Download the CorporateGovernor Newsletter - Winter 2010 issue
By Warren Stippich, Business Advisory Services Partner
Reviewing the effectiveness of your organization’s processes for addressing conflicts of interest
Whether you are a U.S. SEC registrant complying with Sarbanes-Oxley requirements1, a private company, or a not-for-profit2, you will want to implement a conflict-of-interest policy, as well as audit the policy periodically to ensure effectiveness and compliance. The Institute of Internal Auditors defines a conflict of interest in its International Professional Practices Framework Standards Glossary as “Any relationship that is, or appears to be, not in the best interest of the organization. A conflict of interest would prejudice an individual’s ability to perform his or her duties and responsibilities objectively.” The conflict resides in a situation, not in an individual’s actions. So whether the conflict is real, potential or perceived, it must be managed.
To address this issue, many organizations have implemented conflict-of-interest policies. They differ for each organization, but they typically give employees explicit guidelines both on ethical behavior and on situations to avoid. Employees are usually asked to complete an annual questionnaire in which they certify that they have read and understand the policy and the penalties for noncompliance, disclose any conflicts, and promise to report any violations if they arise.
While implementing a policy provides a formal process for managing conflicts of interest, an organization shouldn’t stop there; it needs to monitor adherence to the policy. It is important to include conflicts of interest in any internal audit risk universe. The internal audit department — or an outside service provider — can help audit an organization’s conflict-of-interest practices in a number of ways:
- Verifying that all employees and other persons of interest are circularized and have responded
- Examining the organization’s conflict-of-interest policy and related documentation
- Conducting interviews with relevant staff based on their knowledge of the processes and their involvement in applying the requirements of the conflict-of-interest policy
- Analyzing procedures for identification, assessment and mitigation of conflicts of interest
- Reviewing confidential reports maintained for all employees
For the conflict-of-interest audit, each organization will have a checklist specific to its industry and entity structure, but some considerations are common to all sectors:
- Who are the owners of the conflict-of-interest program, do they have the right level of authority to enforce, and do they keep the policy up to date?
- Are circularization procedures followed? Is a lack of response handled properly?
- Are satisfactory procedures in place to prevent or resolve conflict-of-interest situations?
- Are proper guidelines provided to employees, and are those employees encouraged to identify and report conflicts of interest?
- Are sanctions for violations documented? Enforced?
- Are reported conflicts addressed appropriately, as set forth by management and the board?
- Does the organization report conflicts to the audit committee?
- Are stakeholders aware of the results of the program?
- Are there flaws in the program that leave it vulnerable to unreported conflicts?
An organization that inadequately addresses its conflicts of interest will risk reputational harm, noncompliance with legal requirements and perhaps even sanctions. Forward-thinking business leaders will recognize the importance of instituting clear processes to help ensure conflicts of interest are properly managed, as well as investing the time and resources needed to audit the effectiveness of the program. •
1 For SEC registrants, the SOX requirements to demonstrate strong internal control drive an annual conflict check. Refer to Section 402 for additional information regarding conflict-of-interest disclosures.
2 Organizations risk losing tax-exempt status if they do not guard against the conflicts of interest prohibited in 26 U.S.C. § 503.
