Best Practices in Implementing an Effective Business Ethics ......to the 2009 Edelman Trust Barometer, public trust in U.S. business stands at 38%, down from 58% The Committee on Oversight

1

Best Practices in Implementing an Effective Business Ethics and

Compliance Program

Eric R. FeldmanCore Integrity Group, LLC

22nd Annual ACFE Fraud Conference San Diego, CAJune 13, 2011

2

Agenda

Background

State of Ethics Today

Who Has Time To Worry About Ethics Now?

The New FAR Rule: More than Just Mandatory Disclosure

“The Ethical Enterprise”

Best Practices: Role of the Chief Ethics and Compliance Officer

3

Agenda Building an Ethical Framework: What

Makes a Good Corporate Ethics Program?

Key Assessment Areas

Future Trends in Ethics

Industry Best Practices Observed

4

Background

Government Accountability Office

Department of Defense OIG

Central Intelligence Agency OIG

NRO Inspector General

Senior Advisor for Procurement Integrity

5

Definition of Business Ethics

“Applying society’s ethical norms to business dealings.”

Business ethics applies to all aspects of business conduct and concerns the actions and decisions of individuals as well as the enterprise.

6

State of Ethics Today“Lie, Cheat and Steal: High School Ethics

Surveyed”*

78% of high school students surveyed reported cheating.

64% of students cheated on a test in the past year and 38% did so two or more times, up from 60% and 35% in a 2006 survey.

In the past year, 35% of boys and 26% of girls acknowledged stealing from a store; one-fifth said they stole something from a friend; 23% said they stole something from a parent or other relative.

*Source: Josephson Institute 2008 Study of 29,700 Students

7


60 years ago, only 20% of college students admitted to having cheated while in high school; today, only 22% report they did NOT cheat.

Serious implications for the workforce (both government and industry)

Ethical values can't be assumed

Entry-level training requirements

Different approaches for Gen X and Gen Y

8


“Did you Cheat to Get Into Graduate School?”*

YES!!

Liberal Arts – 43%

Education - 52%

Law and Medicine – 63%

Business – 75%

*Source: Rutgers University Survey of Students

9


Graduate School Cheating

MBA: 56%

Engineering: 54%

Education: 48%

Law: 45%


10

State of Ethics TodayWhy Do They Cheat?

Students in the Rutgers Study rationalized their cheating:

Too many pressures.

Desire to please parents and professors.

Intense competition for jobs.

Everyone is doing it.

Disinterested in required classes.

Professors don’t care about students.

It’s the “way of the world”; getting others to do my work is a skill I will need in business.

11


Graduating MBAs

76% were willing to understate expenses that cut into their companies’ profits.

Convicts in 11 minimum security prisons had higher scores on an ethical dilemma exam than MBAs.


12

State of Ethics Today―Student Cheating Is A Predictor of Adult Behavior‖

Josephson Institute Study, October 2009

First-ever study of the relationship between high school attitudes and behavior and later adult conduct.

Younger generations are significantly more likely to engage in dishonest conduct than those in older generations.

Cheaters in high school are far more likely as adults to lie to their spouses, customers, and employers, and to cheat on expense reports and insurance claims.

“The hole in the moral ozone seems to be getting bigger — each new generation is more likely to lie and cheat than the preceding one.”

13


Josephson‟s Conclusion:

“Teens are five times and young adults are three times more likely than those over 40 to hold the cynical belief that lying and cheating is necessary to success. This belief is one of the most significant and reliable predictors of dishonest behavior in the adult world.”

14

National Business Ethics Survey

The Ethics Resource Center‟s (ERC) 2009 National Business Ethics Survey results showed improvement since 2007:

Fewer employees said they witnessed misconduct on the job; the measure fell from 56% in 2007 to 49% in 2009.

More employees reported misconduct they observed; 37% of those who witnessed misconduct did not report it in 2009, down from 42% in 2007.

ERC’s measure of the strength of ethical culture in the workplace increased from 53% in 2007 to 62% in 2009.

Perceived pressure to commit an ethics violation—to cut corners, or worse—declined from 10% in 2007 to 8% in 2009.

The only factor that appeared to negatively increase between 2007 and 2009 is the expectation of retaliation; 39% feared retaliation in 2009 as opposed to 36% in 2007.

15

2009 National Business Ethics Survey Conclusions

We are experiencing an ethics bubble. When economic conditions improve, incidents of ethical breaches will likely increase.

Ethical culture is the single biggest factor determining the amount of misconduct that will take place in a business.

Executives who don’t elevate ethical culture to a priority risk long-term business problems.

16

Why Worry About Ethics Now?

17

Why Worry About Ethics Now? Mistrust of ―Corporate America‖ is at an all-time high; according

to the 2009 Edelman Trust Barometer, public trust in U.S. business stands at 38%, down from 58%

The Committee on Oversight and Government Reform identified 187 contracts valued at $1.1 trillion that have been plagued by waste, fraud, abuse, or mismanagement over the last six years.

The Justice Department has made corporate fraud and misconduct a national priority.

According to the Ethics Resource Center, misconduct in the workplace rises as much as 11% when financial or economic turmoil rocks an organization. Employees, supervisors and managers all feel extra pressure to meet goals—and may cut corners.

PricewaterhouseCoopers Advisory Group reports that breakdowns in companies’ internal controls occur most often in (1) operations that are soon to be discontinued, and (2) units that are subject to severe cost cutting pressure.

Deloitte Financial Advisory Services survey found that 63% of executives expect accounting fraud to increase during the next two years because of the recession.

18

18

“The Perfect Storm”

Companies are

downsizing, which

has an immediate

effect on internal

controls.

Budgets are

decreasing.

Companies are

doing more

with less.

With increased

pressure and

decreased internal

controls, people

will seek more

opportunities for

fraud.Credit crisis

and other

external

factors are

increasing.C

Layoffs are

increasing.

Stock prices are

declining.

Internal Controls

Opportunity to

Commit Fraud

Internal and External

Pressure

Source: Fraud Magazine, May/June 2009 issue

The Potential

For Fraud

19

“The FAR Rule”

Published: Federal Register 73 FR 67064

(November 12, 2008)

Effective Date: December 12, 2008

All federal contractors are required by law to disclose to inspectors general credible evidence of a violation of federal criminal law involving fraud, conflict of interest, bribery, or gratuity violations, or a violation of the civil False Claims Act, where such evidence arises in connection with a federal contract.

20

New FAR Requirements: Historical Perspective

DoD Voluntary Disclosures

UNCLASSIFIED

21

Other Elements of the FAR Rule: More Than Just Disclosure

Amplifies the requirements for a contractor code of business ethics and conduct

Requires effective training programs for contractor principals and employees, as well as agents and subcontractors

Outlines specific requirements for a contractor’s internal control system to ensure effectiveness of the ethics awareness and compliance program

Calls for periodic reviews of company business practices, procedures, policies, and internal controls for compliance with the business ethics and conduct program

22

New Federal Agency Responsibility

FAR Subpart 9.104-1 now directs that a contractor’s record of integrity and business ethics be a required element for the government to determine that a prospective contractor is a “responsible party.”

23

Enron's World Class Ethics Program

24

Values Vs. Rules-Based Ethics Individuals and companies at the heart of today’s most

egregious corporate scandals often obeyed the letter of the law, not the spirit (e.g., AIG/Lehman actions unethical, but not illegal).

Many companies choose not to go beyond the minimum requirements of the code of ethics provisions of Sarbanes-Oxley.

Ethics developments in industry have been largely rule-based.

Less emphasis on values than on implementing statutory requirements (Law is the ceiling rather than the floor of behavior)

Ethics Officer and Compliance Officer titles often interchangeable; both managed by or through Legal Dept.

25

Values Vs. Rules-Based Ethics

Training focused on legal obligations versus ethical considerations

Federal Sentencing Guidelines: designed to ―prevent and detect criminal conduct‖

What kind of Ethics Program Does Your Company Have?

26

Code of Conduct vs. Corporate Culture

27

“The Ethical Enterprise” American Management Association (AMA)/Human

Resource Institute (HRI) Business Ethics Survey conducted in 2005.

1,121 executives and managers responded.

53.4% from the U.S.; 24.9% from Canada.

Human resources, general management, operations functions.

Study included the following questions:

Why are business ethics important to the organization?

What drives unethical behavior?

What business practices contribute to an ethical corporate culture (today and in ten years)?

28

Perceived Importance of Business Ethics

AMA/HRI Survey Results:

Protection of Brand and Reputation

The ―Right Thing to Do‖

Customer Trust and Loyalty

Investor Confidence

Public Acceptance/Recognition

Litigation/Indictment Avoidance

Positive Impact on Financial Results

Employee Retention and Performance

Supplier/Partner Trust

29

“Reputational Capital”

Protecting the company‟s reputation is seen as the top reason for

running a business in an ethical way, today and into the future.

Worker retention and performance are expected to become even more

critical during a “war for talent.‖

30

Drivers Impacting Business Ethics

AMA/HRI Survey Results:

Corporate Scandals

Marketplace Competition

Demands by Investors

Pressure from Customers

Globalization

Executive Compensation

Change: Mergers and Acquisitions, Restructuring

Diversity, Including Generational

Pressure from Prospective and Existing Staff

31

Drivers of Unethical Behavior

Pressure from management or the board to ―meet unrealistic business objectives‖ is the leading factor most likely to cause unethical behavior (70% of Survey Respondents).

The ―Ambitious and the Afraid‖ are more likely to violate ethical standards.

32

Drivers of Unethical Behavior

Working in an ―environment with cynicism or diminished morale‖ is the next most cited factor leading to unethical behavior (31.1%).

Other factors cited include:

Improper training about, or ignorance that, acts are unethical

Perceived lack of consequences if caught

Need to follow the boss’s orders

Peer pressure/desire to be a team player

Desire to steal from or harm the organization

Desire to help the organization survive

33

What is Ethical Culture?

Some basic elements to ask (per Ethics Resource Center):

What are the values that drive ―how things are really done around here?‖

How much pressure is there to perform, and to cut corners to do so?

How confident are employees that executives are committed to ethics as a fundamental part of doing business?

What do employees actually do when they observe misconduct?

Is there reason to fear doing the right thing?

34

Leadership and Ethical CultureAccording to AMA/HRI Survey Results, organizations

can establish policies and processes that help create an ethical culture. These include:

Leadership support and modeling of ethical behavior

Consistent communication from all leaders

Integrating ethics into the foundational processes: corporate goals, processes, and strategies

Making ethics a part of performance management systems

Making ethics a part of the recruitment and employee selection process

Putting measures in place to assess the effectiveness of business ethics programs and strategies

35

Leadership and Ethical Culture

―Laws and regulations are, and will remain, the most influential external

drivers of corporate ethics, but legislation is no substitute for the

presence of leaders who support and model ethical behavior.”

-- Edward T. Reilly, President and CEO

American Management Association

36


The top-ranked process for sustaining a business ethics culture: ―leaders support and model ethical behavior.‖

Safe to assume that ALL public companies officially advocate ethical behaviors.

The real issue: Do leaders at all levels practice what they preach/―Walk the talk‖?

Deloitte LLP Ethics and Workplace Survey 2009: 77% cited the behavior of management or a direct supervisor as the top factor influencing their conduct.

ERC 2009 National Business Ethics Survey: Strong ethical leadership drives perceptions on CEO compensation and organizational misconduct.

37


The most important ethical leadership behaviors cited by AMA/HRI survey respondents were:

Keeping promises

Encouraging open communication/keeping employees informed

Supporting employees who uphold ethical standards (system of rewards, not just sanctions)

Ensuring there is no retaliation for those who ―blow the whistle‖

38

Business Ethics and Compliance Programs and Practices

Having a Code of Conduct is clearly the most important internal practice, essential to ensuring an ethical corporate culture.

Reflects and reinforces values and principles of an organization.

Important not just internally to the company.

Also viewed as critical for Board of Directors and suppliers; codes need to apply to everyone that has a direct impact on the reputation of the company.

39


However, the Code of Conduct must be reinforced with effective training.

Not just a paper trail.

Must be required for all employees, including senior executives.

Should contain a variety of mechanisms, including live interaction and discussions, aimed at instilling ethical behavior into everyday corporate decision-making.

40

The Changing Corporate Climate

“An ethical corporate climate is either developing or deteriorating, enriching itself or impoverishing itself. It needs constant care and

attention.”

-- Study by the Woodstock Center, Georgetown University

41


Ombudsman, Ethics Hotlines, and Whistleblower Policies Viewed as Critical to Creating an Ethical Culture.

Respondents viewed ―transparency‖ as a key objective for customers and investors.

Desire for transparency likely to increase with budget pressures, social media, etc.

Corporate Social Responsibility Programs Now Viewed as Essential Element of the Ethical Culture.

Environmental (Green) Operations and Attitude.

Labor Issues (particularly with overseas suppliers and vendors).

42

Ethics as a Business Process

Corporate Ethics following a familiar evolutionary path, from ―Requirement‖ to ―Business Imperative.‖

Diversity

Quality Movement

Corporate Social Responsibility

Evolution from ―Soft‖ to ―Hard‖ Science

Win in marketplace.

Improve competitive advantage.

Achieve higher market valuations.

Increase employee recruitment and retention.

Strengthen customer relationships and satisfaction.

43

Ethics as a Business Process

Sound, ethical culture viewed as key to avoiding scandal,

safeguarding corporate reputation, and sustaining brand value.

44

The “Carrot”Being Ethical Generates Significant Business Value

IT CAN PAY TO BE

ETHICAL*

The World’s Most Ethical

Companies consistently

outperform the Standard &

Poor’s (S&P) 500. Investing

in ethics is beneficial for any

company, even in a

recession. The graph to the

right compares the ―WME

Index,‖ or all publicly traded

2010 World’s Most Ethical

Company honorees, against

the S&P 500 and the

Financial Times & the

London Stock Exchange

(FTSE) since 2005.

WME vs. S&P 500 vs. FTSE 100

*Source: Ethisphere Institute, 2010

45

The “Carrot”DoJ Credit for Effective Ethics Programs

Principles of Federal Prosecution of Business Organizations

United States Attorney’s Manual

Truly effective program can result in a decision not to charge a corporation, OR to mitigate charges or sanctions against the corporation.

2010 Amendments to Organizational Sentencing Guidelines

Reaffirmed the importance of Ethics and Compliance.

Higher standards and effort required.

Greater likelihood of credit.

46


Key Changes to Chapter 8

Direct Reporting Obligations.

Guidance on remedial steps that should be taken after organization detects criminal activity in order to have an effective ethics and compliance program.

Exception to ―credit blocker‖ for organizations in which high-level or substantial authority personnel were involved in criminal conduct.

Consolidation of recommended probation conditions.

47


New Application Note 6

Organization should respond appropriately to criminal conduct (restitution, self-reporting, cooperation).

Organization should act appropriately to prevent further similar criminal conduct (assess/modify C&E program, use of outside advisors).

48

The “Carrot”DoJ Credit for Effective Ethics Programs

Siemens

Most egregious example of systemic foreign corruption ever

prosecuted, according to DoJ.

Tremendous benefits flowed from extraordinary cooperation.

$450 million fine vs. $1.35-2.76 billion called for in sentencing

guide.

Penalty was 67-84% less than what the company would have

faced without extraordinary cooperation, Government access to

documents, and extensive remediation.

Helmerich and PayneSelf-disclosed improper/questionable payments.

Non-prosecution agreement.

$1 million penalty (30% below guidelines).

Compliance self-reporting (no independent monitor).

49

The “Stick”Heightened Enforcement by DoJ

Aggressive FCPA Enforcement

Since 2004, Fraud section achieved 37 corporate FCPA and foreign bribery-related resolutions

Fines over $1.5 billion.

81 individuals charged (CEOs, Chief Financial Officers, other senior-level corporate execs).

46 individuals charged since the start of 2009 (More than the total number of individual charges in the previous 7 years combined)

Charging individuals is part of a deliberate enforcement strategy to ―deter and prevent corrupt corporate conduct‖

New United Kingdom Bribery Act criminalizes failure of a corporate entity to prevent bribery

50

The “Stick”Cost of Ethical Lapses

Association of Certified Fraud Examiners’ 2010 Report to the Nations on Occupational Fraud and Abuse

Examined 1,843 cases of occupational fraud that occurred worldwide between January 2008 and December 2009.

Participants estimated that the typical organization loses five percent of its annual revenue to fraud.

Median loss: $160,000.

More than a quarter of the frauds involved losses of at least $1 million.

51

The “Stick”: Cost of Ethical LapsesBoeing $ 615 million

Tenet $ 900 million

Columbia/HCA $1,700 billion

AIG $1,500 billion

Marsh and McLennan $ 850 million

Fannie Mae $ 400 million

KPMG $ 465 million

Tyco $ 750 million

Cardinal Health $ 600 million

Pharmas $2,400 billion

Siemens $ 463 million

Prudential $2,800 billion

UnitedHealth Group $ 915 million

BAE $ 200 million

52

The “Stick”Future Business with Government

Customers

FAR requires federal agency assessment of a potential contractor’s ―ethics and integrity posture‖ as part of the ―responsible party‖ determination for future source selections.

New FAR provisions specifically identify suspension and debarment as the remedy for a contractor’s ―failure to timely disclose‖ fraud or other illegal activities under the mandatory reporting provisions.

Increased DCAA scrutiny of Ethics and Compliance in routine auditing

53

Building an Ethical FrameworkTen Important Questions to Ask When Trying to

Build an Ethical Culture

1. What is the relationship between ethics and other performance metrics in the company?

Cost of preventing a scandal is exponentially lower than the costs of fixing ethical problems.

Current data indicates that ethical companies are more competitive, profitable, and sustaining than unethical companies.

2. Is our required ethics training more than rote introduction of the company’s code of conduct?

The most successful ethics training moves from theory to practice, and from the conceptual to the real.

Live case studies can help employees, leadership, and management solve relevant ethical dilemmas.

54

Building an Ethical Framework

3. What is the relationship between exercising sound ethics and retaining great talent?

Fortune’s top 100 companies to work for contains a wide variety of companies with no obvious common denominator (salary, benefits, career opportunities, profession, location all vary).

Common factor: trust between employer and employee.

Ethical behavior can lay the groundwork for attracting and retaining the best talent.

55


4. Have we conducted a risk assessment to determine our exposure to major ethical damage? What is our potential Enron?

Each company has its own ethical nightmare, but most face similar ethical exposures (theft, accounting irregularities, kickbacks and gratuities, etc.).

Companies should examine the potential hazards of perverse incentives (e.g., compensation based 100 percent on financial goals) and the various unintended consequences of policies, procedures, or expectations.

56


5. How can we be proactive in the area of ethics, culture, and corporate citizenship?

Leaders need to own and shape the culture as much as any other management initiative.

Characteristics of predictable ethical outcomes include management credibility, upward communication, perceived organizational support, and teamwork.

Well-tested diagnostic tools can help measure success in these areas.

57


6. What tone should executive leadership set regarding ethics, integrity, and transparency?

What leaders say, think, and feel affects the tone as much as their actions.

Mistrust, cynicism, or indifference can erode loyalty to the organization and push ethical leaders out the door.

58


7. What does management need from the Board of Directors and senior leadership to enhance and buttress corporate ethics?

Employees who view the Board and executive leadership as unconcerned will discount any directives about ethics that may come from them.

Consistency and authenticity from the Board and senior executives (often expressed in terms of time, talent and resources) is essential to success.

59


8. Who is driving ethics and compliance in the company?

Companies need to designate key, senior internal drivers who move along the discussions, training, and initiatives.

Chief Ethics & Compliance Officer (CECO) concept: independence, authority, connection.

60


9. Do we have consistency of message between and among the Board, the CEO, the senior executive team, and the employees in terms of ethics and culture?

Common vocabulary.

Consistency of tone and guidance.

Rewards and sanctions: demonstration of value.

61


10. Are there any roadblocks that discourage honest conversations on ethics and the implementation of ethical practices, procedures, and protocols?

Need to have the mechanisms in place to assess the current state of play.

…. and the willingness to make changes, when necessary.

62


“In looking for people to hire, you look for three qualities: integrity,

intelligence, and energy. And if you don‟t have the first, the other two will

kill you.”

-- Warren Buffet, CEO Berkshire Hathaway

63

UNCLASSIFIED

Best Practices: Role of the CECO

Responsible for overall ethics and

compliance program.

Supports CEO and Board in promoting

corporate values and standards.

Full Member of executive management team.

Participates in major company decisions.

Singular focus on ethics and compliance.

Reporting Relationships

Dotted line to the CEO.

Direct line to the Board of Directors (Chair of

Audit Committee or other relevant Board

entity).

64

UNCLASSIFIED

Best Practices: Principles for the CECO

Accountability to appropriate authority for fiduciary

responsibility.

Independence to raise matters of concern without

fear of reprisal or conflict of interest.

Authority to have decisions and recommendations

taken seriously.

Connection to company operations, to build an

ethical culture and enforce standards

65

Ethics Under The Legal Department?

66

Business Case for a Standalone

Chief Ethics and Compliance Officer Necessary skill sets/perspectives of a GC and

CECO are different

GC: Settle issues involving unethical behavior internally

to decrease risk to the organization

CECO: Broad dissemination of ethics issues crucial to

teaching, prevention, communication of leadership

resolve

Legal vs. CECO advice to CEO: what you can do

versus what you should do

Recent Case Studies: CECO/GC Roles separated

Pfizer

Tenet

Wellcare

UNCLASSIFIED

67

Business Case for a Standalone

Chief Ethics and Compliance Officer

“Apparently, neither Tenet nor Ms. Sulzbach

saw any conflict in her wearing two hats as

Tenet‟s general counsel and chief compliance

officer. As general counsel, Ms. Sulzbach

zealously defended Tenet against claims of

ethical and legal non-compliance….while as chief

compliance officer, she supposedly ensured

compliance by Tenet‟s officers, directors and

employees. It doesn‟t take a pig farmer from Iowa

to smell the stench of conflict in that

arrangement.” --Senator Chuck Grassley, ChairSenate Finance Committee

UNCLASSIFIED

68

UNCLASSIFIED

Legal Vs. Ethical

69

UNCLASSIFIED

Ethical Leadership: Tone at the Top

Creation of an Ethical Culture

Internal Control Program

Corporate Code of Ethics

Ethics Training

Ethical Behavior Rewards and Sanctions

Anonymous Reporting Process

Internal Investigations Capability

Mandatory Disclosures to the Office of Inspector General

Key Assessment Areas: What Makes a Good

Corporate Ethics Program

70

Assessment Areas:Commitment and Tone at the Top

Is the Board of Directors regularly briefed on ethics and compliance issues?

Does corporate leadership regularly communicate the company’s business ethics posture to the workforce, beyond the introduction in the code of conduct?

Is the Business Ethics and Compliance Officer involved in the company’s strategic decision-making process?

Is the Business Ethics and Compliance program periodically and comprehensively evaluated for effectiveness?

Is the Business Ethics and Compliance program adequately resourced in all company business sectors?

71

Assessment Areas:Creating an Ethical Culture

Has the company conducted an employee survey to gain an understanding of the ethical environment?

Do employees receive regular ethics-related communications from the company, specifically senior leadership?

Are the Federal Acquisition Regulation (FAR) clauses “flowed down” to subcontractors?

Is Corporate Governance and integrity discussed on the company website?

Is ethical conduct included as a part of employees’ performance appraisals?

72

Assessment Areas:Code of Ethics

Written Code of Ethics

Is it made available to each employee engaged in government contracts? Is it required to be acknowledged in writing?

Does it contain clear direction on specific actions employees may or may not take?

Are the potential consequences clearly spelled out for violations?

Does it outline the employees’ duty to report ethics violations, criminal activity, and overpayments?

73

Assessment Areas:Ethics Training

Is ethics a focus in new hire training?

Do all employees receive training on:

Hotline usage

Ethical Issues

Conflicts of interest

Kickbacks

Accounting irregularities

Protection from retaliation

Has ethics training been conducted with senior management?

Have procedures for testing employee comprehension been established and implemented?

74

Assessment Areas :Rewards and Sanctions

Has the company established a clearly understood list of sanctions for violations of ethical behavior?

Are those sanctions equitably applied, regardless of grade or position?

Are cases of ethical/code of conduct violations publicized throughout the company, within the parameters of privacy protections?

Do the employees perceive equity of treatment when ethical standards or the code of conduct is violated?

Has the company established a program for rewarding/incentivizing ethical decision-making?

Does the company publicize cases of good ethical decision-making to reinforce desired behaviors?

Is ethical decision-making included in employees’ performance appraisals?

75

Assessment Areas:Anonymous Reporting Process

Has an anonymous reporting mechanism been established?

Does the company maintain confidentiality for those who wish to remain anonymous?

Do interviewers ask probing questions, customized to the specific violation being reported, to ensure that pertinent information is uncovered?

Is there a well understood process for immediate notice of time-sensitive issues, including illegal activity?

Is the hotline available free of charge on a 24-hour basis?

Is there a process for maintaining ongoing communications with anonymous parties?

76

Assessment Areas:Investigations

Are investigative procedures:

Documented in writing?

Followed consistently?

Reviewed by legal counsel?

Designed to protect confidentiality and prevent retaliation?

Are investigators professionally trained, certified, and maintain required continuing professional education?

Has the Audit Committee developed a mechanism for “receipt, retention and treatment” of complaints to comply with Sarbanes/Oxley regarding allegations of financial irregularities?

Has the company developed relationships with an external party such as forensic accountants or independent Certified Fraud Examiners?

Do investigative procedures address the need to protect whistleblowers?

77

Assessment Areas:Internal Controls

Has the company established procedures to detect potential criminal activity and overpayments and report any potential violations?

Has the company appointed a senior official to be responsible for coordination of internal investigations?

Does the Business Ethics and Compliance officer maintain independence through the company’s reporting chain?

Are there controls in place to ensure that disciplinary action is taken for improper employee conduct?

Does the company periodically audit and review its business practices and internal controls?

Has the company established procedures for documenting ethical breaches and tightening controls to prevent further occurrences?

78

Assessment Areas:Mandatory Disclosures to the

Inspector General

Does the company identify, survey, and obtain certifications from principals regarding their knowledge of information that could trigger a duty to disclose?

Has the company established procedures for documenting the rationale behind the decisions to make, or not make disclosures?

Is there a written protocol for reporting, reviewing, and vetting potential disclosures?

79

UNCLASSIFIED

Industry “Best Practices”: Integrating Ethics into Business Process

Ethics officers at the corporate and business unit levels are part of the senior leadership team and attend/participate in staff meetings and strategic business decisions.

Ethics measures incorporated into business financial and operating results presentations given by business presidents to the CEO; ethics reported twice each year in business performance reviews.

Business Development Account Framework integrates conflict of interest and ethical considerations very early in the process.

Integrity/Ethics measures are explicitly included in employee performance appraisals.

Ethics involved in the vetting process for promotions to vice president (VP) level and above.

80

UNCLASSIFIED

Industry “Best Practices”:Leadership and Executive Training

Leadership Development Program for high-potential

employees two years out of school emphasizes that

―doing the right thing gets you ahead in business.‖

Ethical leadership education module promotes the

role of good management and leadership skills in

maintaining an ethical environment.

Message: Same behaviors that create an ethical

environment improve performance.

Creation of an ethical culture that promotes honest

and open communication between managers and

employees.

Resolve workplace issues early/prevent and

minimize ethical escapes.

81

UNCLASSIFIED

Industry “Best Practices”

Organizational Structure VP-level individual runs corporate program and reports to

chairman and CEO, rather than president.

VP/Corporate Responsibility (CR) or Corporate Governance

approach combines all aspects of internal governance for

synergy (Ethics and Compliance, Internal Audit, Corporate

Investigations, etc.).

CR director AND ethics and compliance program manager in

each Value Center; mixture of outside ethics/compliance

professionals and business expertise.

When culture/history places ethics activity under legal,

individual other than general counsel properly empowered

with independent leadership and board reporting

arrangements.

Senior VP/chief compliance officer officially reports to the

chair of the board of directors’ audit committee;

administratively reports to the CEO.

82

Industry “Best Practices”Organizational Structure

Ethics and Compliance Review Board/Management

and Business Conduct Committee/Ethics and

Advisory Committee.

Dedicated Business Conduct Officer (BCO)

assigned to groups of 50 employees; BCO is at

manager/director level, not Human Resources, Law,

or Audit.

Ethics Oversight Committee includes senior

company leadership, an outside director from the

board, and a senior line manager from one of the

company’s business units.

UNCLASSIFIED

83

UNCLASSIFIED

Industry “Best Practices” Ethics Survey

Conducted every two years

Survey results used as a training tool; results

operationalized and accountability assigned.

Action Plans required by supervisors, with flow-downs to

direct reports.

Survey results drive ethics education and ethics

communication program development.

A few ethics questions posted on website each month, along with previous month’s results; avoids overload and prevents stagnant web content.

Use of customer perception survey to evaluate ethics posture.

84

Industry “Best PracticesEthics Training

Live training at working-group levels most effective.

Separate compliance modules (online), uniquely tailored to

highest risks in each business unit or value center.

Testing for comprehension required for all computer-

based training, including those on company Code of

Conduct.

Scenario-based live discussions on ethical decision-making

(video vignettes) provided annually at all levels.

―Integrity Minute‖: Serial video program using ethics

vignettes as a teaching tool; branching out into gray areas of

ethical decision-making and employee reporting

responsibilities.

EthicsSpace mini-series uses video vignettes to encourage

employee attention to ethics matters.

UNCLASSIFIED

85

UNCLASSIFIED

Industry “Best PracticesEthics Training

Internal Audit testing of employee knowledge in high-

risk areas (i.e., International Traffic-in-Arms

Regulations/Foreign Corrupt Practices Act (FCPA) in

international businesses) provides feedback on

effectiveness of training.

Videotape of actual employees used in Annual Ethics

Training

48 employees videotaped, addressing ―what ethics means to me.‖

Effective peer learning opportunity; high degree of credibility with colleagues

• New employees receive personal contact from Ethics within 30 days, and ethics and compliance training within 60 days

86

Industry “Best Practices”Communications

Constant leadership integration of ethics and integrity into presentations; ethics not a separate ―campaign‖ or special interest topic.

Ethics Blog: posts generate employee input and participation, and stimulate management/employee communication.

Interactive Ethics Posters feature real employees with a short story on each one posted on Ethics Website.

Business Conduct Program captured on plastic card attached to identification badges; core values and contact information close.

Rotating screen savers on all computer screens contain ethics messages; serves as a constant reminder of corporate commitment to integrity and ethics.

Ethics Program pamphlet with points of contact, reporting responsibilities, etc., sent to employee home addresses

UNCLASSIFIED

87

UNCLASSIFIED

Industry “Best Practices”Rewards and Sanctions

Performance Appraisals rate ethical conduct/decision-

making and compliance with disclosure procedures;

verified by Internal Audit.

Rewards programs recognize particularly courageous

ethical decision-making, upward communication of

difficult issues.

―President’s Integrity and Ethics Award‖ recognizes

sustained commitment to ethics, integrity, and the

company’s reputation.

―Police Blotter‖ regularly identifies violations of Code of

Conduct and company actions taken.

Ethics Office includes statistics on disciplinary actions

(linked to code violations) in monthly staff bulletins to

publicize corporate commitment and follow-through.

88

Industry “Best Practices”Board of Directors

Active Compliance Committee oversees Ethics Program and is part of VP/Ethics selection process.

Board approves the Code of Conduct.

Board of directors ethics training every two years.

Separate ―Standards of Business Conduct‖ for board of directors.

New Ethics Committee of the Board, separate from Audit.

89

UNCLASSIFIED

Industry “Best Practices”Ethics Program Assessments

Peer reviews of ethics programs in each business sector focus on how well ethics is embedded into the business.

External Assessments.

Led by independent, third-party ―contractor.‖

Assessment of ethics, procurement integrity, and specific compliance areas.

Over 100 employees interviewed on topics of ethical leadership, peer commitment to ethics, and supervisory reinforcement.

90

UNCLASSIFIED

Industry “Best Practices”Code of Conduct

Pocket-sized Code of Conduct targets most relevant business process risks, is clearly organized, and is easy to read and reference.

Code of Conduct organized into a series of questions and answers.

Code title, ―The Spirit and the Letter,‖ outlines CEOs explicit direction: “Do not allow anything—not „making the numbers,‟ competitive instincts, or even a direct order from a superior—to compromise your commitment to integrity.‖

―Winning with Integrity‖—Links financial goals to corporate values.

Employee ―duty to report‖ code violations clearly spelled out, along with possible punitive actions for failing to report.

Global Code of Conduct balances different cultures and regulatory regimes, with sections on local requirements.

91

UNCLASSIFIED

Industry “Best Practices”Code of Conduct

Written acknowledgements focus on employee reporting obligations:

―I understand that I have an affirmative obligation to report all actual or suspected violations.‖

―I have reported all actual or suspected violations of the standards now known to me.‖

Code contains a section on FCPA ―red flags‖ to increase employee awareness.

92

UNCLASSIFIED

Industry “Best Practices”Subcontractors and Vendors

Company requires that subcontractors certify in the RFP that they will have a Code of Conduct and Ethics Program in place within 30 days of contract award

Subcontract and supplier terms and conditions, and/or supplemental representations and certifications for subcontracts, cite FAR 52.203-13 requirements for Ethics Programs, Codes of Conduct, and training.

Ethics VP participation in conference with subs and suppliers.

Annual Supplier Conference used as a forum to lay out expectations.

Written standards for Supply Partners published in a brochure format; Ethics, Human Rights, Environmental issues, and expectations of ―mutual respect‖ addressed (also called ―Associates Brochure‖)

Require subs/suppliers without their own code to adopt the prime’s, and offer training opportunities.

Website for subcontractors, suppliers, and vendors contains comprehensive ethics information, including training and Code of Conduct.

Internal vendor evaluation system captures ethics and integrity performance of subcontractors.

93

UNCLASSIFIED

Industry “Best Practices”Investigations

Documented investigative procedures cover key

areas, including initiating, planning, and conducting

investigations; documenting interviews; attorney-

client privilege; and reporting format.

Investigative teams supplemented with

expertise appropriate to the allegation

(human resources, finance, legal, internal

audit, information technology, etc.).

Internal and external training in basic

investigative techniques periodically

provided to Ethics Officers and others

tasked with conducting internal

investigations.

94

Industry “Best Practices”Mandatory Disclosure

Leveraging of quarterly ―survey of principals‖ required under Sarbanes-Oxley to meet FAR mandatory fraud disclosure requirement.

Mandatory Disclosure policy requires reporting of possible violations to sector General Counsel within 2 working days.

Company requires quarterly certification by principals that they are unaware of reportable issues.

Company publishes a comprehensive list of reportable matters in categories such as contract award, contract performance/closeout, and overpayments.

95

Industry “Best Practices”Other Areas

Separate and distinct labor charging initiative.

Ethics Program materials and hotlines adapted and

translated for international business units; local ethics

officers, attorneys, and internal auditors with language

capability assigned.

Ethics integrated into recruiting process; students

briefed on company values and ethics, and advised not

to apply without buy-in.

Proactive fraud risk assessments and risk-based

monitoring conducted by Compliance staff in

coordination with internal audit.

Well-stated Ethics Program goal: ―Help employees

recognize, appreciate, and resolve ethical dilemmas

and issues.‖

UNCLASSIFIED

96

Industry “Best Practices”Other Areas

Online process for disclosure of Conflicts of Interest (COI) and certification of adherence to standards of business conduct.

Seven questions asked regarding COI-related issues.

Must be completed annually and upon changes in circumstances.

First-level review by manager; Ethics Office also conducts assessment.

97

Future Trends in Business Ethics

AMA/HRI identified several practices/approaches (2005) that would be part of the “Composite

Perfect Company” in 2015

Board of Directors

Obligated to uphold the code of conduct AND a specific Governance Code of Conduct.

Directors sign the code each year and participate in an ethics workshop that includes the ―Train-the-Trainer‖ certification, as well as in-depth discussions regarding the application of the Board’s code.

Criteria for selecting and retaining board members ensures the Board is diverse and independent.

Organizational ombudsman has direct access to the Board and provides unfiltered communications.

98

Future Trends in Business Ethics

Suppliers, Customers, and Investors

Supplier/Subcontractor Code of Conduct.

Company provides required training to the suppliers on the code of conduct and the company’s expectations of the relationship.

Suppliers have access to the company’s ombudsman and hotline to discuss any unethical behavior that may have been observed.

Representatives from the supplier are required to attend a business ethics conference held twice a year.

Principle of transparency: company provides current and prospective customers with access to clear and complete information on its business ethics and corporate social responsibility programs.

Shareholder trust is critical; company has created processes to provide timely and complete information and to obtain timely feedback for existing and potential investors.

99

Is the Government “Walking the Talk”?

100

Let's Be Philosophical

“There are seven things that will destroy us: Wealth without work;

Pleasure without conscience;Knowledge without character;

Religion without sacrifice; Politics without principle; Science without humanity;Business without ethics.”

Mahatma Gandhi

101

Closing Thoughts

“Don‟t think there are no crocodiles because the water is calm.”

-- Malayan Proverb

“Relativity applies to physics, not ethics.”

-- Albert Einstein

102

Contact Information

Eric R. Feldman, CFE, CIG

President, Core Integrity Group LLC

1732 Aviation Blvd, Suite 421

Redondo Beach, CA 90278

(540) 226-3070

www.coreintegritygroup.com

Documents

Best Practices in Implementing an Effective Business Ethics ......to the 2009 Edelman Trust Barometer, public trust in U.S. business stands at 38%, down from 58% The Committee on Oversight