A client of mine recently updated their rich corporate governance program, and beyond obvious extensions to include recent State laws (introduced in the last 6 months) governing data usage and some International legislation there was particular attention towards the Federal government use of the FSG (Federal Sentencing Guidelines). A recent increase in DOJ attention has raised this mandates requirements above the normal baseline within the organization, and now carries equal weight with such initiatives as SOX, PCI DSS, and NASD listing requirements.
Two nice sources for FSG are the full guidelines themselves – of particular interest may be section 8B2.1 Effective Compliance and Ethics Program“, and a nice text published by Theodore L. Banks and Frederick Z. Banks entitled, “Corporate Legal Compliance Handbook”. Here is a link to Google Book Search with some interesting content already highlighted.
As a best practice, always review your responsibilities to stakeholders (whether they be investors, employees, industry watch groups, government agencies, or international treaty conditions) on a regular basis. These periods of review vary depending on the growth and change of your particular industry, but should not exceed an annual inspection. Reviews should focus on the business impacts these mandates impose and the controls established to satisfy each. An executive session should be included in this process to ensure that strategic direction is captured, and that any shifts are embraced by management and all divisions of a company.
Update: Book Release is now March 19th 2008!! Pre-Order Today