Dell Inc.'s FCPA compliance program was in the news this week for the right reasons. The program was certified by the Open Compliance & Ethics Group. The OCEG helps companies think about compliance systems that can be embedded into the corporate fabric. It's a non-profit group supported by some big names: Dell, Microsoft, Deloitte, SAP, Visa, Ernst & Young, Thomson Reuters, Baker Hughes, and many more.
Individuals can become basic members for free (we did) or can upgrade to paid memberships with access to more information. Companies can buy memberships that cover their people as well.
OCEG's basic product is its Red Book 2.0, a 200-page pdf file that members can download from the site. OCEG said it worked with "a committee of hundreds of esteemed experts, including many in-house GRC professionals, external advisors and auditors, and academics" to develop Red Book 2.0. (GRC means governance, risk and compliance.)
At the center of the Red Book approach is the GRC Capability Model™. It's made up of couplets like Context & Culture, Monitor & Measure, Organize & Oversee, Respond & Resolve, and so on. In the pages that follow, each couplet is presented under the headings: principles, common causes of failure, guidelines and practices, key deliverables, and enabling technology components.
The OCEG speaks the language of modern global corporations -- so unless you're fluent in the lingua franca, the Red Book may take some getting used to. But there's valuable information inside and plenty of comfort for those who rely on systems tools and processes to think about problems and solutions. (Corporations today are almost unimaginably large and complex -- a hundred thousand employees, tens of thousands of suppliers, operations in 50 countries -- who can think about them without getting a little rattled? The Red Book is one way to deal with it.) While there's always a risk of mistaking the model for the real thing, there's also value in using different approaches to involve new people in compliance.
The OCEG said it created its certification program "to enable a company and its stakeholders to gain transparency into the steps the company has taken to establish a strong and effective approach to governance, risk management and compliance." Transparency we're not so sure about -- mainly because corporate-systems-speak isn't our native language -- but steps to compliance are certainly there.
As for Dell, the OCEG says the company received "not a point in time certification of FCPA compliance, [but] an acknowledgement that Dell has taken significant, proactive steps to design a program that will enhance its ability to appropriately prevent, detect and react to non-compliance."