Compliance Week analyzed corporate integrity and ethics programs around the globe to get an idea of their effectiveness and importance in the marketplace. The survey was performed by an advisory group of compliance professionals from February 2nd to March 31st 2009. It was conducted online at Compliance Week’s website and surveyed over 200 individuals, 157 of which were complete, usable, and appropriate. Respondents included:
89 NYSE companies
23 NASDAQ companies
22 Foreign listed companies
1 AMEX listed company
14 Large U.S. based private companies
8 Large Non-U.S. based private companies
The average revenues of the above listed companies were $21.9 billion and they had an average of 57,465 employees. This survey can be used to identify best practices and as a way for entities to benchmark the success of their current programs regarding integrity and ethics.
Compliance Week found that the most effectively structured programs have the integrity function report to the board of directors, audit committee, or senior executives quarterly. This provides management with an understanding of integrity programs without giving them daily updates on ethics. The results of the survey showed that roughly 64% of participants stated their integrity function reports to either the board of directors, general counsel, audit committee, or senior executives on a regular basis. However, 17.8 percent do not regularly assess their integrity programs or report them due to a lack of understanding on how to monitor their effectiveness.
According to the survey, 43.9 percent of participants stated that their integrity and ethics programs were centralized in nature with a global leader and a centralized integrity staff. 21% had regional structures and the other 35.1% had either departmentalized programs or regional programs with separate leaders. 80% of the participants closely integrate integrity with compliance programs. This seems to be the best practice, although, the other 20% are thought to be better suited to separate the two since their industries are highly regulated.
Metrics and Programs
Hotlines, reporting and resolution matrices, and training on integrity and ethics were thought to be the most effective ways to measure the effectiveness of integrity and ethics functions by over 60 percent of the survey’s participants. The results of metrics programs are used by the CEO (59.2%), board of directors (49%), and are often reported to shareholders, investors, and employees (47%). Most quantitative analysis of programs comes from risk assessments (64.3%) and internal audit programs (57.3%). It was interesting to find that 63.1 percent reported they do not calculate the return on investment of integrity and ethics training programs. The reasons for this were that soft data was too hard to measure and is often unreliable and unusable for these entities. The performance and integrity of management teams is mostly measured by a mixture of employee reviews, peer reviews, risk assessments, and internal benchmarking, however, 43.3 percent of respondents stated their management’s performance on ethics and integrity was not directly measured.
Information and communication regarding ethics and integrity programs was seen as the greatest operational risk among the participants in the survey. 33.6 percent ranked this risk at the top stating that communication was inadequate across the enterprise and that the information about programs’ success is not understood or broadcasted throughout the organization. Ranked number one by 10.5 percent was that policies and procedures to detect problems were ineffective or inconsistent. 9.8% stated they believed reporting of anonymous issues from employees was not trusted and not used enough, increasing the risk that integrity and ethics issues go under the radar. Another 9.8 percent reported that the culture of the entity was not in alignment with the strategy. Risks that ethics were not being embraced and that there were incentives for performance not dealing with ethical behavior are concerns for some of these participants. A small percentage also stated that organizational risk, inadequate training, inappropriate structure, lack of discipline or lack of controls to be some of the top operational risks faced by their companies.
Third-Party Risks and Mitigation
Most corporations have communicated their expectations regarding ethics and integrity to third parties they are involved with, but others (10.8%) have no current programs involving their third parties or vendors addressing their integrity or values. 68.2 percent have communicated their code of conduct as well as their business standards to third parties with which they are associated. “Right to Audit” provisions have also been adopted by 61.8 percent of participants in order to guarantee their third parties are operating in accordance with their ethical standards. A good amount of entities also require certification by means of a questionnaire or training for their third parties and vendors regarding their ethics and integrity policies. It is essential for these entities to monitor the ethics and values of other parties with which they are associated in order to maintain their own ethical standards. There is the risk that third parties will not share the same values and the results of the survey show that best practices mitigate this risk by using some of the examples listed in the survey.
Corruption and Bribery Risks
The risk of fraud, bribery, and improper payments is viewed as a top risk to global integrity programs. Fraud was ranked number one by 24.1 percent of participants as being a risk of global corruption. Improper payments ranked number one by 19.3 percent and security issues were trailing closely with 17.2 percent. There were many concerns regarding improper payments including payments to third parties (ranked number one by 34.1%), inappropriate gifts, direct bribes (ranked number one by 18.5%), misuse of company funds for “business” trips, and unlawful political or charitable contributions. Some other risks to global integrity programs included acquisitions, conflicts of interest, export control regimes, sourcing, environmental health and safety, and human resource issues. The Head of Global Compliance and Strategy for Eli Lilly Co. stated that enforcement of ethics and integrity programs across the globe is one of the most difficult tasks considering the differences in acceptable local behavior. Entities need to establish ways to identify and mitigate these risks in order to attain success of global operations.
Risks at Remote Sites and Mergers and Acquisition Risks
Deviation from Company Business Practices on remote sites was ranked the number one concern by 24.6 percent of respondents. There is the risk of a disconnection of off-site employees from the company culture. Participants also reported being concerned about the lack of integration of remote sites with the broader corporate culture (21.2%). Risks also exist that off-site employees will be unfamiliar with the regulatory environment in a certain area of the globe. Differences in country cultures and operations may cause accounting systems and controls to be of lesser quality in remotes sites (ranked number one by 9.2%). A small percentage was concerned with environmental health or safety issues, child or unfair labor practices, and a lack of third party employment contracts.
There are also many risks regarding mergers and acquisitions. 24.2 percent of participants said they discovered integrity issues during due diligence. A good number of participants (21.6%) stated that they either renegotiated the price or abandoned a deal as a result of risks created by integrity or ethics issues. The risk that acquired entities will share different values. There will be risks associated with these transactions because there is no possible way to understand all transactions of the company being acquired (General Counsel Jerome Okarma, Johnson Controls). 3.2 percent of participants entered into post-closing agreements with regulators to address the issue of integrity and ethics.
Click below to read the full article.