Compliance: Do you have what it takes?

As discussed in the July/August issue of Inspectioneering Journal, legal liabilities for the Inspectioneering community may arise from a variety of contexts, yet one way to minimize such liability is to evaluate your operations by auditing compliance. It is important for your company to step back, look at its compliance program, and objectively evaluate whether the program has what it takes to effectively detect violations of the law.

To determine whether your program has what it takes, engage your legal department to assist in an audit, conducted under the attorney-client privilege, to evaluate the following with respect to the areas of your operation which are regulated (e.g., safety, security, environmental, health, transportation, labor, etc.):

• What policies do you have in place?
• Do they sufficiently address the area as regulated?
• Have procedures been established to appropriately implement the policies?
• Are all policies and procedures current?
• Have the employees been trained on the policies/procedures and any updates to the same?
• Have applicable training requirements/time frames been satisfied (both regulatory and company requirements)?
• Do you have written records which prove all of the above exist or occurred as required (e.g., up-to-date written policies and procedures, training modules, attendee sign-in sheets, etc.)?
• How often do you audit compliance with legal requirements associated with your areas of regulatory oversight?
• Who is responsible for compliance in your company?
• Has your current compliance program detected any issues related to the above?

Auditing the topics above should help lead your company in the right direction toward identifying deficiencies, updating policies and procedures, training where and as necessary, and maintaining on-going compliance. After conducting an evaluation, the immediate next step for a privileged audit should be to determine with assistance of counsel what remedial actions may be necessary for any short-comings. If policies or procedures are out-of-date or otherwise inadequate, update them. If training documentation is lacking, retrain and fully document the new training. If a new area of regulation exists, ensure all company stakeholders are informed and involved in the process of developing and implementing new policies, procedures, records, and training. If you have solid policies and procedures in place and the required training has occurred, but you determine through observation while auditing that implementation of a policy or procedure is inconsistent or inadequate, review the situation with the respective managers, reprimand personnel as appropriate, retrain as needed, and document actions taken. If reporting to regulatory agencies is necessary, promptly report. If your current compliance program fails to detect non-compliances, engage management in a continued evaluation of the company’s compliance program and its internal oversight to determine what changes must be made. Again, it is important that your legal department is involved in the overall auditing process.

In the event of an incident, agency inspection, or litigation, the above actions will help your company demonstrate that it has an effective auditing program which is capable of detecting violations of the law and policies, addressing any issues, and preventing continuation of any noncompliance. Furthermore, a robust auditing program will keep the evaluation of company compliance in the forefront as a topic of value and continued concern. This is where compliance should remain, as the Inspectioneering community’s underlying regulatory landscape consists of constantly evolving terrain.

Work hard. Work smart!