Letters to the Editor

  • May 30, 2000

Carl Peckinpaugh's May 1 column ["Beware of Rotten Apples," Federal Computer Week, May 1, 2000] may have sent the wrong message to government contractors by indicating that "adoption of a compliance program will not be of much value to a company." Far more important was Carl's hint that effective implementation is the sine qua non of a good compliance program.

Unstated in the column is the well-recognized fact that a government contractor's diligently implemented compliance program is a company's first line of defense against wrongdoing by its own employees. This is particularly true for contractors selling off of schedule contracts or indefinite delivery, indefinite quantity contracts, where there are so many opportunities for employees to stray afoul of the law or regulations.

Seven years ago, a large service contractor asked me to examine its existing compliance program. The company had just pleaded guilty to the felony of cost mischarging, or making false statements charging costs to the wrong contract. The company had an ethics code, had carefully trained its employees and even had a strong videotape, starring its CEO, that every employee was required to watch.

I found one important "rotten apple" in the barrel. The compliance program had "winked" at wrongdoing in its implementation, and the senior managers knew it. Despite all of the fine words in the program, advancement in the company was based exclusively on sales volume, creating a disincentive to follow the proper cost charging rules where such rules impeded the manager's promotion.

Compliance programs must be implemented with more than a wink, and a company only gets credit for a program that is effectively implemented. But the credit is significant — potentially up to a 95 percent reduction in corporate fines. Remember that although individuals can be jailed, companies can only be fined or put out of business for criminal wrongdoing.

The U.S. Sentencing Guidelines define an effective program to prevent and detect violations of law (a compliance program) as one that has "been reasonably designed, implemented and enforced so that it generally will be effective in preventing and detecting criminal conduct."

The hallmark of a compliance program is that "the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents," and due diligence requires that a company take these seven key steps: place a compliance officer in charge, implement an ethics program, exercise due care in delegation of authority, effectively train its personnel, conduct reasonable audits, enforce its program through appropriate disciplinary measures, and correct any problems detected in order to prevent future violations.

Although a company's adoption of an effective compliance program cannot insulate it from responsibility for its employees' bad acts, it can accomplish two critical things: prevent problems or violations before they start or detect them very early, when they can be corrected; and reduce company fines if the violations are discovered and criminally prosecuted.

Unfortunately, between 1995 and 1998, the U.S. Sentencing Commission found that only one out of 325 organizations sentenced under the Organizational Sentencing Guidelines had an effective compliance program. This is a pretty poor record, especially in light of the Delaware Chancery Court's statement in a seminal 1996 case, In Re Caremark International Inc. Derivative Litigation (698 A. 2d 959 (Del. Ch. 1996), that the sentencing guidelines offered powerful incentives for corporations to have compliance programs and that "a director's obligation includes a duty to attempt in good faith to assure that [an effective compliance program exists] and failure to do so may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards."

The Department of Health and Human Services inspector general believes in compliance programs and has issued and urged government contractors to adopt no fewer than seven model compliance programs (for hospitals, clinical laboratories, home health agencies, durable medical equipment companies, hospices, Medicare organizations and nursing facilities) to prevent and detect fraud. Other inspectors general believe in compliance programs just as fervently.

You can find and get rid of the rotten apples in your company by implementing an effective compliance program. Do it diligently, and the offenders are likely to be caught before they perpetrate any wrongdoing. Even if you don't weed them out, your company's compliance with laws and regulations is likely to be greater, and your corporate fines are likely to be lower.

Richard D. Lieberman

Former deputy inspector general for the Defense Department

Partner in the law firm of McCarthy, Sweeney and Harkaway P.C.

Washington, D.C.

WRITE US

We welcome your comments.

To send a letter to the editor, e-mail us at [email protected]. Please include your full name and a phone number for verification. We can withhold yourname upon request.

Letters may be edited for clarity and for space constraints in the printversion of FCW.

May 30, 2000

More Related Links

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected