EICE workshops are intended for everyone who is starting in the profession of officers or experts in compliance and ethics, as well as for more experienced people who want to improve, upgrade or renew their compliance program.
In the year 2017 we prepared two half-day workshops (april and may 2017)
- How to use the SIST ISO 19600 standard (Compliance Management Systems - Guidelines) in managing the compliance program and business ethics;
- Compliance Coaching: How to overcome the biggest challenges at work in the field of compliance and business ethics.
1. Workshop (20.04.2016) : How to lay and upgrade the foundations of the compliance and business integrity program - in any organization
Best Western Premier Hotel Slon, 20.04.2016, from 8:30 to 12:30
8:15 - 8:30 Arrival of participants
8:30 - 9:45 Andrijana Bergant, NLB d.d .: How to prepare the basic documents of the business compliance management system: Business Compliance Policy and Code of Conduct (presentation of substantive starting points and work in groups)
9:45 - 10:45 Mateja Geržina, Triglav INT d.d. and Alenka Vidic, PROPIAR: Implementation of elements of the compliance program in practice: use of education, training and communication (presentation of content starting points)
10:45 to 11:00 Coffee Break
11:00 - 11:45 Implementation of elements of the compliance program into practice: use of education, training and communication (group work)
11:45 - 12:30 Miran Deželak, NLB d.d .: Supervision and internal investigations: basics, preparation and implementation (presentation of content starting points and group work)
At the first of three workshops in 2016, Andrijana Bergant showed how to prepare a Business Compliance Policy with all elements following the international standard ISO 19600: Compliance Management Systems and Code of Ethics , following the example of best practices. Among the policy guidelines, she emphasized the importance of identifying the areas of compliance risks that the compliance function deals with. Regarding the definition of scope, it is also important that the policy states whether it applies only to the organization or also to a potential group of companies; while in any case it is standard that compliance requirements are also set for external contractors. In the preparation of the Code, the preparation phase with a broad dialogue is extremely important, either on how employees understand the already existing values and principles of conduct, or on which values and basic principles should be accepted in the company. It is also necessary to identify in the preliminary dialogue the most important contents that are most important for the company to maintain or strengthen them and thus elevate them into the contents of the code, with very concrete written expectations regarding behavior and practical illustrations. For both core documents of the compliance program, it is crucial that they define the role of all stakeholders, to understand the compliance program and ethics as something that is the goal and responsibility of the entire organization, its management and all employees, not something it deals with. only the compliance function. With the adoption of both documents, the strengthening of this culture of compliance and ethics is just beginning, so it is necessary to regularly communicate and teach different groups of stakeholders about their content and the meaning of what is written.
All participants subsequently received a template for both documents with brief instructions for preparing more detailed content tailored to the specific organization (if you would like to subsequently order a template for the Compliance Policy or Code of Conduct, write to us at: firstname.lastname@example.org).
Mateja Geržina , director responsible for human resources and compliance from the holding company Triglav INT, shared highlights from her valuable practice of implementing the compliance program, in a company with an international presence, through employee training, and above all through as many consultations and dialogues as possible, especially with management. The latter must ‘buy’ the thing so that we compliance experts can be effective in our work. In doing so, we must also be equipped with the right measure and combination of self-confidence, professionalism, knowledge of the organization's business, perseverance and patience.
Continuous communication of content in the field of compliance and business ethics is crucial from the point of view of the actual implementation of rules and ethical principles in practice, or. to ensure the effectiveness of the compliance program. After all, the company can also protect the company from liability for a misdemeanor or crime committed by an individual employee. Alenka Vidic , Executive Director and Partner at the PR agency PROPIAR, therefore highlighted the importance of communication in establishing and managing a business compliance program as a change , to which people are in principle reluctant and superfluous. Coherence and especially ethics, values, therefore, need to be very concretized, presented on examples and such that are adapted to different target groups. Only then can people really understand and accept the demands and expectations in this area, and can we motivate them to do so. It is worth considering in particular the communication channels we use to communicate compliance and ethics content, given the fact that employees have different accesses and prefer bilateral channels such as superior meetings, team meetings and email. If you notice that rumors about important issues are spreading in a company, they arise because there is a gap related to a certain topic and therefore rumors take on the function of a communication channel. Practice shows that rumors are reduced by regular communication through the organization's dedicated channels, otherwise rumors have negative effects on employees and the entire organization. The key message is: compliance professionals, connect well with the communicators in your company! Namely, they know best which communication channels and approaches are most suitable for which content and on which occasion. If you have a great plan and mechanisms to ensure compliance, but not everyone who needs to be involved will know this, you cannot be effective.
In the end, Miran Deželak, Head of Internal Investigations at NLB d.d., introduced us to good practices and his rich experience in investigating bad business practices. He emphasized the importance of preparations and the consistency of the implementation of a predetermined internal investigation procedure, professional documentation of only unambiguously established facts and circumstances. It is also important to have a fair attitude towards employees who come into contact with the internal investigation, either as a subject of the investigation, or as a whistleblower or as a witness. Unlike the procedures of external competent authorities, internal investigations are about dealing with our employees. Today you can investigate unpleasant circumstances about someone, and tomorrow you can cooperate with him in another matter. In any case, it is always important to ensure that compliance experts do not perform so many different tasks that are, on the one hand, unmanageable in terms of scope or the necessary specialist knowledge and skills, but on the other hand could lead us into conflicts of interest. If a company has only one person responsible for managing the compliance system, it usually focuses on the preventive and control tasks of this function (consulting, education, communication, regulatory compliance and monitoring of other compliance risks), while for implementation internal investigations better personal separation. If the company does not have its own professional resources, good practice recommends hiring external experts to conduct an internal investigation.
2. workshop (15.06.2016) : Carrying out analysis and assessment of risks for business compliance (collection of the right information, method - methodology of analysis and assessment of risks for compliance) and how to present it to company management.
The second workshop was entirely dedicated to compliance and ethics risk management. Murray Grainger from Impact on Integrity , who led the workshop, demonstrated a 5-step approach to managing these risks:
The first three phases are carried out in the form of a workshop, together with a representative group of managers and experts from the company, with the expert or compliance officer playing the role of moderator.
In the brainstorming phase, participants are encouraged to unstructured (and without the ongoing assessment of other participants) a series of risks to compliance and ethics that they themselves identify in the business of the company.
In the second phase, we collectively define the criticality of each of the listed risks on a scale, e.g. from 1- least critical to 4- most critical, namely according to the probability of occurrence of the loss event and according to the effect if the damage event would occur.
In the final phase of the workshop, we make a summary in terms of combining similar risks into one group, from identifying the most critical risks and the less critical ones.
Outside the workshop, which should not last more than 60 minutes, the compliance experts themselves take the results into consideration and prepare a proposal for measures to eliminate and reduce risks (fourth phase), which are certainly coordinated with those in the organization in which the field of work the measures concern and those who will be responsible for implementing those measures. In accordance with the company's internal policy, we submit them to the competent authority for approval.
The expert or compliance officer then monitors the implementation of the adopted risk management measures (fifth phase).
Murray also took us to think about how we even understand the risks to compliance and business ethics, what we associate them with, and what they represent to us. The exercise gave the participants an important insight and hint: the risks to compliance and ethics can also offer us opportunities and promote success, if we successfully identify, assess and manage them.
“Reading financial statements for compliance experts and others acting under a risk assessment approach”
The workshop took place on 16.11.2016, from 8:30 to 13:00, at the City Hotel, Dalmatinova ul. 15, Ljubljana.
It was led by Mihael Krajnc, director and co-founder of the accounting service Saša d.o.o. from Ljubljana, who is a certified accountant and a certified taxpayer, with more than 25 years of experience, and Polona Pergar Guzaj, director of 4E, organization management and fraud management doo, who is an active certified internal auditor, with valid international titles in the field of internal auditing (CIA), fraud investigation (CFE), internal financial services auditing (CFSA) and risk management assessment (CRMA).
At the workshop, we learned how financial or financial statements are basically compiled and what they tell us; but above all, how can we deduce from them:
- which types of expenditures are most important for the company or individual budget user within the company,
- in what way and by which channels the largest financial outflows from the company go,
- with whom the company concludes the most important transactions,
- what the statements tell us about the credibility of the business partner itself,
- what the company pays the highest commissions for,
and other most exposed items that we can focus on in regular process compliance reviews and linking them to other information, following a risk assessment approach. We also learned which indications of possible fraud and related risks can be deduced from the accounting items so that we have a starting point for targeted further verification. (16.11.2016)
How to use the SIST ISO 19600 standard (Compliance Management Systems - Guidelines) in managing the compliance program and business ethics;
The workshop took place on Wednesday, 19 April 2017, from 8:30 to 13:00.
Workshop participants received a practical tool for the office: a compliance management card card with explanatory clouds and a linear record of ISO 19600 compliance management steps.
A uniform international standard in the field of compliance management in organizations was presented, which was published in Slovene this year on the initiative and with the generous support of EICE. The standard was created as a result of the work of experienced compliance experts from different parts of the world, from the USA through Europe and all the way to Australia. It combines and builds on existing knowledge from good practices and already expanded national and international standards.
The workshop was held in the following content areas:
- Overview of the compliance management system framework and compliance culture
- Presentation of the basic building blocks of the compliance management system: the context of the organization and the location of the compliance management system, compliance risk management, compliance policy, the role of management and the role of the compliance function in this system
- Planning in the management of the system of compliance with practical exercise in groups
- Providing support to the compliance management system
- Evaluating the effectiveness of compliance management and evaluating the effectiveness of this system through group exercise
- Compliance report and continuous improvement of the compliance management system
The workshop was led by Andrijana Bergant, EMBA, CCEP-I and mag. Andrej Šercer.
‘Compliance coaching’ - How to solve the biggest challenges at work in the field of compliance and business ethics
We probably all remember our first cold shower we experienced in the role of a compliance expert… It’s not pleasant to be left speechless, without a smart answer, or even with a sense of undermining one’s own professionalism, perhaps even resentment.
At the workshop, we trained in the theory of conflict resolution and learned about different methods of dealing with them. In front of us was a selection of different real-life situations in which we brainstormed about possible responses. We also played roles, once as a coach, second as an opponent, third as a mentor, and so on. The workshop was led by Alenka Vidic.
In the end, we drew a recipient of a small but inspiring handbook entitled “Have a Nice Conflict”. Because knowledge is never enough.
You can read more about the EISEP workshops so far here. (22.05.2017)