Today's risk managers are busier than ever, balancing external, performance, and financial-related risk with corporate governance oversight. Beyond maintaining comprehensive insurance programs, these individuals must identify, assess, and put plans in place to mitigate risks that could negatively impact the organization's reputation, safety, or financial success.
While each category deserves its dedicated focus, ensuring a robust ethics and compliance program should be at the top of every risk group's priority list. Value-based ethical and compliant cultures help limit a company’s exposure and have been linked to improved business results, increased employee happiness and enhanced brand image.
Problems with Corporate Culture
According to GBES's 2021 State of Ethics & Compliance in the Workplace report, nearly one-third of all global employees reported feeling pressure to compromise their organization's ethics standards during periods of change.
However, despite being overtasked and unable to police every site at an organization, risk managers can leverage a data-based approach to ethics and compliance that makes it easier to prioritize, track, and improve overall programs. This kind of program will also help normalize ethics and compliance as a part of every leader’s job.
Developing an Automated, Company-Wide Plan
Building, restructuring or enhancing an entire organization's program is not easy. It is a cross-functional undertaking that requires close collaboration from multiple departments. However, to make the program move forward, risk managers play an integral role. For organizations looking to improve their corporate compliance and ethics programs, it is imperative to start by focusing on these five areas:
- Ensure company-wide buy-in: Risk managers can identify pitfalls but cannot institute change by themselves. Therefore, it is critical to partner with the compliance, legal, internal audit and human resource departments to ensure that the entire organization is on the same page, operating with the same language and working towards the same goals.
- Set benchmarks: You cannot measure what you do not track. While ethics can sometimes be vague and hard to quantify, it is essential to develop an integrated scorecard that highlights substantial compliance and ethical standards. Specific benchmarks could include the number of ethical complaints, substantiation rates, the percentage of anonymous reports, compliance violations and more.
- Collect data and break silos: The hardest part about this step is not collecting the data but integrating it. Most organizations are already collecting hotline reporting, cultural surveys, compliance reports and audit statements. However, departments do not widely share this information due to fear of exposure. People are also often afraid to report compliance issues. That is why it is so important to start with company-wide buy-in. Breaking down silos enables organizations to develop a holistic view of a company's ethics and compliance standing.
- Simplify with automation: With the information collected and transparency prioritized, the next step is integrating the data. With multiple software systems to collect data, including HR software, dashboarding systems, hotline platforms and surveys modules, innovative companies will converge these systems using APIs and plug-ins to develop one automated dashboard. This strategy saves risk managers time and effort while providing a near real-time look at where a company stands regarding ethics and compliance.
- Develop action plans: With a data-driven approach, the final step is developing strategies to remediate problems and hold responsible parties accountable. Site managers and leaders can access data and be alerted when spikes occur so they can step in, institute new training and address problems before they become serious risks. A top-down approach with ethics and compliance initiatives will help drive a zero-tolerance message throughout the entire organization.
A Difficult Road to Success
Rolling out the steps to a modern, data-based approach to ethics and compliance is not easy. There will be roadblocks and pushback from department heads unwilling to share data and site leaders who are resistant to the idea that issues occurred under their management. As a result, it will be an exercise in change management.
At each step of the way, it is crucial to trust, highlight and reference the data. Showing specific examples of misconduct or compliance misses and the impact on the business will help sidestep emotion, enabling teams to unify to address these potential risks. It is also impactful to show the financial side of the equation by highlighting council fees, outside investigative costs, internal costs, and financial penalties. Comparing these costs to revenue clarifies how vital improved compliance and ethics programs can be to an organization's bottom line.
According to GBES's report, more than one in five U.S. employees indicated their organization had a strong ethics and compliant culture. While culture strength is among the highest it has been since 2000, it has remained relatively unchanged over the last decade with global figures significantly lower.
Over time, this process will help helps businesses chart improvements, reduce risks and react to hot spots faster.