Principal, Risk Advisory Practice Leader
View full biography
GovCons: Proactively assess your compliance program
Over the past few years, a global pandemic and the collapse of several financial institutions have ushered in a never-before-seen era of government relief spending. As helpful as these government measures are for organizations truly in need of such relief, they also bring with them the opportunity for employees and third parties working on behalf of organizations to engage in fraud, waste, and abuse.
History has shown that when the U.S. government establishes relief programs, enforcement action soon follows. Thus, all organizations – especially government contractors (“GovCons”) – should take steps now to ready themselves for government inquiry, oversight, and enforcement. And while all organizations are subject to certain laws, regulations, evaluative criteria, guiding frameworks, and agency guidance – i.e, compliance program “drivers” – that inform the manner in which their compliance program should be designed, GovCons should take special care to make sure their compliance programs are effectively designed, because they have an additional layer of compliance requirements when it comes to preventing, detecting, and responding to potential instances of fraud and misconduct.
The table below provides select examples of the certain compliance program drivers that apply to all organizations, as well as examples of additional compliance-related drivers that apply to GovCons. Many of these requirements are relatively new; and while some are quite old, we often see companies still have challenges maintaining controls to support the older ones. Consider each item carefully in building or strengthening your compliance program.
|
Compliance program driver |
All organizations |
GovCons |
|
Foreign Corrupt Practices Act (and related guidance) |
X |
X |
|
Defense Industry Initiative on Business Ethics and Conduct |
X |
X |
|
U.S. Federal Sentencing Guidelines for Organizational Defendants (1991, and amendments) |
X |
X |
|
COSO Internal Control Framework (and amendments) |
X |
X |
|
In Re. Caremark Decision |
X |
X |
|
Department of Justice Enforcement Guidance (Holder Memo) |
X |
X |
|
Office of Inspector General Guidance (and amendments) |
X |
X |
|
Revised Federal Sentencing Guidelines for Organizational Defendants (2004) |
X |
X |
|
ISO 31000 Risk Management (and amendments) |
X |
X |
|
Department of Justice Guidance on the Evaluation of Corporate Compliance Programs (2010, 2017, 2019, and 2020) |
X |
X |
|
OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance |
X |
X |
|
Dodd-Frank Act |
X |
X |
|
UK Bribery Act |
X |
|
|
Department of Justice / Securities and Exchange Commission FCPA Guidance |
X |
X |
|
ISO 37001 – Anti-bribery management systems |
X |
X |
|
EU General Data Protection Regulation |
X |
|
|
Ethics and Compliance Initiative – High-quality Ethics and Compliance Program Measurement Framework |
X |
X |
|
U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs |
X |
X |
|
False Claims Act |
X |
X |
|
Contractor Code of Business Ethics and Conduct |
|
X |
|
False Statements Act |
|
X |
|
Organizational Conflicts of Interest (FAR) |
|
X |
|
DOJ Procurement Collusion Strike Force |
|
X |
|
DOJ Civil Cyber-Fraud Initiative |
|
X |
- Assess your compliance program to confirm it aligns with the expectations of the myriad of applicable drivers, while also being right-sized for your business.
- Confirm that your program is managing the right compliance risks, including any risks related to government funding.
- Develop a process for ongoing periodic assessment of plan adequacy and effectiveness.
CohnReznick has developed a proprietary Ethics and Compliance Program Framework, predicated on the variety of laws, regulations, evaluative criteria, guiding frameworks, case law, and agency guidance. Our Framework contains the attributes and expectations associated with the program drivers set forth above.
When we assess the design of our clients’ compliance programs – including the programs of our GovCon clients – we evaluate the current state of each program against the expectations contained in our Framework. Through a series of work steps (e.g., document collection and analysis, interviews), we gain an understanding of level of maturity of our clients’ compliance programs, provide our observations in a clear and concise manner, and set forth meaningful and actionable considerations for enhancement.
Contact our team for more information or to get started on strengthening your organization’s compliance.
Maurice L. Crescenzi Jr., Principal, Risk Advisory Practice Leader
973.364.7862
Rich Meene, Principal, Government Contracting
862.245.5122
Related services
This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.