Subject__Riordan_Corporate_Compliance_Plan

Subject: Riordan Corporate Compliance Plan To: Riordan Executive Officers and Directors Executive Summary Riordan Manufacturing is committed to managing and operating in an ethical and moral manner. Riordan Manufacturing needs to have a customized Corporate Compliance Plan (CCP) that will fit the company’s specialized field in plastic design. The mission of Riordan’s CCP is to insure compliance with applicable laws, rules and regulations. Employees are expected to have this same commitment and behave both with integrity and ethically. Management strives to be a role model for the Riordan employees by promoting an environment where legal and ethical business practices are expected. Riordan will use the five components of the Committee of Sponsoring Organizations (COSO): control environment, risk assessment, control activities, information and communication, and monitoring to manage legal liabilities when establishing criteria for internal control and for assisting Riordan in the day to day operations dealing with their employees, other companies and the public. Riordan Corporate Compliance Plan Being the industry leader in the field of plastic injection molding, Riordan Manufacturing must have a customized Corporate Compliance Plan. “Controlling the internal working of a company is done by people and must not be seen merely as some forms and manuals comprising of a company’s policies” (Umar, 2009). The purpose of the Corporate Compliance Plan is to ensure that all employees understand and comply with applicable laws, rules, and company regulations; keeping with the highest level of business, ethical, and moral principles. Riordan Manufacturing is committed to ensuring its business is conducted in accordance with such applicable laws and maintaining an ethical business practice. The Officers and Directors of Riordan Manufacturing, employees, and independent contract providers are wholly informed of all applicable laws and regulations so they do not inadvertently engage in any conduct that might raise compliance issues. Importance of Managing the Legal Liability A Corporate Compliance Plan will serve as a guide ensuring Riordan fulfills its obligations to observe the laws and public policies affecting its business. The Compliance Plan will help resolve questions about appropriate conduct in the workplace and provide guidance to ensure the work is done in an ethical and legal manner. A contract is a binding agreement between at least two parties. Stimmel, Stimmel & Smith law offices state that “A contract is a binding obligation between two or more persons predicted on a mutual understanding (“agreement”) of the parties”. a breach of contract happens when a party fails to conform to the obligations of the contract. Contracts may be oral or written, and may be “implied” by the court in certain conditions (Stimmel, Stimmel & Smith law, 2000). Riordan has legal ramifications because of these contracts and needs to insure proper management of the legal liabilities to protect both the future of the Company and its shareholders. When necessary, lawyers will work with Riordan to manage the wider market implications of a dispute. One tool which is available for Riordan to use is the Committee of Sponsoring Organizations. COSO Enterprise Risk Management The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a model for evaluating internal controls of a company and “is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control. The COSO model defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance of the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations,” (Knowledgeleader.com, 2009). With the COSO approach, these three categories are separate yet intersect. COSO was formed in 1985 by the National Commission on Fraudulent Financial Reporting by then executive chairman, James C. Treadway, Jr. (COSO.org, 2008). COSO is sponsored by five major professional U.S. associations: the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the Institute of Management Accountants [IMA]) (COSO.org, 2008). Riordan will use COSO to manage the legal liabilities by defining internal control and assisting Riordan’s upper management, officers and board of directors by establishing criteria for determining effectiveness in their oversight of enterprise risks. The goal for Riordan is to achieve an "effective" internal control system. This will be achieved by using COSO’s framework of five control components: control environment, risk assessment, control activities, information and communication, and monitoring. The Five Framework Components of COSO Control Environment The first step of the COSO framework is control environment; a very important element in the regulation of factors, both internal and external, that could affect a business. Such internal factors include organizational goals, hierarchy infrastructure, liabilities, and quality of work environment for employees and employers and basic values that are held by employees. External factors that can affect a business include competitors and laws regulating business practices. International laws must be adhered to if Riordan is to be successful in the world market. According to Jennings (2006), “In each country where a business has operations, it must comply with the laws of that nation” (p.237); this loose definition of international law exemplifies its importance to Riordan’s business operations, because each nation is different, laws will be different as well, and corporate strategies must coincide and comply with each countries different and distinct system of law. Another important factor for the Company to assess is enterprise liability, which is defined by Brodie (2007) as “the corollary of the creation of risks by an enterprise” (p.494). This can have major repercussions for a company because “When risks materialize and cause injury to a member of the public despite the employer’s reasonable efforts, it is fair that the person or organization that creates the enterprise and hence the risk should bear the loss” (Brodie, 2007). This is why it becomes imperative that upper management have reliable and accurate enterprise liability assessment, so it can effectively assess the risks before implementing a certain course of action. Without clear and concise organizational goals and strategies, the assessment of liabilities will be very difficult, if not impossible. In order to maintain an equitable level of control at Riordan, it becomes very important for upper management to project the behaviors and attitudes they want in employees, this will help create and maintain equilibrium of quality of the working environment. Riordan will provide orientation and training for all new employees to establish the goals and quality of work environment desired and expected at the Company. Riordan will also provide continual educational workshops for all current employees on a regular basis. Each employee will be required to complete four workshops per year. The training provided in these workshops will center around the goals and mission of Riordan, safety, quality of work environment, employee rights established by the U.S. Civil Rights Acts of 1964 and subsequent years, and the laws governing all regulatory or compliance requirements related to employment relationships (such as workplace safety, wage and hours, and retirement). Risk Assessment The second step and maybe most crucial in COSO is risk assessment. For any corporation to be successful there must be a valid and reliable way to determine risks and liabilities, and how they will affect organizational and individual goals. In order to be effective at risk assessment, Riordan’s upper management must have clearly outlined objectives and goals of corporate strategy. Riordan has accessed the potential risks and liabilities the Corporation might encounter as: employee safety and welfare, defective equipment, defective products, behaviors and actions of affiliated agents, potential discrimination claims, civil and criminal torts, binding contracts and contract formation, and abiding by and ensuring proper application of law governing these concepts in the working environment. At Riordan, committees - hence teamwork - should be implemented to ensure adequate risk assessment procedures, and as with any team there will be disputes, and in order to resolve disputes, communication is the key. Sometimes traditional methods of dispute resolution are ineffective, that’s why this company will implement various forms of ADR. Aliment (2009) defines ADR as “a procedure for settling disputes by means other than litigation, such as arbitration,” mediation, or mini-trial (p.1). This concept has important applications for Riordan because many man hours and costs can be saved by settling disputes outside the courtroom. Litigations are expensive and in the best interests of this company ADR, as a means to cut unnecessary costs, needs to be effectively implemented. By effectively assessing and managing potential risks and liabilities, a corporation is minimizing legal risk and maximizing productivity, also while maintaining a safe and quality working environment for Riordan’s employees and employers. Control activities Step three of the COSO model, are the policies and procedures needed to ensure that correct actions are taken in order to control the risks determined in the risk assessments described above. Business dictionary states that control activities are “management policies and procedures applied in (1) achieving a firm's objectives, (2) protection of its assets, and (3) measurement of its performance” (2009). Riordan has to do more than just determine potential legal liabilities; the Company must have a system in place to minimize these legal ramifications. Riordan’s control system shall consist of the following activities: proper approvals and authorizations of transactions and activities, verification of approved recommendations; adequate documentation; physical control over assets and records via security measures, and segregation of duties. Approvals and authorizations of transactions and activities will be addressed by Riordan’s management personnel. All employee transactions resulting in an amount above $500 will require a manager’s signature. All transactions over $5000 will require senior management signature. Managers will submit an Authorization for Activity Form to a senior manager for approval; upon approval, management will initiate activity requested but not before. Any change to the overall direction of the activity will require further approval. All human resource directives (hiring, pay increase/decrease, performance bonuses, suspension, or termination) will require the HR Manager’s signed Continuance of Action Form. Communication concerning Riordan must be in writing or stored electronically. Email communication is considered valid documentation. All management must keep copies of communications assessable to upper management and board of directors for review at all times. Failure to do so could result in suspension or termination of said manager. Riordan shall maintain physical control over all assets and records within certain areas using security clearance codes. Product liability, tangible and intellectual property rights are of considerable concern for Riordan. Product liability is “a type of strict liability in which the manufacturer or seller is strictly liable for injuries caused by defective products” (Consultwebs.com, 2004). Riordan is liable for defective manufacturing of all plastic parts and equipment both within Riordan’s plants and at the customer level. Riordan will maintain the highest level of safety and compliance to all Occupational Safety and Health Administration (OSHA) guidelines. External inspections will be made at random times within all Riordan’s plant facilities to insure safety and protection. Tangible property consists of items an employee can visually see. Tangible property, or personal property, is anything that “has physical substance and can be touched” (Lectlaw.com, 2009). Intangible property is distinguished from by having physical quality. Intellectual property consists of those items which relate to the creative nature and mind. Intellectual property rights give a creator an exclusive right over the use of his or her creation for a certain period. “These rights allow artists to protect themselves from infringement, or the unauthorized use and misuse of their creations. Trademarks and service marks protect distinguishing features (such as names or package designs) that are associated with particular products or services and that indicate commercial source…Patentable works include, but are not limited to, inventions/ products, processes, discoveries, materials, plant varieties, and sometimes computer software. Copyrightable works include, but are not limited to, writings of all kinds (published or unpublished), classroom materials, educational courseware, television/radio programs, films and videos, musical compositions, dramatic works, and artwork” (Techtransfer.siuc.edu, 2007). Security personnel and security systems will monitor theft of tangible property at all Riordan locations: corporate headquarters in San Jose, California; production plant of plastic beverage containers in Albany, Georgia; production plant of custom plastic parts in Pontiac, Michigan; and production plant of plastic fan parts in Hangzhou, China. Of greater concern to Riordan though is its intellectual property. Riordan’s existence is based upon several patents relative to the processing of polymers into high tensile strength plastic substrates developed by Dr. Riordan, company founder. Riordan also has inventions associated with its machinery at all plant facilities. Riordan has Architectural bottle designs, engineering drawings and computer CAD drawings. All research and development of existing and future patents, copyrights, inventions, architectural works and drawings or processes will be licensed through the World Intellectual Property Association (WIPO). Segregation of duties is a control measure where the separating of certain areas of responsibility and duties reduces fraud and unintentional mistakes. This insures that the person initiating the transaction or activity is not the same person whom approves or authorizes the action. All employee transactions and activities will require management approval and all management transactions and activities will require senior management approval. Senior management transactions and activities will be reviewed within departments in monthly board meetings by Riordan’s board of directors. Information and communication The fourth step in the COSO framework is information and communication. “Information systems play a key role in internal control systems as they produce reports, including operational, financial and compliance-related information, that make it possible to run and control the business. In a broader sense, effective communication must ensure information flows down, across and up the organization. Effective communication should also be ensured with external parties, such as customers, suppliers, regulators and shareholders,” (Reference.com, 2009). Information refers to all the employees of Riordan Manufacturing receiving the necessary data needed to perform their jobs and communication refers to the flow of all the information throughout the organization. This communication flow of information involves everything going up the chain of command, down or disseminated, across all departments and sections, and anything and everything communicated inside as well as outside the organization. The information and communication system should consist of the type of data stored and how this data is communicated to various parties; thus the information system should record, process, store, and report the data and the communication system shall determine how the information is reported, who will receive the information, and how the information is used. “Communication is an important part of the system. Information must be stored in a way that it can be used to audit and review transactions, but it must be available to the appropriate people at the appropriate times” (Worrells, 2009). According to KnowledgeLeader.com, “Information and communication is the component of internal control that ensures that pertinent information is identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities” (2008). Riordan needs to maintain proper documentation and adequate communication at all times, “If business records are not kept properly or are not accessible, they cannot be readily checked and frauds will be more difficult to detect” (Worrells, 2009). Riordan employees will be privy to certain information based on the nature of their position. This information will include operational reports, financial reports, and compliance-based reports. All employees are required to safeguard any and all information they communicate throughout the organization and will be held responsible for actions if this information is communicated in any manner not reflective of company policy or guidelines. A system of verbal warning, written warning, suspension without pay, and termination will be used. Legal counsel will determine the severity of the actions of the employee when information and communication is breached. Monitoring Monitoring helps Riordan determine if internal controls are adequately designed, properly executed and effective at any given point. Monitoring is step five of the internal control components of COSO. The purpose of monitoring is to help Riordan ensure that control activities and other planned actions to affect internal control are carried out properly and in a timely manner; the result is effective internal control. Riordan will use the following monitoring procedures: • Periodic evaluation and testing of controls by internal audit • Audit committee inquiries of internal and external auditors • Supervisory reviews of controls, such as reconciliation reviews as a normal part of processing • Continuous monitoring programs built into information systems • Analysis of, and appropriate follow-up on, operating reports or metrics that might identify anomalies indicative of a control failure • Self-assessments by boards and management regarding the tone they set in the organ-ization and the effectiveness of oversight functions Riordan is not limited to the above procedures. Ongoing monitoring activities evaluate and improve the design, execution and effectiveness of internal control. Separate evaluations such as self-assessments (done by each department employee) and internal audits, are periodic evaluations of internal control components resulting in a formal report on internal control. Separate evaluations can also be performed by an external auditor. Any deficiencies found during monitoring should be reported to the individual responsible for the function and to at least one level of management. Any serious matter should be reported to top management. The role of Riordan’s management team is critical to the internal control system’s effectiveness. Every piece of information does not have to be reviewed to determine that the controls are functioning. Focus should be placed on monitoring activities in high-risk areas. Management can perform spot-checking on transactions or basic sampling techniques can also provide a reasonable level of confidence that the controls are functioning as intended. Monitoring will be covered by Riordan’s CEO and CFO. Under s302 and s906 of the Sarbanes-Oxley Act, a certification must be present that upper management has viewed the report and perused it with due diligence required. Riordan’s CEO and CFO will be held liable in the instance that any discrepancy arise from the investigations of the SEC. Riordan should begin the process of ensuring corporate compliance with laws and regulations by implementing a Board-level Compliance Committee (separate from the audit committee) to address the issue of legal and regulatory compliance. Riordan’s internal auditors are already well-trained in the area of monitoring and prevention and thus have an opportunity to expand their current role by assisting the board with the compliance function as it relates to non-financial laws and regulations. Legal Forms of Business Riordan Manufacturing, Inc. is listed as a corporation and is required to file an Article of Incorporation. The Article of Incorporation includes Riordan Manufacturing’s name and principal place of business, the corporate purpose, stock information and the name and address of Riordan’s registered agent. The registered agent will be authorized to accept delivery physically of certain legal documents on behalf of Riordan Manufacturing, Inc. Riordan’s articles of incorporation identifies the incorporators of the corporation and who sign the articles. The directors of Riordan also are required to sign Riordan’s articles of incorporation. Shareholders elect a board of directors who appoint and oversee management of the corporation. The advantage Riordan has as being a corporation is that corporations have the same rights and responsibilities of an individual with only limited liability. The corporation can enter into contracts, borrow money, sue and be sued, hire employees, own assets and pay taxes – yet the shareholders have the right to participate in the profits through dividends, but are not held personally liable for the company's debts. (Dictionary.com, 2009) Corporations also received certain tax breaks not afforded to individuals. Conclusion Following the recommendations of COSO, Riordan Manufacturing, Inc. has the framework to build an effective risk management program. Strong internal controls are essential to the corporation to maintain compliance and develop sufficient checks and balances. The Corporate Compliance Plan will ensure that the Officers and Directors, the employees, and independent contract providers of Riordan Manufacturing comply with all company applicable laws, rules, and regulations. Taking a proactive approach in Corporate Compliance will help ensure that Riordan executives can identify, prevent and manage risk on a daily, quarterly and yearly basis. References Aliment, R. J. (2009). Alternative Dispute Resolution in International Business Transactions, The Brief, 38, 1-12 Brodie, D. (2007). Enterprise Liability: Justifying Vicarious Liability, Oxford Journal of Legal Studies, 27, 493-508 Businessdictionary.com (2009). Control activities definition. Retrieved September 11, 2009, from http://www.businessdictionary.com/definition/control-activities.html Consultwebs.com (2004). Product Liability. Retrieved September 11, 2009, from www.biznc.com/legal_glossaries/motorcycle_injury/glossaryp.html COSO.org (2008). About Us. The Committee of Sponsoring Organizations of the Treadway Commission. Retrieved September 11, 2009, from http://www.coso.org/aboutus.htm Dictionary.com (2009). Corporation. Retrieved September 11, 2009, from http://dictionary.reference.com/browse/corporation Jennings, M. M. (2006). Business: It’s legal, ethical, and global environment. (7th ed.). Mason, OH: Thomson KnowledgeLeader.com (2008). Entity level controls – Information and communication questionnaire. Protiviti Inc. Retrieved September 10, 2009, from http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/QuestionnairesELC-InfoComm!OpenDocument. Knowledgeleader.com (2009). COSO Internal Control Framework Resources. Protiviti Inc. Retrieved September 11, 2009, from http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/ChecklistsGuidesCOSODescription!OpenDocument Lectlaw.com (2009). Tangible Property. Retrieved September 2, 2009, from http://www.lectlaw.com/def2/t005.htm Stimmel, Stimmel & Smith (2000). Binding Contracts and Legal Actions Predicted on Breach of Contract. Retrieved August 21, 2009, from http://www.stimmel-law.com/articles/contracts.html Techtransfer.siuc.edu (2007). Intellectual Property and Technology Transfer: An Overview. Retrieved September 2, 2009, from http://techtransfer.siuc.edu/resources/overview.html#definition Umar, M. (2009). What is COSO and What Are COSO Components' Retrieved September 10, 2009, from http://ezinearticles.com/'What-is-COSO-and-What-Are-COSO-Components'&id=2096525. Worrells (2009). C.O.S.O. Fraud control model. Retrieved September 10, 2009, from http://www.worrells.net.au/Fraud%20Awareness/coso_model.htm.