Background
In this first part of the Skills Assignment, you will draft a policy statement based on what you have learned through Module 4.
• In doing so, you will begin by choosing a regulatory compliance (or more general legal risk management) topic or area. This can be a topic in your current profession or work, or in some other area. In the past, students have focused on a wide range of topics, including medical records, employee leave, sexual harassment in the workplace, patient privacy and HIPAA, food safety, workplace safety, cybersecurity, privacy, vendor risk management, and employee training and education regarding compliance. There is no incorrect choice regarding the topic. Please note: the subject of the policy statement will carry through to Parts II and III of the Skills Assignment.
So, for example, if you draft a patient privacy policy statement in Part I, for your Part II assignment, you will draft procedures relevant to that policy statement. In Part III you will be asked to draft an audit process based on the policy statement and procedures you drafted in Part II. The three parts of the semester- long skills assignment all should tie together as part of the same subject matter.
Additional Information
Learning Outcomes:
At the completion of Part I, students will be able to: Draft a corporate policy statement
Relevant Modules:
■ Module 1: Introduction: Understanding the Role of the Compliance Department
■ Module 2: Developing Buy-In from the Business and Establishing a Culture of Compliance
■ Module 3: Identifying and Monitoring Applicable Laws, Regulations, Rules, and Industry Guidelines
■ Module 4: Understanding and Drafting Corporate Policies and Procedures
Assignment
The assignment has two parts.
Part I – Background Memorandum to the Board of Directors – 2 to 3 pages
Choose the regulatory compliance area or topic. Please explain why you chose that area or topic.
Regulatory Compliance Context and Factual Background
Describe the relevant business and risk management context and facts about the organization or industry necessary to understand the policy that you will be drafting
Identify the relevant statutes, regulations, or other formal or informal organizational or industry rules
Provide any citation necessary for the board to be able to identify the relevant statute and/or rules
Include the statute and/or rules as an Appendix to your policy statement
Part II – Policy Statement – 2 to 3 pages
Draft a policy statement that incorporate the elements discussed in the Module 4 lecture and the readings for this assignment.
Include relevant headings – e.g.,
Overview and Purpose
Definition of Terms (if appropriate)
Supporting Documents – e.g., relevant statutes, regulations, etc.
Scope
Policy – with relevant sections and subsections, if applicable
Note: See the Sample Policy: Acceptable Use Policy, SANS Institute and Philippa X. Girling, Operational Risk Management: A Complete Guide to a Successful Operational Risk Framework (John Wiley & Sons, 2013). for an example of headings.