Compliance Program Design Lessons learned from a COSO framework

Transcription

1 Compliance Program Design Lessons learned from a COSO framework Joseph Walsh President, Legacy Detroit Medical Center Christina DuVall Corporate Compliance Director CMS Overview Electric Gas Combination Gas Storage Fields Ludington Pumped Storage B C Cobb J H Campbell J C Weadock D E Karn Provides service to nearly.5 million of Michigan s 0 million residents in all 8 Lower Peninsula counties 8,000 employees 58 operating headquarters Heavily regulated (all the usuals) including requirements through: US Coast Guard Department Homeland Security Federal Trade Commission (FACTA) FAA and FCC NERC and NERC CIP Regional Reliability Organization: ReliabilityFirst (RFC) J R Whiting 2

2 Agenda COSO Principles for Regulatory Compliance Compliance Department Responsibilities COSO Mapping of Our Compliance Program Board Reporting Structure Enterprise Risk Management Ethics and Compliance Administrative Tools 3 COSO Principles for Regulatory Compliance I. Control Environment the overall result of the tone set by top management (its attitude, awareness and actions) concerning the importance of compliance and the emphasis placed on it in the company s policies, procedures, methods and organizational structure. II. Risk Assessment the identification and analysis of relevant risks (both internal and external) to the achievement of regulatory compliance. It provides the basis for determining how the risks should be managed. III. Information and Communication the processes that ensure that information is available in a form and time frame that enable management and employees to carry out their compliance responsibilities. IV. Control Activities the processes that ensure that compliance policy and procedures are carried out. V. Monitoring - the processes assessing effectiveness of the compliance effort. 4 2

3 Compliance Department Responsibilities Code of Conduct Matters Codes of Conduct Third Party Guidelines Helplines and Incident Investigations Training Questionnaires and Surveys Communications Ethics In Action Awards Regulatory Oversight Government Reporting Assess adequacy of compliance processes Monitor compliance processes through oversight role Recommend improvements Culture Initiatives Independent reviews of selected compliance programs and processes 5 COSO Mapping of Our Compliance Program 3

4 Board Reporting Structure Audit Code of Conduct Compliance Review Financial Control Disclosure Consumers Compliance Review Enterprises Compliance Review Risk * * * * * CCO * CFO CFO CEO Executive Manager Executive Director of Risk, CAO/Controller General Counsel North American Ops. Strategy, and Financial Adv. Code of Conduct Investigations Surveys Internal Audit Findings Internal Control (Sarbanes-Oxley) Fraud Tax NYSE Form 0-K Form 0-Q Form 8-K Certifications Environmental Health & Safety FERC/NERC MPSC Security Other Selected Laws and Regulations ERM Credit Risk Insurance Risk Price Risk Risk Policy 7 Enterprise Risk Management Ethics and Compliance Impact CATASTROPHIC (>$35 M) MAJOR ($45-35 M) Compliance Risks. Safety and Health 2. FERC/NERC 3. Environmental 4. Fleet 5. Security. Fire Protection 7. Gas Code 8. Building Code 9. MPSC LEGEND Prior Year Placement (if moved) MODERATE ($4-45 M) 9 New Risk this year) (added MANAGEABLE (<$4 M) 8 UNLIKELY (0-20%) POSSIBLE (20-50%) Likelihood 8 LIKELY (50-80%) ALMOST CERTAIN (80-00%) Risk Aggregate Overall Future Direction based on 5- year Plan Near-term Medium-term 4

5 Administrative Tools Accountability Temperature Charts Roles and Responsibilities 9 Accountability Review and certification by subject-matter-experts Risk related questions Staffing changes Regulation changes Noncompliance incidents Documentation updated Hot topics and new initiatives 0 5

6 Temperature Charts CONSUMERS COMPLIANCE SUMMARY Regulatory Area Trend Evaluation of Comments Level of Compliance Administrative Air Quality Ash Management ENVIRONMENTAL Chemical Management Environmental Protection Environmental Remediation Release Management Storage Tanks Waste Management Water Quality OVERALL ENVIRONMENTAL Confined Space Entry Contractor Oversight Electrical Safety Fall Protection HEALTH AND SAFETY Health and Exposure Standards Hoisting and Rigging Housekeeping Lock Out and Tagging Machinery, Tools and Equipment Material Handling and Storage Personal Protective Equipment Walking and Work Surfaces OVERALL HEALTH AND SAFETY Roles and Responsibilities Regulation Accountable Authority (SME) Operating Division Compliance Assurance Managers Site Managers Internal Audit Compliance Review Environmental EPA DEQ Health & Safety OSHA MIOSHA Fleet Building In Process Other DOT MDOT Review regulations and develop appropriate policies. Assist with Self-Assessments. Building and Fire Safety Codes FERC / NERC / RFC Security Prepare annual evaluation based on audits, self assessments incidents and agency services. Gas Code TBD Recommend, develop and lead implementation of special corporate initiatives to improve compliance. Assure procedures are in place for all requirements. Identify issues and resolve with support from appropriate Accountable Authorities and Site Managers. Identify and communicate trends and lessons learned. Arrange for compliance training as required. Implement procedures. Evaluate compliance at site level. Identify and resolve compliance shortfalls as they arise. Evaluate compliance at all levels. Report on exceptions using Red/Yellow/Green to improve risk assessment. Review policy deployment and execution issues. Monitor exceptions and address root causes. 2