Five topics for compliance and ethics culture assessments

Compliance program assessments – which seem to be increasingly popular with both government enforcement personnel and companies seeking to enhance their programs as a matter of good corporate citizenship – can and generally should cover a lot of ground. And that ground ought to include the organization’s ethical culture.

Of course, the notion of ethical culture itself is pretty broad, and there is no one right way for assessments of this sort to be conducted. But there are certain topics which  –  in my view – are worth considering in virtually any given assessment.

Perhaps the most obvious of these is “tone at the top,” which in an assessment itself  tends to have various components, including:

– what senior managers say to underscore their expectation that employees will act lawfully and ethically;

– the related but distinct question about what senior managers do to underscore the expectation that employees will follow all dictates of the organization’s C&E program, such as those concerning taking training or conducting vendor due diligence;

– inquiries designed to ascertain whether senior managers’ own conduct undermines their  C&E messaging; and

– similar questions regarding various levels of management besides those at the very top (such as functional or business unit leadership or those further down the organizational ladder).  One best practice to consider: having those at or near the top engaged in a visible way in reminding delinquents of the need to take mandatory C&E training.

Another obvious avenue for assessment concerns an organization’s speak-up culture. Perhaps the most important facet of this sort of inquiry is assessing not only the environment regarding true C&E matters but all kinds of workplace  concerns and questions, as reticence to speak up in one area may affect (or reflect) reticence in others. Of course, relevant to a company’s speak-up culture is its degree of “organizational justice,” and the extent to which wrongdoing is responded to in a fair and sufficiently rigorous way.

A third and somewhat less obvious aspect of culture assessment concerns rule following, and the extent to which it is genuinely expected in an organization. Here too it may be helpful to think beyond core compliance program  rules to those concerning other aspects of a company’s business, such as rules covered by a delegation of authority policy.

Note however,  that for the ethics component of an assessment a strong rule-following culture may be less than ideal. But from a pure compliance perspective it is hard to beat a deep embrace of rules, as further discussed here.

A fourth and also less obvious area for assessment concerns industry culture. While not true of all or even most companies, in some industries such types of  culture may be more of a source of risk than the organizational type. This is particularly true of industries with a significant degree of inter-company mobility.

Fifth – as is obvious from many cases of non-compliance, most recently the high-profile Wells Fargo scandal   – a key aspect of culture is the extent to which pressure/incentives make it difficult for employees to do their jobs in an ethical and law-abiding way. Indeed, this may be the most important cultural attribute of all – and should be explored fully in any assessment, with aspects of this inquiry including both economic “carrots” and “sticks,” as well as non-economic incentives.

Finally, I should emphasize that this piece is not intended to be a comprehensive overview of all areas to cover in a culture assessments, which is a complex and hugely important topic. But hopefully it will be helpful to those designing assessments for the first time, among others.

Leave a comment


* Required , ** will not be published.

= 3 + 6