News Items
July 28, 2009
What We Know
A recent survey conducted by the Institute of Internal Auditors notes that audits of corporate PACs are being conducted, although there appears to be a fairly significant degree of variation in the scheduling as well as the scope of such reviews. Whether such reviews take into consideration state and local “pay to play” statutory prohibitions was not addressed in the survey.
As for lobbying activity, there doesn’t seem to be any record of reviews being conducted except by the Government Accountability Office (GAO) in the case of the federal lobbying statute which actually mandates that GAO perform such reviews. While a number of states regulate the activities of lobbyists, enforcement seems to be a by-product stemming from other sources, such as a “whistleblower” report or procurement “abuse” issue.
Most public companies and others with substantial government procurement activity conduct extensive reviews of their employees’ observance of gift and entertainment rules so as not to jeopardize participation in public sector contracting. Adherence to written codes of conduct is routinely monitored through corporate compliance units and/or included in internal audit reviews.
This suggests that political activity is being scrutinized in many instances on an ad hoc basis, and that vital parts of the program may not be receiving sufficient attention. The analogy is we may have a big shiny lock on the front door, but a basement window has been left ajar.
What’s the Answer?
The first step is to obtain an in-depth understanding of the “moving parts” of your organization’s political activity. This would include political contributions, charitable giving, lobbying activity, and gift and entertainment policies and procedures. Any business unit or outside vendor who is involved in any aspect of these processes must be included in this information gathering process. It can be as clear as the accounting unit that prepares the PAC checks, or as oblique as the role of an outside advertising executive. Leave no room for doubt; in fact, opt for inclusion when questionable.
It may have been implied, but just to be sure it is apparent, the role of senior management in such an undertaking is essential. As the inquiries get underway, there’s bound to some resistance, so having that buy-in from the start is absolutely necessary. However, be careful to avoid making this a crisis management exercise; this process should be viewed as an effort to conduct political activity the right way.
Having identified the “parts” the next step is to conduct in-depth inquiries as to exactly how these departments and individuals interact with “the government.” Here, again, it’s important to be sure the activity is identified and the roles and responsibilities carefully defined. This is also the point when the individuals you are interviewing need to sense this is a worthwhile activity and that they are part of a team effort. They should realize your job is to help them achieve their goals. You want to be viewed as an ally, not a deterrent.
Now that there is a thorough understanding of the internal processes, in other words, who does what and when, the next step is to sort out the federal, state and, in some instances, the municipal laws and regulations that must be followed in the conduct of the various aspects of the organization’s political activities program.
While much of this is likely documented in the various business units, bringing it all together will be important in determining where the potential risks or breakdowns can occur. And, as a practical matter, many of these rules and regulations change with a fair amount of frequency so keeping on top of them is an important aspect of the compliance management program.
The next step is to measure each of these activities against the rules and the penalties associated with infractions, and assign each activity a risk factor. In other words, if a failure occurs, what is the potential exposure to the organization? Is it a fine? Will it preclude bidding government contracts? While some amount of risk is unavoidable, there are some risks that are simply unacceptable. Take each state in which the organization does business or has interests, and calculate the risks of each of the political affairs activities: political contributions; gift and entertainment regulations; “pay-to-play” applicability; and charitable activity. A sample chart has been provided:
A=High Risk
B= Moderate Risk
C=Low Risk
|
State |
Political Contributions/Lobbying |
Gift and Entertainment |
Pay to Play |
Charitable Activity |
|
CA |
B |
A |
A |
C |
|
FL |
A |
B |
B |
C |
|
NJ |
B |
B |
A |
C |
|
SC |
C |
A |
A |
C |
|
WI |
B |
A |
C |
C |
Having completed the risk analysis evaluation, it can be shared with the individuals who are identified with the various political affairs activities so as to sensitize them to the potential impact of a failure or breakdown. In many respects this type of “awareness” training will help them appreciate the importance of staying vigilant in the conduct of their activities. The risk analysis is also valuable to the business leaders for understanding the consequences of a failure in the conduct of political activity. It’s important to be involved in political activity; however, there needs to be an appreciation and expectation that the functions are being executed properly and that the individuals involved recognize the need to perform according to standards and that such activity is being monitored for compliance.
Conclusion
Active involvement is political affairs is essential, though as in any other undertaking there are risks associated with such activity. Mishaps do occur, but the consequences can often be tempered if it can be demonstrated that an active effort to avoid wrongdoing existed. In the case of political activity, having a compliance program in place is the first step in risk avoidance. It’s been suggested that an effective political activities compliance program should reflect the following characteristics:
(1) Individuals who are responsible for various political activities understand their duties.
(2) Inherent risks associated with each aspect of such activity are evaluated.
(3) Individuals involved in the activity, and especially newly assigned persons, receive training.
(4) The system is tested to ensure the controls are adequate.