Risk Assessment & Sustainment Process
Raytheon’s risk assessment and sustainment process is designed to ensure that Raytheon: (i) has an unwavering commitment to the highest standards of ethical business conduct, (ii) demonstrates that commitment through a resolute tone at the top, and (iii) maintains effective internal controls, education, policies and procedures that appropriately deter and detect violations of the Foreign Corrupt Practices Act (FCPA) and other applicable anti-corruption laws.
Raytheon uses the following processes to continually assess risk, monitor the operation and effectiveness of anti-corruption controls, and drive continuous program improvement:
Enterprise Risk Management (ERM) Process:
Raytheon conducts an annual enterprise-wide risk assessment to proactively identify and address risks that may have an adverse impact on Raytheon. Each business unit and corporate function (including the Office of General Counsel, which includes ACIA) is required to identify its top risks with an assessment of probability, consequence, and potential mitigation for each identified risk.
Anti-Corruption Annual Self-Assessment Process:
In addition to the ERM process, Raytheon assesses corruption/bribery risk through an annual anti-corruption self-assessment. Raytheon sends the self-assessment questionnaire to over 70 domestic and global sites to test the operation of anti-corruption controls and identify any gaps and risk areas. Senior leaders, including the CECO, Business Unit General Counsels, Business Unit Controllers, Corporate Controller & Chief Accounting Officer, Corporate Assistant Controller, and ACIA Senior Director, review the self-assessment results to determine if any anti-corruption risks have emerged, whether our existing anti-corruption controls are working, and to drive program enhancements to mitigate gaps.
The cross-functional and cross-business unit Compliance Sustainment Team (CST) develops and tracks identified improvement or remediation actions. The CST, which is led by the CECO and overseen by the Compliance Oversight Team (COT), is comprised of representatives from Legal, Ethics, Finance, Human Resources, Supply Chain, Business Development and Global Trade. The CST also uses the self-assessment results to update and improve the self-assessment process itself, and any new risks are factored into the next annual self-assessment. The CECO briefs any significant issues or process improvements to the Raytheon Compliance Oversight Team (a committee of cross- functional Raytheon Senior Leadership Team members) and to the Public Policy & Corporate Responsibility Committee of the Board of Directors during the annual program review, or more frequently as warranted.
Quarterly Reviews of the Annual Self-Assessment Results:
On a quarterly basis, sites that participated in the annual self-assessment, must review those results and certify to the continued operation of the controls during the relevant quarter.
Anti-Corruption Controls and Monitoring System:
Raytheon has an anti-corruption controls and monitoring system (CAMS), which identifies key areas of compliance, risks, and internal controls addressing such risks. CAMS provides for an annual assessment of the identified controls, utilizing, in part, the annual self-assessment described above. Assessors monitor the operation of these controls and identify any potential gaps in Raytheon’s anti-corruption compliance program. Where assessors identify gaps in existing controls or cases where controls require improvement, the CST will develop and implement these improvements and will update the CAMS framework accordingly.
Quarterly Anti-Corruption Certifications:
On a quarterly basis, an Anti-Corruption Compliance Certification is distributed to more than 600 leaders and employees who may be exposed to higher anti-corruption risks. The certification includes a detailed memorandum from senior leaders describing the risk of corruption and stressing the importance of anti-corruption compliance and asks the certifier to report any possible anti-corruption issues they may have encountered during the prior quarter. Any identified anti-corruption issues are reviewed and dispositioned by ACIA and documented in ACIA’s case management system. The list of persons receiving the quarterly certification is updated quarterly in accordance with personnel or risk changes.
Quarterly Review of High Risk Payments:
On a quarterly basis the Finance and Internal Controls Excellence organizations within Global Business Services (Raytheon’s shared services business unit) review higher-risk payments, such as sponsorships, donations, payments to representatives and consultants, and business gratuities, to validate the accuracy of books and records and ensure compliance with Raytheon policies and procedures. Results are briefed to the GBS Controller, CECO, and ACIA Senior Director.
Bi-weekly Meeting of the Compliance Sustainment Team:
ACIA participates in a biweekly meeting of the CST, which is charged with generating and implementing improvements to Raytheon’s anti-corruption policies, training, controls, monitoring, self‐assessments, investigation process, and evaluating progress against goals and lessons learned. The CST reports to the corporate-level Compliance Oversight Team (comprised of members of the Raytheon Senior Leadership Team) at least twice per year.
International Business Development Partner Approval & Oversight Committee (IBDP AOC):
The IBDP AOC is comprised of the following members or their delegates: General Counsel, President of Raytheon International, Chief Financial Officer, CECO, ACIA Senior Director, and Business Unit Vice Presidents on a rotating basis. The IBDP AOC meets at least twice a year and reviews and oversees higher-risk IBDP engagements, to include review of requests to exceed standard compensation caps, review of engagements in higher-risk jurisdictions, and review and adjudication of significant issues on the terms and conditions of an IBDP engagement or renewal.
Internal Audit Oversight:
On a continuous basis, Internal Audit prepares and updates a risk-based audit plan which takes into account specific risks and opportunities within the Company, including risks for corruption. The Audit Plan includes as appropriate risk based audits of anti-corruption related processes, controls, sites, and transactions. The anti-corruption related portion of the Audit Plan is reviewed with the CECO and approved by the Audit Committee (comprised of members from the Board of Directors) on an annual basis. Audit results are shared with the Audit Committee.
Anti-corruption related Internal Audit reports are distributed to the CECO and the ACIA group following the conclusion of the audit to ensure that audit results and recommendations are documented, shared, and addressed. The reports include findings, recommendations for resolution, and an overall opinion. The CECO and ACIA Senior Director drive the closure of any identified gaps, and Internal Audit follows up on any identified findings to ensure completion of remediation.