Answer (C) is correct . The organization should take reasonable steps to achieve compliance with its standards, e.g., by using monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents and by having in place and publicizing a reporting system whereby employees and other agents could report criminal conduct by others within the organization without fear of retribution (PA?2100-5).
Answer (A) is incorrect because Specific individual(s) within high-level personnel of the organization should be assigned overall responsibility to oversee regulatory compliance with standards and procedures. High-level personnel of the organization means individuals who have substantial control of the organization or who have a substantial role in the making of policy within the organization.
Answer (B) is incorrect because The effectiveness of a compliance program will depend upon the ways in which it is communicated to employees. Generally, an interactive format works better than a lecture. Programs communicated in person tend to work better than programs communicated entirely through video or game formats. Programs that are periodically repeated work better than one-time presentations.
Answer (D) is incorrect because The organization should use due care not to delegate substantial discretionary authority to individuals the organization knows, or should know through the exercise of due diligence, have a propensity to engage in illegal activities. However, care should be taken to ensure that the organization does not infringe upon employees’ and applicants’ privacy rights under applicable laws. Many jurisdictions have laws limiting the amount of information an organization can obtain in performing background checks on employees.
|
