Strong ethics and compliance functions are designed and implemented as part of an organisation’s culture. Ethics and compliance practices aren’t carried out by a single department or division. They’re ingrained in a company’s strategy, not applied on a decision-by-decision basis.
Emphasis on ethics and compliance seems to be growing, according to a CGMA survey from late 2014. Safeguarding reputation is the primary motivation.
Protecting an organisation’s reputation is one critical reason ethics and compliance standards should be shared outside company walls. Third-party risk, such as supply chain abuse or corruption, reflects poorly on not just the vendor but also the parent company. If a supplier is aware of a company’s stance on ethical behaviour, and is offered training on how to respond to potentially compromising scenarios, it is more likely to take the high road.
The Ethics and Compliance Initiative (ECI) recently released a report offering these five principles of high-quality ethics and compliance programmes:
1. Ethics and compliance is central to business strategy. The best ethics and compliance programmes are not add-ons, the same way innovation or continuous learning are themes that spread across an organisation. While the function “can be found … on the organisational chart, it is also considered to be an essential element within every other operation,” the ECI report said.
The ethics and compliance function should have an independent voice, such as a chief compliance officer, that officer should be counted on to contribute to a company’s strategic discussions and daily operations. Proposals for new initiatives should be measured by alignment with a company’s values. In other words, an ethics and compliance department doesn’t exist only when a crisis related to an ethical lapse arises. Reports on compliance performance or audit results are regularly shared with company leaders.
2. Ethics and compliance risks are identified, owned, managed, and mitigated. Risk assessments can help organisations identify key risks and assign a risk leader or owner to each risk. Organisations with high-quality ethics and compliance programmes communicate regularly with the workforce to explain how risks can be mitigated and to create a risk response plan. Clear policies and standards, and systems for raising risk concerns are all part of a strong ethics and compliance function.
3. Leaders at all levels build and sustain a culture of integrity. “Culture is understood to be the largest influencer of business conduct,” the report says. So, if leaders want strong ethics and compliance programmes, they should exhibit that behaviour for managers and lower-level staff to emulate.
4. The organisation encourages, protects, and values the reporting of concerns or suspected wrongdoing. If employees are scared to speak up about possible abuses related to ethics and compliance, even high-quality training and clear policies won’t do much good. Leaders must create an environment of openness, the ECI report says. Employees should be comfortable raising issues early, before those issues become outright misconduct. Organisations intent on establishing high-quality ethics and compliance programmes should listen to employees’ concerns and should praise those who speak up.
5. The organisation takes action and holds itself accountable when wrongdoing occurs. While fewer ethics and compliance lapses are likely in organisations with a strong culture of compliance, those organisations can demonstrate accountability through fast and responsible action. Investigation of alleged misdeeds should be thorough and fair, but should not drag on. Consequences should be appropriate, regardless of who violated the ethics and compliance standards. And when wrongdoing does happen, a company should use the incident as a learning opportunity for employees.
Related CGMA Magazine content:
“Implementing an Effective Corporate Ethics Policy”: These steps can help companies ensure that their ethics policy becomes embedded in the company culture.
“How Audit Committees Can Help Deter Fraud”: Several ways audit committee members can take on their important responsibility to counter the rise in reported fraud incidents worldwide.
—Neil Amato (firstname.lastname@example.org) is a CGMA Magazine senior editor.