You are here :: home > knowledge network > FND-OCEG Foundation "Red Book" v1 > P-Process > R-Respond & Improve > R1-Incident, Issue & Case Management > R1.1 Process, Escalate & Manage Incidents
R1.1 PROCESS, ESCALATE & MANAGE INCIDENTS
Establish a system for the competent and confidential review, processing, and resolution of noncompliance and issues detected during ongoing monitoring or periodic evaluation of the program.


The system should:
> provide a taxonomy and criteria for categorizing issues
> provide a taxonomy for defining severity of issues
> provide a process to escalate issues when appropriate
> provide a process to refer issues outside the scope of the program
> provide a process to conduct basic investigation and fact-finding
> provide a process to resolve and "close out" issues
> define what types of information should be kept confidential
> define the documents and deliverables that are produced as part of the process
> define how documents and deliverables should be managed and retained

Some issues that arise in the operation of the program may require special investigation and analysis to be fully resolved. Other issues outside the scope of the program should be referred to the appropriate operational units such as Human Resources or Investor Relations. Investigators will determine the facts surrounding or underlying the specific incident, or may investigate the cause of the incident so that changes can be made to the responses in place. Some incidents may give rise to legal requirements for further investigation.

Individuals involved in the process must understand the full scope of potential compliance and ethics-related issues so that they can answer questions and competently process and resolve issues.
Legal Requirements
    R1.1.L01
  • Ensure that the reporting system is universally available to internal and external parties, including employees and their family members, vendors, suppliers, and customers
    R1.1.L02
  • Establish methods for interested parties to communicate directly, confidentially and anonymously with the full board, the presiding director or the non-management directors as a group, to make their concerns known to the non-management directors
Standards & Guidance
  • Establish a reporting system to permit CEO to annually certify no violations of NYSE corporate governance listing standards
  • Establish a reporting system to provide the NASDAQ prompt notification after an executive becomes aware of any material non-compliance by the organization with NASDAQ listing standards
    R1.1.S02
  • If criminal conduct has been detected, take reasonable steps to respond appropriately
    R1.1.S03
  • If criminal conduct has been detected, take reasonable steps to prevent further similar criminal conduct, including making any necessary modifications to the entity’s compliance and ethics program
Core Practices
    R1.1.101
  • Define issue management methodology including these key steps:
    > intake
    > categorization of an issue or question
    > confirmation / validation of an issue
    > analysis of an issue
    > investigation of an issue
    > escalation of an issue
    > resolution of issue / question
    > recommended remediation / discipline of individuals
    R1.1.102
  • Define vocabulary and criteria for classifying issues and questions
    R1.1.103
  • Define processing rules, escalation rules and reporting rules for each anticipated type of issue and question
    R1.1.104
  • Define a procedure to ensure that issues are confirmed for validity
    R1.1.105
  • Define a list of issues that, once confirmed for validity, are immediately escalated to the board of directors
    R1.1.106
  • Define a list of issues that, once confirmed for validity, are disclosed to the appropriate authorities
    R1.1.107
  • Establish a core team to process issues and questions (additional parties may be involved on a case-by-case basis to address specific types of issues as they arise)
    R1.1.108
  • Define a policy and procedure for protecting the confidentiality and anonymity of reporters during processing and resolution
    R1.1.109
  • Define a policy and procedure for protecting the anonymity of reporters during processing and resolution
    R1.1.110
  • Define a policy and procedure for protecting the confidentiality of all reported information during processing and resolution
    R1.1.111
  • Define a procedure to ensure that alleged perpetrators are not involved in the processing of the issue
    R1.1.112
  • Define a procedure to conduct basic investigation and issue resolution
    R1.1.113
  • Track the analysis, investigation (if required) and resolution of each issue
    R1.1.114
  • Define a procedure to escalate an issue for special investigation
Additional Practices
    R1.1.201
  • Map particular issues/topics to specific team members and create routing procedures
    R1.1.202
  • Define the roles/responsibilities of each issue management team member
    R1.1.203
  • Define the skill requirements of each issue management team member
    R1.1.204
  • Define and deliver training for the issue management team
    R1.1.205
  • Conduct statistical review of reported data to determine trends, trouble spots, and controls in need of revisions
    R1.1.206
  • Analyze reported data and look for concentrated patterns by:
    > geography
    > location
    > job/role
    > employee level
    > employee type (exempt vs. nonexempt vs. temporary)
    > supervisor
    R1.1.207
  • Use an automated issue management system that provides up-to-date statistical analysis
GUIDELINE DETAILS
Actions: Download<br />Download
Legend:
Source / Reference
Resource
Domain Supplement