Running head: CORPORATE COMPLIANCE PLAN

Corporate Compliance Plan Team B: Trevor Adams Leonard Hamelitz Jennifer Truong Angielia White LAW 531 August 8, 2011 Michael V. Pundeff, B.A., M.A., J.D.

CORPORATE COMPLIANCE PLAN Corporate Compliance Plan

Riordan Manufacturing Inc. is a global plastics manufacturer with facilities in San Jose, California; Albany, Georgia; Pontiac, Michigan; and Hangzhou, China. The projected annual earnings for Riordan is $46 million. In order to achieve the projected earnings and financial profitability, the Board of Directors will need to focus on Riordans Corporate Compliance Plan. The Corporate Compliance Plan manages the legal liability of officers and directors of Riordan. The plan will focus on four legal issues: enterprise liability, real and intellectual property, compliance with regulatory requirements, and international law. Within the four legal issues Riordon may have enterprise risk to manage from the possible eight interrelated components:

Internal Environment The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entitys people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.

Objective Setting Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entitys mission and are consistent with its risk appetite.

Event Identification Internal and external events affecting achievement of an entitys objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to managements strategy or objective-setting processes.

CORPORATE COMPLIANCE PLAN

Risk Assessment Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.

Risk Response Management selects risk responses avoiding, accepting, reducing, or sharing risk developing a set of actions to align risks with the entitys risk tolerances and risk appetite.

Control Activities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.

Information and Communication Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.

Monitoring The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both (University of Phoenix, 2004).

Enterprise Liability Internal Enviroment. Litteral & Finkel is a large international law firm providing Riordan Manufacturing with legal services in the areas of tax law, real estate transactions, employment law, immigration matters, civil litigation, workers compensation, labor law, and customs regulations (University of Phoenix, 2006). The owner of Riordan Manufacturing, Dr. Riordan, initially partnered with Litteral & Finkel because his cousin was a partner of the law firm. After the death of Dr. Riordans cousin, Riordan Manufacturing has maintained the partnership between the two companies. All legal issues are addressed to Litteral & Finkel and

CORPORATE COMPLIANCE PLAN

are paid a monthly retainer. Riordan Manufacturing pays legal fees in excess of the retainer and all monthly unused retainer funds are not carried forward. Objective Setting. Riordans Board of Directors and Officers have a fiduciary responsibility of making decisions and taking action on behalf of the corporation. The directors and officers need to meet duty of care, which consist of their duties (1) in good faith, (2) with the care that an ordinary prudent person in a like position would use under similar circumstances, and (3) in a manner they reasonably believe to be in the best interests of the corporation (Cheeseman, 2010). Event Identification. The internal and external events are the relationship of Dr. Riordin and his cousin as a partner, and also the use and payment of a retainer. The relationship and payments are identified as possible risks or perhaps opportunities for Riordan Manufacturing. Risk Assessment. The relationship of the Dr. Riordin and his cousin could pose a conflict of interest. A breach of a directors or officers duty of care is normally caused by negligence, often involves a directors or an officers failure to (1) make a reasonable investigation of a corporate matter, (2) attend board meetings on a regular basis, (3) properly supervise a subordinate who causes a loss to the corporation through embezzlement and such, or (4) keep adequately informed about corporate affairs (Cheeseman, 2010). The use of a retainer is normal in a field where services are paid up front usually with a form of a discount or unlimited services for the month. For Riordan Manufacturing to pay a retainer plus excess charges above the retainer and any unused retainer funds are not carried forwards appears to be a misuse of service retainer. A possible enterprise risk is if the officer, Dr. Riordin profiting from the misuse of the retainer. According to Cheeseman, if a director or an

CORPORATE COMPLIANCE PLAN officer breaches his or her duty of loyalty and makes a secret profit on a transaction, the corporation can sue the director or officer to recover the secret profit (2010).

Risk Response. Directors, officers, or even other staff members will need to avoid conflict of interests, making a secret profit, or other possible enterprise risks. Control Activities. Riordin Manufacturing has a Corporate Governance Policy in place to establish policies and procedures. The current policy lacks the implementation of avoiding risk. The policy will need to be updated to include avoiding conflict of interest, avoiding to make a secret profit, and other possible enterprise risks. Information and Communication. Updating the Corporate Governance Policy is one of the ways of communicating the information to directors and officers. Another is for all directors, and officers to sign a contract discussing their fiduciary responsibility and duty of care as well control activities of avoiding risk. The policy and contracts will be a way of identifying and communicating directors and officers to enable them to carry out their responsibilities. Monitoring. Having strong internal controls will help monitor the possible enterprise risk. A team should be provided to monitor internal controls on a global level. Riordan Manufacturing will need a large team to deal with their enterprise risk through the international dealings and laws. Real and Intellectual Property. Riordan Manufacturing requires that all of their employees follow their policy on Business Ethics and Conduct. It states that as an organization, Riordan will comply with all applicable laws and regulations, and we expect our directors, officers and employees to conduct business in accordance with the letter, spirit and intent of all relevant laws and to refrain from any illegal, dishonest or unethical conduct (University of Phoenix, 2006). It is the job of management to ensure that Riordan and its employees are abiding

CORPORATE COMPLIANCE PLAN by the laws and regulations. ISO 14001 standards do not dictate absolute environmental performance requirements but acts as an assistant to organizations to develop their own

environmental management system. Riordan Manufacturing will comply with all standards set forth by ISO 14001 standards to ensure that the organization does not cause negative effects on the environment, to ensure that all applicable laws and regulations are being followed, and to continue to improve on both. It is also the job of management to ensure that Riordan Manufacturing is in compliance with all building codes in the locations of each building. These laws are set in place to ensure that health, safety, and the welfare of the public are protected in regards to the construction and occupancy of the buildings structures. Management is required to check and ensure the quality and safety of all the products that are manufactured in each location. This includes protection of intellectual property. Each location has different products, designs, data, and customer lists. Management is responsible for the safety and security of all product information at the different locations. Should any problems arise, Mr. Bradford is to be contacted immediately. Prevention. The following training and development guidelines are set forth for all Riordan employees: The following mandatory training for all employees within 90 days of hire: New employee orientation (1 day) offered once per month Six Sigma for all production, shipping and quality employees Supervisors are also expected to attend the following workshops within 12 months of becoming a supervisor: Interviewing guidelines

CORPORATE COMPLIANCE PLAN Preventing EEO claims and sexual harassment in the workplace Performance reviews (University of Phoenix, 2006)

In addition to the current training process, employees will be trained in environmental protection and safety. It is imperative that the trainers specify disposal procedures for all chemicals and wastes. That will ensure compliance with government laws and regulations. As part of the contract that was signed by each employee, it is grounds for termination if any employee is caught violating any laws governing intellectual property. This information is talked about again during the training process. Compliance with Regulatory Requirements Riordan Manufacturing is in need of a corporate compliance plan that minimizes risk of litigation in a number of areas. Riordan Manufacturing is led by Ethical standards and practices which allows employees to meet expectations and goals. The company integrity and ethics are essential and crucial values and these values are the foundation of its success. Each of the following sections contain preventative and management strategies the company can implement to minimize risk. Along with these strategies, the plan presents specific regulation requirements of each subject as well the procedures should a violation occur. Internal Environment Riordan is a profit corporation, as opposed to a sole proprietorship, partnership, or limited liability company. As a corporation, Riordans shareholders, officers, and directors have limited liability. However, these groups are not immune from all risk, and can be personally liable for civil and criminal wrongdoings related to Riordans corporate obligations. The CEO is responsible for ensuring that all employees are knowledgeable of internal and external practices that are acceptable standards and procedures within the work environment.

CORPORATE COMPLIANCE PLAN Objective Setting

Managing Riordans risk for officers and directors requires a clear set of bylaws that establish internal rules and govern corporate procedures. In addition, the bylaws define the rules and limits of authority for the officers and directors. For effective risk management, Riordans boards of directors need to establish an compliance and risk management committee to ensure adherence to their corporate procedures and to the governments regulatory requirements. Event Identification A large portion of managements responsibility is to identify and facilitate direction for uncertain risks to business operations globally. Enterprise risk management (ERM) is the approach assisting management in identifying and managing uncertainties and in attaining positive risk intents. ERM efforts are on developing a strategy to introduce cognizantinternal risk control throughout the organization. This structure is an effort by the COSO to effect responsibility on executives and directors through informed organizational procedures and processes that assist these individuals in reporting organizational management metrics (Applegate, 1999). Control Activities The Model Business Corporation Act (MBCA) provides a liberal set of corporate laws that most states have adopted for corporate governance in this financial environment. The business judgment rule and the corporate opportunity doctrine are two laws that apply to officer and director liability. The business judgment rule requires officers and directors demonstrate that they make decisions only after careful consideration and receive reliable expert consultations. Officers and directors of Riordan must also adhere to the Corporate Opportunity Doctrine, which prohibits officers and directors from personally taking advantage of an

CORPORATE COMPLIANCE PLAN opportunity that could benefit the corporation without first presenting it to the corporation (Stimmel, Stimmel, and Smith, 2004) Information and Communication

Regarding risk associated with business ethics, Riordans risk management committee must develop a culture that values ethical decisions over meeting internal or external goals. Pressures of meeting far-reaching and unattainable goals can lead to costly and unethical decisions. The compliance committee will be responsible for monitoring internal and external corporate goals to ensure they are cost effective and reasonable within Riordans ethical standards. The employee handbook serves as one type of governance that provides written guidelines for reference. Risk Assessment In addition to the MBCA, Riordan must ensure regulatory compliance with the SarbanesOxley Act of 2002. This act takes precedent over state laws and requirements, like the MBCA. The Sarbanes-Oxley Act requires Riordan follow and adhere to the following: 1) Prohibits Riordan from make personal loans to officers and directors 2) Disclosure obligations on auditors and accountants 3) Legal counsel requirement to report and initiate an investigation if the belief that a material violation has occurred 4) Creation of a legal compliance committee for escalating violations to the board of directors if not corrected by Riordan officers 5) Majority of Riordan board members must be independent: 6) Chair of audit committee must be an independent, and at least one member of the audit committee must be a financial expert

CORPORATE COMPLIANCE PLAN

7) Establish a written code of ethics (107thCongress, 2002)

10

Although not required, Riordans code of ethics should include annual ethics awareness training for all employees, including officers and directors. In addition, Riordan must establish a means for employees to obtain ethical advice and anonymously report misconduct. It is also imperative Riordan thoroughly investigate reports of ethical misconduct. As described in the preventive section, the compliance officer is responsible for administering and ensuring adherence of Riordans code of ethics. Risk Response The COSO enterprise risk management structure recognizes an organizations need to infuse risk management into strategic objectives and the organizations culture. To protect against unplanned or unforeseen risk, all layers of Riordan are exercised and evaluated on how the response protects assets and personnel. Entities within Riordan Manufacturing that fail to comply with local, state or federal governmental regulations expose the organization to regulatory risks and liability that impact assets, earnings, and most important, Riordans reputation as a civic supporter. Monitoring Riordan will thoroughly investigate all violations of Riordans governance and compliance rules and procedures to determine the circumstances that led to the violation. Intentional and external violations will result in immediate termination. Non-intentional violations will result in corrective action and consideration of termination based on the severity of the violation. As warranted, Riordan will modify procedures and awareness training sessions to address reoccurrences of non-intentional violations. In addition, officers and directors are at risk for criminal liability if they are aware of the violations and fail to correct the violation.

CORPORATE COMPLIANCE PLAN

11

Violating the Sarbanes-Oxley Acts can result in criminal liability for the officers and directors, including federal penalties for certifying false statements. Conclusion Governance is defined as a guidance or control of an activity to meet a specific objective (Fox, 2008). Corporate governance is a necessity to run Riordan effectively and be cost effective. It keeps employees and officers from engaging in activities that may bring harm to the company. The companys risk management process looks at potential risks that may affect the company and determine to what extent the risk will be taken. The underlying goal is to make a profit for the shareholders and the careful steps planned for liabilities and risks will greatly determine the future and profit of the company. As long as Riordan adheres to COSO guidelines regarding financial and auditing practices along with The Sarbanes-Oxley Act, the company should be able to realize a substantial profit, competitive advantage, and longevity.

International Law Info Conclusion Info

CORPORATE COMPLIANCE PLAN References

12

Cheeseman, H. R. (2010). Business Law: Legal Environment, Online Commerce, Business Ethics, and International Issues (7th ed.). Upper Saddle River, NJ: Prentice Hall. University of Phoenix. (2004). SUPPLEMENT: Enterprise Risk Management - Integrated Framework. Retrieved from University of Phoenix, LAW531 website. University of Phoenix. (2006). SUPPLEMENT: Riordan Manufacturing. Retrieved from University of Phoenix, LAW531 website. Stimmel, Stimmel, and Smith. (2004). http://www.stimmel law.com/articles/Corporate_Opportunity_Doctrine.html Applegate, Dennis. (1999). Struggling to incorporate the COSO recommendations into your audit process? Here's one audit shop's winning strategy... COSO. Fox, N., & Ward, K. (2008). What governs governance, and how does it evolve? The sociology of governance-in-action. The British Journal Of Sociology, 59(3), 519-538. 107thCongress. (2002) .Corporate responsibility.116 STAT 145. http://www.sec.gov/about/laws/soa2002.pdf