This month is the 15-year anniversary of the groundbreaking financial regulation Sarbanes-Oxley expected to improve corporate ethics, but unfortunately few executives have a high confidence their employees are doing the right thing.
Those are the findings of a recently released report from Deloitte that found “only 32.5% of C-suite and other execs polled are highly confident their organizations’ employees will report unethical behavior.”
The report, which surveyed more than 900 executive, revealed that despite regulations, employees face challenges when it comes to compliance because of:
- Inconsistency of clear, concise and frequent ethics program communications and training for all employees (28.5%)
- Lack of incentives and repercussions around ethical and unethical behavior (respectively, 16.3%)
- Varied ethical postures of third parties with whom employees regularly interact (14.8 percent)
- Differing ethical standards for various employee groups (12.5 percent)
"Whether they need to monitor internal, external or both aspects of culture risk, we see leading companies leverage technology to modernize their compliance programs," said Carey Oven, Deloitte Risk and Financial Advisory partner, Deloitte & Touche LLP. "Some use cognitive solutions to identify anomalous employee behaviors. Others use advanced analytics to identify third-party patterns. The learnings from culture risk detection systems can help enhance the information leadership teams use to make decisions around ethics compliance policies and procedures."
Deloitte provides a list of questions to ask about global ethics programs at your organization:
Do all leaders support the program? Strong ethics programs are organization-wide with ongoing, full C-suite and board attention, as opposed to being managed by the general counsel or chief compliance officer alone. For example, chief accounting officers and CFOs can help unearth bribes, fraud and other illicit schemes that may be hiding in the books; or, by working with leaders across the C-suite, chief information security officers and CTOs can help discern what ethical weaknesses may lead to a higher frequency and intensity of cyberattacks.
Is the whistleblower hotline or speak-up line evolving? The level, frequency, and type of reports via whistleblower communication channels can be telling. Testing—sometimes leveraging advanced analytics or other tools—can help discern reasonable levels of reporting and false positives, so that anomalous reports are more easily identified and more quickly investigated.
Are employees surveyed to gauge ethics culture? By surveying employees about ethical standards and behaviors on an annual basis—as well as in exit interviews— organizations can make better informed updates to standards language, employee training and communications. Employee feedback can also help identify disparate subcultures in which interpretations of "ethical" behavior are inconsistent with the rest of the organization.
Is third-party due diligence conducted annually at minimum? It's not unusual to perform background checks around third parties upon entering into new contracts. But, personnel changes, financial strain, and other factors can change cultures quickly. Leveraging everything from annual third-party surveys to more covert social media analytics can help organizations understand with whom they're doing business.