Conflict of Interest Policy
This policy describes the A-GRC Conflict of Interest Policy for all work undertaken, including cyber security, digital forensics, information assurance, general management consultancy and regulatory work.
There is no right or wrong approach to handling potential conflicts of interest. Ultimately, the issue is about the application of common sense within a legislative, regulatory, contractual or ethical framework. The key principles to any effective conflict of interest policy are as follows:
- Define a conflict of interest in relation to your organisation: Would there have to be some personal financial or other interest for a A-GRC employee for a conflict of interest to be considered, or would historical connection to the beneficiary of a decision be sufficient to trigger the procedures.
- Consider the future likelihood of such conflicts: Is the conflict of interest likely to be exceptional in which case the person’s membership of the decision-making body is unproblematic, or would it be so frequent that it might be best to consider alternative membership.
- Agree the method of declaring an interest: This may be a written declaration completed annually, before undertaking a task (project, case, etc.) or may be prior to a meeting etc.
- Agree the method of addressing the conflict: Again, there are numerous ways of addressing a conflict of interest. The person in question might absent themselves completely from all consideration, or they may participate in the discussion but not the decision. Each case will be decided on the factors involved.
It is A-GRC’s policy to have an open, transparent, fair, objective, customer focussed, yet accountable process for any possible conflict of interest. A-GRC owes contractual duties, as well as a duty of care, to all of its Clients and this must be observed and complied with as well as be seen to be observed and complied with.
The aim of this policy is to protect A-GRC and all employees from the appearance of an impropriety.
At the start of any A-GRC assignment, the employees involved must consider the scope of the assignment and consider if they have now, in the past or in the foreseeable future, any possible conflicts of interest relating to the assignment. These may arise from such issues as:
- personal, or familial involvement, with someone who is involved in the management of the contract of the assignment.
- personal, or familial involvement, with someone who is the subject of a forensic assignment.
- a breach of the code of ethics of any professional organisation that any employee on the assignment may belong to, or be bound by.
- the offer (or acceptance) of any inducement, hospitality or gift that may impair, limit the extent, rigour or objectivity in the performance of the assignment, case or project.
- having no clear segregation of duties, i.e. now auditing an area on which previously consulting advice was given.
- having a financial interest in the outcome of the assignment.
- impaired decisions or actions that may not be in the best interest of A-GRC’s Client, or in the case of forensic assignments, the Court.
- a perception that A-GRC or its employees are acting improperly because of a perceived conflict of interest.
Where a possible conflict is identified after the start of any assignment, it must be brought to the attention of either the Team Leader of the assignment or the Managing Director (who has accountability and responsibility for Compliance and Governance), as soon as is practicably possible, and within 24 hours at the maximum. As soon as the conflict is identified, the employee should excuse themselves from any decision taking until the conflict has been resolved. In some cases, it will be necessary for the employee to excuse themselves from any work on the assignment. This is specifically the case for government or forensic work and may be applicable in other assignments as identified.
In some cases a ‘Declaration of Interest Form’ will be required to be executed before each assignment, in other cases an annual (or regular), declaration will be required.
Where a conflict is declared to the Managing Director, they will take such action as they see fit to both declare and resolve the conflict. This may (and probably will) involve communication with the other parties in the assignment. All discussions and decisions shall be regarded as records and be retained and secured appropriately.
All possible or actual conflicts of interest shall be investigated thoroughly, quickly, impartially and all relevant parties advised of the outcome.
A review of all conflicts and possible conflicts is undertaken at Management Reviews
This policy is issued, reviewed at least annually and maintained by the Managing Director, who also provides advice and guidance on its implementation and ensures compliance.
All A-GRC employees shall comply with this policy.
Dated: 1 January 2018