Organizations that address these three critical areas now can mitigate the risks with an eye to doing the right thing during crisis and beyond:
1. Embed corporate integrity to protect against unethical conduct.
More than one-third of Canadian respondents say they’re prepared to behave unethically to improve their own career progression or remuneration package. The more senior the employee, the more likely they are to justify things like ignoring unethical conduct in their team, misleading an auditor or accepting a bribe.
This kind of risky behaviour exposes your organization to the threat of reputational damage and more. Consider the breadth and depth of our digital footprints, which could span everything from leaked statements to tone-deaf social media posts.
How can you weave integrity into your corporate culture?
- Assess your current compliance framework and check the context. Does it still make sense in today’s changing risk landscape, and is it adequately resourced?
- Understand employee attitudes about pressures to do the wrong thing and strengthen channels where they can confidentially report misconduct without fear of retaliation.
- Take personal responsibility for your own professional actions, whether scrutinized or not. Senior employees should lead by example to create a culture of integrity.
- Get to the root cause of misbehaviour through rigorous analysis. Seek to understand the social dynamics that shape the unethical behaviour instead of just treating the symptoms.
- Develop policies and procedures that influence individual behaviour at all levels and reinforce them with tailored training and communications.
- Use data to obtain measurable insights on actual behaviours in your organization.
2. Encourage trusting partnerships with third parties based on integrity.
Some 82% of Canadian respondents are very confident their third parties demonstrate integrity in the work they do. Meanwhile, only 34% of global respondents feel the same. The Canadian attitude could shift, as businesses do what’s necessary to meet short-term needs, possibly engaging potentially higher-risk third parties who might not share the same values.
With the pandemic significantly disrupting supply chains at 94% of Fortune 1000 companies, it’s safe to say assessing new partners quickly and effectively can help strengthen integrity culture even when working with new suppliers.
How can you reinforce integrity in third-party relationships?
- Perform proportionate, risk-based screening on new third parties and build trust through consistent, robust screening. This should identify and assess possible legal, reputational or financial risks.
- Risk-rank third parties according to your organization’s risk appetite and integrity agenda. Determine the level of risk your organization is willing to take.
- Mitigate red flags that arise during due diligence by addressing them before engaging a third party. Be prepared to walk away.
- Carry out ongoing third-party due diligence according to their risk ranking so you’re continuously addressing new or emerging risks.
- Perform holistic M&A integrity due diligence pre-acquisition to make sure compliance is part of the post-deal integration process.
- Use digital technology and automation to improve efficiency and decision-making throughout third-party onboarding, screening and monitoring.
3. Safeguard data while ethically leveraging its value.
Organizations now hold more data than ever. As the pandemic accelerates data security risks and more people work remotely, cybercriminals are finding new ways to hack their way in. Combine those factors with a broader environment in which new business models rely on data analytics, artificial intelligence and automation as part of daily operations, and your data could be exposed in more ways than you realize. At the same time, 72% of Canadian organizations say they don’t train employees on applicable data privacy regulations.
How can you entrench integrity in your cybersecurity programs?
- Promote a culture of data integrity that encompasses both the organization and your supply chain. Strengthen it with regular communications and training.
- Refresh training to account for new working environments and regulations. Be sure to roll training out to workers across all functions, positions and seniority levels.
- Use advanced technology as part of an effective compliance program to monitor business activity and flag potential risk areas — for example, as part of a cyber breach response plan to detect and quantify data that may have been lost.
- Perform risk assessments when introducing new advanced technologies that incorporate ethical scenarios where data integrity may be compromised.