Kusserow on Compliance: What boards do and do not need to know about compliance investigations

 The board needs to know about pending compliance issues, to meet its fiduciary obligations in providing proper oversight of a compliance program. The board needs to understand the processes by which issues are investigated and resolved. Not seeking and receiving this type of information borders on dereliction of responsibilities. The board does not need and should not receive details about raw and unsubstantiated allegations without the compliance officer and legal counsel first addressing them. If details of allegations of violation of laws and regulations are provided to the board, it risks that they will be accountable for how it is investigated and resolved. These are management issues, not oversight by the board. Any reporting on allegations that are being investigated should be general in nature to assure the board that it is being addressed appropriately.  The board should meet in executive sessions without the presence of members of management to query the compliance officer about any sensitive investigations, such as those involving senior members of management. Questions by the Board to the compliance officer and legal counsel certainly should include:

  1. How many allegations of violation of law were made and investigated to what result?
  2. What policies govern the investigative processes; and are they kept current?
  3. What processes are in place to ensure that complaints and allegations are fully investigated?
  4. What evidence is there those processes are being followed?
  5. Are there adequately trained individuals capable of conducting sensitive investigations?
  6. What processes are in place to appropriate react to and remedy?
  7. What processes ensure the board will have adequate notice about developments?
  8. What disclosure processes and policies are there for reporting suspected violations of law?
  9. Are there working investigative protocols between legal counsel and compliance?
  10. Are there any allegations received of wrongdoing made against members of senior management?
  11. What have been the results of significant investigations of wrongdoing?
  12. Has substantiated wrongdoing result in remedial action?
  13. What disclosures have been made to government agencies and were they timely?
  14. Has there been any reaction as result of disclosures to government agencies?
  15. Is there evidence of enforcement agency investigations involving the organization and if so what?
  16. Were any patterns identified from allegations warranting management actions?

For more information on this subject, see compliance.com or contact former HHS IG and FBI executive, Richard Kusserow, at rkusserow@strategicm.com.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.