A successful ethics and compliance program requires an organization-wide commitment – particularly at the senior management level. As the Federal Sentencing Guidelines indicate, the organization’s governing members must “exercise reasonable oversight with respect to the implementation and effectiveness” of E&C initiatives.
The board of directors plays a vital role in establishing the ethical tone at the top that permeates the entire organization. However, as many board members have learned from experience, there is no single “cookie-cutter” approach to ethics. The best programs are tailored to the unique needs and specific risks the organization faces and have the flexibility to adapt quickly to the rapidly changing and evolving ethical landscape.
Because ethics and compliance requirements vary from one organization to another, it can be difficult for a board to determine whether a program truly meets the needs of the entity it serves. The fact that board members typically are not involved in day-to-day operations can make ethics oversight an even bigger challenge. Fortunately, the 2015 Ethics & Compliance Initiative established a framework consisting of five principles and practices of high-quality ethics programs that can provide valuable guidance to the board when assessing a program:
- E&C is a core component of the organization’s business strategy
- E&C risks have been thoroughly identified, managed, owned and mitigated
- Leaders at all levels are working to build and sustain a culture of integrity
- The organization encourages and values the reporting of misconduct and has implemented policies and procedures to protect reporters against retaliation
- The organization takes appropriate investigative steps and holds itself accountable when inappropriate behavior occurs.
Asking the Right Questions About Ethics
Since the board of directors is not actively engaged in the organization’s daily activities, it must take a proactive approach to determining the suitability and efficacy of E&C initiatives. Seeking answers to the following questions can help board members get an accurate reading of the organization’s current “ethical temperature.”
Does the organization exhibit a “speak-up” culture?
Candor and open communications are hallmarks of the most effective and enduring E&C programs. These organizations make a practice of considering multiple, diverse viewpoints, which encourages employees to speak up without fear of retribution when they observe misconduct or even have doubts regarding the ethicality of an action or decision.
Can employees report misconduct without fear of retaliation?
An essential component of a speak-up culture is the ability to use hotlines and other reporting mechanisms with minimal concerns about retribution. The board should review the organization’s anti-retaliation policies and procedures and ask for targeted data gathered via surveys, exit interviews and similar vehicles to gauge the level of fear of retaliation.
Are unrealistic goals and expectations threatening to negatively impact ethical performance?
The pressure to achieve lofty objectives can cause even the most ethical employees to cross the line. The board of directors should review the organization’s financial and growth expectations to ensure they are not “encouraging” employees to engage in risky behavior. The board should also analyze incentive and bonus programs to determine whether they are attainable without having to break any rules.
Does the E&C staff have the authority and resources it needs to get the job done?
While the ethics and compliance function has grown in importance over the past two decades, it is still marginalized in many organizations. The entities that achieve and maintain the highest ethical standards regard the E&C function as a strategic business partner. The CECO can provide valuable insight into whether he or she has the status, tools, resources and authority to perform at a high level.
Is the program broad enough in scope?
As organizations continue to expand their operations into new markets around the globe, they also need to adapt their E&C programs accordingly. The board should verify that E&C programs have been tailored to address the ethical challenges that occur when conducting operations in emerging nations if applicable, as well as the actions of third parties and other business partners. Cyber risk is another major area of concern for virtually every organization these days.
What is the current risk assessment process?
The board should gain a clear understanding of the organization’s current risk assessment methodology by determining whether it has conducted a recent inventory of E&C-related risks, as well as what internal controls are in place to mitigate them. Also, is the organization properly prioritizing all identified threats and allocating risk management resources accordingly?
What types of ethics training programs are in place?
Ongoing training is essential for fully embedding ethics and compliance into the culture. The board’s oversight procedures should include a periodic review of all ethics training programs to determine if they adequately address the current operating environment, as well as ensuring that the initiatives comply with the Federal Sentencing Guidelines regarding ethics training for executives.
Does the code of conduct detail the ethical responsibilities to all stakeholders?
The board should review the code of conduct to ensure it outlines the organization’s ethical responsibilities – not just to employees, but also to suppliers, shareholders, customers and the public at large. The directors should also verify that the code has been distributed to all employees, management staff, vendors and other third parties as deemed appropriate.
Are we fulfilling our responsibilities regarding the building and sustaining of a solid commitment to ethics?
Finally, board members should continually question themselves as to whether they are walking the walk regarding ethics and compliance or merely talking the talk. Keeping the “tone at the top” mentality in mind, the board members must place ethics at the forefront of every action and decision if they hope that C-level executives, middle managers, rank-and-file employees and stakeholders will do the same.