Ethical Issues in Business: What Boards Need and Want to Know
-
Upload
navex-global -
Category
Business
-
view
458 -
download
0
description
Transcript of Ethical Issues in Business: What Boards Need and Want to Know
CLIENT CONFERENCE
Carrie Penman, President, Ethical Leadership Group, NAVEX Global
Effective Interactions with Your Board of Directors – What Boards
Need and Want to Know
CLIENT CONFERENCE
CLIENT CONFERENCE
Effective Interactions with Your Board of Directors – What Boards Need and Want to Know
What are the roles and responsibilities of the Board?
How can the Board impact corporate culture?
Why do Boards need both briefings and training and what
should be included in each?
What are the biggest mistakes ethics and compliance officers
make with their Boards?
What questions should your Board should be asking you?
CLIENT CONFERENCE
Boards and executives are increasingly under
the microscope.
CLIENT CONFERENCE
Questions about you and your Board…
CLIENT CONFERENCE
1. I am Chief Ethics or Comp. Officer
2. I have ethics responsibilities
3. No.
About you and your Board…
Do you have ethics and/or compliance responsibilities for your
organization?
1. Yes I am the Chief Ethics or Compliance Officer for my
organization.
2. Yes, I have ethics/compliance responsibilities but am not
the Chief Ethics or Compliance Officer.
3. No.
CLIENT CONFERENCE
1. General counsel
2. Another member of exec. mgmt
3. Reports to exec. management
4. The Chief Executive Officer
5. A Committee of the Board
6. The Chair of the Board
7. A dual reporting relationship
8. Somewhere else
About you and your Board…
If you are the Chief Ethics and/or Compliance person - what is
your organizational reporting relationship?
1. General counsel
2. The CEO or another member of executive management
3. Someone who reports to executive management
4. A Committee of the Board of Directors
5. A dual reporting relationship with the Board and executive
management
6. Somewhere else
CLIENT CONFERENCE
About you and your Board…
CCO formally reports to the following individual(s)
7
Source: PWC State of Compliance 2012 benchmarking report
Per PWC State of Compliance 2011 study, 8% reported to the Audit Committee/Board
A - 33%
B - 31%
C - 3%
E - 5%
F - 19%
G - 10%
A - General Counsel / Legal
B - Audit Committee / Board of Directors
C - Chief Risk Officer
E - Chief Financial Officer
F - Chief Executive Officer
G - Other Executive
Number of respondents: 126
CLIENT CONFERENCE
1. Very engaged and knowledgeable
2. Somewhat engaged, not sure what to ask
3. They are polite…
4. Board engagement???
About you and your Board…
How engaged is your Board or Board Committee is in their
oversight responsibilities?
1. Very engaged and knowledgeable
2. Somewhat engaged but they aren’t sure what to ask
3. They are polite…
4. Board engagement???
5. I don’t know
CLIENT CONFERENCE
Two types of meetings with the Board
Program briefing (Periodically through the year)
o Risk assessment – risk areas; changes in risk
o Implementation of mitigation efforts
o Trends – internal and external
o Issues and concerns raised through the Program
o Executive session
Board training (every 1-2 years)
o Roles and responsibilities
o Role relevant
o Includes case studies
CLIENT CONFERENCE
Boards are people too, but…
Attention Span
Level in Company
CLIENT CONFERENCE
Biggest mistakes Ethics Officers make when dealing with their Boards:
Too much deference (to authority – executives and board)
Irrelevance (of information presented)
Lack of context (with information presented)
Narrow focus on the Sentencing Guidelines, especially Helpline,
code, training
Status reporters (rather than strategic business thinkers)
Failure to prioritize risks/concerns
Too much activity reporting; not enough relevant KPI’s/results info
Other scope issues:
• Coverage of compliance risk universe
• Hotline stats vs. all incidents
CLIENT CONFERENCE
Reasonable Oversight
Direct Access
Promoting an ethical organizational culture
Roles and responsibilities of Boards
CLIENT CONFERENCE
Roles and responsibilities of Boards
Reasonable oversight
Direct access
Promoting an ethical organizational culture
CLIENT CONFERENCE
Roles and responsibilities of the Board re: ethics and compliance
“Exercise reasonable oversight with respect to the
implementation and effectiveness of the compliance and ethics program.”
“Direct access” to the ethics officer
“Promote an organizational culture that encourages ethical conduct”
Receive “effective training . . . . appropriate to such individuals’ respective roles and responsibilities.”
Source: US Sentencing Guidelines
CLIENT CONFERENCE
Reasonable oversight: Full Board has knowledge and oversight of the Company’s key risks
areas
Full Board has knowledge of, and a Committee is delegated oversight responsibility, of E&C program
Oversight as the goal (not “honorary” board members or micro-managers)
Board leads by example and ensures accountability
o Practice the Company’s values and meet its compliance requirements
o Ensure that senior management is held accountable to the same standards as all employees
o Ensure that compensation/incentives reflects this accountability
CLIENT CONFERENCE
Reasonable oversight:
Ensure that Compliance and Ethics has:
o Right people
o Right resources
o Right support from management and the Board
o Right responsibilities and authorities
Provide long term perspective-- compass in a “glocalized” world; be mindful of the great reputation of the organization
Help set the tone; support a culture of integrity
Establish risk tolerance/appetite
Request and review information that provides evidence that risks are
effectively identified and managed
CLIENT CONFERENCE
Reasonable oversight: what we look for in Program effectiveness assessments:
Is the Board of Directors knowledgeable about the content and operation of the
program?
Does the Board exercise reasonable oversight of the implementation and
effectiveness of the Program and the organization’s culture?
Does the organization have a high-level person and a person with day-to-day
responsibility assigned to manage the program? Is there a defined relationship to
the Board of Directors?
Is the Board (or a committee thereof) accessible to individuals with day-to-day
responsibility including meeting with them in executive session?
Does the Board (or a committee thereof) receive timely reports of significant
issues and investigations involving the company or any elected officers?
CLIENT CONFERENCE
Reasonable oversight
Direct access
Promoting an ethical organizational culture
Roles and responsibilities of Boards
CLIENT CONFERENCE
What is real, direct access?
Is formal reporting enough?
Does formal reporting guarantee direct access?
Can you have direct access without formal reporting?
Have the events/circumstances that trigger a call been defined?
CLIENT CONFERENCE
Direct access
Four requirements to decrease in FSG culpability score:
1. Individual(s) with operational responsibility have direct reporting
obligations to governing authority
2. Program detected the offense
3. Organization reported the offense
4. No E&C program personnel involved
What are “direct reporting obligations”?
CLIENT CONFERENCE
You and your Board:
Does the Chief Ethics or Compliance Officer of your organization meet periodically with your Board or a Board Committee?
1. Yes, once a year
2. Yes, 2 times per year
3. Yes, more than 2 times per year
4. No
5. I don’t know
CLIENT CONFERENCE
You and your Board:
Does the Chief Ethics or Compliance Officer of your organization meet with the Board or a Board Committee in Executive session?
1. Yes, once a year
2. Yes, 2 times per year
3. Yes, more than 2 times per year
4. No
5. I don’t know
CLIENT CONFERENCE
Reasonable oversight
Direct access
Promoting an ethical organizational culture
Roles and responsibilities of Boards
CLIENT CONFERENCE
When a Rule, Policy or a Code conflicts
with an organization’s culture, the
culture trumps – and prevails most of
the time.
In order to have an effective ethics and
compliance program, a company needs
to pay as much attention to culture as
to policies, training, auditing, etc.
We know this: culture will trump compliance
CLIENT CONFERENCE
The challenge:
For many Board members, ethics and culture are not in their comfort zone
o “Give me a financial statement any day!”
o Not really sure what to ask you = quiet meetings
CLIENT CONFERENCE
The conversation about culture:
Explicit/concrete examples help –
o Responsibility or rules— Will people take personal
responsibility to address issues, or is it the job of somebody
else?
o Candor or quiet—Will people speak up if they see
questionable business conduct?
o Accountability or acquiescence—What happens to great
performers who violate the Code?
CLIENT CONFERENCE
Shaping a culture of integrity: talk to your Board about…
Knowing your culture(s)
−Employee perceptions (Surveys, focus groups, message boards)
−Customer and supplier perceptions (Surveys, social media)
−Reports of concern (Helpline data)
−HR processes
The language and branding shift
−Away from compliance on its own
−Toward integrity and “doing the right thing”
−Selling the vision
CLIENT CONFERENCE
Culture: what can/should the Board do:
• Send visible signals about behavioral expectations through
actions, including compensation
• Engage in conversations with leadership about corporate
culture
• Monitor overall corporate culture and subcultures
CLIENT CONFERENCE
Questions for Board consideration…
(From one of our Board training sessions)
What do you think are the Company’s cultural weak links?
What is the Board doing to set the culture tone?
CLIENT CONFERENCE
Types of Board interactions
Briefing
Training
CLIENT CONFERENCE
What do you tell them in briefings?
Issues and trends
Benchmarking – internal and external
What’s coming?
Status of the Company’s relationships with regulators
Full ethics, compliance, and reputational risk universe and any
anticipated changes
Audit and monitoring coverage
KPIs against your plan
CLIENT CONFERENCE
Discuss current events that could affect your organization:
Product Safety Impact of Subcontractors
on Reputation
Chairman Resigns; Ousted CEO to Meet With FBI
Dealing with Whistleblowers…Encouraging Reporting
Bad Behavior
A major discount retail chain faced a challenge when industry regulation changes impacted its marketing strategy. Bribery and Corruption Concerns
CLIENT CONFERENCE
Give them context when reviewing your program:
CLIENT CONFERENCE
Remember:
Boards expect outcome driven information –
Don’t just give them a laundry list of issues and statistics
– tell them if the clothes are cleaner.
CLIENT CONFERENCE
Types of Board Interactions
Briefing
Training
CLIENT CONFERENCE
1. Have had full training
2. Same training employees completed
3. Received a briefing on E&C Program
4. None
You and your Board:
Has your full Board received ethics and compliance training in the last two years?
1. Yes, they have had full role-relevant training that includes case studies of issues they may face as board members.
2. Yes, they have taken the same training that all Company employees have completed.
3. They have only received a briefing on our Ethics and Compliance Program.
4. No, they have not received any training.
5. I don’t know.
CLIENT CONFERENCE
Board training should be:
Role relevant
Effective
CLIENT CONFERENCE
Typical elements of Board training:
Frameworks for ethics and compliance programs (USSG, OECD, global requirements, risk based)
Board’s oversight responsibilities
Specific compliance and ethics environment and risks to the organization and to the Board
Creating a culture of integrity—challenges and building blocks - Board observations and potential areas of impact
Cases relevant to their roles and responsibilities
CLIENT CONFERENCE
They need to know (be trained) about issues they could face
Many CCO’s assume that boards know it already and are afraid to discuss Board-specific risks.
Boards need and want to talk about things like:
oConflicts of interest – personal and organizational
oInsider trading
oGifts, gratuities, influences
oRecognizing their unintended influence
oIssues that have happened with other companies and Boards
oExecutive accountability
What do you tell them in training?
CLIENT CONFERENCE
Use case studies and ask how they would respond:
You and they will be surprised to learn they aren’t as
aligned as they think they are…
CLIENT CONFERENCE
Case example: the anonymous letter…
Several members of the Board receive an anonymous letter stating that a local Company manager is “playing games with the books on a project in process in Corruptistan” but the letter provides no additional information about which project, who is involved, or
the specific alleged financial impropriety.
What should the Board do?
Does it matter that the report is anonymous?
What if the allegation involves a colleague at the Board table?
CLIENT CONFERENCE
Questions the Board should ask you…
What information do you get to give you comfort that compliance risks are covered?
Do leaders set the right tone? How are they perceived by employees?
Do we have a “make plan at all costs culture?” Is candor rewarded or punished? What about fear of retaliation?
How are we at discipline? Are top performers and high level people held accountable to the Code of Conduct in the same way as other employees?
Are there any risks that aren’t being addressed as they should be?
Do you have visibility to business unit compliance?
CLIENT CONFERENCE
Questions the Board should ask you…(cont.)
Do your businesses/functions have the resources you need to do
your job appropriately?
Do you feel you have access to the CEO and us whenever you need
it?
What trends in issue types or company locations are you seeing?
Is there anything we should know? What keeps you [ethics officer] up at night?
If you had another $1 million to spend, what would you do with it?
CLIENT CONFERENCE
Questions:
CLIENT CONFERENCE
Thank you!
Contact information:
Carrie Penman, President, Ethical Leadership Group
NAVEX Global
45