Unformatted Attachment Preview
9
Implementing an
Ethics Program
Bloomberg/Getty Images
Learning Outcomes
After reading this chapter, you should be able to do the following:
• Explain how an organization can structure and manage an ethics program.
• Develop a code of conduct that articulates standards to company stakeholders.
• Create an ethics training and communications plan.
• Evaluate mechanisms for obtaining advice on ethical issues and reporting ethical misconduct.
• Design an effective monitoring and auditing system.
ped82162_09_c09_255-294.indd 255
4/23/15 8:47 AM
Introduction
Introduction
Ethics Program Pays Off for Morgan Stanley
On April 25, 2012, Garth Peterson, former managing director for Morgan Stanley’s real estate
business in China, pleaded guilty to violating the Foreign Corrupt Practices Act (FCPA) and for
conspiring to evade Morgan Stanley’s internal controls for meeting securities laws for investment advisers (United States Department of Justice, 2012). From 2004 to 2007, Peterson
cultivated a relationship with a Chinese official to obtain business approvals. In 2008, executives at Morgan Stanley discovered the violations, reported them to the U.S. Securities and
Exchange Commission (SEC), and fired Peterson (Lucchetti & Kendall, 2012). Department of
Justice officials declined to bring any enforcement action against Morgan Stanley because of
its documented ethics and compliance program, stating:
According to court documents, Morgan Stanley maintained a system of internal
controls meant to ensure accountability for its assets and to prevent employees from offering, promising or paying anything of value to foreign government officials. Morgan Stanley’s internal policies, which were updated regularly to reflect regulatory developments and specific risks, prohibited bribery
and addressed corruption risks associated with the giving of gifts, business
entertainment, travel, lodging, meals, charitable contributions and employment. Morgan Stanley frequently trained its employees on its internal policies,
the FCPA and other anti-corruption laws. Between 2002 and 2008, Morgan
Stanley trained various groups of Asia-based personnel on anti-corruption
policies 54 times. During the same period, Morgan Stanley trained Peterson on
the FCPA seven times and reminded him to comply with the FCPA at least 35
times. Morgan Stanley’s compliance personnel regularly monitored transactions, randomly audited particular employees, transactions and business units,
and tested to identify illicit payments. Moreover, Morgan Stanley conducted
extensive due diligence on all new business partners and imposed stringent
controls on payments made to business partners. (United States Department
of Justice, 2012, para. 6)
The experience of Morgan Stanley shows that companies with excellent ethics and compliance programs may be protected should their employees violate standards. An excellent ethics and compliance program meets five common elements set forth in the U.S. Federal Sentencing Guidelines for Organizations (FSGO), the FCPA, the U.K. Bribery Act 2010, and the
Organisation for Economic Co-operation and Development (OECD) Good Practice Guidance
on Internal Controls, Ethics, and Compliance. Although the language differs, each of the four
guidelines recommends the following steps: 1) create program structure, 2) establish corporate standards, 3) educate the workforce, 4) create investigation procedures, and 5) assess
program effectiveness (see Figure 9.1 for the key elements to implementing an organizational ethics program).
ped82162_09_c09_255-294.indd 256
4/23/15 8:47 AM
Section 9.1
Creating a Program Structure
Figure 9.1: Key elements to implementing an organizational ethics program
An excellent ethics and compliance program meets five common elements.
Create Program
Structure
Establish Corporate
Standards
• Ethics Officer
• Board Oversight
• Reporting Relationship
• Code of Conduct
• Global Considerations
• Implementation
Educate the
Workforce
• Training Plan
• Training Execution
Create Investigation
Procedures
Assess Program
Effectiveness
• Ethical Guidance
• Reporting Mechanism
• Investigation Process
• Ethical Performance
Metrics
• Audit Committee
Though prescriptive in the steps needed to create an effective ethics and compliance program,
none of the aforementioned guidelines specifies the method to be used. Rather, each organization may tailor its program to applicable industry practice or standards, the size of the organization, and the risk of misconduct (United States Sentencing Commission, 2013). Ethics
professionals typically share initiatives that work for their company (best practices) so that
other organizations can model their ethics and compliance programs on proven strategies.
This chapter presents practical steps for implementing an effective organizational ethics program. The first step involves creating a structure to manage and oversee the organization’s
ethics and compliance program. This is followed by clear communication of standards of
acceptable behavior that address potential risks for misconduct. The third step is to educate
the workforce via a training program that resonates with the audience and encourages ethical
behavior as the norm. The fourth entails creating procedures to respond to reported misconduct through a transparent and fair investigation process. The final step involves monitoring
and assessing program effectiveness to identify any areas for improvement. The chapter provides best practices as a foundation for an organization to design an ethics and compliance
program that meets its distinct requirements.
9.1 Creating a Program Structure
As demonstrated by the Morgan Stanley example, simply creating an organizational ethics
program is not sufficient for preventing misconduct. To ensure the effective implementation
of an ethics program throughout an organization, a designated individual or group must have
the authority and responsibility to oversee it.
ped82162_09_c09_255-294.indd 257
4/23/15 8:47 AM
Creating a Program Structure
Section 9.1
There are three components to an effective ethics program structure. The first is an appointed
ethics officer who oversees compliance with legal and ethical standards and acts as a steward of the ethics and compliance program within the organization (Ethics Resource Center,
2007). The second component is oversight of the ethics and compliance function by the organization’s governing body (e.g., the board of directors). The third is the relationship between
the ethics officer and whomever he or she reports to, which can help or hinder the effectiveness of the ethics and compliance program.
Approaches to managing an organizational ethics program vary. Some companies have a
distinct department for managing the ethics and compliance program, such as the Corporate Office of Ethics and Business Conduct at Lockheed Martin (Lockheed Martin Inc., 2007).
Other companies assign responsibility for ethics and compliance to existing functions, such as
human resources or legal departments. An informal survey by the Ethics & Compliance Officer Association (ECOA) found that less than a third of the companies (31.6%) had a separate
functional area for ethics, whereas almost half (47.4%) included ethics as part of the legal/
general counsel function (Kane, 2014).
Companies gain advantages by structuring ethics and compliance programs appropriately
within the organization. Organizations should consider the following questions when designing an ethics and compliance program:
•
•
•
•
•
How does the ethics and compliance function relate to the business, chief executive
officer (CEO), and top management?
How does the ethics and compliance function relate to functional departments or
divisions of the company?
What should the ethics and compliance relationship be with external stakeholders
(e.g., customers, suppliers, regulators)?
How does the ethics and compliance function relate to the board of directors or
owners?
What should the ethics and compliance function report about and to whom, how,
and when?
The reporting structure must allow the ethics officer to address delicate situations in which
executive management may be involved in wrongdoing. The OECD Good Practice Guidance on
Internal Controls, Ethics, and Compliance recommends that senior corporate officers have a
duty to oversee “ethics and compliance programmes or measures regarding foreign bribery,
including the authority to report matters directly to independent monitoring bodies . . . with
an adequate level of autonomy from management, resources, and authority” (OECD, 2010,
p. 3). The concept of an appropriately designed program suggests that the designated ethics
officer have sufficient authority and responsibility to perform duties to ensure compliance of
legal and ethical standards throughout the organization.
The Role of the Ethics Officer
What are the responsibilities of an ethics officer? The Society for Human Resource Management (SHRM) states that the ethics officer “serves as the organization’s internal control
point for ethics and improprieties, allegations and complaints, and conflicts of interest; and
provides corporate leadership and advice on corporate governance issues” (SHRM, 2014,
ped82162_09_c09_255-294.indd 258
4/23/15 8:47 AM
Creating a Program Structure
Section 9.1
para. 1). This description provides the purpose of an ethics officer in general terms, which
may not reflect the breadth of responsibilities for a larger organization. The Ethics Resource
Center (2007), on the other hand, provides an example of a job description for a chief ethics
and compliance officer with responsibilities for the conduct of employees worldwide:
Corporate Officer with responsibility to provide global leadership on compliance and ethics; oversee all compliance and ethics programs and initiatives
of the company; ensure that appropriate programs, procedures and policies
are implemented to reduce the chances of illegal or unethical conduct by the
company. (p. 7)
Regulatory guidelines stipulate that the ethics and compliance function be led by high-level
personnel (United States Sentencing Commission, 2013) or top-level managers (Ministry of
Justice, 2011). Recall in Chapter 1 that there was a shift from a solely compliance focus in
the early 1990s to either a combined compliance/ethics or solely ethics focus in the 2000s.
The managerial level, title, and department name can reflect the organization’s commitment
to the ethics program and its emphasis on ethics versus compliance. For example, the ethics and compliance function at Cisco resides in an ethics office, whereas most ethical issues
at Harley-Davidson are referred to the legal department and the chief compliance officer/
general counsel (Cisco, 2014; Harley-Davidson, n.d.). A study found that a title of chief, such
as chief ethics officer or chief compliance officer, is the most common in larger companies
(28%), followed by vice president (10%), executive vice president or senior vice president
(9%), director (7%), manager (4%), and officer (3%) (Weber & Wasieleski, 2013). See a
sample of titles for the ethics professional in the feature box Consider: What’s in a Name of an
Ethics Professional? to recognize variations in naming ethical departments and the responsible manager.
Consider: What’s in a Name of an Ethics Professional?
A review of the ECOA member listing shows some of the titles that may be used for ethics
professionals:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
ped82162_09_c09_255-294.indd 259
Chief compliance officer
Chief ethics and compliance officer
Chief ethics officer
Chief risk, compliance and ethics officer
Vice president, corporate responsibility
Vice president, global compliance and ethics
Director of business conduct
Director of integrity, security and compliance
Director, corporate compliance and ethics
Director, ethics and integrity programs
Director, ethics and regulatory compliance
Senior manager, ethics and non-financial corporate policies and procedures
Senior manager, global ethics and compliance
Senior vice president, global [corporate social responsibility] and risk management
Manager, business integrity and compliance
Manager, ethics and employee issues
(continued)
4/23/15 8:47 AM
Creating a Program Structure
Section 9.1
Consider: What’s in a Name of an Ethics Professional?
(continued)
Questions to Consider
1.
2.
3.
Why does the ethics function vary among organizations? What company factors
would lead to the wording of the ethics function?
Which titles reflect a focus on compliance only? Which titles reflect a focus on ethics?
Does a title provide sufficient authority to oversee an organization’s ethics program?
Does the title of the ethics professional indicate a level of autonomy in addressing
ethical issues?
The diverse titles of ethics professionals imply that the duties of the ethics officer vary among
organizations. The Ethics Resource Center (2007) identifies typical responsibilities of ethics
officers:
•
•
•
•
•
•
•
•
Oversee assessment of organizational risk for misconduct and noncompliance;
Establish organizational objectives for ethics and compliance;
Manage the organization’s entire ethics and compliance program;
Implement initiatives to foster an ethical culture throughout the organization;
Supervise ethics and compliance staff embedded throughout the organization;
Frequently inform the board of directors and senior management team of risks,
incidents, and initiatives driven by the ethics and compliance program, and progress
toward program goals;
Implement a program of measurement to monitor program performance; and
Oversee periodic measurements of program effectiveness. (p. 2)
A key role of the ethics officer is to coordinate the ethics program with other company managers in the areas of human resources, finance, communications, risk management, and governance. Additionally, the ethics officer may communicate regularly with customers, suppliers,
and the media on ethical issues relating to the company or industry. A survey of 800 ethics
and compliance professionals from financial service firms in 62 countries found that the typical week of an ethics officer includes, on average, a little more than a day of addressing regulatory developments, such as tracking and analyzing regulatory developments (15% of time
during the workweek) and amending policies and procedures (7%) (Hammond & Walshe,
2013). Another day involves communicating with the legal department, conducting internal
audit and risk functions (16%), and reporting to the board (6%). During the rest of the week,
the ethics and compliance professionals reported focusing on compliance tasks including
monitoring activities, training, and provision of advice and guidance (56%).
The Ethics Resource Center (2007) has identified 11 qualifications expected from the designated lead of an ethics program. They include:
•
•
•
•
ped82162_09_c09_255-294.indd 260
Substantial business experience (15 years+);
Ability to communicate (public speaking, professional writing, with executives, etc.);
Ability to develop and deliver training;
Familiarity with Sarbanes-Oxley, Federal Sentencing Guidelines [FSGO] and other
relevant compliance standards;
4/23/15 8:47 AM
Section 9.1
Creating a Program Structure
•
•
•
•
•
•
•
Familiarity with leading thinking and research in business ethics and compliance;
Understanding of the auditing process;
Understanding of the risk management/risk assessment process;
Comfort with eLearning, learning management systems, and other IT [information
technology];
Project management skills;
Substantial management experience (10 years+); and
Ability to motivate and inspire people. (p. 26)
As formal ethics and compliance education is only a recent offering in higher education, many
ethics officers come from legal, auditing, or human resources disciplines. Over half of ethics
professionals in vice president or director roles have a law degree, while less than 5% of all
ethics professionals are certified public accountants (Society of Corporate Compliance and
Ethics, 2013). To gain knowledge in ethics and compliance, professionals seek certification
from the ECOA and the Society of Corporate Compliance and Ethics (SCCE). According to an
SCCE survey, the average compensation for ethics professionals ranges from $214,118 for vice
presidents to $71,894 for assistants/specialists, whereas compensation for certified professionals are slightly higher (Society of Corporate Compliance and Ethics, 2013). See Table 9.1
for more detailed information about compensation for ethics professionals.
Table 9.1: Average compensation for ethics professionals
Vice President
Director
Manager
Assistant/
Specialist
Average total
compensation
$214,118
$139,582
$102,324
$71,894
Other certifications*
$170,425
$128,571
$103,376
$69,352
Certified Compliance
& Ethics Professional
from SCCE
No certification
$230,637
$236,479
$166,109
$134,857
$113,875
$93,586
$78,580
$70,904
* Includes industry-specific certifications in healthcare, fraud examination, internal auditing, information systems
Source: Society of Corporate Compliance and Ethics. (2013). 2013 cross-industry compliance & ethics staff survey (pp. 40).
Minneapolis, MN: Society of Corporate Compliance and Ethics.
The relationship of the ethics officer to the governing authority of an organization shifted from
informal or nonexistent to a formal reporting requirement with the enactment of SarbanesOxley (Chapter 4) and similar legislation worldwide, which placed greater responsibility for
accurate financial reporting on the board of directors. The 2004 and 2010 amendments of
the FSGO encourage companies to allow the chief ethics and compliance officer access to the
board of directors to report on observed misconduct. To create an effective program structure, organizations ask, “What is the appropriate involvement of the board of directors in the
ethics and compliance program and what should be the relationship between the board and
the ethics office?” The next section explores these questions.
ped82162_09_c09_255-294.indd 261
4/23/15 8:47 AM
Creating a Program Structure
Section 9.1
Board Oversight
Oversight of the ethics program by the governing body of an organization differs from the
daily management by the ethics officer. The role of the board of directors is to monitor
management practices and performance in achieving company goals, as well as to protect
the organization from reputational and financial risks resulting from ethical misconduct.
Board members may be responsible to stockholders for monetary damages if they fail to
set up procedures guarding against misbehavior that results in fines and penalties. Recall
from Chapter 1 how Medicare and Medicaid fraud resulted in scrutiny of the healthcare
industry and the subsequent Caremark decision of 1996 statement that directors have a
duty to assure that accurate information and reporting systems are in place and followed
(Cohan, 2002; Robinson & Pauzé, 1997). The realization that Enron’s board of directors
twice waived its conflict of interest policy for establishing special purpose entities with its
chief financial officer increased regulatory attention to the board’s responsibility to oversee the ethics program (Felo & Solieri, 2003).
The FSGO outlines the responsibilities of the board of directors and senior management relating to ethics and compliance as follows:
•
•
•
The board of directors must be knowledgeable about the organization’s ethics and
compliance program, including information on the compliance risks facing the firm
and the programs installed to combat those risks.
Senior management must ensure that the organization has an effective compliance
program.
Those individuals with day-to-day operational responsibility for ethics and compliance must “be given adequate resources, appropriate authority, and direct access”
to the board of directors or an appropriate subgroup of the board (United States
Sentencing Commission, 2013, p. 497).
A board of directors faces many challenges when implementing an adequate monitoring process to stop illegal and unethical behavior within the organization (Prentice, 2012). One challenge is that company ethics may not receive attention on the board agenda. The CEO and
management team typically set the agenda for board meetings and are the primary source of
information for the board members (Sharpe, 2011). Another challenge is achieving the right
degree of monitoring to demonstrate aggressive detection and punishment for violations of
ethical standards without creating an atmosphere of distrust that erodes innovation (Cohan,
2002). Board members must be able to ask the right questions and provide an environment
of trust among the ethics office and the board.
The FSGO accepts that a board cannot manage every aspect of the ethics and compliance
practices within a business, allowing for “Specific individual(s) within the organization [to]
be delegated day-to-day operational responsibility for the compliance and ethics program”
(United States Sentencing Commission, 2013, p. 497). The board looks to the ethics officer
to create an ethical culture that emphasizes proper conduct, and that increases brand value
and reputation, necessitating regular communication and reports between the board and the
ethics officer. Table 9.2 provides sample questions that board members should ask the ethics
leader of the organization.
ped82162_09_c09_255-294.indd 262
4/23/15 8:47 AM
Section 9.1
Creating a Program Structure
Table 9.2: Sample questions the board of directors should ask
the chief ethics officer
Board Oversight Questions
Element of Ethics Program
Do we have the right model to
oversee, manage, and implement
the company’s ethics and compliance (E&C) program?
Program structure
Governance
Executive oversight
Resources
How do we assess adherence to
company standards? How do we
determine effectiveness?
Code of conduct and appropriate
policies
How do we ensure the visibility
of high-risk matters arising in the
business units?
Code of conduct and appropriate
policies
How do we train our employees? How do we raise employee
awareness of the company’s E&C
program?
Targeted training and
communications
Are we identifying and prioritizing
the company’s compliance risk?
Periodic risk assessment
The Board Needs
to Ensure That . . .
A chief ethics and compliance officer
(CECO) or equivalent appointed.
The CECO has sufficient personnel
and resources commensurate with
company needs.
The CECO is sufficiently integrated
with the company’s executive team.
The CECO has the ability to report
directly to the board or board committee formally or informally.
There is a code of conduct for all
employees, the board, senior management, and third parties.
The board is periodically educated
on the company’s code of conduct.
High-risk policies are in place.
Policies address systemic and
industry-specific risks.
Periodic training and education for
all employees, management, and
critical third parties takes place.
Training and code certification
process is tracked and that further
inquiries take place when issues
arise.
The company issues regular communications to all employees on E&C
topics.
The board receives appropriate code
of conduct and other relevant integrity education periodically.
There is full understanding of the
company’s risk profile.
Risk assessment is completed
periodically.
Risk assessment and management target high-risk areas for the
business.
Senior management IS accountable
for risk management.
A relationship exists between E&C
risk assessments and enterprise risk
management.
(continued)
ped82162_09_c09_255-294.indd 263
4/23/15 8:47 AM
Section 9.1
Creating a Program Structure
Table 9.2: Sample questions the board of directors should ask
the chief ethics officer (continued)
Board Oversight Questions
Element of Ethics Program
Are we auditing for priority compliance risk?
Monitoring, investigating, and
auditing
Do we have the right systems in
Anonymous reporting and
place to ensure observed misconhelplines
duct is reported? Ensure employees are comfortable raising issues?
How do we measure E&C program
effectiveness?
Continual review and improvement of E&C program
The Board Needs
to Ensure That . . .
Periodic monitoring and auditing
of E&C program is completed with
reports to the board.
Routine internal audits occur.
Key compliance indicators (fines,
penalties, warning, violations) are
reviewed.
An investigations protocol is in place
and is followed; reports received on
overall results.
Exit interviews occur.
A system is in place for employees
and others to report and discuss
concerns without fear of retaliation.
Concerns are addressed and
resolved.
The board receives periodic reporting of statistics about hotline or
other reported issues, including
trend lines, comparisons to peer
companies, and overall business
statistics.
Lessons are learned from mistakes;
board seeks examples.
Accountability for improvements is
demanded from senior management.
Proof of implementation of improvements is provided.
E&C considerations are factored into
performance evaluations.
The CECO is encouraged to become
a member of peer associations to
access materials, benchmarking, and
best practices.
Sources: Adapted from Tables 1 & 4, pp. 12, 18 in Bonime-Blanc, A., & Brevard, J.E. Ethics and the Board: Integrating Integrity into
Business Strategy. Council Perspective CP-013 © 2009 by The Conference Board, Inc.
The ethics officer must be able to inform the board of directors and senior management team
of risks, incidents, and activities related to the ethics and compliance program without fear of
retaliation (Ethics Resource Center, 2007). To provide regular updates to the board, the ethics
program needs a system for collecting the statistics and qualitative findings of risks, program
effectiveness, and potential misconduct. Ethics officers should provide board members with
easy to read dashboards of quantitative information such as helpline/hotline call statistics,
material investigations, training completion, communications reach, code of conduct certifications, employee ethics culture survey results, employee turnover counts, and exit interview
feedback. Qualitative information that the ethics officer should provide includes new laws or
ped82162_09_c09_255-294.indd 264
4/23/15 8:47 AM
Creating a Program Structure
Section 9.1
regulations, internal audit findings, and risk assessment reports. Reporting to the board can
be time-consuming, as one study found that 36% of ethics professionals spent more than four
hours a week creating and amending information for the board, with more than 70 organizations spending more than 10 hours a week preparing information for the board (Hammond
& Walshe, 2013).
Reporting Relationship
The ethics officer’s credibility and authority with the board and the company is heavily influenced by whom he or she reports to within the organization. Michael Hoffman, a noted professor of business ethics at Bentley University, stresses that the reporting structure can affect
an ethics officer’s objectivity, independence, power, and influence to ensure ethical integrity
throughout the organization (Hoffman, 2010). He stated, “There are many signs that the role
of the day-to-day ethics officer, the person who really does the ethics work, is being marginalized rather than strengthened” (p. 744).
Hoffman describes three ways that the reporting relationship of ethics officers influences
their objectivity, independence, power, and influence. One reason refers to the point that was
made in the previous section on Board Oversight: if the ethics officer does not have access to
the board of directors, it reduces his or her influence and power to provide accurate information on the organization’s ethical program. Another reason is that a conflict of interest
occurs should ethical misconduct by the ethics officer’s supervisors be observed. This conflict
of interest can restrict the ethics officer’s objectivity and independence when enforcing the
organization’s ethical code. The final reason is that inadequate resources or authority minimize an ethics officer’s power and influence over other departments.
In some organizations, an ethics officer reports to a senior executive in a legal, human
resources, or internal audit department. Most studies show that ethics and compliance officers most often report to the general counsel with increasing numbers reporting directly to
the CEO (SAI Global, & Baker & McKenzie, 2013; Weber & Wasieleski, 2013). An ethics officer
may be in the tenuous position of both monitoring the ethical integrity of and reporting to
senior managers who have the power to have him or her promoted or fired. Senior managers may recommend ignoring unethical conduct, or fail to take action on an ethics officer’s
recommendation.
Treviño, den Nieuwenboer, Kreiner, and Bishop (2014) recounted an example where an ethics
officer was ignored:
We had a big investigation . . . that involved senior officers of an alleged
ethical violation that was quite serious. . . . Senior management didn’t take
it very seriously. . . . A couple of years later it recurred and this time they
realized the seriousness of it and responded fully. . . . So that was kind of a
game changer . . . because senior management, including the Board of Directors, saw how a good ethics program identifies and can help solve problems
before they get big. (p. 196)
According to the Ethics Resource Center (2007), the ideal reporting structure will allow the
ethics officer to:
ped82162_09_c09_255-294.indd 265
4/23/15 8:47 AM
Section 9.1
Creating a Program Structure
•
•
•
•
Have employment decided and terminated only by the direction of the board of
directors;
Directly report to either the board or the CEO;
Have direct, unfiltered access to the board; and
Achieve performance goals as defined by the board and CEO. (p. 2)
Consider how each of the reporting relationships in Figure 9.2 enhances or restricts the
objectivity, independence, and influence of the ethics officer.
Figure 9.2: Progression of reporting relationship of the ethics officer
The reporting relationships of the ethics officer can vary by organization.
Functional Reporting
CEO
VP
Operations
VP
Finance
VP
Marketing
HR
Director
Ethics
Officer
General Counsel
CEO
General
counsel
Chief Financial
Officer
Chief Marketing
Officer
Ethics
Officer
C-Suite/Board
CEO
General
counsel
ped82162_09_c09_255-294.indd 266
Chief Financial
Officer
Board
Chief Marketing
Officer
Chief Ethics
Officer
4/23/15 8:47 AM
Developing a Code of Conduct
Section 9.2
The individual that an ethics officer reports to has discretion to allocate resources for promoting ethical standards, educating the workforce, monitoring compliance, and investigating
potential violations. The FSGO stipulate that organizations ensure that the individual delegated with operational responsibility of the ethics and compliance program has adequate
resources to perform his or her role effectively (United States Sentencing Commission, 2013).
Program resources include dedicated personnel and a sufficient budget for salaries, training,
the reporting hotline, and other expenses.
The number of resources varies among organizations, including the dedicated staff and budget for ethics and compliance. A 2013 study found that most companies with fewer than
1,000 employees have three or fewer ethics professionals, whereas more than half of companies with 50,000 or more employees have more than 10 dedicated ethics staff members
(SAI Global, & Baker & McKenzie, 2013). A 2014 study of more than 1,000 companies found
that 12% of firms do not have a separate budget for ethics and compliance activities, yet
almost one third estimate an annual budget of more than $1 million for their ethics program
(PWC, 2014).
The number of ethics staff and the specific budget for the ethics program vary depending
on the size of the company and whether it is part of a heavily regulated industry. How can
the board ensure that an ethics officer has adequate resources? The Ethics Resources Center
(2007) suggests that resources should include:
•
•
•
•
•
•
•
•
Sufficient funds and content expertise to review, refresh, and distribute the corporate code of conduct to every employee and the board once a year;
Sufficient funds to comprehensively train every employee and the board on organizational standards and core compliance risks;
Sufficient staffing to work with management to promote the values of the
organization;
Sufficient staffing and funds to conduct thorough compliance audits, monitoring, and
risk assessments;
Sufficient resources to ensure the effectiveness of ethics and compliance controls;
Sufficient staffing to maintain an anonymous helpline (or to outsource this function),
and to investigate incidents that are reported;
Sufficient staffing to separate the proactive communication and training functions
from the receipt of calls and follow-up investigations; and
Sufficient staffing to serve as a resource to the board and senior management.
(p. 24)
With adequate authority and resources, the ethics officer can encourage compliance with
legal and ethical standards found in the company’s code of conduct.
9.2 Developing a Code of Conduct
The ethics office is typically responsible for creating the company’s code of conduct, which
forms the foundation of an ethics and compliance program. Employees of companies with a
formal code of conduct report greater satisfaction with outcomes of ethical dilemmas than
ped82162_09_c09_255-294.indd 267
4/23/15 8:47 AM
Developing a Code of Conduct
Section 9.2
those working for companies without one (Adams, Taschian, & Shore, 2001). A study by
Erwin (2011) found that companies with a high quality ethics code are seen as leaders in
corporate citizenship, sustainability, ethical behavior, and trustworthiness.
Despite these findings, Enron’s accounting scandal and Alcoa’s corruption scandal occurred
with corporate ethics codes in place, which begs the question of whether a code of conduct
has an impact on ethical behavior. One European study shared the following perspective of
formal corporate codes:
The head of sales at an investment bank explained, “It is very good that everyone has to read them, but as long as something is not illegal, people will do it
anyway.” Ethics activities would be empty, symbolic gestures with no intention of having a practical impact. (Norberg, 2009, p. 218)
Much research in behavioral ethics looks beyond the mere existence of a code of conduct to
explain ethical behavior in the workplace, recognizing that the quality of the content and
familiarity with the code are key factors for creating an ethical culture (Andreoli & Lefkowitz,
2009; Kaptein, 2011; Treviño, Weaver, Gibson, & Toffler, 1999). Individual and organizational
factors affect employee acceptance of a code of conduct (Andreoli & Lefkowitz, 2009). For
example, familiarity with an industry code of conduct and perceptions of usefulness lessen
when an uncertain business environment creates role ambiguity (Chonko, Wotruba, & Loe,
2003). Additionally, managers with a relativist ethical orientation (believing that it is impossible to make claims of right or wrong) are less likely to consider the ethics code binding than
idealists (people who act on their moral ideals in all situations) (Chonko et al., 2003).
Even the title of the code can influence whether employees uphold the desired conduct of
the organization (see Consider: What’s in a Name of an Ethics Code?). The title should convey
the purpose of the document. A rules-based code appears punitive, with a “thou shalt not”
aspect, and typically includes company standards and rules applicable to an issue area (Ethics
and Compliance Officer Association Foundation, 2008). Naming the document a compliance
code sends a message to the workforce that following the law is sufficient, rather than the
concept of business ethics being about choice and judgment in following company values.
Values-based codes like Every Day Values: The Harley Davidson’s Code of Conduct connect
company values with employee behavior (Harley-Davidson, n.d.; Martens, 2012; Treviño
et al., 1999).
Multinational companies need to consider the wording of the code’s title carefully as some
concepts may present difficulties in translation. For example, the term ethics can have moralistic connotations in some regions, while compliance can evoke feelings of imposition of company standards (Martens, 2012). A review of the 200 largest global corporations found strong
variances in the titles of codes with 36% containing the word conduct, 17% containing principles/guidelines, 9% containing ethics, 6% containing values, and 4% containing integrity
(Kaptein, 2004).
ped82162_09_c09_255-294.indd 268
4/23/15 8:47 AM
Developing a Code of Conduct
Section 9.2
Consider: What’s in a Name of an Ethics Code?
The document that summarizes the company’s ethical and legal standards can go by
many names, including:
•
•
•
•
•
•
•
Code of conduct;
Code of ethics;
Code of business conduct;
Code of ethical and legal standards;
Ethics guide;
Code of employee conduct; or
Standards of professional and business conduct.
•
•
•
Setting Our Sights High (Bausch & Lomb Incorporated);
Follow the Right Road (The Auto Club Group); and
Inside the Lines (Nike).
The title of the document can create a brand for the company’s ethics and compliance. The content becomes relevant to the workforce when the code ties the ethics
and compliance program to the company’s mission or business strategy. The title can
make that connection and serve as a theme throughout the document. Consider these
titles for company code of conduct documents:
Sources: Ethics and Compliance Officer Association Foundation, 2008, p. 58; Martens, 2012.
Questions to Consider
1.
2.
3.
How does the title of a company’s ethics document affect your attitude about the
content? Is one title more attractive than another?
What is the overall message that the title of the code of conduct conveys? Does it
reflect the purpose of the document to provide employee guidance on expected
conduct?
Propose creative titles for ethics codes for a pharmaceutical company and a
restaurant.
Implementing an effective code of conduct is not a simple task. One study found that a code
for equal opportunity in the hiring process limits discrimination only when enforced by management and integrated into normal practice (Petersen & Krings, 2009). Enforcement of the
document requires close attention to the tone and terminology, such as phrases like “may
result in disciplinary action.” The U.S. courts find that such ambiguous penalties for noncompliance negate contractual obligations to comply with a code of conduct (Kenny, 2007). The
design of the document and the communication of the code play a critical role in embedding the ethical standards for conduct throughout the organization (Kaptein, 2011; Verbos,
Gerard, Forshey, Harding, & Miller, 2007). The following sections outline best practices in
designing a code of conduct document.
ped82162_09_c09_255-294.indd 269
4/23/15 8:47 AM
Developing a Code of Conduct
Section 9.2
Code Content
Designing a code of conduct includes identifying the topics and tone that will resonate with
the workforce, as the code’s purpose is to guide employee behavior. This is particularly
important as studies have shown that employees generally have difficulty naming specific
behaviors that the code requires or prohibits (Adams et al., 2001). To make the content more
memorable, The Ethics and Compliance Handbook cautions against codes that are generic,
bland, or legalistic (Ethics and Compliance Officer Association Foundation, 2008). In reality,
there is no such thing as a generic organization. Therefore, those designing the code should
tailor it to reflect the organization’s unique culture, risks, and history, which ultimately shape
the ethical issues covered by the code and the manner of conveying acceptable conduct. Content may vary because of the regulatory environment for the industry or geographical region.
Some content is applicable to all employees, while others may be specific to a function such
as accounting or sales. The code of conduct should clearly address expectations on topics relevant to the intended audience in language that is readily understood.
Recommended Elements of a Code
Given that an organization can tailor a code of conduct to meet the needs of its workforce
and industry, the elements or sections of the code will vary accordingly. As the foundation of
the ethics and compliance program, the code of conduct should provide sufficient guidance
to develop an ethical culture. The Ethics and Compliance Handbook identifies eight sections
recommended in a code of conduct (Ethics and Compliance Officer Association Foundation,
2008). They include:
1. An introductory letter from senior management or the CEO reinforcing top management support for ethics and compliance in the organization;
2. A mission statement, statement of values, and guiding principles of the company;
3. An ethical decision-making framework to guide employees in making choices;
4. Resources for seeking advice and reporting misconduct;
5. Substantive rules and guidance for acceptable and unacceptable behavior for risk
areas;
6. Disciplinary rules and enforcement procedures for unethical behavior;
7. Protection against retaliation for reporting misconduct; and
8. An acknowledgment or certification that employees have received and read the company code of conduct.
The quality of the code of conduct contributes to its effectiveness in deterring misconduct.
A review of company codes in the 1970s showed limited inclusion of relevant ethical issues
and few procedures for seeking advice, reporting misconduct, or taking disciplinary actions
(Cressey & Moore, 1983). By sharing best practices, more companies are developing codes of
conduct that incorporate all eight recommended sections. Ethisphere Institute has developed
criteria to evaluate the quality of a code of conduct, as shown in Table 9.3. Codes of conduct
meeting these components are effective tools in setting and reinforcing expectations for ethical behavior.
ped82162_09_c09_255-294.indd 270
4/23/15 8:47 AM
Section 9.2
Developing a Code of Conduct
Table 9.3: Evaluation components to benchmark the quality
of a corporate code of conduct
Component
Component Description
Public Availability
The code should be readily available to all stakeholders. What is the availability and ease of access to the code?
Readability and Tone
What is the style and tone of the language used in the document? Is it
easy to read and reflective of its target audience?
Tone from the Top
Non-Retaliation & Reporting
Commitment & Values
Risk Topics
Comprehension Aids
Presentation and Style
Level at which the leadership of the organization is visibly committed to
the values and topics covered in the code.
Is there a stated and explicit non-retaliation commitment and dedicated
resources available for making reports of code violations? If so, is it presented clearly?
Does the code embed corporate values or mission language? Does it
identify the ethical commitments held to its stakeholders (e.g., customers,
vendors, communities)?
Does the code address all of the appropriate and key risk areas for the
company’s given industry?
Does the code provide any comprehension aids (questions and answers/
frequently asked questions, checklists, examples, case studies) to help
employees and other stakeholders understand key concepts?
How compelling (or difficult) is the code to read? This depends on layout,
fonts, pictures, taxonomy, and structure.
Sources: Erwin, 2011; NYSE Governance Services, 2014.
The Morgan Stanley code of conduct titled “Doing the Right Thing” is an example of a document that meets the Ethisphere Institute’s evaluation criteria. A common element in both The
Ethics and Compliance Handbook and Ethisphere Institute evaluation criteria is a demonstration of top management’s commitment to the ethics and compliance program. The first page
of Morgan Stanley’s code of conduct includes a statement by James P. Gorman, the chairman
and CEO, stressing “an unwavering commitment to the highest standards of ethical conduct”
and concludes with, “Like you, I am proud to be part of a Firm that has such a distinguished
heritage and promising future. Thank you for doing your part to uphold our greatest tradition” (Morgan Stanley, 2014, p. ii).
The code of conduct is values-based, tying ethical behavior to Morgan Stanley’s values
of putting clients first, leading with exceptional ideas, doing the right thing, and giving
back. Throughout the document, sections begin with the word we, denoting that the code
of conduct applies to everyone. The section titled “We Make Ethical Decisions” includes
a series of questions to assist employees in choosing the right action when faced with
an ethical dilemma. Disciplinary procedures, resources for reporting, and non-retaliation
ped82162_09_c09_255-294.indd 271
4/23/15 8:47 AM
Section 9.2
Developing a Code of Conduct
procedures are presented early in the document. The following are the major headings
featured in the code:
•
•
•
•
•
•
•
•
•
•
•
What This Code Means to Us;
We Make Ethical Decisions;
We Treat Others with Dignity and Respect;
We Support Our Communities;
We Protect Our Franchise and Address Conflicts of Interest;
We Protect and Prevent the Misuse of Confidential and Material Nonpublic
Information;
We Follow the Letter and the Spirit of the Laws and Regulations;
We Protect Our Interests;
We Are Honest and Fair in Our Communications with the Public;
We Report Information and Cooperate with Requests Relating to Litigation,
Investigations, Inquiries and Complaints; and
Code of Conduct Acknowledgement.
The key ethical issues and acceptable behaviors outlined in Morgan Stanley’s code of conduct guide employees in everyday conduct through simple, concise language and concrete
examples to aid in comprehension. The document specifically states, “Throughout this Code,
we include questions and answers that address situations that commonly arise and illustrate
how particular policies apply in practice” (Morgan Stanley, 2014, p. 2). The code is 15 pages
long, with detailed policies and procedures for 34 ethical topics. It is unlikely that all of the
ethical issues are relevant to all employees. Therefore, in addition to the full table of contents,
the code of conduct provides a summary listing of the 15 ethical issues that have generated
the most questions from employees.
Focusing the Code on the Organization’s Key Risk Areas
The focus of company codes of conduct changes over time and varies by geographical location. A review of codes of conduct in the 1970s recognized a focus on misconduct that directly
impacts company profit, such as conflict of interest, rather than responsibilities to others
(Cressey & Moore, 1983). A review of global companies’ codes in 2009 found that U.S. companies focus more on accounting fraud, conflict of interest, and insider trading, while global
companies tend to emphasize security, human rights, bribery, and money laundering (Sharbatoghlie, Mosleh, & Shokatian, 2013). Table 9.4 lists possible topics for codes of conduct
from The Ethics and Compliance Handbook. The list is extensive and inclusion of all topics is
neither practical nor necessary for most organizations.
Table 9.4: Possible topics for codes of conduct
• Anticorruption
• Gifts, entertainment, and gratuities
• Billing for services
• Government relations and lobbying
• Antitrust/competitive information/unfair
competition
• Books and records/financial reporting
and recordkeeping
ped82162_09_c09_255-294.indd 272
• Government contracting, transactions,
and relationships
• Harassment (sexual and otherwise)
(continued)
4/23/15 8:47 AM
Section 9.2
Developing a Code of Conduct
Table 9.4: Possible topics for codes of conduct (continued)
• Community or civic activities
• Investigations (internal and government)
• Confidential and proprietary information
• Marketing, sales, advertising, and promotions
• Complying with laws
• Conflicts of interest
• Copyrights, patents, and intellectual property
• Customer service and customer relations
• Discrimination
• Document retention
• Environment, health, and safety
• Equal employment and affirmative action
• Expense reimbursement and time reporting
• External inquiries/public disclosure
and reporting
• Family and personal relationships
(e.g., nepotism)
• Fraud
• Licensure and professional certifications
• Media relationships
• Money laundering
• Political contributions
• Privacy and safeguarding information
• Procurement/purchasing
• Professional standards, competence,
and due care
• Respect and fair treatment
• Securities trading and insider information
• Security
• Social media
• Work-life balance
• Workplace violence
Source: The ethics and compliance handbook: A practical guide from leading organizations. Copyright © 2008 The Ethics &
Compliance Officer Association Foundation. Reprinted with permission.
When identifying key risk areas to include in a code of conduct, executives must consider
external forces, internal perceptions, and historical data. The first consideration, external
forces, represents the legal, regulatory, and competitive environment that can elevate an issue
to warrant attention in the formal code of conduct. For example, in the United States, regulations provide specific topics that should be addressed, including policies on conflict of interest, insider trading, and bribery (Ethics & Compliance Officer Association Foundation, 2008;
NYSE Governance Services, 2014).
Second, internal forces such as the industry, size, or international scope of the company can
determine topics to emphasize in the code of conduct. For example, a company manufacturing products in emerging markets may place more emphasis on environmental impact,
human rights, and safety. Additionally, a survey of employees can reveal internal perceptions
regarding what ethical issues they consider likely to occur, providing issues to include in a
code of conduct.
Lastly, the ethical topics that the company has struggled with in the past should be included
in the code of conduct. Audit findings, regulatory investigations, or common employee violations are sources for historical data of relevant ethical topics. It is useful to organize the key
issues by stakeholders, corporate values, or internal employee conduct (Kaptein, 2004).
ped82162_09_c09_255-294.indd 273
4/23/15 8:47 AM
Developing a Code of Conduct
Section 9.2
Global Considerations
International companies have additional considerations when designing a code of conduct
that applies to employees in multiple countries. The first decision is whether to develop one
common code for all countries or separate documents for each country. Some organizations
may consider one code impractical or unrealistic because of variations in legal requirements,
cultural norms, and languages among the countries. Benefits of a common code include:
a) there is only one definition of what is right or wrong, b) employees are clear on expected
behavior no matter where they travel on business, and c) the company avoids liability associated with inconsistent practices. One solution is to create one common code with regional or
country variations that bridge gaps between local laws or customs and company standards
(Martens, 2012).
Companies that intend to implement a global code of conduct that applies across the organization must make careful considerations during the code drafting process. Best practices
dictate that companies seek input from a legal team, managers, and workers while developing
the code. This team can help identify and address:
•
•
•
•
Key ethical and legal concerns;
Cultural or historical issues that affect business operations;
Workforce dynamics that could either promote or interfere with the adoption of the
code of conduct in their country or region; and
Language or terminology issues. (Ethics & Compliance Officer Association Foundation, 2008, p. 62)
An effective code of conduct provides guidance for employees to manage contradictions
between individual or local norms and the company’s standards. Chapter 5 described how
cultural differences influence ethical positions and increase the potential for conflicts within
a global organization. One study relates how an ethics officer investigating a report that “a
high-level executive had been making sexist and ageist ‘jokes’ during business-related conference calls” discovered that the executive, who worked outside the United States, was unaware
that his remarks were offensive and potentially discriminatory because they would be acceptable in his country (LRN, 2006, p. 3).
Halff (2010) found that the majority of the world’s largest corporations fail to acknowledge
contradictions between local norms and corporate norms, leading to hidden and overt violations of the company code of conduct. Global codes that include negative language such
as “employees must never” can lead employees to feel that the company is not considering
local norms (Martens, 2012). Organizations that do acknowledge differences take varying
approaches such as to seek advice, apply the stricter rule, follow local norms, or comply with
corporate code. Companies like Lockheed Martin and Cisco serve as role models for multinational companies striving for a global code of conduct. Their codes of conduct are provided in
multiple languages, include symbols for navigation, and provide examples relevant to diverse
employees. Global companies can follow practices suggested for a suitable global code of conduct such as:
First acknowledge that sets of norms might contradict, second give clear
priority to one set of norms (local or corporate) and thirdly provide specific
instances and/or examples of how and when to apply the priority rule. They
ped82162_09_c09_255-294.indd 274
4/23/15 8:47 AM
Section 9.2
Developing a Code of Conduct
are particularly precise about gift-giving, facilitating payments, employment
of relatives, and the entertainment of public servants. (Halff, 2010, p. 364)
Global companies should avoid region- or country-specific terms or phrases when drafting
the code for an international audience. For example, a U.S.-based firm should not refer to
a non-U.S. government employee in anti-bribery sections as a foreign government official.
The local employees would not consider their government officials, customs agents, or public employees as foreign. Some terms in codes of conduct relate to country regulation, such
as affirmative action or equal employment opportunity in the United States. Use of countryspecific terms fails to convey the ethical standard of nondiscrimination to workers in other
countries. Table 9.5 provides suggestions for replacement terms to make culturally-specific
terminology more global.
Table 9.5: Replacement terms for culturally-specific language
Term
Country
Replacement Term
Equal employment opportunity
United States-centric
Fair hiring practices/no
discrimination
Antimonopoly
United Kingdom-centric
Antitrust
Bullying/mobbing
Anti-bribery
FCPA
United States-centric
United Kingdom and Europe
United Kingdom
United States
Fair competition
Harassment, disrespectful
treatment
Improper payments
Source: L. T. Martens, 2012, Globalising a Business Ethics Programme, p. 25. Copyright 2012 by the Institute of Business Ethics.
The graphic design of the document should reflect cultural sensitivity through the use of
color, symbols, and photos (Martens, 2005). For example, red print may trigger negative feelings of forced compliance in Western countries where red is used as the symbol for danger.
Universal symbols are preferable, although not always practical when a standard or example
requires a currency amount. For example, a reference to accepting or giving gifts over $25
should include the equivalent amount in euros or yen. Photos should represent the international character of the company and not be offensive in any part of the world. A global code of
conduct should be a useful guide to appropriate behavior for all employees.
Implementation of a Code of Conduct
To implement a code of conduct, organizations must formulate a plan to ensure that workers
receive the code and understand its purpose. The plan should include distributing the document to all employees, providing tools to help them apply the code in their daily activities,
and recording their acceptance of it. All communication surrounding the code is vital to its
success. Employees become more familiar with and supportive of a code of conduct when
senior management demonstrates support for the code and employs diverse communication
activities for educating workers on the content and application of the code (Kaptein, 2011).
ped82162_09_c09_255-294.indd 275
4/23/15 8:47 AM
Section 9.2
Developing a Code of Conduct
Distribution of the code can take various forms, but it should remain easily accessible to
employees and available to all stakeholders (NYSE Governance Services, 2014). Every new
employee should receive a printed copy upon hiring and during orientation. Current employees could receive copies through the company mail or e-mail communications periodically or
when the code has been revised. Companies often create websites to communicate information regarding the ethics program and code of conduct. Some companies require an online
course to introduce the policies and procedures contained within the code of conduct.
To increase accessibility and use of the code of conduct, many companies have begun offering an electronic version. More than just a PDF, an electronic code provides employees with
an interactive tool for finding specific information, links to resources, and a variety of learning scenarios (NYSE Governance Services, 2014). Morgan Stanley includes a statement in its
code of conduct that says “The electronic version of this Code includes links to policies and
procedures” (Morgan Stanley, 2014, p. i). See Business Best: Cisco eBook Code of Conduct for an
example of a company that delivers the code electronically to a global audience.
Business Best: Cisco eBook Code of Conduct
In 2012, Cisco released an interactive eBook version of the company code of business conduct (COBC) to its mobile, global workforce. The online interactive COBC is able to reach the
85% of Cisco employees working from home or traveling (World Watch, 2013). The COBC
eBook provides many tools to make it easier for employees to find information on ethical
issues, such as pop-up frequently asked questions, links to other Cisco tools and resources,
an “Ask/Report” list of ways to obtain help on any topic, embedded videos, and pop-up definitions (Cisco, 2014). Cisco’s 2013 Corporate Social Responsibility Report states:
Our Code of Business Conduct sets out our expectation for everyone at
Cisco to behave ethically in everything they do. Through regular training
and a new interactive eBook version of the Code, we equip employees with
the knowledge and skills to make the right decisions if they are ever confronted with an ethical dilemma. (Cisco, 2013, p. B2)
The eBook is easy to navigate and includes universal symbols for interactive functions. See
Figure 9.3 for a snapshot of the instructions for the user on the first screen. Though the interactive eBook is only available in English, an introductory video features employees from all
countries stating, “I know the code” in their native languages. Translations of the Cisco COBC
are available on the Ethics@Cisco website page as a PDF with hyperlinks.
(continued)
ped82162_09_c09_255-294.indd 276
4/23/15 8:47 AM
Section 9.2
Developing a Code of Conduct
Business Best: Cisco eBook Code of Conduct (continued)
Figure 9.3: Instructions for navigating Cisco’s COBC eBook
Cisco’s COBC eBook contains universal symbols for the interactive functions.
Interact with this brochure.
Here’s how.
Turn pages
Just grab and drag a lower corner, or click the arrows.
Use the tools
Zoom in, bookmark, or print the brochure.
Play video
Jump to a page
Click Contents icon for visual navigation to any page.
In addition to the interactive tabs, buttons and
hotspots you’ll find throughout this brochure,
look for these helpful icons. You can click on
them to get more information anytime.
What if?
Tools/Resources
Ask/Report
Source: Reprinted with permission from Cisco. (2014). Code of Business Conduct.
Following the launch of the eBook, an employee survey showed improvement in almost all
measures regarding the ethical culture (Cisco, 2013). More than 92% of employees in 2013
felt that Cisco was taking ethical business concerns seriously (up from 90% in 2011). In just
two years’ time, the percentage of employees who agreed with the statement, “The management team sets a good example of company values, culture, and the Code of Business Conduct” increased from 81% to 89%. Finally, by 2013, 89% of employees knew where to report
an ethics question or concern compared to 83% in 2011.
(continued)
ped82162_09_c09_255-294.indd 277
4/23/15 8:47 AM
Section 9.3
Educating the Workforce
Business Best: Cisco eBook Code of Conduct (continued)
Questions to Consider
1.
2.
3.
What are the advantages and disadvantages of an interactive online code of conduct?
Why should printed or PDF formats continue to be offered, even when there is an
online version?
Does an electronic format provide advantages in Cisco’s ability to make further
improvements to its code over time?
Access the eBook to view the table of contents and a few pages. Would the eBook
meet Ethisphere Institute’s evaluation criteria for an effective code of conduct?
Many organizations require employees and management to sign a statement certifying that
they have received and read the code of conduct. Certification statements are one way a company can demonstrate to regulators that it is committed to the ethics and compliance program (NYSE Governance Services, 2014). These statements allow companies to:
•
•
•
•
•
Confirm receipt of the code of conduct;
Obtain acknowledgement from employees that they have read and understood the
code of conduct;
Establish that employee abides by, or will abide by the code of conduct;
Obtain confirmation that employees reported any breaches of the code;
Confirm that management has discussed the code with their team. (IBE, 2012)
Code certification holds employees accountable for their actions. In a study by the Institute of
Business Ethics, about half of the companies referred to code certification statements during
disciplinary decisions involving code of conduct violations (IBE, 2012). Whether a company
can obligate an employee to sign an acknowledgement form may depend on local labor laws
(IBE, 2012). Should an employee refuse to sign, additional ethics training or discussions with
the employee’s manager may occur.
As the foundation of the ethics and compliance program, companies recognize the importance in thoroughly educating the workforce on the content and use of the code of conduct.
Code certifications do not ensure that the employees have read and understood the content of
the code of conduct, and explaining the code of conduct only when employees are first hired
or when the codes are first distributed is no longer a sufficient way to show a good faith effort
to educate employees on ethics and compliance.
9.3 Educating the Workforce
Organizations that invest in educating the workforce to comply with legal and ethical standards expect their employees to apply what they have learned consistently over time. However, ethics training tends to have a similar effect on people as when they witness a traffic
accident—they slow down and drive carefully for a week or so, then gradually fall back into
their old driving habits. Research has shown that one-time ethics training can have transient
ped82162_09_c09_255-294.indd 278
4/23/15 8:47 AM
Section 9.3
Educating the Workforce
effects if organizations do not provide ongoing, interactive training and offer organizational
support (Martin, 2010; Richards, 1999; Warren, Gaspar, & Laufer, 2014). In order for employees to fully learn concepts, their formal training should include a period during which they
can practice applying ethics in the workplace. A well-planned ethics training program can
result in the establishment of a culture of ethics and compliance (Ethics Resource Center,
2013b; Valentine & Fleischman, 2004). In a study of bank employees before and after the
introduction of formal ethics training, Warren et al. (2014) found that participants displayed
sustained, positive effects in identifying unethical behavior, intentions to behave ethically,
and perceptions of organizational efficacy in managing ethics.
Developing a Training Plan
The objective of ethics training is to help employees make decisions that are consistent with
the organization’s values. Training should provide methods for employees to manage contradictions between individual values and the company’s ethical standards. To address the
specific challenges in ethics training, Knouse and Giacalone (1996) outline the major components of ethical education in business that remain relevant today (see Table 9.6). They
recommend providing employees with a foundation in how ethical orientations affect ethical
decision making, as well as offering opportunities to practice applying the company’s ethical
standards.
Ethics training should align with company values and connect ethical concepts to daily
actions. To make that connection, some organizations are adopting a giving voice to values
(GVV) approach to their business ethics training. Based on Mary Gentile’s (2010a) book, Giving Voice To Values, regarding how individuals address values conflicts in the workplace, the
GVV approach has seven foundational pillars that correlate to the components for ethical
training in Table 9.6: 1) values; 2) choice; 3) normality; 4) purpose; 5) self-knowledge, selfimage, and alignment; 6) voice; and 7) reason and rationalization. Incorporating GVV in an
organizational ethics program can help employees develop methods to voice their concerns.
The program appears to address employee apathy and indifference to potential and existing
ethical issues.
Table 9.6: Components of ethics training in business
Component
Objectives
GVV Pillar
Provide trainees with an understanding of ethical judgment
philosophies and heuristics for
making ethical judgments.
Seek common ethical values
among employees and with the
organization.
Encourage actions consistent
with employee values and those
of the organization.
Use critical thinking strategies
that include questions for ethical
decision making.
Acknowledging shared values
Choosing to act
Provide industry-/professionspecific areas of ethical concern.
ped82162_09_c09_255-294.indd 279
Address ethical issues particular
to employee positions, professions, or industry.
Normalizing values conflicts
(continued)
4/23/15 8:47 AM
Section 9.3
Educating the Workforce
Table 9.6: Components of ethics training in business (continued)
Component
Objectives
GVV Pillar
Provide trainees with organization’s ethical expectations and
rules.
Encourage compliance with
ethical expectations contained in
employee handbooks, codes of
conduct, and training.
Purpose as an employee
Take a realistic view; elaborate
on the issues that can hamper
ethical decisions.
Understand traps for ethical
misconduct to avoid falling into
them.
Become more effective
in responding to others’
rationalizations.
Anticipating reasons and
rationalizations
Provide trainees with an understanding of their own ethical
tendencies.
Have the trainees practice and
apply in the workplace.
Recognize that individual differences and personality traits
impact ethical actions.
Understanding one’s self
Apply concepts in daily work life.
Encourage discussion, sharing,
and feedback on ethical actions.
Using one’s voice
Source: Gonzalez-Padron, T., Ferrell, O., Ferrell, L., & Smith, I. (2012). A critique of giving voice to values approach to business ethics
education. Journal of Academic Ethics, 1–19.
To develop the most effective training, companies need to tailor the program to the target
audience by identifying and prioritizing key risks by employee segment. For example, training on data privacy and security are relevant to employee groups that use computers. Training
in the proper use of company resources should consider the functions most likely to commit
occupational fraud—individuals working in accounting, operations, sales, customer service,
and purchasing (Association of Certified Fraud Examiners, 2012). Training on bribery is
most relevant to executives and sales staff working in international markets. Managers and
supervisors would most benefit from hiring policies regarding discrimination. All employees
should receive training on reporting misconduct, social media use, and harassment.
The training plan should identify the frequency and depth for each key issue. The frequency
of training then depends on the level of likelihood that an ethical issue will occur. Determining
how much detail and attention the training requires depends on whether the target group can
create, identify, or simply understand the risk. For example, discrimination is a key issue for
many companies. Managers or supervisors with responsibilities to hire, promote, evaluate,
and terminate employees have the potential to put a company at risk of lawsuits. Therefore,
their training requires in-depth and possibly frequent instruction on policies and procedures
to demonstrate nondiscriminatory practices. Training of all employees should focus on identifying and reporting discriminatory practices. The training plan for discrimination requires
awareness training supplemented with a communication program that provides regular
reminders to all employees through e-mails, newsletter articles, and posters that help them
to recognize discrimination in the workplace.
ped82162_09_c09_255-294.indd 280
4/23/15 8:47 AM
Educating the Workforce
Section 9.3
While ethics training often involves asking employees to watch formal presentations, it is
perhaps even more important for those conducting the training to listen to employees and
engage them in dialogue. The workforce consists primarily of adults with a great deal of experience and knowledge that contributes to the learning process (Bixby, 2011). Telling someone
not to cheat on an expense report is not as effective as addressing rationales for the misconduct. In order to design a training program that fits the needs of the workforce, ethics trainers
must listen to the concerns and questions raised by employees about ethical issues or company practices. Listening is a powerful communication tool that requires being present in the
dialogue without multitasking or succumbing to distractions (Schloss, 2012). See Consider:
Active Listening for an exercise to develop active listening skills.
Consider: Active Listening
Active listening requires paying attention to the content of what someone is saying. Too often
people focus on how to respond to someone talking before the end of the conversation. Practice listening to all of what someone is saying with this exercise.
1.
2.
3.
4.
5.
6.
First, find a partner.
Then designate one person to initiate speaking (Person A).
Person A will begin a brief conversation of a few sentences. This could relate to the
weather, common interests, or what he or she did last weekend.
When Person A stops talking, Person B must begin a conversation using the LAST
word that Person A spoke as the FIRST word of the first sentence. For example, if
Person A stops speaking with the phrase, “I ate so much,” Person B could begin with
“Much of my time is spent . . .”
Similarly, when Person B stops talking, Person A must begin a conversation using the
LAST word that Person B spoke.
Repeat Steps 4 and 5 for about 10 minutes.
Questions to Consider
1.
2.
How well did each of you listen to what the other was saying? Were you able to catch
the other speaker’s last word each time?
Did you strive to make the exercise easy for your partner or difficult? For example,
ending a conversation with an adjective may be more difficult to start another
conversation, such as “I was so hungry.”
Training Delivery
To ensure that each member of the workforce receives and engages with the ethics training materials, organizations can incorporate a wide variety of training and communication
methods that accommodate diverse learning styles, varying risk levels of misconduct, and
a dispersed workforce. These methods include lectures and presentations, case studies and
scenarios, role-playing, videos, and various e-learning platforms. Table 9.7 outlines the pros
and cons of each.
ped82162_09_c09_255-294.indd 281
4/23/15 8:47 AM
Section 9.3
Educating the Workforce
Table 9.7: Pros and cons of training methods
Delivery
Advantages
Disadvantages
Lectures and presentations
Reach a large number of people,
quick to implement
Trainees are passive and do not
experience multiple viewpoints
Role-playing
Highly interactive and insightful
Some people may be unwilling to
participate
Case studies and scenarios
Videos
E-learning (online or computer
training)
Source: Ferrell & Ferrell, 2009, p. 50.
Generate discussion and
participation
Realism
Easy to implement and highly
flexible
Can have focus that is too narrow
in the issues addressed
Too specific and not participative
Limited opportunity for discussion and interaction
Advances in technology offer innovative approaches to engaging employees in ethics training.
Awareness training can include short, targeted messages on common ethical issues. Lockheed Martin periodically distributes its Integrity Minute series to employees. The series features short soap opera style videos that highlight key ethics topics of relevance to employees.
The videos reinforce company policies and generate dialogue among the workforce. If timed
correctly, such as just before employees submit expense reports, travel to high-corruption
locations, or meet with government officials, these types of videos can be particularly effective. Customizable video clips on ethical issues are available from ethics and compliance system vendors such as Corpedia and NAVEX Global. Corpedia offers a series of RealBiz Shorts
featuring Second City Communications actors in funny video clips of consequences for failing
to follow ethical policies. NAVEX offers Burst Learning videos, which feature engaging street
interviews and humorous scenarios in which characters address ethical dilemmas.
Informal training can occur through social media, company discussion boards, or regular
lunch and learn sessions. Formal training sessions can be online, face-to-face, or as a hybrid
program (French, 2006). Classroom training can be time-consuming for employees, increase
travel expenses, slow the delivery time of course material, and result in inconsistent content.
In-person training is preferable for executives who must delve into high-risk areas, or for
topics that require interaction such as interview tactics for investigations of ethics violations.
Deloitte Touche Tohmatsu Limited offers blended learning, which requires completion of an
online training of procedures prior to meeting in person (Sweeney, 2007). For example, training on harassment policies is online, while role-playing and discussions take place during live
sessions in a classroom setting. Challenges in adopting online learning in business include:
•
•
•
Resistance to change and cultural resistance to learning online, more often from
senior and middle management;
Cultural acceptance of online learning delivery in international training; and
Insufficient bandwidth on Web-based systems, hindering the ability to provide quick
and effective interactive learning packages. (Macpherson, Elliot, Harris, & Homan,
2004)
For routine training, online instruction can be more effective than classroom instruction
(Sitzmann, Kraiger, Stewart, & Wisher, 2006). Advantages of online training include less travel
ped82162_09_c09_255-294.indd 282
4/23/15 8:47 AM
Section 9.4
Reporting Misconduct
and control over timing for completion of the course. Online training allows users to search
for supplemental information easily and avoid distracting classmates (Sweeney, 2007). This
training may be more expensive to design, but offers cost savings and the ability to track
completion rates through automated systems. Regardless of the method used, frequent ethics
training and regular communications can empower employees to make ethical decisions and
identify misconduct.
9.4 Reporting Misconduct
To support a culture that encourages ethical behavior, it is crucial that employees feel comfortable seeking advice on ethical concerns and reporting misconduct. A simple approach
is to establish an open door policy through which employees may seek counsel from any
manager. IBM began implementing this approach during the early years of their ethics program (Carroll, 1991). In the United States, Sarbanes-Oxley and the 2004 amendments to the
FSGO require that an organization create and publicize a system to address and respond to
employee inquiries about ethics and compliance issues (Sarbanes-Oxley Act of 2002; United
States Sentencing Commission, 2013). The U.K. Bribery Act 2010 includes a provision for
“the reporting of bribery including ‘speak up’ or ‘whistle blowing’ procedures” (Ministry
of Justice, 2011, p. 22). Compliance with regulation appears to be driving company investments in formal reporting systems for ethics and compliance violations. A review of U.S. ethics and compliance programs has shown that more than half (55%) of the surveyed companies created internal reporting mechanisms after the Sarbanes-Oxley requirement (Weber &
Wasieleski, 2013).
Developing a Reporting Mechanism and Providing Ethical Advice
Designing an advisory and reporting mechanism entails decisions on a number of details that
contribute to a successful implementation. These include:
•
•
•
•
•
•
•
What will the service be called? How will it be branded?
How will the service be communicated to employees?
What types of calls will not be handled by ethics and compliance (e.g., payroll
questions will be directed to human resources)?
What types of reporting formats will be utilized: phone, Internet, e-mail, fax,
text message?
Will “24/7” advice and reporting be available?
What languages need to be supported?
Is reporting unethical or illegal activities mandatory or encouraged? (Ethics &
Compliance Officer Association Foundation, 2008)
A system that employees are comfortable using requires providing for anonymous inquiries, protecting confidentiality, preventing retaliation, and disclosing investigation of reports
where possible.
Employees may fear that an inquiry will lead to an investigation, retaliation by coworkers,
or scrutiny of their own actions. Labels for those who expose misconduct include tattletale,
ped82162_09_c09_255-294.indd 283
4/23/15 8:47 AM
Reporting Misconduct
Section 9.4
snitch, informant, and rat, or in German, Spitzel (snitch or spy) (Riebl, 2004). To overcome
barriers for speaking up, organizations need to provide a variety of channels for obtaining
ethical advice to allow inquiries to occur in the manner most comfortable for the employee.
Methods should be easily accessible, simple to use, and facilitate reporting suspicious activity.
For example, Cisco provides an ethical decision tree to help employees find information about
an ethical concern, has a “Sharing Ethical Concerns” link on the Ethics@Cisco website, and the
company’s interactive code of business conduct eBook has a link on each page to ask questions or report misconduct (Cisco, 2014). Mechanisms for advice and reporting can include:
•
•
•
•
•
•
•
•
•
•
•
A dedicated telephone helpline (where technology protects anonymity);
A dedicated fax number;
A dedicated Web-portal or e-mail inbox;
A dedicated postal address;
Personal phone call or meeting with members of the ethics and compliance team;
An organizational ombudsman;
Specific members of the human resources team;
Direct supervisors and managers;
Specific members of the general counsel’s office;
Internal or external auditors; and
Designated members of the audit committee of the board of directors. (Ethics &
Compliance Officer Association Foundation, 2008, p. 81)
The name of a reporting system can affect whether employees consider it an appropriate
avenue for their ethical concern. When they see the word hotline, workers may assume that
their concern needs to be urgent or a significant violation to warrant reporting. Over the past
20 years, there has been a marked increase in the number of companies that have switched
from calling their telephone reporting systems hotlines to calling them helplines (Weaver,
Treviño, & Cochran, 1999; Weber & Wasieleski, 2013). Other names that organizations use for
telephone reporting systems include ethics advice line, share concerns, ethics connect, ethics
line, and integrity line (Ethics & Compliance Officer Association Foundation, 2008).
Confidential, Neutral, and Independent
It is vitally important that employees can make inquiries that are confidential and receive
advice from a neutral and independent source. When reporting is confidential, employee
identities are protected and names are not revealed. Having the option to remain anonymous
provides the workforce with a sense of trust in the company’s ability to maintain confidentiality. Some companies assign a tracking number to anonymous reports so the employee can
receive an update on his or her report or query (Riebl, 2004). United Technologies (2014)
recommends that employees not use company computers for communications to their
eDIALOG ethics advice and reporting program in order to protect confidentiality.
Neutral advice refers to clear and understandable guidance that does not advocate a specific party. In order for employees to receive independent advice, the telephone reporting
system must operate separately from management. When implementing a reporting system, companies can adopt one of three models—in-house, outsourced, and hybrid—all of
which influence workers’ perceptions of independence (Riebl, 2004). In 1994, the majority
of U.S. organizations managed a telephone reporting system with internal staff (Weaver et
al., 1999). By 2010, 65% of the companies were using third party vendors for helplines or
ped82162_09_c09_255-294.indd 284
4/23/15 8:47 AM
Reporting Misconduct
Section 9.4
hotlines, with only 26% of the organizations assigning their own employees to handle all calls
(Weber & Wasieleski, 2013). The use of outside vendors guarantees employees the assurance
of anonymity. Hybrid models share the duties for processing inquiries and reports between
in-house staff and outside vendors, where inquiries seeking guidance on company-specific
policies require internal staff expertise.
Despite company efforts to offer confidential reporting via a neutral and independent system,
employees still struggle with using these methods to report misconduct. In the 2013 National
Business Ethics Survey®, the Ethics Resource Center found that U.S. employees preferred to
approach a supervisor regarding ethical concerns, with only 16% of those reporting misconduct using anonymous hotlines. In continental Europe, the use of anonymous reporting
mechanisms is low, with one third of employees saying that their organization has an anonymous speak up mechanism (Basran, 2012). Due to French privacy laws, employees located in
France have restrictions on matters that are eligible for anonymous reporting.
Employees of multinational companies tend to perceive that advice and reporting mechanisms are only for workers in the country where headquarters is located (Riebl, 2004). Call
centers that provide translation services or have native language abilities can accommodate
employees worldwide. Even with native language resources, a survey by the ECOA found that
only 36% of the companies with international employees felt that employees outside of the
home country were comfortable using the resources (Riebl, 2004). The feature, Reputation
Ruin: Olympus Hotline brings attention to many of the barriers for reporting misconduct.
Reputation Risk: Olympus Hotline
Olympus Corporation is a Japanese manufacturer of endoscopic medical devices as well as
cameras and other imaging devices, microscopes, and information and communications
equipment. For the fiscal year ending in March 2011, Olympus reported sales of $10.6 billion. In the same year, Michael Woodford became CEO and discovered dubious accounting
at Olympus. He shared his concerns with the board of directors and was subsequently fired.
Because of Woodford’s suspicions and dismissal, an independent special committee panel
exposed hidden investment losses of 117.7 billion yen ($1.5 billion) dating back to the 1990s
(Verschoor, 2012).
Woodford is the most visible whistle-blower in the company scandal, but he is not the only
one to experience retaliation for speaking up. Masaharu Hamada, a salesperson for Olympus,
alleged being demoted and harassed after making a report to the hotline in 2007. Hamada
was concerned that his boss was poaching employees from a client, which would harm
the client relationship and was contrary to ethical standards of the industry. Following his
report, the hotline office informed Hamada’s boss of the complaint, which then led to retaliation for reporting the unethical activity. According to the independent panel report, at least
one employee reported an accounting problem involving fake vouchers to the hotline but
withdrew the report when asked to provide his or her name (Osawa, 2012).
According to The Wall Street Journal investigation, Olympus launched a compliance hotline
in 2005 following the enactment of the whistle-blower protection laws of 2004. The special
committee found that employees attempting to make anonymous reports of misconduct to
the compliance hotline were encouraged to disclose their identity or told the allegations
would not be investigated. In Japan, a tradition of lifetime employment and a strict seniority
(continued)
ped82162_09_c09_255-294.indd 285
4/23/15 8:47 AM
Reporting Misconduct
Section 9.4
Reputation Risk: Olympus Hotline (continued)
system dictates that employees show unbounded loyalty to their coworkers. Few reports
made it to the hotline for fear of retaliation from coworkers. Designers of the hotline recommended that external parties handle employee inquiries to overcome fears of retaliation. The
corporate auditor, Hideo Yamada, opposed having a third party manage the reporting mechanism, instead electing to manage the hotline with his staff. As a result, the special committee
described the culture at Olympus as “a stuffy atmosphere that prevented people from speaking freely” (Osawa, 2012, para. 8).
Since the scandal, Olympus has suffered from a damaged reputation and a volatile stock price.
Tsuyoshi Kikukawa, chairman and former CEO; Hisashi Mori, director and executive vice president; and Yamada resigned and were subsequently convicted in a Tokyo court for their roles in
the cover-up of investment losses. The costs relating to the 13-year fraud was 700 million yen
($7 million) in fines, a 10 million pound (1.2 billion yen, $15.4 million) settlement to Woodford
for unlawful dismissal and discrimination, 17 billion yen ($166.49 million) in lawsuit damages
by 2014, and a pending lawsuit seeking 27.9 billion yen ($272 million) (Knight, 2014). In addition, Hamada won Japan’s first whistle-blower case, and received 2 million yen ($20,000) in
damages from Olympus (Kageyama, 2013).
Questions to Consider
1.
2.
3.
Evaluate the Olympus reporting mechanism for confidential, neutral, and
independent characteristics. What should Olympus do to improve ethics reporting
in the organization?
How does the Japanese culture impede the effectiveness of an ethics reporting
system?
What steps could Olympus take to demonstrate a commitment to ethics and
compliance?
Receiving Reports
Regardless of the preferred method for providing guidance on ethics and compliance issues,
employees expect a response that is timely, credible, and trusted. Therefore, supervisors need
training on how to handle inquiries regarding potential violations of ethical standards. Active
listening is critical, as employees may not be able to clearly articulate their ethical concerns.
Some companies provide employees with a list of questions that helps organize their thoughts
before filing a report. The ethics professionals who receive the reports can use checklists to
gather sufficient information to determine the appropriate response and action. All inquiries
need to be documented for tracking purposes without compromising confidentiality.
It is crucial that employees do not fear becoming the subject of the investigation when reporting a violation. However, they need to be aware that false accusations are subject to disciplinary action. The Ethics and Compliance Handbook provides a list of red flags that could indicate
that the motive for reporting influences the accuracy of the claims, including if the employee:
a) makes frequent allegations, b) is involved in a work or personal dispute with the subject
of the report, or c) is facing disciplinary action or poor performance evaluation (Ethics &
Compliance Officer Association Foundation, 2008). The process for receiving reports must
prevent dismissing an allegation as false because of a perceived motive of the accuser. Determining the validity of the report is part of the investigation process.
ped82162_09_c09_255-294.indd 286
4/23/15 8:47 AM
Section 9.4
Reporting Misconduct
Investigations
Investigation of an allegation of unethical or illegal behavior involves establishing exactly
what happened and what the organization can learn about preventing future misconduct. No
single investigative process can meet the needs of all organizations. A large organization with
a dispersed workforce may require additional coordination among regional management. A
small organization may have an accelerated process. Some allegations will move through an
investigative process quickly, while others may require extensive resources and time to complete. The four steps to investigating a report of unethical or illegal activity (shown in Figure 9.4) are: 1) determine the nature of the allegation, 2) make a plan, 3) develop the facts,
and 4) document the investigation.
Figure 9.4: Steps for investigating a report of unethical activity
The four steps to investigate a report of unethical or illegal activity are the same for large and small
companies.
Incoming Report
1. Determine nature
of the allegation
2. Make a plan
3. Develop the facts
• Document report
• Assign identifying code
• Assess urgency
• Screen for scope
• Assess seriousness
• Assign investigator
• Identify questions
• Decide method
• Develop timeline
• Assemble documents
• Notify interviewees
• Conduct interviews
4. Document the
investigation
• Prepare documentation
• Reach a conclusion
• Deliver findings
Close the
investigation
• Disclose results
• Reinforce confidentiality
and retaliation policy
Source: Tracy Gonzalez-Padron, representation of material in Jones, E., O’Neill, K., & Winter, G. (2013). Conducting lawful and effective
global investigations. Paper presented at the ECOA 21st Annual Ethics & Compliance Conference, Chicago.
ped82162_09_c09_255-294.indd 287
4/23/15 8:47 AM
Reporting Misconduct
Section 9.4
In most companies, the ethics and compliance staff are responsible for investigating allegations. Small companies that do not have dedicated ethics professionals may rely on legal
counsel or human resources to conduct investigations. The investigation process is triggered
by the documentation of the allegation, which may originate from an external helpline, the
ethics office, or a functional supervisor. The individual receiving the report must make an
immediate assessment to determine if the alleged conduct endangers life or property and
requires immediate attention. It is important that all points of reporting know when calling
911 or notifying security is necessary.
Determining the nature of the allegation includes identifying the scope and seriousness of the
issue, which can establish who should be involved in the investigation. It should first be determined whether the ethics and compliance function should conduct the investigation. Some
reports are handled more efficiently at a functional level, such as a production safety issue in
which an employee is not following scheduled equipment checks. The person conducting the
investigation should have skills that match the type of misconduct. Questions to ask during
this stage in the process include:
•
•
•
•
•
•
•
•
•
•
What specific misconduct or actions have been reported or alleged?
Who is the source of the allegation, if known?
Does the allegation seem to be a plausible and legitimate concern?
What are the initial facts?
Are there any inconsistencies in the initial facts?
What evidence suggests that the misconduct did not occur?
Are there any mitigating circumstances?
How serious does the potential violation appear to be?
Is the scope broad enough to enable the company to take appropriate remedial
action, including determining the extent to which internal processes should be
modified?
Will the investigation findings likely be reported to third parties such as law enforcement or regulators (Jones, O’Neill, & Winter, 2013)?
The next step is to develop a plan that outlines the parameters to guide the investigation. The
plan builds from the analysis in Step 1 to address the questions that must be answered by
the investigation. Once the investigator has the information, he or she must determine what
information is missing. A detailed plan should answer the following questions:
•
•
•
•
•
•
“Who will be interviewed as witnesses and in what order?”
What topics will be addressed in witness interviews?
“Which documents will be examined?”
Which documents will be shared with witnesses?
“At what stage of the process will the subject(s) of the allegation be told what she or
he is, or they are, being accused of?”
“Beyond interviewees, who will be notified of the investigation?” (Ethics & Compliance Officer Association Foundation, 2008, p. 100)
Implementation of the investigation plan involves gathering the facts of the case through various methods. The first task is to identify and review the policies, procedures, regulations,
and ethical codes that relate to the alleged misconduct. The second task is to assemble relevant documents such as personnel files, e-mails, security video, and business records. The
ped82162_09_c09_255-294.indd 288
4/23/15 8:47 AM
Monitoring and Assessing Progress
Section 9.5
third task is to prepare questions for interviewing witnesses and schedule adequate time to
meet with each witness. Investigators should explain to witnesses that they are only gathering information at this time and that witnesses should not discuss their interviews with
coworkers. During the interview, active listening must be used to obtain a witness’s full story.
An approach to interviewing known as the funnel technique can be helpful, which begins with
open-ended questions to encourage the witness to talk, prompting with questions to gather
all information possible. Once the witness feels that all the facts have been conveyed, he or
she should be asked for specific details to clarify the story. The interview should end with the
question “is there anything else?” to confirm that all information has been exhausted.
The final step is to document the investigation to deliver to management. The facts should
be stated clearly, and supported by documentation and interview notes. Investigators should
avoid making conclusions or inserting personal opinions. They must consult with management to determine if sufficient evidence is available to reach a conclusion and determine if
disciplinary action will occur. Once the document step is completed, the investigation can be
closed. Disclosing the results of an investigation demonstrates a commitment to enforce ethical standards. At a minimum, it is important to inform the person who made the initial report.
If confidentiality can be maintained, the results may be disclosed to the supervisor of the
subject of the investigation. The results of ethics investigations may be reported to the board
of directors. Another way of disclosing the results of ethics investigations is to present them
as learning cases during training, even if disguising the subjects to maintain confidentiality.
9.5 Monitoring and Assessing Progress
The FSGO require a regular review of a company’s ethics and compliance program to “ensure
that the organization’s compliance and ethics program is followed, including monitoring
and auditing to detect criminal conduct; and to evaluate periodically the effectiveness of the
organization’s compliance and ethics program” (United States Sentencing Commission, 2013,
p. 498). After the Olympus scandal, Japanese companies are feeling pressure to instill a culture of ethics and compliance within their organizations (McNulty, 2011; Verschoor, 2012).
Companies should not wait for a crisis to assess their ethics and compliance program. Corporate controllers and the board of directors want to see a return on their investment in
ethics training, communication, investigations, and program management. Regulators want
companies to monitor for compliance to ensure that policies and procedures are followed.
A 2013 survey found that “81% of organizations can demonstrate the effectiveness of their
code of conduct,” 77% assess training programs positively, and 72% can show consistent use
of policies and procedures (SAI Global, & Baker & McKenzie, 2013, p. 12). However, the true
impact of the ethics and compliance program is measured by how well the efforts modify
employee awareness of ethical issues and policies, attitudes toward ethics and compliance,
and behaviors.
Measuring Ethical Performance
Measuring program effectiveness entails asking, “What has the program achieved, and
where are opportunities for improvement?” Periodic program evaluations provide a better
ped82162_09_c09_255-294.indd 289
4/23/15 8:47 AM
Section 9.5
Monitoring and Assessing Progress
understanding of employee knowledge and perceptions of the ethics and compliance culture. Insights gained can inform senior management of compliance trends tha...