Conflict of Interest Risk Assessments – Part Five: Impact

Prior posts in this series – which can be accessed here –  addressed the legal imperatives for conducting COI risk assessments; the ways to use risk assessment information in designing or enhancing various C&E program elements;  and two components of a suggested analytic framework for assessment – one of which concerns COI “reasons'” and the other COI “capacities.”  In this post we briefly examine the third such dimension – “impact.” 

Extensive information gathering efforts concerning the “impact” aspect of risk assessments are, in my view, often unnecessary with respect to many C&E risks.   I say this because the potential impacts of many C&E risks tend to be well known to a company’s law and compliance departments.  For instance, there is typically not much point in having executives vote on what they think the impact of an antitrust, bribery or employment law violation would be.

But with COIs an impact dimension can be important, because COI impacts tend to be less obvious than are those arising from many other types of C&E violations.  That is, such impacts often are more business related in general and trust related in particular, and less a matter of incurring legal penalties (although there are some significant exceptions to this – particularly in the financial services, government contracting, health care and life science areas).

For this reason, identifying all the significant ways in which a COI could be harmful to an organization’s various relationships of trust or other business interests can be useful for a number of purposes.  For instance, this information can play a role in developing or revising: 

– training and other communications – as these tend to be more effective to the extent they are specific about harms an organization faces from COIs;  and

– additional procedures, such as those designed to help avoid causing other people’s conflicts.

In addition, including impact – along with “reasons” and “capacities” – in the quantitative aspect of the COI mix can be useful for allocating C&E resources for such purposes as monitoring and auditing.

Finally, a COI risk assessment process can, to some extent, be combined with COI training for senior managers.  That is, when training senior managers on COIs one can use the process to gather – and test – an organization’s risk-related information, both concering impact and the other assessment dimensions.

Coming up: the concluding post in our COI risk assessment series.