Strengthen governance framework and embed integrity into culture
The governance framework is often seen as the formal structure for compliance management, together with policies that guide organizational behavior. However, employees also take their cue from experiences, and their behavior is often shaped by the words and actions of the board and senior management. The business landscape today includes complex corporate structures and broad global influences. In such an environment, the board must play a dual role of setting the company’s strategic direction toward growth, while ensuring checks and controls are enforced for all relevant areas, including the professional conduct of C-suite executives and senior management personnel.
According to the EY Global Integrity Report 2020 (pdf), 55% of board members are very confident that their managers demonstrate professional integrity, but only 40% of junior employees feel the same. Moreover, only 37% of junior employees say that they have heard the management communicate frequently about the importance of behaving with integrity over the last two years. This points to the need for greater organizational engagement on integrity risks, which can be achieved through several ways:
- Holding candid focus group discussions outside of scheduled board meetings with frontline teams and employees working in high-risk areas
- Conducting staff training on ethics that allows employees to participate and share ethical dilemmas that they face
- Sharing lessons from past disciplinary matters with appropriate privacy protections
- Advocating for and ensuring adequate clout and independence of the audit and compliance functions
- Promoting and rewarding ethical behavior by linking it to employee performance indicators and incentives
These initiatives could help to create a supportive culture where employees can distinguish between taking entrepreneurial risks to drive growth and unethical business conduct that may adversely affect the organization. With such a culture, employees would be able to focus more on innovation and more easily recognize unethical behavior that should be avoided.
Ensure transparency and disclosure to stakeholders
Embracing integrity means viewing transparency and disclosures as more than just for compliance. It means not only focusing on materiality, but also putting information sharing that would help shareholders make informed investment decisions as a top priority.
Investigations have shown that companies with failed integrity agendas fell short of this standard. Boards must play a more active role in having a line of sight into outliers in disclosures, especially the ones that can create disproportionate risks. When assessing outliers, boards need to fundamentally change the overarching question from “Is this allowed?” to “Is this right?”.
Monitor and respond effectively
While boards are typically not directly involved in the company’s day-to-day operations, it is their role to gauge plausible early warning signs and probe the management by asking questions. This involves monitoring how business is conducted and responding effectively when things go wrong. Investigations have also revealed that in the majority of cases, early warning signs were actively hidden from the board or audit committee due to weak oversight mechanisms, or not thoroughly probed or investigated once known.
Many companies still do not test their practices and processes against fraud scenarios and find out whether fraudsters are able to exploit weaknesses in their systems. Boards can direct the management to mandate such reviews to identify weaknesses at both the entity level and the operations level.
Boards should steer the management to implement data analytics techniques and tests on matters beyond financial information for enhanced oversight and better monitoring of business practices. This can include using and linking data points from various sources, such as human resources, communication, IT security controls, operational key performance indicators, customer feedback and high-risk employee activities. Such analytics can be very effective in identifying early integrity-related warning signs.
If things go wrong, boards must ensure that the investigations are conducted independently, without the management’s influence, and that disciplinary actions are designed without relevance to the seniority of personnel involved in the matter. Regulators will also test if employees have knowledge of misconduct response procedures, and it is important for companies to help employees understand how these work in practice. This is an area where companies typically fall short in.
Ultimately, a proactive board approach is vital to maintaining the integrity of the organization. Boards should consider the following questions:
- How does the organization define integrity and embody the relevant values?
- How is the board monitoring key integrity risks and holding the management accountable?
- How are staff engaged on ethics and integrity, and are reporting mechanisms available and effective?
- Has the organization considered using technology and nonfinancial data points to identify and monitor early warning signs?
- What is the maturity of the organization’s integrity framework and how does the organization plan to work toward industry best practices?