Georgia System Operations Corporation (GSOC) Case Study
Transcript of Georgia System Operations Corporation (GSOC) Case Study
Georgia System Georgia System Operations Corporation Operations Corporation
(GSOC) Case Study(GSOC) Case Study
Developing an Ethics & Compliance Developing an Ethics & Compliance Program for SmallProgram for Small-- to Mediumto Medium--Sized Sized
BusinessesBusinesses
GSOC E&C Program
September 2006 SCCE Conference 2
• A brief introduction of GSOC
• Considerations for a small/medium company
• How we began and got this E&C effort moving
• Issues encountered and how we solved them
• Key aspects of our E&C program
• Lessons learned
Today’s Agenda
GSOC E&C Program
September 2006 SCCE Conference 3
A Brief Introduction to GSOC
• Part of the electric utility industry
• Not-for-profit owned by 38 of GA’s electric membership corps.
• Control and monitor electric system assets owned by Members
• One of three companies in the “family”
• Relatively flat organization
• 200+ employees = CEO + 5 execs + managers + staff
• NOT an SEC filer; SOX not required
• Sounds simple? … Not really!
Considerations for a Considerations for a SmallSmall-- to Mediumto Medium--Sized Sized
CompanyCompany
GSOC E&C Program
September 2006 SCCE Conference 5
Considerations & Approaches• Few staff
• Low budget
• Why the need?
→ Involve reps from all areas
→ MUST have CEO/CCO support
→ Web is a treasure trove
→ Do internal work
→ Pay only for review
→ May be more important simply because people don’t think it matters
→ Misnomer that you’re too small, flying under the radar
GSOC E&C Program
September 2006 SCCE Conference 6
Considerations & Approaches• Tailor-made
• Focus
• Designed based on
→ Breadth – address all key areas from FSGs and experts
→ Depth – based on risk and need
→ Web is a treasure trove
→ A program that’s comprehensive, low-cost (now and future), effective
→ Size of company
→ Laws
→ Level of regulation of the industry
→ Company’s compliance history
→ Company’s risk profile
GSOC E&C Program
September 2006 SCCE Conference 7
More considerations• Give yourself a helping hand
– Web– Articles– Best practices– Advice from experts– Federal Sentencing Guidelines
GSOC E&C Program
September 2006 SCCE Conference 8
Consider These Key Components1. Standards of conduct (a.k.a. Code of Ethics)2. Written ethics & compliance policies & procedures3. Senior management support, designation of compliance officer,
establishment of committee, clear roles4. Training and education programs5. Use of monitoring audits and other evaluation techniques6. Investigation and remediation of identified compliance problems7. Maintenance of a hotline to receive complaints / whistleblower protection8. Ethics & compliance as a performance criteria in employee evaluations9. Record creation, retention, and destruction10. Background checks11. Use of disciplinary procedures against those who violate 12. Periodic updates to the programRemember – breadth vs. depth – do what’s right for your particular company
Developing the ProgramDeveloping the Program
The School of Hard Knocks
GSOC E&C Program
September 2006 SCCE Conference 10
How We Began – The Early Days• A compliance effort only; we conducted business
ethically but no direct mention of ethics
• One dedicated compliance staff member; Mgr and CCO as needed
• Focused on regulatory compliance – making sure we were covered– Home-grown system to track regulatory filings– Software compliance reviews
• Often seen by managers as another administrative chore, extra “work”, a policeman
• 2003/2004
GSOC E&C Program
September 2006 SCCE Conference 11
Coming of Age• March 2005
– Moved compliance role to another dept.– Better “fit” with other functions– Directly assigned a manager for more focus
• Shift from compliance only to “ethics & compliance”• At first, seemed like a “new day”
– Either rose-colored glasses or the honeymoon
• As time went on, tougher and tougher – more on that later…
• What was fueled with excitement became fueled by sheer guts and determination
GSOC E&C Program
September 2006 SCCE Conference 12
What Seemed Like a Fresh Start• One-on-one meetings with each exec to get their perspectives,
issues, needs• All seemed well and positive• Simply needed some structure for input
– Visibly show desire for input– Ensure all key parties were included– Regular meetings to keep in the loop
• Structure– E&C Steering Committee = all execs + ad hoc members (HR,
Audit, Accounting) + E&C staff– E&C Focus Team = rep from each group + E&C staff– Also informed managers and Board along the way
• Structure allowed for input but not direct control – therein lies the rub
GSOC E&C Program
September 2006 SCCE Conference 13
First Hurdle – Why an E&C Program?• We’re small, non-SEC, non-SOX
• So why an E&C program?
• Explanation / discussion with all Steering Committee, Focus Group, Board, Managers regarding– “Effective” E&C programs rely on “tone at the top”– E&C Program is voluntary but …
• Must be proactive in detection and investigation of fraud and abuse
• Potentially lighter sentence and reduced risk of being placed on probation if effective program is in place
• Our program – protection and doing the right thing
• Jumped this hurdle without too much struggle
GSOC E&C Program
September 2006 SCCE Conference 14
Helping Us Over the First Hurdle: FSGs• Relied on US Federal Sentencing Guidelines to provide framework / authority:
– Standards and procedures to prevent criminal conduct– Oversight by high-level person(s) (e.g., Chief Compliance Officer)– Care in delegation of authority (e.g., background checks)– Effective communication of standards and procedures; requires all
employees to participate in training programs– Reasonable steps to achieve compliance (e.g., monitoring, auditing,
reporting systems)– Consistent enforcement of disciplinary mechanisms– Appropriate response after detection of offense
• Must be in place before an offense was committed• Can reduce civil damage liability, lower levels of regulatory oversight,
convince prosecutors not to file charges in cases of employee misconduct, reduce harshness of fines and other sentences
• Fosters due diligence and self-assessment
GSOC E&C Program
September 2006 SCCE Conference 15
Helping Us Over the First Hurdle: Benefits• “Apple pie” benefits of an E&C program
• The up side when properly implemented:– Will allow the corporation to detect misconduct at an early stage – Will be a cost-savings device by avoiding criminal / administrative
fines and civil damage awards and settlements– Avoids “soft” costs such as lost employee productivity, disruption
to business operations, decreased employee work rate and heightened scrutiny by government agencies
– Demonstrates good faith and therefore minimize possible government action against the corporation
• Throw in examples of reduced penalties b/c of program in place
• Who can argue these?
GSOC E&C Program
September 2006 SCCE Conference 16
Second Hurdle – Why E&C?COMPLIANCE is “letter of the law”, obeying & enforcing the law & regs
ETHICS is “spirit of the law” = expressed intent to do right, ethical environment
• Each employee is responsible for both– Previous program spoke of “an effective program to prevent and detect
violations of law”– Meeting reg requirements (C) ≠ knowing how someone will act (E)
• Both E&C are part of Fed Sentencing Guidelines:– Have virtually eliminated the distinction between the two– Now calls for “the promotion of an organizational culture that
encourages ethical conduct and a commitment to compliance with the law” … all applicable laws
GSOC E&C Program
September 2006 SCCE Conference 17
Helping Us Over the Second Hurdle: More Positive• Ethics is more proactive and empowering than compliance• Provides a “framework within which to approach the myriad [of] decisions
that they must make on a day-to-day basis, along with tools …”• Puts ethics & compliance obligations in a better light• Not just “thou shall not” obligations• Builds employee and customer loyalty• A foundation for the control environment referred to in many laws• Helps avoid stiff penalties (corporate & personal)
– “Since 1991, companies that create, communicate, enforce, and promote effective compliance programs, as defined by the US Federal Sentencing Guidelines … have been given favorable treatment by the Department of Justice, even when misconduct by employees … has been proven. … Savings, in terms of mitigated fines, has totaled hundreds of millions of dollars.” (Deloitte)
• Jumped this hurdle without too much struggle
GSOC E&C Program
September 2006 SCCE Conference 18
Third Hurdle – Why a Code?• Code of Ethics emphasizes cohesive corporate stance on ethics &
compliance
• Tangible evidence and central point of an E&C program
• A place employees can go for initial direction on key risk areas
• What are we trying to achieve?– Minimize risks– Establish clear roles for key risk areas– All through a comprehensive, effective, low-cost program
• This hurdle was much tougher because specifically touched many areas– More on the Code later
GSOC E&C Program
September 2006 SCCE Conference 19
Helping Us Over the Third Hurdle: Myth
• Dispel the myth of “Our organization is not in trouble with the law, so we’re ethical”– One can often be unethical, yet operating within
the limits of the law (e.g., withhold info from superiors, fudge on budgets, constantly complain about others, etc.)
– However, breaking the law often starts with unethical behavior that has gone unnoticed
– “Boil the frog” phenomena
GSOC E&C Program
September 2006 SCCE Conference 20
More Help in the Third Hurdle: Risks• At least think about these for your company
• Opens up minds to the potential land mines• Fraudulent financial reporting• Employment areas• Subcontractors and contract labor• Procurement of goods / services• Gifts and gratuities• Workplace safety / OSHA• Lobbying, political contributions,
political activities• Tax exempt status• Insurance and other licensures• Certification standards• Conflicts of interest
• Intellectual property• Government contracting• Affirmative action• HIPAA• USA Patriot Act• Sexual harassment• Employee benefits• Security / wiretapping /
privacy of communications• Records management /
protection• Regulatory / legislative• Anonymous reporting
• Whistleblower protection• Tax and accounting• Tax liability for employees• Wage & hour requirements• EEO• ADA• Other legal concerns• Industry “hot spots”• Areas the company knows
about• Etc.
GSOC E&C Program
September 2006 SCCE Conference 21
More Help On the Third Hurdle: Open Minds
• Now that minds are open to the negative possibilities…
• Remind them of what you have in place already – probably a lot you’re not aware of
• What’s the gap?
• Focus on closing the gap– “Eat the elephant one bite at a time”– Address each major risk area
GSOC E&C Program
September 2006 SCCE Conference 22
Other Hurdles• Resistance on each and every initiative
– Some areas more resistant than others– Those with perhaps the most “skin in the game”
• Why the strong opposition? Some guesses:– Fear that someone was going to police them – yet self-police– Fear that someone would take their job responsibilities – yet functional
ownership– When “fight or flight” takes over, resistance is based on emotion not
reason– The crux: Input ≠ control
• Key learnings / reminders:– Just trying to do the best job for the company
• but intent has no bearing on others’ fears or concerns – Can’t please everyone all the time
• competing interests; must make best decision for the company & move on
• The eternal optimist– Still hoping to win them over ☺
Key Aspects of Our Key Aspects of Our ProgramProgramPress onward!
GSOC E&C Program
September 2006 SCCE Conference 24
Accomplishments Thus Far (1.5 years)
• Board policies – Updated / developed & obtained Board approvals – Handled some aspects directly through Board policies
• Code of Ethics – developed; obtained Board approval
• Ethics Statement – developed; included as part of Code
• Roll-out of E&C program – developed key roll-out elements (promo, skit, Code, web page); rolled out in January
• Web page – one-stop-shop for E&C
• Training – all employees attended legacy “Ethical Business Conduct” by 2005
• Departmental / functional areas – monitor and research issues as needed
• Software compliance – new system; quarterly reviews and clean-up; audit
GSOC E&C Program
September 2006 SCCE Conference 25
In Progress and To Do (2006/2007)• Update E&C training
– Mix on-line, in class, and manager follow-up– Finalize visual for overall GSOC E&C focus on training & roll out– Use logo as “good housekeeping” seal; develop process
• Refresh on-line regulatory content (home-grown ARMS)– Add bells and whistles – Line functions responsible for content
• Record retention / destruction – implementing all portions of policy this year except destruction next year; BIG culture shift
• Company newsletter – column for regular reminders about ethical issues• Energy Policy Act of 2005 – technical team reviewing; will update any aspects of
E&C program as necessary• Continue administrative functions – software compliance, conflict of interest
certification, etc. • E&C risk assessment – determine areas that may need more focus and training
GSOC E&C Program
September 2006 SCCE Conference 26
Let’s Look Further into Some Aspects
• Involvement in program development
• Board policies
• Code
• Logo
• Web page
• Roll-out
• Training
GSOC E&C Program
September 2006 SCCE Conference 27
First & Foremost: Involvement of Key Parties• Depends on your culture• Ours is a “representative form of government”
• E&C Steering Committee • Focus Group• Compliance Officer, Manager, Administrator
• Where issues can be “retried”• Lesson learned: Just because it’s approved doesn’t mean it’s final
• Eat your Wheaties!!
• Key player and huge help: Communication & Training Dept –creative support and assistance with training development
GSOC E&C Program
September 2006 SCCE Conference 28
Board Policy: Review• Reviewed all Board policies to see what needed updates for E&C
• Revised some policies; created some
• Included review / input from execs and other key staff
• Revised Board Policies (2005)• “Ethics and Compliance”
• Previously only addressed legal / regulatory; now comprehensive to incorporate new E&C Program
• “Notification and Investigation of Illegal or Unethical Activities”• Not just a financial fraud focus anymore – any fraud; various reporting
• Allows for some confidential reporting
• Steer away from use of “whistleblower” word
• “Conflict of Interest”• Changed dollar limits; single v. total; clarified words & forms
GSOC E&C Program
September 2006 SCCE Conference 29
Board Policy: Creation• New Board Policies
• “Financial Integrity” (2005)
• Stress importance of integrity (truth / accuracy) of all financial records or data with financial impact
• Everyone impacts the company’s financial integrity
• “Record Retention & Destruction” (2006)
• Not just retention
• Also issues re: consequences, destruction, legal hold, etc.
• Lessons learned: use simple words; involve additional legal review; people will “read into” the written word so clarification is continual; DISCUSS (not just ask) to ensure people understand
GSOC E&C Program
September 2006 SCCE Conference 30
Board Policy: Roll-out• Roll-out for each policy handled differently based on need
• Communication campaign, links to read, training, additional departmental emphasis for some (e.g., RR&D), etc.
• Involved input from all parties; staff assistants are key• Example: Conflict of Interest policy roll-out
– Sent Survey Monkey questionnaire to make sure they “got it”• Several key questions• Gave a themed prize (small $), randomly drawn from
respondents• Helped us to know where to focus future attention / clarification
– Reminder card (next slide)– Occasional reminders
• Lesson learned: no matter how fun and creative, not all will like it
GSOC E&C Program
September 2006 SCCE Conference 31
Board Policy: Reminder for the Holidays• Holidays are gift-giving
• 5x7
• Front: grab attention
• Back: key excerpts
• Sent to all employees
• So “slick” that CEO almost threw it away thinking it was an ad!
GSOC E&C Program
September 2006 SCCE Conference 32
Code: Benefits to GSOC• Give employees a document that:
– States clearly and concisely the company’s expectations
– One-stop-shop for key topics– Outlines acceptable behaviors– Presents viable options for asking questions and
voicing concerns
GSOC E&C Program
September 2006 SCCE Conference 33
Code: What Was Involved
• Research – Many articles, white papers, webinars, web sites– Best practices– Federal Sentencing Guidelines– Training / conferences
• Our prior experience• Determined key risk areas• Developed documents – research, writing, excerpts
when available, reviews, edits – MANY iterations• Developed layout and logo w/ Communications Dept
GSOC E&C Program
September 2006 SCCE Conference 34
Code: Who Was Involved• Steering Committee of executives
– for guidance
• Focus Group– for input, review, employee view
• Communication & Training – for creative support
• Compliance Officer / CEO– for approval
• Compliance Manager and Administrator– research, prep documents, project management
• Advice from other experts (HR legal; E&C consultant)
GSOC E&C Program
September 2006 SCCE Conference 35
Code: Layout• Letter from CEO• Business philosophy• Key topics (next slide: Integrity, People, Information)
– With links to specifics
• Guidelines and responsibility• Acknowledgement form to sign• Q&As throughout – to personalize it• Upbeat design
GSOC E&C Program
September 2006 SCCE Conference 36
Code: Main Topics• Integrity –
– Conflict of interest– Confidentiality– Protection / use of
company assets– Financial integrity– Antitrust
• People –– Work ethics– Equal employment– Harassment-free– Safe work environment– Personal conduct
• Information –– Internal controls– Intellectual property– Record retention– Computer, e-mail, internet
GSOC E&C Program
September 2006 SCCE Conference 37
Code: Other Aspects
• Company’s commitment to ethical and legal conduct
• Mechanism for employees to report confidentially
• Identification of the disciplinary measures for violations
• Lesson learned: much more involved than anticipated
GSOC E&C Program
September 2006 SCCE Conference 38
Code: Layout Cover & TOC
GSOC E&C Program
September 2006 SCCE Conference 39
Code: Key Element is Ethics Statement
GSOC E&C Program
September 2006 SCCE Conference 40
Code: Sample Topic
GSOC E&C Program
September 2006 SCCE Conference 41
Logo: Development• Use in all E&C corporate-wide communications
• Branding
• Involved input from people mentioned before
• Asked for assistance from Communications– They came up with some ideas– Normally fantastic, but this was just OK– “I’ll know it when I see it” – Kept looking – Caused a temporary rift– “All’s well that ends well”
GSOC E&C Program
September 2006 SCCE Conference 42
Web Page: Development
• One-stop-shop for all E&C
• Again, involved many people
• Relied on assistance from Communications Dept for web site and layout creation
• Lesson learned: takes a lot longer to develop than anticipated
GSOC E&C Program
September 2006 SCCE Conference 43
Roll-Out: Overall Program• Give-away• Code of Ethics• Memo on letterhead• Read / sign Code
• Web page
• SKIT!
GSOC E&C Program
September 2006 SCCE Conference 44
Roll-out: Skit• “Alice in Ethicsland” skit – keystone
• Developed by a staff member
• Unspoken message that all are involved: – Actors from various groups throughout the company– Actors from all levels – execs, manager, staff
• Key interesting aspects of the Code
• “Your play was one of the best special events, ever.”
• “Never has such a serious subject been presented to associates in such an entertaining way.”
• Lesson learned: everyone has different perspectives; not all positive
GSOC E&C Program
September 2006 SCCE Conference 45
Skit: A Peek Inside
GSOC E&C Program
September 2006 SCCE Conference 46
Skit: A Peek Inside
BEWARE of the GRINNING CAT
WATCH OUT for the RABBIT with the BAD HABBITS
GSOC E&C Program
September 2006 SCCE Conference 47
E&C Training: Cohesion in Progress• Pockets of training• Need to conceptually
show connection of all E&C-related training
• Sends a more cohesive E&C message
• Working on specific courses
• Team to:– Develop concept– Develop roll-out
More details below …
Lessons LearnedLessons Learned
GSOC E&C Program
September 2006 SCCE Conference 49
Lessons Learned and Some AdviceMany! Here are a few.Advice• Tailoring is key – we did this; saved us• Research intensely to become very knowledgeable• Even with little budget and staff, you can still accomplish a lot• Involve input from all areas• Use visuals to tie entire program togetherLessons Learned• Determine and communicate clearly in the beginning
re: input vs. approval vs. control• Took longer than expected – time-consuming, one year+, we’re small• Plan on more resistance than expected; stamina is essential• Nothing is ever final … even after approval• Press for involvement for those that seem disinterested; in one form or another,
you will “hear” from them later if they disagree
GSOC E&C Program
September 2006 SCCE Conference 50
Questions / comments?