Susan Roberts on Creating a Compliance Book [Podcast]


Post By: Adam Turteltaub

Cataloguing everything your compliance program does isn’t easy, but Susan Roberts (LinkedIn), who recently retired from full-time corporate life after serving as Chief Compliance Officer at three different companies, did just that. And in this podcast she advocates for doing the same for your compliance program.

She made it a habit to create what she and her team referred to as, simply, “the book.” It is designed to be a comprehensive resource should the government (or even management) want to know whether the company has an effective compliance and ethics program.

To make your book both useful and complete, she advocates breaking the book into several sections including:

  • An introduction
  • Background
  • Executive Summary
  • Relevant expectations for compliance programs from government, industry groups and elsewhere (US Sentencing Guidelines, DOJ Fraud Section compliance program guidance, FCPA Resource Guide, and so on)
  • A description of the compliance program including sections on:
    • Program oversight
    • Tone at the top
    • Risk assessment
    • Monitoring and auditing
    • Standards, policies and procedures
    • Training, communication and awareness
    • Confidential reporting systems
    • Investigations
    • Corrective actions
    • Discipline and incentives
    • Employee and other screening
    • Third-party management
    • Continuous improvement

In sum, it should provide a full and rich picture of the compliance program including screen shots of training, the code of conduct and helpline posters.

Having all that data in one place has paid off twice in very significant ways for Susan and the companies she worked for. In one case it helped convince the Department of Justice that a monitor would not be needed after trouble was discovered at a recently acquired business unit. The book helped demonstrate that the company was already doing everything listed in the Corporate Integrity Agreement. In another case, it helped an acquiring company have faith that there truly was an effective compliance program already in place.

The book can also provide insight into where the program needs to improve, acting as something of a self-assessment tool. If you have much less to say in one section, it may be a sign of a program gap.

List in to learn more about creating a book of your own, including how often to update it.


  1. Interesting, we are in the process of doing just this. We call it a “run book” and see as a key piece of business continuity and compliance transparency.
    In our minds, if something were to happen to any member of the compliance group, new staff would be able read this material and understand their role and their job expectations.
    We also believe that by doing this we can provide the material to an external audit body and that body would then have a very good understanding of the processes we use and the rationales of why we do what we do.
    Once completed, I agree with the article, it will make self-assessment easier and, in addition, it will make any external validation of our compliance program easier as well.

  2. Even instead of having it in a paper format you could have it electronically, making it easier to update and keep.

Comments are closed.