is your chief watchdog an esquire?
TRANSCRIPT
8/6/2019 Is your chief watchdog an esquire?
http://slidepdf.com/reader/full/is-your-chief-watchdog-an-esquire 1/5
Compliance & Ethics Vol. 8 / No. 3
06 / 2011
A publicAtion of the Society of corporAte compliAnce And ethicS
Professional
Top sTories inside
4 The Compliance
Covenant: More pull,
less push
8 Is your chief watchdog
an esquire?
12 The compliance risk of
compliant behavior
18 Business gratuities:
Sometimes it’s better
not to give or receive
22 Managing ethicsupwards
30 Third-party risk
management: Properly
managing compliance
of outsourced
relationships
36 Global Compliance:
Thailand
46 The FAR raises the
bar for ethics and
compliance programs
52 Culture and values:
“Adequate procedures”
under the UK Bribery Act
Meet Laurie GallagherDirector, Healthcare Compliance Training
at Amgen
This article, published in Compliance & Ethics Professional, appears here with permission from the Society of Corporate Compliance & Ethics. Call SCCE at +1 952 277-4977 or 888/277-4977 with all reprint req
8/6/2019 Is your chief watchdog an esquire?
http://slidepdf.com/reader/full/is-your-chief-watchdog-an-esquire 2/5
8 compliAnce & ethicS profeSSionAl June 2011 www.corporatecompliance.org
Governance, risk, and com-
pliance systems involve multiple
stakeholders, which oten include
titles such as Audit, Risk, Com-
pliance, Ethics, and Legal or
combinations thereo. Te term
“compliance” has come to take on
many meanings, so that overlap,gap, and even conict can exist
between organizational charters,
duties, and responsibilities. Tis
article expands upon the stark
diference, and oten-conicting
roles, o an organization’s general
counsel (GC) and chie internal
auditor (CIA) with respect to the
application o law and ethics in thebroader Governance, Risk, and
Compliance systems o US-based
organizations.
Internal auditing as the
corporate conscience
In today’s New Normal, the
concept o governance and risk
management are evolving rom
mere written principles intorobust practices within board
and management processes. Te
Institute o Internal Auditors
(IIA) International Standards or
the Proessional Practice o Inter-
nal Auditing1 denes the role o
internal auditing in governance
in Standard 2110, where it states
“Te internal audit activity must
assess and make appropriate
recommendations or improv-
ing the governance process in its
accomplishment o the ollowing
objectives:
• Promoting appropriate ethics and
values within the organization;• Ensuring efective organiza-
tional perormance management
and accountability;
• Communicating risk and con-
trol inormation to appropriate
areas o the organization; and
• Coordinating the activities
o and communicating inor-
mation among the board,external and internal auditors,
and management.”
With respect to business
ethics, the internal audit unction
serves as part o the corporate con-
science. Tereore, the posture o
the internal audit unction must
be such that it can inuence the
corporate “brain,” which encom-passes members o the board and
management who are the keep-
ers o the organizational “body”
and trusted guardians o its
well-being. As the corporate con-
science, internal auditors must be
prepared to have the open, candid,
and constructive dialogues with
their boards and managementto balance the scale between the
organization’s legal and ethical
perormance.2
One o the more sensitive
challenges internal audit execu-
tives are conronting is how to
bring transparency to the board
and management’s personal
values, which are an essential partin establishing and maintaining
the integrity and core values o an
organization. In a new era where
raud and scandal seems to be
standard are, organizations must
bring internal board and manage-
ment transparency to the oreront
o the reorm agenda. Compliance
stakeholders should recognize and
consider this “inner” transparency when assessing governance struc-
tures and processes. Stakeholders
must also provide assurances over
the ethical systems and their
related internal adjudication pro-
cesses, going well beyond the
minimum requirements set orth
by the law.
Is your chief watchdog
an esquire?by M br, eq., cia, cisa
Michael bRozzetti
8/6/2019 Is your chief watchdog an esquire?
http://slidepdf.com/reader/full/is-your-chief-watchdog-an-esquire 3/5
www.corporatecompliance.org June 2011 compliAnce & ethicS profeSSionAl 9
continued on page 10
Esquires are the “shield
bearers” of an organization
Although many believe the
term “esquire” is reserved or law-
yers, it is not. Tere is no ederalor state statute prohibiting the use
o the esquire (Esq.) designation.
A properly licensed lawyer is an
attorney-at-law, and a properly
certied internal auditor is an
auditor-at-act. In act, the term
“esquire” derived rom the Latin
root word scutarius, meaning
“shield bearer.” Te internal audi-
tor shield is the proession’s codeo ethics, centered on our key
principles: integrity, competency,
objectivity, and condentiality.
In contrast, the chie legal ocer
or general counsel shield is the
law, which is coded by its source:
constitutional, statutory, adminis-
trative, or common.
A recent study revealed thatless than 15% o US corporations
have senior internal audit proes-
sionals with titles o chie auditor
or general auditor. In contrast,
the most senior legal proessional
is widely known as a chie legal
ocer or general counsel. In act,
ALM Media’s Corporate Counsel
magazine’s annual salary survey,3
says a general counsel is requently among the top highest-paid execu-
tives whose pay packages must be
disclosed, yet we rarely see a chie
internal auditor on this list o hon-
orable recognition. Tis suggests
that the corporate culture at-large
undermines its chie watchdog and
its jurisdiction to reely snif and
act nd to discover raud, waste,
and abuse.
Directors and ocers ought
to consider placing equal weight
on the views and opinions o theirtwo essential shield bearers – the
chie audit executive (CAE) and
the chie legal ocer (CLO). It is
important or directors and o-
cers to view the work o the CAE,
primarily within the context o
business ethics, and the work o
the CLO, primarily within the
context o law. Free interaction
and balanced discussion betweenthese two esquire servants will
bring both ethics-based and legal-
based perspectives to those matters
reecting upon the director and
ocer duties o prudence, loyalty,
and care.
A common theme for
corporate failuresTe majority o corporate ail-
ures share a common theme. Te
house o cards comes crashing
down, the culprits will oten take
their ortunes at the expense o
those who entrusted their ortunes
to them, and then take reuge
behind the legal maze to mystiy
what really happened. In the U.S.,
obscuring the legal process is notvery dicult in light o more than
4,450 US ederal criminal laws,
which grow at a rate o about
500 new laws per decade, and the
Federal Registry, with more than
80,000 pages, which records all
o the regulations the ederal gov-
ernment imposes on businesses, all
o which carry the orce o law.4
Te explosion o more law and
regulation has made a very heavy
shield or the GC to bear, thus a
more balanced shield o protectionshould be sought with respect to
the CAE and CLO in the New
Normal. Courtroom motion
practice has little tolerance or
bringing ethical matters to light.
In contrast, motion practice in
the boardroom should encourage
bringing these matters to the table
or deliberation and judgment.
The paradox for in-house
general counsel
In-house counsel has a con-
icting interest when it comes
to providing business advice to
corporate executives versus legal
advice, where the attorney-client
privilege is enorceable. Accord-
ing to Michael A. Lampert o SaulEwing LLP:
When it comes to the successul
assertion o the attorney-client
privilege, any litigator currently
active can tell you that the task
is a whole lot easier i the lawyer
involved is outside, rather than
inside, counsel. While the
legal principles are generally the same in both situations,
practical experience and some
recent court decisions suggest
the emergence o a double
standard, arguably resulting in
a weakening o the privilege or
inside lawyers.5
8/6/2019 Is your chief watchdog an esquire?
http://slidepdf.com/reader/full/is-your-chief-watchdog-an-esquire 4/5
10 compliAnce & ethicS profeSSionAl June 2011 www.corporatecompliance.org
In a court case legal precedent,6
the view o the court was that the
negotiation o a contract and the
discussion o those negotiations
with executives o the company did not constitute “exercising a
lawyer’s traditional unction,” but
did constitute “acting in a busi-
ness capacity.” So, although an
executive may currently obtain
both legal advice and business
advice rom in-house counsel, it
is important to understand that
these events are handled much
diferently within the context o the U.S. legal system, compared
to that o the internal compliance
system o the organization with
respect to the discoverability o
acts and evidence.
The emergence of the “new
era” internal auditor
Te Institute o Internal Audi-tors model audit charter states:
“Te internal audit activity, with
strict accountability or conden-
tiality and saeguarding records
and inormation, is authorized
ull, ree, and unrestricted access
to any and all o the organization’s
records, physical properties, and
personnel pertinent to carrying
out any engagement.”7 I this is accepted as a uni-
versal truth, then the authority o
the internal audit activity should
supersede the attorney-client privi-
lege between in-house counsel and
executives. I true, then the playing
eld has changed and an auditor-
stakeholder privilege must emerge
within the Internal Auditing pro-
ession, adopted by directors and
ofcers, and respected by the Legal
proession. Tis privilege must be
consistent with the principles o conduct within the proessions’
code o ethics regarding integrity,
objectivity, condentiality, and
competency. A chie auditor who
is a certied internal auditor certi-
es that he/she is accountable to
uphold these our key principles:
• Integrity. Te integrity o inter-
nal auditors establishes trust
and thus provides the basis orreliance on their judgment.
•Objectivity. Internal audi-
tors exhibit the highest level
o proessional objectivity in
gathering, evaluating, and com-
municating inormation about
the activity or process being
examined. Internal auditors
make a balanced assessment o all the relevant circumstances
and are not unduly inuenced
by their own interests or by
others in orming judgments.
•Confidentiality. Internal
auditors respect the value and
ownership o inormation they
receive and do not disclose
inormation without appropri-
ate authority unless there is alegal or proessional obligation
to do so.
•Competency. Internal auditors
apply the knowledge, skills, and
experience needed in the peror-
mance o internal audit services.
rue reedom and indepen-
dence to meaningully carry
out internal auditing work can
be achieved when the auditor-
stakeholder privilege is adopted
and trumps the attorney-client
privilege with a higher duty tothe corporate entity at-large. By
making internal auditors impervi-
ous to the legal system’s tolerance
to shield unscrupulous execu-
tive behavior, they are no longer
blinded rom the activities that
can prevent them rom obtaining
the relevant, reliable, and sufcient
inormation necessary to discover
the acts required to protect thedirectors’ and ocers’ duties o
prudence, loyalty, and care.
Sustained ethical corporate
culture
In a comment letter rom the
National Association o Corporate
Directors (NACD), Chair Barbara
Hackman Franklin wrote to Sec-retary Elizabeth M. Murphy o
the U.S. Securities and Exchange
Commission, “A strong corporate
culture is one o the best tools
a company has or combating
raud.”8
In the 2010 Berkshire Hath-
away annual report, Warren
Bufet armed that culture, not
rules, determines organizationalbehavior. Former Governor o
Pennsylvania Mark S. Schweiker
at one time proessed, “You can’t
substitute good conscience with
rules and regulations” at an IIA
conerence in reerence to the
Sarbanes-Oxley Act.9 I we are
to hold these statements as truth,
Is your chief watchdog an esquire? continued from page 9
8/6/2019 Is your chief watchdog an esquire?
http://slidepdf.com/reader/full/is-your-chief-watchdog-an-esquire 5/5
www.corporatecompliance.org June 2011 compliAnce & ethicS profeSSionAl 11
then we must accept the act that
the signicance o ethics is equal, i
not superior, to that o law within
the context o an organization’s
culture and internal compliancesystem. Te mere existence o a
code o conduct or ethics code is
no longer enough to demonstrate
to organizational stakeholders that
an ethical corporate culture exists
or is efective.
Sustained ethical corporate
culture can be achieved with a
continual and systemized process
to monitor, evaluate, and inter-nally adjudicate those who engage
in risky behavior that does not
conorm to the ethics code o the
organization. Boards and directors
must identiy, quantiy, and miti-
gate cultural risk and play an active
role in accepting or rejecting indi-
vidual or group behaviors, beore
systems breakdown and ail. Withrespect to stakeholder relations,
boards and directors must also
consider how to substantiate their
commitment to an ethical corporate
culture by disclosing the method
o measure and ndings, and how
results compare with other compa-
nies within their industry. Mark
Rome, ounder o zEthics, Inc, is
leading the way in this regard withthe zEthics cloud computing tech-
nology. Te technology is designed
to provide online corporate cul-
ture benchmarks and incident
management reporting to support
transparency and accountability
within organizational governance
and compliance systems. In 2009,
analysts suggested that the market
size or ethics-related hotlines and
incident management systems was
about $5 billion; however, only
about $80 million in actual marketdemand could be veried around
that time. In 2011, according to
Rome, the estimated market size
or this space is well over $10 bil-
lion when you include government
agencies and public and private
corporations. Tese statistics bring
to light both the challenges and
opportunities or internal trans-
parency and accountability inorganizations.
Our philosopher riend
Socrates once said, “A sel-aware
person will act completely within
their capabilities to their pinna-
cle, while an ignorant person will
ounder and encounter diculty.”
My view is that organizations act
the same way. Good governance,risk, and compliance calls or this
higher level o thinking and Inter-
nal Audit can serve as the center o
the corporate conscience to main-
tain an ethical corporate culture.
Notes:
1 he Institute o Internal Auditors“Standards and Guidance.”
Available at http://www.theiia.org/guidance/standards-and-guidance/
2 Michael Brozzetti “A New Era orInternal Auditors,” Institute o Internal Auditors Insight (2009).
3 ALM Legal Intelligence:GC Compensation Survey.
Available at http://www.alacra.com/ALM-Legal-Intelligence-Surveys-Lists-Rankings/GC_Compensation_Survey-general_counsel_salary
4 William R. Maurer and DavidMalmstrom: “he Explosion o the Criminal Law and Its Cost toIndividuals, Economic Opportunity,and Society,” he Federalist Society (2010). Available at http://www.ed-soc.org/publications/pubid.1771/
pub_detail.asp5 Michael A. Lambert “In House
Counsel and the Attorney ClientPrivilege,” FindLaw (2000).
Available at http://library.indlaw.com/2000/Oct/1/128767.html
6 Georgia-Pacific Corp. v. GAF Roofing Manufacturing Corp., 1996 WL 29392
7 he Institute o Internal Auditors:“Model Internal Audit Activity Charter.” Available at www.theiia.org/download.cm?ile=14380
8 National Association o Corporate
Directors: “Comment Letterto the Securities and ExchangeCommission.” Available at http://
www.sec.gov/comments/s7-33-10/s73310-135.pd
9 he Institute o Internal AuditorsPhiladelphia Chapter, FallConerence Key Note Session,Philadelphia, PA. November 2007
Editor’s note: Michael
Brozzetti is President of
Boundless LLC, an internal
auditing and governance
firm that specializes in
training and integrating
organizational ARCs (Audit,
Risk, and Compliance
activities). Michael serves
as the Chairman for Business
Integrity Alliance™, an
organization committed to
advocating and advancingthe practices supporting
the principles of integrity,
transparency, accountability,
and risk oversight. Michael
can be contacted by phone
at 267-297-0706 or by e-mail at