Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
1
Best Practices in Implementing an Effective Business Ethics and
Compliance Program
Eric R. FeldmanCore Integrity Group, LLC
22nd Annual ACFE Fraud Conference San Diego, CAJune 13, 2011
2
Agenda
Background
State of Ethics Today
Who Has Time To Worry About Ethics Now?
The New FAR Rule: More than Just Mandatory Disclosure
“The Ethical Enterprise”
Best Practices: Role of the Chief Ethics and Compliance Officer
3
Agenda Building an Ethical Framework: What
Makes a Good Corporate Ethics Program?
Key Assessment Areas
Future Trends in Ethics
Industry Best Practices Observed
4
Background
Government Accountability Office
Department of Defense OIG
Central Intelligence Agency OIG
NRO Inspector General
Senior Advisor for Procurement Integrity
5
Definition of Business Ethics
“Applying society’s ethical norms to business dealings.”
Business ethics applies to all aspects of business conduct and concerns the actions and decisions of individuals as well as the enterprise.
6
State of Ethics Today“Lie, Cheat and Steal: High School Ethics
Surveyed”*
78% of high school students surveyed reported cheating.
64% of students cheated on a test in the past year and 38% did so two or more times, up from 60% and 35% in a 2006 survey.
In the past year, 35% of boys and 26% of girls acknowledged stealing from a store; one-fifth said they stole something from a friend; 23% said they stole something from a parent or other relative.
*Source: Josephson Institute 2008 Study of 29,700 Students
7
State of Ethics Today
60 years ago, only 20% of college students admitted to having cheated while in high school; today, only 22% report they did NOT cheat.
Serious implications for the workforce (both government and industry)
Ethical values can't be assumed
Entry-level training requirements
Different approaches for Gen X and Gen Y
8
State of Ethics Today
“Did you Cheat to Get Into Graduate School?”*
YES!!
Liberal Arts – 43%
Education - 52%
Law and Medicine – 63%
Business – 75%
*Source: Rutgers University Survey of Students
9
State of Ethics Today
Graduate School Cheating
MBA: 56%
Engineering: 54%
Education: 48%
Law: 45%
*Source: Rutgers University Survey of Students
10
State of Ethics TodayWhy Do They Cheat?
Students in the Rutgers Study rationalized their cheating:
Too many pressures.
Desire to please parents and professors.
Intense competition for jobs.
Everyone is doing it.
Disinterested in required classes.
Professors don’t care about students.
It’s the “way of the world”; getting others to do my work is a skill I will need in business.
11
State of Ethics Today
Graduating MBAs
76% were willing to understate expenses that cut into their companies’ profits.
Convicts in 11 minimum security prisons had higher scores on an ethical dilemma exam than MBAs.
*Source: Rutgers University Survey of Students
12
State of Ethics Today―Student Cheating Is A Predictor of Adult Behavior‖
Josephson Institute Study, October 2009
First-ever study of the relationship between high school attitudes and behavior and later adult conduct.
Younger generations are significantly more likely to engage in dishonest conduct than those in older generations.
Cheaters in high school are far more likely as adults to lie to their spouses, customers, and employers, and to cheat on expense reports and insurance claims.
“The hole in the moral ozone seems to be getting bigger — each new generation is more likely to lie and cheat than the preceding one.”
13
State of Ethics Today
Josephson‟s Conclusion:
“Teens are five times and young adults are three times more likely than those over 40 to hold the cynical belief that lying and cheating is necessary to success. This belief is one of the most significant and reliable predictors of dishonest behavior in the adult world.”
14
National Business Ethics Survey
The Ethics Resource Center‟s (ERC) 2009 National Business Ethics Survey results showed improvement since 2007:
Fewer employees said they witnessed misconduct on the job; the measure fell from 56% in 2007 to 49% in 2009.
More employees reported misconduct they observed; 37% of those who witnessed misconduct did not report it in 2009, down from 42% in 2007.
ERC’s measure of the strength of ethical culture in the workplace increased from 53% in 2007 to 62% in 2009.
Perceived pressure to commit an ethics violation—to cut corners, or worse—declined from 10% in 2007 to 8% in 2009.
The only factor that appeared to negatively increase between 2007 and 2009 is the expectation of retaliation; 39% feared retaliation in 2009 as opposed to 36% in 2007.
15
2009 National Business Ethics Survey Conclusions
We are experiencing an ethics bubble. When economic conditions improve, incidents of ethical breaches will likely increase.
Ethical culture is the single biggest factor determining the amount of misconduct that will take place in a business.
Executives who don’t elevate ethical culture to a priority risk long-term business problems.
16
Why Worry About Ethics Now?
17
Why Worry About Ethics Now? Mistrust of ―Corporate America‖ is at an all-time high; according
to the 2009 Edelman Trust Barometer, public trust in U.S. business stands at 38%, down from 58%
The Committee on Oversight and Government Reform identified 187 contracts valued at $1.1 trillion that have been plagued by waste, fraud, abuse, or mismanagement over the last six years.
The Justice Department has made corporate fraud and misconduct a national priority.
According to the Ethics Resource Center, misconduct in the workplace rises as much as 11% when financial or economic turmoil rocks an organization. Employees, supervisors and managers all feel extra pressure to meet goals—and may cut corners.
PricewaterhouseCoopers Advisory Group reports that breakdowns in companies’ internal controls occur most often in (1) operations that are soon to be discontinued, and (2) units that are subject to severe cost cutting pressure.
Deloitte Financial Advisory Services survey found that 63% of executives expect accounting fraud to increase during the next two years because of the recession.
18
18
“The Perfect Storm”
Companies are
downsizing, which
has an immediate
effect on internal
controls.
Budgets are
decreasing.
Companies are
doing more
with less.
With increased
pressure and
decreased internal
controls, people
will seek more
opportunities for
fraud.Credit crisis
and other
external
factors are
increasing.C
Layoffs are
increasing.
Stock prices are
declining.
Internal Controls
Opportunity to
Commit Fraud
Internal and External
Pressure
Source: Fraud Magazine, May/June 2009 issue
The Potential
For Fraud
19
“The FAR Rule”
Published: Federal Register 73 FR 67064
(November 12, 2008)
Effective Date: December 12, 2008
All federal contractors are required by law to disclose to inspectors general credible evidence of a violation of federal criminal law involving fraud, conflict of interest, bribery, or gratuity violations, or a violation of the civil False Claims Act, where such evidence arises in connection with a federal contract.
20
New FAR Requirements: Historical Perspective
DoD Voluntary Disclosures
UNCLASSIFIED
21
Other Elements of the FAR Rule: More Than Just Disclosure
Amplifies the requirements for a contractor code of business ethics and conduct
Requires effective training programs for contractor principals and employees, as well as agents and subcontractors
Outlines specific requirements for a contractor’s internal control system to ensure effectiveness of the ethics awareness and compliance program
Calls for periodic reviews of company business practices, procedures, policies, and internal controls for compliance with the business ethics and conduct program
22
New Federal Agency Responsibility
FAR Subpart 9.104-1 now directs that a contractor’s record of integrity and business ethics be a required element for the government to determine that a prospective contractor is a “responsible party.”
23
Enron's World Class Ethics Program
24
Values Vs. Rules-Based Ethics Individuals and companies at the heart of today’s most
egregious corporate scandals often obeyed the letter of the law, not the spirit (e.g., AIG/Lehman actions unethical, but not illegal).
Many companies choose not to go beyond the minimum requirements of the code of ethics provisions of Sarbanes-Oxley.
Ethics developments in industry have been largely rule-based.
Less emphasis on values than on implementing statutory requirements (Law is the ceiling rather than the floor of behavior)
Ethics Officer and Compliance Officer titles often interchangeable; both managed by or through Legal Dept.
25
Values Vs. Rules-Based Ethics
Training focused on legal obligations versus ethical considerations
Federal Sentencing Guidelines: designed to ―prevent and detect criminal conduct‖
What kind of Ethics Program Does Your Company Have?
26
Code of Conduct vs. Corporate Culture
27
“The Ethical Enterprise” American Management Association (AMA)/Human
Resource Institute (HRI) Business Ethics Survey conducted in 2005.
1,121 executives and managers responded.
53.4% from the U.S.; 24.9% from Canada.
Human resources, general management, operations functions.
Study included the following questions:
Why are business ethics important to the organization?
What drives unethical behavior?
What business practices contribute to an ethical corporate culture (today and in ten years)?
28
Perceived Importance of Business Ethics
AMA/HRI Survey Results:
Protection of Brand and Reputation
The ―Right Thing to Do‖
Customer Trust and Loyalty
Investor Confidence
Public Acceptance/Recognition
Litigation/Indictment Avoidance
Positive Impact on Financial Results
Employee Retention and Performance
Supplier/Partner Trust
29
“Reputational Capital”
Protecting the company‟s reputation is seen as the top reason for
running a business in an ethical way, today and into the future.
Worker retention and performance are expected to become even more
critical during a “war for talent.‖
30
Drivers Impacting Business Ethics
AMA/HRI Survey Results:
Corporate Scandals
Marketplace Competition
Demands by Investors
Pressure from Customers
Globalization
Executive Compensation
Change: Mergers and Acquisitions, Restructuring
Diversity, Including Generational
Pressure from Prospective and Existing Staff
31
Drivers of Unethical Behavior
Pressure from management or the board to ―meet unrealistic business objectives‖ is the leading factor most likely to cause unethical behavior (70% of Survey Respondents).
The ―Ambitious and the Afraid‖ are more likely to violate ethical standards.
32
Drivers of Unethical Behavior
Working in an ―environment with cynicism or diminished morale‖ is the next most cited factor leading to unethical behavior (31.1%).
Other factors cited include:
Improper training about, or ignorance that, acts are unethical
Perceived lack of consequences if caught
Need to follow the boss’s orders
Peer pressure/desire to be a team player
Desire to steal from or harm the organization
Desire to help the organization survive
33
What is Ethical Culture?
Some basic elements to ask (per Ethics Resource Center):
What are the values that drive ―how things are really done around here?‖
How much pressure is there to perform, and to cut corners to do so?
How confident are employees that executives are committed to ethics as a fundamental part of doing business?
What do employees actually do when they observe misconduct?
Is there reason to fear doing the right thing?
34
Leadership and Ethical CultureAccording to AMA/HRI Survey Results, organizations
can establish policies and processes that help create an ethical culture. These include:
Leadership support and modeling of ethical behavior
Consistent communication from all leaders
Integrating ethics into the foundational processes: corporate goals, processes, and strategies
Making ethics a part of performance management systems
Making ethics a part of the recruitment and employee selection process
Putting measures in place to assess the effectiveness of business ethics programs and strategies
35
Leadership and Ethical Culture
―Laws and regulations are, and will remain, the most influential external
drivers of corporate ethics, but legislation is no substitute for the
presence of leaders who support and model ethical behavior.”
-- Edward T. Reilly, President and CEO
American Management Association
36
Leadership and Ethical Culture
The top-ranked process for sustaining a business ethics culture: ―leaders support and model ethical behavior.‖
Safe to assume that ALL public companies officially advocate ethical behaviors.
The real issue: Do leaders at all levels practice what they preach/―Walk the talk‖?
Deloitte LLP Ethics and Workplace Survey 2009: 77% cited the behavior of management or a direct supervisor as the top factor influencing their conduct.
ERC 2009 National Business Ethics Survey: Strong ethical leadership drives perceptions on CEO compensation and organizational misconduct.
37
Leadership and Ethical Culture
The most important ethical leadership behaviors cited by AMA/HRI survey respondents were:
Keeping promises
Encouraging open communication/keeping employees informed
Supporting employees who uphold ethical standards (system of rewards, not just sanctions)
Ensuring there is no retaliation for those who ―blow the whistle‖
38
Business Ethics and Compliance Programs and Practices
Having a Code of Conduct is clearly the most important internal practice, essential to ensuring an ethical corporate culture.
Reflects and reinforces values and principles of an organization.
Important not just internally to the company.
Also viewed as critical for Board of Directors and suppliers; codes need to apply to everyone that has a direct impact on the reputation of the company.
39
Business Ethics and Compliance Programs and Practices
However, the Code of Conduct must be reinforced with effective training.
Not just a paper trail.
Must be required for all employees, including senior executives.
Should contain a variety of mechanisms, including live interaction and discussions, aimed at instilling ethical behavior into everyday corporate decision-making.
40
The Changing Corporate Climate
“An ethical corporate climate is either developing or deteriorating, enriching itself or impoverishing itself. It needs constant care and
attention.”
-- Study by the Woodstock Center, Georgetown University
41
Business Ethics and Compliance Programs and Practices
Ombudsman, Ethics Hotlines, and Whistleblower Policies Viewed as Critical to Creating an Ethical Culture.
Respondents viewed ―transparency‖ as a key objective for customers and investors.
Desire for transparency likely to increase with budget pressures, social media, etc.
Corporate Social Responsibility Programs Now Viewed as Essential Element of the Ethical Culture.
Environmental (Green) Operations and Attitude.
Labor Issues (particularly with overseas suppliers and vendors).
42
Ethics as a Business Process
Corporate Ethics following a familiar evolutionary path, from ―Requirement‖ to ―Business Imperative.‖
Diversity
Quality Movement
Corporate Social Responsibility
Evolution from ―Soft‖ to ―Hard‖ Science
Win in marketplace.
Improve competitive advantage.
Achieve higher market valuations.
Increase employee recruitment and retention.
Strengthen customer relationships and satisfaction.
43
Ethics as a Business Process
Sound, ethical culture viewed as key to avoiding scandal,
safeguarding corporate reputation, and sustaining brand value.
44
The “Carrot”Being Ethical Generates Significant Business Value
IT CAN PAY TO BE
ETHICAL*
The World’s Most Ethical
Companies consistently
outperform the Standard &
Poor’s (S&P) 500. Investing
in ethics is beneficial for any
company, even in a
recession. The graph to the
right compares the ―WME
Index,‖ or all publicly traded
2010 World’s Most Ethical
Company honorees, against
the S&P 500 and the
Financial Times & the
London Stock Exchange
(FTSE) since 2005.
WME vs. S&P 500 vs. FTSE 100
*Source: Ethisphere Institute, 2010
45
The “Carrot”DoJ Credit for Effective Ethics Programs
Principles of Federal Prosecution of Business Organizations
United States Attorney’s Manual
Truly effective program can result in a decision not to charge a corporation, OR to mitigate charges or sanctions against the corporation.
2010 Amendments to Organizational Sentencing Guidelines
Reaffirmed the importance of Ethics and Compliance.
Higher standards and effort required.
Greater likelihood of credit.
46
2010 Amendments to Organizational Sentencing Guidelines
Key Changes to Chapter 8
Direct Reporting Obligations.
Guidance on remedial steps that should be taken after organization detects criminal activity in order to have an effective ethics and compliance program.
Exception to ―credit blocker‖ for organizations in which high-level or substantial authority personnel were involved in criminal conduct.
Consolidation of recommended probation conditions.
47
2010 Amendments to Organizational Sentencing Guidelines
New Application Note 6
Organization should respond appropriately to criminal conduct (restitution, self-reporting, cooperation).
Organization should act appropriately to prevent further similar criminal conduct (assess/modify C&E program, use of outside advisors).
48
The “Carrot”DoJ Credit for Effective Ethics Programs
Siemens
Most egregious example of systemic foreign corruption ever
prosecuted, according to DoJ.
Tremendous benefits flowed from extraordinary cooperation.
$450 million fine vs. $1.35-2.76 billion called for in sentencing
guide.
Penalty was 67-84% less than what the company would have
faced without extraordinary cooperation, Government access to
documents, and extensive remediation.
Helmerich and PayneSelf-disclosed improper/questionable payments.
Non-prosecution agreement.
$1 million penalty (30% below guidelines).
Compliance self-reporting (no independent monitor).
49
The “Stick”Heightened Enforcement by DoJ
Aggressive FCPA Enforcement
Since 2004, Fraud section achieved 37 corporate FCPA and foreign bribery-related resolutions
Fines over $1.5 billion.
81 individuals charged (CEOs, Chief Financial Officers, other senior-level corporate execs).
46 individuals charged since the start of 2009 (More than the total number of individual charges in the previous 7 years combined)
Charging individuals is part of a deliberate enforcement strategy to ―deter and prevent corrupt corporate conduct‖
New United Kingdom Bribery Act criminalizes failure of a corporate entity to prevent bribery
50
The “Stick”Cost of Ethical Lapses
Association of Certified Fraud Examiners’ 2010 Report to the Nations on Occupational Fraud and Abuse
Examined 1,843 cases of occupational fraud that occurred worldwide between January 2008 and December 2009.
Participants estimated that the typical organization loses five percent of its annual revenue to fraud.
Median loss: $160,000.
More than a quarter of the frauds involved losses of at least $1 million.
51
The “Stick”: Cost of Ethical LapsesBoeing $ 615 million
Tenet $ 900 million
Columbia/HCA $1,700 billion
AIG $1,500 billion
Marsh and McLennan $ 850 million
Fannie Mae $ 400 million
KPMG $ 465 million
Tyco $ 750 million
Cardinal Health $ 600 million
Pharmas $2,400 billion
Siemens $ 463 million
Prudential $2,800 billion
UnitedHealth Group $ 915 million
BAE $ 200 million
52
The “Stick”Future Business with Government
Customers
FAR requires federal agency assessment of a potential contractor’s ―ethics and integrity posture‖ as part of the ―responsible party‖ determination for future source selections.
New FAR provisions specifically identify suspension and debarment as the remedy for a contractor’s ―failure to timely disclose‖ fraud or other illegal activities under the mandatory reporting provisions.
Increased DCAA scrutiny of Ethics and Compliance in routine auditing
53
Building an Ethical FrameworkTen Important Questions to Ask When Trying to
Build an Ethical Culture
1. What is the relationship between ethics and other performance metrics in the company?
Cost of preventing a scandal is exponentially lower than the costs of fixing ethical problems.
Current data indicates that ethical companies are more competitive, profitable, and sustaining than unethical companies.
2. Is our required ethics training more than rote introduction of the company’s code of conduct?
The most successful ethics training moves from theory to practice, and from the conceptual to the real.
Live case studies can help employees, leadership, and management solve relevant ethical dilemmas.
54
Building an Ethical Framework
3. What is the relationship between exercising sound ethics and retaining great talent?
Fortune’s top 100 companies to work for contains a wide variety of companies with no obvious common denominator (salary, benefits, career opportunities, profession, location all vary).
Common factor: trust between employer and employee.
Ethical behavior can lay the groundwork for attracting and retaining the best talent.
55
Building an Ethical Framework
4. Have we conducted a risk assessment to determine our exposure to major ethical damage? What is our potential Enron?
Each company has its own ethical nightmare, but most face similar ethical exposures (theft, accounting irregularities, kickbacks and gratuities, etc.).
Companies should examine the potential hazards of perverse incentives (e.g., compensation based 100 percent on financial goals) and the various unintended consequences of policies, procedures, or expectations.
56
Building an Ethical Framework
5. How can we be proactive in the area of ethics, culture, and corporate citizenship?
Leaders need to own and shape the culture as much as any other management initiative.
Characteristics of predictable ethical outcomes include management credibility, upward communication, perceived organizational support, and teamwork.
Well-tested diagnostic tools can help measure success in these areas.
57
Building an Ethical Framework
6. What tone should executive leadership set regarding ethics, integrity, and transparency?
What leaders say, think, and feel affects the tone as much as their actions.
Mistrust, cynicism, or indifference can erode loyalty to the organization and push ethical leaders out the door.
58
Building an Ethical Framework
7. What does management need from the Board of Directors and senior leadership to enhance and buttress corporate ethics?
Employees who view the Board and executive leadership as unconcerned will discount any directives about ethics that may come from them.
Consistency and authenticity from the Board and senior executives (often expressed in terms of time, talent and resources) is essential to success.
59
Building an Ethical Framework
8. Who is driving ethics and compliance in the company?
Companies need to designate key, senior internal drivers who move along the discussions, training, and initiatives.
Chief Ethics & Compliance Officer (CECO) concept: independence, authority, connection.
60
Building an Ethical Framework
9. Do we have consistency of message between and among the Board, the CEO, the senior executive team, and the employees in terms of ethics and culture?
Common vocabulary.
Consistency of tone and guidance.
Rewards and sanctions: demonstration of value.
61
Building an Ethical Framework
10. Are there any roadblocks that discourage honest conversations on ethics and the implementation of ethical practices, procedures, and protocols?
Need to have the mechanisms in place to assess the current state of play.
…. and the willingness to make changes, when necessary.
62
Building an Ethical Framework
“In looking for people to hire, you look for three qualities: integrity,
intelligence, and energy. And if you don‟t have the first, the other two will
kill you.”
-- Warren Buffet, CEO Berkshire Hathaway
63
UNCLASSIFIED
Best Practices: Role of the CECO
Responsible for overall ethics and
compliance program.
Supports CEO and Board in promoting
corporate values and standards.
Full Member of executive management team.
Participates in major company decisions.
Singular focus on ethics and compliance.
Reporting Relationships
Dotted line to the CEO.
Direct line to the Board of Directors (Chair of
Audit Committee or other relevant Board
entity).
64
UNCLASSIFIED
Best Practices: Principles for the CECO
Accountability to appropriate authority for fiduciary
responsibility.
Independence to raise matters of concern without
fear of reprisal or conflict of interest.
Authority to have decisions and recommendations
taken seriously.
Connection to company operations, to build an
ethical culture and enforce standards
65
Ethics Under The Legal Department?
66
Business Case for a Standalone
Chief Ethics and Compliance Officer Necessary skill sets/perspectives of a GC and
CECO are different
GC: Settle issues involving unethical behavior internally
to decrease risk to the organization
CECO: Broad dissemination of ethics issues crucial to
teaching, prevention, communication of leadership
resolve
Legal vs. CECO advice to CEO: what you can do
versus what you should do
Recent Case Studies: CECO/GC Roles separated
Pfizer
Tenet
Wellcare
UNCLASSIFIED
67
Business Case for a Standalone
Chief Ethics and Compliance Officer
“Apparently, neither Tenet nor Ms. Sulzbach
saw any conflict in her wearing two hats as
Tenet‟s general counsel and chief compliance
officer. As general counsel, Ms. Sulzbach
zealously defended Tenet against claims of
ethical and legal non-compliance….while as chief
compliance officer, she supposedly ensured
compliance by Tenet‟s officers, directors and
employees. It doesn‟t take a pig farmer from Iowa
to smell the stench of conflict in that
arrangement.” --Senator Chuck Grassley, Chair
Senate Finance Committee
UNCLASSIFIED
68
UNCLASSIFIED
Legal Vs. Ethical
69
UNCLASSIFIED
Ethical Leadership: Tone at the Top
Creation of an Ethical Culture
Internal Control Program
Corporate Code of Ethics
Ethics Training
Ethical Behavior Rewards and Sanctions
Anonymous Reporting Process
Internal Investigations Capability
Mandatory Disclosures to the Office of Inspector General
Key Assessment Areas: What Makes a Good
Corporate Ethics Program
70
Assessment Areas:Commitment and Tone at the Top
Is the Board of Directors regularly briefed on ethics and compliance issues?
Does corporate leadership regularly communicate the company’s business ethics posture to the workforce, beyond the introduction in the code of conduct?
Is the Business Ethics and Compliance Officer involved in the company’s strategic decision-making process?
Is the Business Ethics and Compliance program periodically and comprehensively evaluated for effectiveness?
Is the Business Ethics and Compliance program adequately resourced in all company business sectors?
71
Assessment Areas:Creating an Ethical Culture
Has the company conducted an employee survey to gain an understanding of the ethical environment?
Do employees receive regular ethics-related communications from the company, specifically senior leadership?
Are the Federal Acquisition Regulation (FAR) clauses “flowed down” to subcontractors?
Is Corporate Governance and integrity discussed on the company website?
Is ethical conduct included as a part of employees’ performance appraisals?
72
Assessment Areas:Code of Ethics
Written Code of Ethics
Is it made available to each employee engaged in government contracts? Is it required to be acknowledged in writing?
Does it contain clear direction on specific actions employees may or may not take?
Are the potential consequences clearly spelled out for violations?
Does it outline the employees’ duty to report ethics violations, criminal activity, and overpayments?
73
Assessment Areas:Ethics Training
Is ethics a focus in new hire training?
Do all employees receive training on:
Hotline usage
Ethical Issues
Conflicts of interest
Kickbacks
Accounting irregularities
Protection from retaliation
Has ethics training been conducted with senior management?
Have procedures for testing employee comprehension been established and implemented?
74
Assessment Areas :Rewards and Sanctions
Has the company established a clearly understood list of sanctions for violations of ethical behavior?
Are those sanctions equitably applied, regardless of grade or position?
Are cases of ethical/code of conduct violations publicized throughout the company, within the parameters of privacy protections?
Do the employees perceive equity of treatment when ethical standards or the code of conduct is violated?
Has the company established a program for rewarding/incentivizing ethical decision-making?
Does the company publicize cases of good ethical decision-making to reinforce desired behaviors?
Is ethical decision-making included in employees’ performance appraisals?
75
Assessment Areas:Anonymous Reporting Process
Has an anonymous reporting mechanism been established?
Does the company maintain confidentiality for those who wish to remain anonymous?
Do interviewers ask probing questions, customized to the specific violation being reported, to ensure that pertinent information is uncovered?
Is there a well understood process for immediate notice of time-sensitive issues, including illegal activity?
Is the hotline available free of charge on a 24-hour basis?
Is there a process for maintaining ongoing communications with anonymous parties?
76
Assessment Areas:Investigations
Are investigative procedures:
Documented in writing?
Followed consistently?
Reviewed by legal counsel?
Designed to protect confidentiality and prevent retaliation?
Are investigators professionally trained, certified, and maintain required continuing professional education?
Has the Audit Committee developed a mechanism for “receipt, retention and treatment” of complaints to comply with Sarbanes/Oxley regarding allegations of financial irregularities?
Has the company developed relationships with an external party such as forensic accountants or independent Certified Fraud Examiners?
Do investigative procedures address the need to protect whistleblowers?
77
Assessment Areas:Internal Controls
Has the company established procedures to detect potential criminal activity and overpayments and report any potential violations?
Has the company appointed a senior official to be responsible for coordination of internal investigations?
Does the Business Ethics and Compliance officer maintain independence through the company’s reporting chain?
Are there controls in place to ensure that disciplinary action is taken for improper employee conduct?
Does the company periodically audit and review its business practices and internal controls?
Has the company established procedures for documenting ethical breaches and tightening controls to prevent further occurrences?
78
Assessment Areas:Mandatory Disclosures to the
Inspector General
Does the company identify, survey, and obtain certifications from principals regarding their knowledge of information that could trigger a duty to disclose?
Has the company established procedures for documenting the rationale behind the decisions to make, or not make disclosures?
Is there a written protocol for reporting, reviewing, and vetting potential disclosures?
79
UNCLASSIFIED
Industry “Best Practices”: Integrating Ethics into Business Process
Ethics officers at the corporate and business unit levels are part of the senior leadership team and attend/participate in staff meetings and strategic business decisions.
Ethics measures incorporated into business financial and operating results presentations given by business presidents to the CEO; ethics reported twice each year in business performance reviews.
Business Development Account Framework integrates conflict of interest and ethical considerations very early in the process.
Integrity/Ethics measures are explicitly included in employee performance appraisals.
Ethics involved in the vetting process for promotions to vice president (VP) level and above.
80
UNCLASSIFIED
Industry “Best Practices”:Leadership and Executive Training
Leadership Development Program for high-potential
employees two years out of school emphasizes that
―doing the right thing gets you ahead in business.‖
Ethical leadership education module promotes the
role of good management and leadership skills in
maintaining an ethical environment.
Message: Same behaviors that create an ethical
environment improve performance.
Creation of an ethical culture that promotes honest
and open communication between managers and
employees.
Resolve workplace issues early/prevent and
minimize ethical escapes.
81
UNCLASSIFIED
Industry “Best Practices”
Organizational Structure VP-level individual runs corporate program and reports to
chairman and CEO, rather than president.
VP/Corporate Responsibility (CR) or Corporate Governance
approach combines all aspects of internal governance for
synergy (Ethics and Compliance, Internal Audit, Corporate
Investigations, etc.).
CR director AND ethics and compliance program manager in
each Value Center; mixture of outside ethics/compliance
professionals and business expertise.
When culture/history places ethics activity under legal,
individual other than general counsel properly empowered
with independent leadership and board reporting
arrangements.
Senior VP/chief compliance officer officially reports to the
chair of the board of directors’ audit committee;
administratively reports to the CEO.
82
Industry “Best Practices”Organizational Structure
Ethics and Compliance Review Board/Management
and Business Conduct Committee/Ethics and
Advisory Committee.
Dedicated Business Conduct Officer (BCO)
assigned to groups of 50 employees; BCO is at
manager/director level, not Human Resources, Law,
or Audit.
Ethics Oversight Committee includes senior
company leadership, an outside director from the
board, and a senior line manager from one of the
company’s business units.
UNCLASSIFIED
83
UNCLASSIFIED
Industry “Best Practices” Ethics Survey
Conducted every two years
Survey results used as a training tool; results
operationalized and accountability assigned.
Action Plans required by supervisors, with flow-downs to
direct reports.
Survey results drive ethics education and ethics
communication program development.
A few ethics questions posted on website each month, along with previous month’s results; avoids overload and prevents stagnant web content.
Use of customer perception survey to evaluate ethics posture.
84
Industry “Best PracticesEthics Training
Live training at working-group levels most effective.
Separate compliance modules (online), uniquely tailored to
highest risks in each business unit or value center.
Testing for comprehension required for all computer-
based training, including those on company Code of
Conduct.
Scenario-based live discussions on ethical decision-making
(video vignettes) provided annually at all levels.
―Integrity Minute‖: Serial video program using ethics
vignettes as a teaching tool; branching out into gray areas of
ethical decision-making and employee reporting
responsibilities.
EthicsSpace mini-series uses video vignettes to encourage
employee attention to ethics matters.
UNCLASSIFIED
85
UNCLASSIFIED
Industry “Best PracticesEthics Training
Internal Audit testing of employee knowledge in high-
risk areas (i.e., International Traffic-in-Arms
Regulations/Foreign Corrupt Practices Act (FCPA) in
international businesses) provides feedback on
effectiveness of training.
Videotape of actual employees used in Annual Ethics
Training
48 employees videotaped, addressing ―what ethics means to me.‖
Effective peer learning opportunity; high degree of credibility with colleagues
• New employees receive personal contact from Ethics within 30 days, and ethics and compliance training within 60 days
86
Industry “Best Practices”Communications
Constant leadership integration of ethics and integrity into presentations; ethics not a separate ―campaign‖ or special interest topic.
Ethics Blog: posts generate employee input and participation, and stimulate management/employee communication.
Interactive Ethics Posters feature real employees with a short story on each one posted on Ethics Website.
Business Conduct Program captured on plastic card attached to identification badges; core values and contact information close.
Rotating screen savers on all computer screens contain ethics messages; serves as a constant reminder of corporate commitment to integrity and ethics.
Ethics Program pamphlet with points of contact, reporting responsibilities, etc., sent to employee home addresses
UNCLASSIFIED
87
UNCLASSIFIED
Industry “Best Practices”Rewards and Sanctions
Performance Appraisals rate ethical conduct/decision-
making and compliance with disclosure procedures;
verified by Internal Audit.
Rewards programs recognize particularly courageous
ethical decision-making, upward communication of
difficult issues.
―President’s Integrity and Ethics Award‖ recognizes
sustained commitment to ethics, integrity, and the
company’s reputation.
―Police Blotter‖ regularly identifies violations of Code of
Conduct and company actions taken.
Ethics Office includes statistics on disciplinary actions
(linked to code violations) in monthly staff bulletins to
publicize corporate commitment and follow-through.
88
Industry “Best Practices”Board of Directors
Active Compliance Committee oversees Ethics Program and is part of VP/Ethics selection process.
Board approves the Code of Conduct.
Board of directors ethics training every two years.
Separate ―Standards of Business Conduct‖ for board of directors.
New Ethics Committee of the Board, separate from Audit.
89
UNCLASSIFIED
Industry “Best Practices”Ethics Program Assessments
Peer reviews of ethics programs in each business sector focus on how well ethics is embedded into the business.
External Assessments.
Led by independent, third-party ―contractor.‖
Assessment of ethics, procurement integrity, and specific compliance areas.
Over 100 employees interviewed on topics of ethical leadership, peer commitment to ethics, and supervisory reinforcement.
90
UNCLASSIFIED
Industry “Best Practices”Code of Conduct
Pocket-sized Code of Conduct targets most relevant business process risks, is clearly organized, and is easy to read and reference.
Code of Conduct organized into a series of questions and answers.
Code title, ―The Spirit and the Letter,‖ outlines CEOs explicit direction: “Do not allow anything—not „making the numbers,‟ competitive instincts, or even a direct order from a superior—to compromise your commitment to integrity.‖
―Winning with Integrity‖—Links financial goals to corporate values.
Employee ―duty to report‖ code violations clearly spelled out, along with possible punitive actions for failing to report.
Global Code of Conduct balances different cultures and regulatory regimes, with sections on local requirements.
91
UNCLASSIFIED
Industry “Best Practices”Code of Conduct
Written acknowledgements focus on employee reporting obligations:
―I understand that I have an affirmative obligation to report all actual or suspected violations.‖
―I have reported all actual or suspected violations of the standards now known to me.‖
Code contains a section on FCPA ―red flags‖ to increase employee awareness.
92
UNCLASSIFIED
Industry “Best Practices”Subcontractors and Vendors
Company requires that subcontractors certify in the RFP that they will have a Code of Conduct and Ethics Program in place within 30 days of contract award
Subcontract and supplier terms and conditions, and/or supplemental representations and certifications for subcontracts, cite FAR 52.203-13 requirements for Ethics Programs, Codes of Conduct, and training.
Ethics VP participation in conference with subs and suppliers.
Annual Supplier Conference used as a forum to lay out expectations.
Written standards for Supply Partners published in a brochure format; Ethics, Human Rights, Environmental issues, and expectations of ―mutual respect‖ addressed (also called ―Associates Brochure‖)
Require subs/suppliers without their own code to adopt the prime’s, and offer training opportunities.
Website for subcontractors, suppliers, and vendors contains comprehensive ethics information, including training and Code of Conduct.
Internal vendor evaluation system captures ethics and integrity performance of subcontractors.
93
UNCLASSIFIED
Industry “Best Practices”Investigations
Documented investigative procedures cover key
areas, including initiating, planning, and conducting
investigations; documenting interviews; attorney-
client privilege; and reporting format.
Investigative teams supplemented with
expertise appropriate to the allegation
(human resources, finance, legal, internal
audit, information technology, etc.).
Internal and external training in basic
investigative techniques periodically
provided to Ethics Officers and others
tasked with conducting internal
investigations.
94
Industry “Best Practices”Mandatory Disclosure
Leveraging of quarterly ―survey of principals‖ required under Sarbanes-Oxley to meet FAR mandatory fraud disclosure requirement.
Mandatory Disclosure policy requires reporting of possible violations to sector General Counsel within 2 working days.
Company requires quarterly certification by principals that they are unaware of reportable issues.
Company publishes a comprehensive list of reportable matters in categories such as contract award, contract performance/closeout, and overpayments.
95
Industry “Best Practices”Other Areas
Separate and distinct labor charging initiative.
Ethics Program materials and hotlines adapted and
translated for international business units; local ethics
officers, attorneys, and internal auditors with language
capability assigned.
Ethics integrated into recruiting process; students
briefed on company values and ethics, and advised not
to apply without buy-in.
Proactive fraud risk assessments and risk-based
monitoring conducted by Compliance staff in
coordination with internal audit.
Well-stated Ethics Program goal: ―Help employees
recognize, appreciate, and resolve ethical dilemmas
and issues.‖
UNCLASSIFIED
96
Industry “Best Practices”Other Areas
Online process for disclosure of Conflicts of Interest (COI) and certification of adherence to standards of business conduct.
Seven questions asked regarding COI-related issues.
Must be completed annually and upon changes in circumstances.
First-level review by manager; Ethics Office also conducts assessment.
97
Future Trends in Business Ethics
AMA/HRI identified several practices/approaches (2005) that would be part of the “Composite
Perfect Company” in 2015
Board of Directors
Obligated to uphold the code of conduct AND a specific Governance Code of Conduct.
Directors sign the code each year and participate in an ethics workshop that includes the ―Train-the-Trainer‖ certification, as well as in-depth discussions regarding the application of the Board’s code.
Criteria for selecting and retaining board members ensures the Board is diverse and independent.
Organizational ombudsman has direct access to the Board and provides unfiltered communications.
98
Future Trends in Business Ethics
Suppliers, Customers, and Investors
Supplier/Subcontractor Code of Conduct.
Company provides required training to the suppliers on the code of conduct and the company’s expectations of the relationship.
Suppliers have access to the company’s ombudsman and hotline to discuss any unethical behavior that may have been observed.
Representatives from the supplier are required to attend a business ethics conference held twice a year.
Principle of transparency: company provides current and prospective customers with access to clear and complete information on its business ethics and corporate social responsibility programs.
Shareholder trust is critical; company has created processes to provide timely and complete information and to obtain timely feedback for existing and potential investors.
99
Is the Government “Walking the Talk”?
100
Let's Be Philosophical
“There are seven things that will destroy us: Wealth without work;
Pleasure without conscience;Knowledge without character;
Religion without sacrifice; Politics without principle; Science without humanity;Business without ethics.”
Mahatma Gandhi
101
Closing Thoughts
“Don‟t think there are no crocodiles because the water is calm.”
-- Malayan Proverb
“Relativity applies to physics, not ethics.”
-- Albert Einstein
102
Contact Information
Eric R. Feldman, CFE, CIG
President, Core Integrity Group LLC
1732 Aviation Blvd, Suite 421
Redondo Beach, CA 90278
(540) 226-3070
www.coreintegritygroup.com