Compliance is a continuous loop of change, reaction, proactive planning, measurement and change again. A static ethics and compliance program is an ineffective and dead program.
An effective compliance program is not a perfect one. An effective program does not prevent all significant code or legal violations. An effective compliance program is about continuously measuring risks, the effectiveness of company controls, and the company’s culture. The world is constantly changing. Social and economic forces will inevitably impact the company and its workforce, and ethics and compliance programs need to adapt to external and internal changes. Continuous monitoring and measurement translates into continuous change.
An effective ethics and compliance program is one that is not about the prevention of every code and legal violation but an ethics and compliance program that is aligned in accordance with risks, and which maximizes mitigation strategies against ever-changing constellations of risks.