Laserfiche WebLink
1.1 ‘ŷğƷ ğƩĻ ƷŷĻ ƩĻƨǒźƩĻķ ĭƚƒƦƚƓĻƓƷƭ ƚŅ ğƓ LƓƷĻƩƓğƌ /ƚƒƦƌźğƓĭĻ tƩƚŭƩğƒʹ Internal <br />Compliance Program must be in ǞƩźƷźƓŭ and must provide compliance standards and procedures that the <br />employees and agents are expected to follow. <br /> <br />1) High level personnel are responsible for oversight of compliance with the standards and <br />procedures <br /> A written policy designating the individual(s) by title that shall be responsible for <br />oversight of the internal ethics and compliance program. The person shall <br />promote an organizational culture that encourages ethical conduct and a commitment <br />to compliance with all applicable laws and regulations. <br />(2) Appropriate care is being taken to avoid the delegation of substantial discretionary authority to <br />individuals whom the entity knows, or should know, have a propensity to engage in illegal activities <br /> A written policy that details the background vetting process (background checks, <br />federal/state debarment, application disclosures, affirmation statement, of <br />current and future employees/board members that will have substantial discretionary <br />authority and are involved in the handling of financial and/or highly confidential <br />information. <br />(3) Ensure that compliance standards and procedures are effectively communicated to all of the <br />entity's employees, including members of the governing board if the entity has a governing board, by <br />requiring them to participate in periodic training in ethics and in the requirements of the program. <br /> A written policy that requires employees and members of the governing board to <br />participate in periodic (monthly, quarterly, annually, training in (1) ethics and (2) <br />in the components of its Internal Compliance Program. <br />(4) Ensure that compliance standards and procedures are effectively communicated to all of the <br />entity's agents <br /> A written policy that requires notification to agents (persons or entities authorized to act <br />on behalf of the organization) of their obligation to adhere to the Internal <br />Compliance Program <br />(5a) Reasonable steps are being taken to achieve compliance with the compliance standards and <br />procedures by using monitoring and auditing systems that are designed to reasonably detect <br />noncompliance. <br /> A written policy detailing established processes (Internal Audit/Compliance Charter, <br />Annual Risk Assessment, Annual Audit/Compliance Work Plan, Enterprise Risk <br />management, Governance, Risk, and Control Policy and Procedures, Fraud Risk Policy, <br />Quarterly Monitoring Plan, for assessing compliance with its code of conduct as <br />well as policies and procedures adopted to promote adherence with laws and <br />regulations. An organization may not solely rely on an annual external audit for <br />compliance with this requirement. <br />(5b) Reasonable steps are being taken to achieve compliance with the compliance standards and <br />procedures by providing and publicizing a system for the entity's employees and agents to report <br />suspected noncompliance without fear of retaliation <br /> A written policy detailing a reporting system (Hotline, Website, Internal Communication <br />Channels, etc.), which may include mechanisms for anonymity or confidentiality that <br />allows employees, the governing board and entity agents to report suspected incidents <br />of non-compliances without fear of retaliation. <br />(6) Consistent enforcement of compliance standards and procedures is administered through <br />appropriate disciplinary mechanisms <br /> A written policy outlining how the entity responds to incidents of non-compliance in <br />conformance with its internal disciplinary process. <br /> <br />