< back to insights gallery

Protecting value with your compliance and response program

ARTICLE | January 23, 2024 | Authored by RSM US LLP

Businesses with an eye on compliance know that the Department of Justice’s (DOJ) Criminal Division has recently released an update to the Evaluation of Corporate Compliance Program (2023 Guidance). Although this update is meant to assist prosecutors in evaluating and determining the adequacy and effectiveness of a corporation’s compliance program, the 2023 Guidance should be considered by in-house counsel, corporate compliance leaders and auditors as they administer and oversee their own programs, including their response to allegations of noncompliance, both in design and practice. For instance, recent regulation regarding clawback of management compensation due to noncompliance has been top of mind for executives and attorneys alike.

The importance of a robust compliance program cannot be emphasized enough in today’s complex regulatory and legal environment. The financial impact of settlements, fines and penalties for compliance violations are continually on the rise—and often on the front page of the news. All things considered, your company’s reputation, as well as current and future profitability, will be better protected when you have integrated compliance and investigations teams.

The case for integrated compliance and investigations teams

A sophisticated compliance program recognizes that (1) proactive compliance and (2) any resulting investigations into alleged noncompliance can each influence, complement and strengthen the other.

  1. A strong and effective compliance program lays the foundation for a healthy and ethical business operation. However, even the most robust ethics and compliance programs cannot eliminate all fraud and corruption risk. As such, while the occurrence and magnitude of misconduct can be minimized, it cannot be fully eliminated. When allegations of misconduct and noncompliance occur, companies can quickly determine the who, what, when, where, how and potentially why through deploying leading practices in conducting investigations.
  2. After misconduct or noncompliance is alleged or identified, well-executed investigations should be conducted that include root cause analyses to provide valuable feedback on required internal control and compliance program remediation, further enhancing the effectiveness of the corporate compliance program. The integrated cycle of identify—investigate—report—remediate across the compliance and investigations functions demonstrates the organization’s earnestness regarding its obligations toward compliance and legal issues.

What should companies focus on?

Compliance programs are not one-size-fits-all. Your organization should tailor your program to fit your needs and circumstances. However, based on recent cases resolved under the DOJ guidance, your company should consider how well your programs are designed to address four key elements critical to compliance programs. Addressing these issues will increase the chances of a more positive outcome when faced with compliance issues:

  1. Risk mitigation: Compliance frameworks are designed to identify and mitigate risks so corporations can adhere to relevant laws and regulations. Understanding the existing legal and regulatory landscape (both domestically and globally) facing your organization, coupled with a focus on communication and engagement, as well as conducting periodic risk assessments shaped by the evolving environment in which you operate, will increase your organization’s preparedness and reduce harm.
  2. Know and use your data: Understanding the information and data available to you, including where it resides and its limitations, is imperative to both assess compliance and respond to allegations of misconduct or noncompliance. In more mature compliance programs, the same data and technology utilized by management to make strategic decisions can be leveraged to identify key issues with compliance. Regulators have now come to expect continuous monitoring of key risk areas to mitigate the severity of compliance issues and limit their frequency.
  3. Investigation management drives reputation management: The rigor with which a business investigates misconduct allegations can demonstrate a company’s commitment to ethical conduct. Organizations that do not disclose all facts may lose credibility with regulators, enforcement agencies and their employees. By enhancing employee awareness of confidential reporting hotlines and other resources, including whistleblower protection rights, reputational harm can be mitigated by all employees within the organization.
  4. Consequence management: Finally, the objectives of any compliance and investigation effort should include limiting financial and reputational impact on the business. If a violation occurred, swift and meaningful action, based on the severity of the conduct and the pervasiveness of the issue, illustrates the thoughtful and strategic manner in which your organization has created an environment of compliance in spirit and practice.

Help to integrate

There are a variety of ways your organization can look to mature your compliance and investigations efforts with the help of external experience and insight.

Compliance program review and continuous improvement

An effective compliance program should evolve and adapt to the changes in the business, industry and any other relevant external circumstances. To that end, companies may periodically engage with external advisors to independently review and update their existing compliance program. Experience from outside your organization brings lessons learned from competitors, other industries and geographies to leverage against the specific compliance needs at issue, limiting risks of noncompliance with new industry standards, regulations and laws.

Gap analysis key factors to change

Third-party risk management (TPRM) and international compliance

Third-party resellers, vendors, suppliers, agents and contractors play vital roles in organizations in the global business environment. However, the use of third parties and their relationships introduces certain risks. In some cases, external entities can affect your company’s compliance status and its brand reputation. Risk mitigation begins with establishing and monitoring a TPRM program led by trained compliance advisors to ensure effective due diligence, mitigating potential risks associated with higher-risk external parties.

Third-party relationship management

For companies operating globally, navigating the complexity of international regulations and laws of foreign countries could be challenging. External advisors with a global network can help your company comply with diverse regulatory requirements and form law-abiding strategies abroad.

Investigation support

Without timely and thorough investigations of allegations of noncompliance, the effectiveness of a compliance program can be significantly diminished. Your organization should maintain relationships with experienced law and investigative firms to provide appropriate global subject matter experience when required. Your organization may lack well-established procedures, personnel or resources; the necessary tools and technology to conduct a thorough investigation; or sometimes, the stakes may simply be too high to go at it alone.

Post-investigation analysis and remediation recommendation

As part of the conclusion of any investigation, a thorough root cause analysis of noncompliance incidents is essential to address the underlying financial or operational issues. Internal controls and process management advisors have deep insights into the types of noncompliance activities and control failures in specialized industries. Advisors can perform the appropriate analyses, determine remediation efforts, assess the adequacy of your data and technology, and develop a prioritized, actionable work plan to remediate control deficiencies.

Post-investigation analysis and remediation recommendation

The risks, the expectations and the stakes for compliance and response have never been higher.  When you establish a team of integrated compliance and investigative professionals that deploy the right technology and outside resources when needed, you are positioned for future success reputationally and financially.

Let’s Talk!

Call us at (541) 773-6633 (Oregon), (208) 373-7890 (Idaho) or fill out the form below and we’ll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on 2024-01-23.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

KDP Certified Public Accountants, LLP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how KDP LLP can assist you, please call us at:

Oregon Office:
(541) 773-6633

Idaho Office:
(208) 373-7890