How we manage compliance
People want to trust the company behind the brands that they love. Our reputation can only be sustained if every one of us is doing the right thing, every day, everywhere.
That is why it is essential that the right programmes are in place to ensure integrity is embedded in every part of Diageo.
At the heart our business is our Code of Business Conduct (our Code). Underpinned by a corporate governance structure and robust risk, controls and compliance and ethics programme, our Code enables our employees to make the right choices and demonstrate the highest standards of integrity and ethical behaviour.
Our global risk, controls and compliance programme
The global risk, controls and compliance programme helps protect and enhance all aspects of our business and sets us apart from the competition. We all have a role to play in enhancing our culture and reputation of integrity by consistently living our values and applying the principles of our programme in our everyday activities.
Our Global Risk and Compliance Director is responsible for risk management, internal controls and compliance and ethics, and reports to the Group Finance Controller and directly to the Audit Committee. Our global team develops the strategy and core materials to support implementation in our markets and functions, while our Executive Committee oversees the programme through the Audit Committee. Markets are accountable for implementation of the programme and take into account local and international laws and regulations.
Doing business with integrity goes beyond having a good corporate governance structure and compliance with policies, procedures and regulations. It is about creating a culture that demands integrity. We are working hard to engage our employees. We provide training for our managers as well as our new joiners, and distribute timely and impactful communications, so that a culture of integrity is woven throughout the business.
Our ethical framework ensures we have a clear vision and includes:
Organisational leadership and culture
Our leaders and managers ensure everyone at Diageo is engaged with our Code and policies and has the guidance they need to make the right decisions. We have developed specific training for our general managers and people managers, designed to give them an opportunity to share experiences with their colleagues and to understand their responsibility for risk, controls and compliance. This helps them to lead by example by embodying our purpose and values.
Monitoring, auditing and reporting
Our business units provide regular updates to our global risk and compliance team, which monitors adherence to our risk and compliance programme. Significant concerns are reported quarterly to our Executive and Audit Committees. In addition, our internal audit team provides independent assurance of local adherence to our programme, as well as how risks are being managed. It also reports quarterly to our Executive and Audit Committees.
Policies and standards
We review our global policies at least once a year to ensure they are relevant and up to date and that they are accessible and available to all employees. Every policy has a named subject matter expert to manage the policies and standards and offer support and advice to our markets to help them embed these effectively.
Good risk management drives better commercial decisions, creating a growing, resilient and sustainable business. Our risk management global standard requires all markets and functions to perform at least two risk assessments annually:
- A general assessment of business risk to consider the operational, financial and reputational risks of running the local business.
- A compliance risk assessment to consider risks concerning all relevant laws and regulations, as well as our own Code, policies and standards – and to ensure that mitigation plans for the most significant compliance risks have been established.
Markets are then responsible for reviewing their risk assessments and progress against the mitigation plans at their local risk management committee meetings.
Controls assurance and risk management (CARM)
Our internal control environment is evolving continually to meet an ever-changing environment. CARM is our internal control programme, which we use to assess, test and report on the effectiveness of internal controls across our company. This enables us to meet our obligations under Sarbanes-Oxley and the 2013 COSO Internal Control-Integrated Framework.
The CARM risk and control framework brings together all aspects of risk, including financial reporting, cyber, operational and reputational risk. All markets and functions are required to understand their risks and reflect them through their control activities, to rectify any weaknesses swiftly and to certify annually whether they are operating effectively.
Global compliance training
We have a global framework for compliance training which is tailored by markets to best meet their specific needs. When an employee joins Diageo, he or she must, within 30 days, complete our Code e-Learning. Each market has a training plan covering key policies which they deliver through locally organised, risk-based training. We encourage training to be brought to life through workshops, tailored training sessions and communications. We also provide further training to controls, compliance and ethics managers and 'ambassadors' on all necessary function-specific and leadership capabilities for their roles.
Working with our business partners
We're committed to establishing good working relationships with our partners and ensuring that they adhere appropriately to our principles. We have comprehensive programmes to manage various potential risks posed by our business partners. These include:
- anti-money laundering checks
- 'Know Your Business Partner' anti-corruption due diligence programme
- credit risk assessments
- Partnering with Suppliers programme.
Our SpeakUp service
SpeakUp is a confidential service to raise concerns about compliance to the law, our Code, any of our global policies or standards or any other compliance and ethics matters.
The service is available 24 hours a day, 365 days a year, to all employees, contractors or any other interested party such as suppliers or customers. It is managed by an independent, external company with staff trained to deal with reports. Translators are available for individuals whose first language is not English. All reports are forwarded to our Global Risk and Compliance team who decide upon next steps. Overall statistics and significant matters are reported quarterly in summary format to our Executive and Audit Committees.
We have zero-tolerance for reprisal against anyone reporting a concern or assisting with an investigation in good faith. Anyone found to be involved in retaliation against an individual who has raised a concern will be subject to disciplinary action.
Visit www.diageospeakup.com for more information on SpeakUp. If you would like to get in touch with the Global Risk and Compliance team directly, please use the details below.