Board Policy: Review• Reviewed all Board policies to see what needed updates for E&C

• Revised some policies; created some

• Included review / input from execs and other key staff

• Revised Board Policies (2005)• “Ethics and Compliance”

• Previously only addressed legal / regulatory; now comprehensive to incorporate new E&C Program

• “Notification and Investigation of Illegal or Unethical Activities”• Not just a financial fraud focus anymore – any fraud; various reporting

• Allows for some confidential reporting

• Steer away from use of “whistleblower” word

• “Conflict of Interest”• Changed dollar limits; single v. total; clarified words & forms

GSOC E&C Program


Board Policy: Creation• New Board Policies

• “Financial Integrity” (2005)

• Stress importance of integrity (truth / accuracy) of all financial records or data with financial impact

• Everyone impacts the company’s financial integrity

• “Record Retention & Destruction” (2006)

• Not just retention

• Also issues re: consequences, destruction, legal hold, etc.

• Lessons learned: use simple words; involve additional legal review; people will “read into” the written word so clarification is continual; DISCUSS (not just ask) to ensure people understand

GSOC E&C Program


Board Policy: Roll-out• Roll-out for each policy handled differently based on need

• Communication campaign, links to read, training, additional departmental emphasis for some (e.g., RR&D), etc.

• Involved input from all parties; staff assistants are key• Example: Conflict of Interest policy roll-out

– Sent Survey Monkey questionnaire to make sure they “got it”• Several key questions• Gave a themed prize (small $), randomly drawn from

respondents• Helped us to know where to focus future attention / clarification

– Reminder card (next slide)– Occasional reminders

• Lesson learned: no matter how fun and creative, not all will like it

GSOC E&C Program


Board Policy: Reminder for the Holidays• Holidays are gift-giving

• 5x7

• Front: grab attention

• Back: key excerpts

• Sent to all employees

• So “slick” that CEO almost threw it away thinking it was an ad!

GSOC E&C Program


Code: Benefits to GSOC• Give employees a document that:

– States clearly and concisely the company’s expectations

– One-stop-shop for key topics– Outlines acceptable behaviors– Presents viable options for asking questions and

voicing concerns

GSOC E&C Program


Code: What Was Involved

• Research – Many articles, white papers, webinars, web sites– Best practices– Federal Sentencing Guidelines– Training / conferences

• Our prior experience• Determined key risk areas• Developed documents – research, writing, excerpts

when available, reviews, edits – MANY iterations• Developed layout and logo w/ Communications Dept

GSOC E&C Program


Code: Who Was Involved• Steering Committee of executives

– for guidance

• Focus Group– for input, review, employee view

• Communication & Training – for creative support

• Compliance Officer / CEO– for approval

• Compliance Manager and Administrator– research, prep documents, project management

• Advice from other experts (HR legal; E&C consultant)

GSOC E&C Program


Code: Layout• Letter from CEO• Business philosophy• Key topics (next slide: Integrity, People, Information)

– With links to specifics

• Guidelines and responsibility• Acknowledgement form to sign• Q&As throughout – to personalize it• Upbeat design

GSOC E&C Program


Code: Main Topics• Integrity –

– Conflict of interest– Confidentiality– Protection / use of

company assets– Financial integrity– Antitrust

• People –– Work ethics– Equal employment– Harassment-free– Safe work environment– Personal conduct

• Information –– Internal controls– Intellectual property– Record retention– Computer, e-mail, internet

GSOC E&C Program


Code: Other Aspects

• Company’s commitment to ethical and legal conduct

• Mechanism for employees to report confidentially

• Identification of the disciplinary measures for violations

• Lesson learned: much more involved than anticipated

GSOC E&C Program


Code: Layout Cover & TOC

GSOC E&C Program


Code: Key Element is Ethics Statement

GSOC E&C Program


Code: Sample Topic

GSOC E&C Program


Logo: Development• Use in all E&C corporate-wide communications

• Branding

• Involved input from people mentioned before

• Asked for assistance from Communications– They came up with some ideas– Normally fantastic, but this was just OK– “I’ll know it when I see it” – Kept looking – Caused a temporary rift– “All’s well that ends well”

GSOC E&C Program


Web Page: Development

• One-stop-shop for all E&C

• Again, involved many people

• Relied on assistance from Communications Dept for web site and layout creation

• Lesson learned: takes a lot longer to develop than anticipated

GSOC E&C Program


Roll-Out: Overall Program• Give-away• Code of Ethics• Memo on letterhead• Read / sign Code

• Web page

• SKIT!

GSOC E&C Program


Roll-out: Skit• “Alice in Ethicsland” skit – keystone

• Developed by a staff member

• Unspoken message that all are involved: – Actors from various groups throughout the company– Actors from all levels – execs, manager, staff

• Key interesting aspects of the Code

• “Your play was one of the best special events, ever.”

• “Never has such a serious subject been presented to associates in such an entertaining way.”

• Lesson learned: everyone has different perspectives; not all positive

GSOC E&C Program


Skit: A Peek Inside

GSOC E&C Program


Skit: A Peek Inside

BEWARE of the GRINNING CAT

WATCH OUT for the RABBIT with the BAD HABBITS

GSOC E&C Program


E&C Training: Cohesion in Progress• Pockets of training• Need to conceptually

show connection of all E&C-related training

• Sends a more cohesive E&C message

• Working on specific courses

• Team to:– Develop concept– Develop roll-out

More details below …

Lessons LearnedLessons Learned

GSOC E&C Program


Lessons Learned and Some AdviceMany! Here are a few.Advice• Tailoring is key – we did this; saved us• Research intensely to become very knowledgeable• Even with little budget and staff, you can still accomplish a lot• Involve input from all areas• Use visuals to tie entire program togetherLessons Learned• Determine and communicate clearly in the beginning

re: input vs. approval vs. control• Took longer than expected – time-consuming, one year+, we’re small• Plan on more resistance than expected; stamina is essential• Nothing is ever final … even after approval• Press for involvement for those that seem disinterested; in one form or another,

you will “hear” from them later if they disagree

GSOC E&C Program


Questions / comments?

Georgia System Operations Corporation (GSOC) Case Study

Documents

Transcript of Georgia System Operations Corporation (GSOC) Case Study