Start with a risk assessment

I recently spoke with a friend who works for an organization that is just starting to consider implementing an ethics and compliance program. His first question to me was “What should I do first?”

His question prompted one of my own, although I was pretty sure I already knew the answer. “Have you conducted a risk assessment?”, I asked.

Of course he hadn’t.

Going through a risk assessment has many benefits. In terms of an E&C program, a risk assessment:

  • Informs what topics should be included in your code of conduct
  • Identifies the policies that your organization needs
  • Determines the scope of your training program
  • Points to the controls you need to put in place
  • Highlights the processes that must be regularly audited

So before you start implementing an E&C program, start with a risk assessment. And if you already have a program, then let your regular risk assessments guide your improvement efforts.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s