Integrating transparency, accountability and ethical behavior into company culture can help organizations mitigate risk and keep ahead of regulatory change.
Compliance forms an integral part of virtually every organization’s operations. Depending on the organization’s ownership structure, industry and location, everything from its accounting to its human resources may be subject to a regulatory regime, industry association guidelines or internal codes of conduct. Organizations that operate in more than one jurisdiction will, of course, have to contend with different regimes in each place.
The significant legal, financial, and reputational damage that a violation can bring is reason enough for enterprises to stress compliance. Yet compliance is also critical, because poor compliance often signals the larger problem of poor business practices, which expose the organization to further risk. Ultimately, compliance is about more than fulfilling regulatory or other obligations: It involves establishing a culture of integrity that is centered on transparency, accountability and ethical behavior.
A culture of integrity yields benefits beyond those that come with scrupulous behavior. Government regulations, which can seem ubiquitous, are also often in flux. Any jurisdiction’s regulatory priorities can vary significantly over time, depending on the administration in power and other variables. An effort at regulatory reform at the national level may filter down unevenly to the local level or may cross industries. In addition, emerging industries often find that they are operating in regulatory gray areas. At those times, companies with strong cultures of integrity can stay ahead of regulatory change. Moreover, enterprises from more stringent jurisdictions will prefer to do business with companies where compliance is just considered the right thing to do.
The real test of the commitment to a culture of integrity is how it responds to questionable or prohibited behavior — particularly when the transgression involves a key employee or a member of management.
However, building a culture of integrity is a broader, more complex undertaking than simply ensuring that checklists and reporting mechanisms are in place. In our experience working with governments and corporations to help build, sustain and monitor such cultures, we have found that they rest on a foundation of six distinct elements:
- Tone From the Top
An organization takes its direction from its leaders. A board that emphasizes compliance will likely be able to communicate that message much more powerfully than the head of compliance or internal audit.
A stated commitment to transparency and accountability must be backed up with the resources needed to build and maintain such a culture.
- Processes and Controls
The right procedures provide a framework that ensures that decision making and actions are transparent and do not involve conflicts of interest. Controls allow the organization to identify and respond to exceptions and weaknesses that are more systemic.
Everyone in the organization must understand what is expected. Executives and employees also need ongoing reinforcement and training so that they can apply their judgment in unexpected or ambiguous situations.
- Performance Goals and Incentives
Ultimately, executives and employees act according to how they are incentivized. Board members and senior management must understand that unrealistic deadlines or budget constraints can constitute risks in their own right. Managers should set performance goals that can be achieved without compromising integrity, transparency, or compliance.
- Response and Remediation
The real test of an organization’s commitment to a culture of integrity is how it responds to questionable or prohibited behavior. Particularly in cases where the transgression involves a key employee or a member of management, the temptation to rationalize or overlook the misdeed can be high.
In the Kroll Global Fraud and Risk Report, we asked respondents about the extent to which they followed various best practices for instilling a culture of integrity (see Figure 16). Globally, each of the eight best practices is followed by roughly three-quarters of the organizations surveyed. However, while 35 percent say they have adopted all eight practices, one in four organizations say they have adopted half at most.
It is notable how few respondents strongly agree that their organization’s performance goals and incentives do not conflict with its risk management practices. While all of the practices listed are important, ensuring that performance goals and incentives can be met without compromising integrity is arguably the single most important step that organizations can take in building a culture of integrity.
While 35 percent of organizations say they have adopted all eight practices, one in four have adopted half at most.
For most organizations, building a culture of integrity is an ongoing task, with each element at a different level of strength at any given time. Organizations can use a matrix to assess the state of their culture of integrity and prioritize areas requiring further work (see table below).
Return to Global Fraud and Risk Report 2019/20