Disturbing survey on business ethics
The Ethics Resource Center recently published their bi-annual business ethics survey, looking at the American business environment.
While I would not say the changes in results are remarkably different from their prior survey (in 2009), I was surprised by some of the statistics:
- 45% of employees have witnessed misconduct. While this down from 49% in 2009 and 55% in 2007, it is still remarkably high and justifies continued vigilance
- 65% say they have reported the misconduct they saw: the highest level on record
- 22% of those who reported misconduct suffered as a direct result. This is higher than the 15% in 2009 and 12% in 2007, and should be a cause of great concern.
- The only conclusion I can draw is that employees are not aware of their company’s hotline process. The report says only 5% of reported misconduct were via hotlines! Unfortunately, the study did not ask about awareness of hotlines
- The number of companies with ‘weak ethics cultures’ rose from 35% in 2009 to 42%. Yes, folks. This is America we are talking about, not some ‘emerging’ nation!
- 42% say “their company has increased efforts to raise awareness about ethics”. Not the language: they are not saying their company succeeded in improving ethical practices!
- 4% (up from 1% in 2009) report observing offers of improper payments to public officials
The report includes a discussion about the increased pressure on people who are active in social networking (defined as spending 30% (!) or more of their work day on social media sites). Presumably, if you complain through social networks you are more likely to get management attention (not always in a positive way) than if you complain through company channels. Interestingly, 42% of these people think it’s OK to criticize your company on blogs, etc.
The section on page 16 that describes how retaliation occurred is chilling.
Equally chilling was the report that more people (now at 13%) are feeling pressure to bend the rules, or even to break the law.
Fully 34% of employees said their managers do not display ethical behavior (24% in 2009). That will cascade in effect through the organization, with the result that all employees are more likely to violate the code of ethics.
Can you believe that the level of sexual harassment is 11%, up from 7% in 2009? Stealing is up from 9% to 12%, and health/safety violations up to 13%.
The report includes these recommendations:
- Invest in ethics and compliance programs, and make ethics a business priority
- Make ethical leadership part of how you evaluate managers at all levels
- Communicate your personal commitment to ethical conduct
- Use social networks to connect with employees and engage them in ethics-related discussions
- Revisit retaliation policies and practices
- Focus on the supervisors, for their actions (walking the talk) and responses to reports of misconduct are at the heart of the matter
But is this enough?
Is it time to revisit the HR-preferred “talk to your supervisor” and replace it with encouragement to report independently of your supervisor?
Shouldn’t the program be risk-based, looking at the areas of greatest potential harm (which may not include reports of wasting time at work – the most frequently reported misconduct according to the survey), ensuring policies and controls are sound (including training), putting metrics in place, and then monitoring at regular intervals?
How about asking internal audit to assess all or part of the program?
Recent Posts on this Blog
- The risk of material errors in the quarterly financial statements March 10, 2017
- Is your compliance program strong enough? March 4, 2017
- Embedding risk into strategic planning and more February 25, 2017
- Cyber and reputation risk are dominoes February 18, 2017
- The current state of risk management February 11, 2017
- When an acceptable level of risk is not acceptable February 4, 2017
- How to mess up your risk management program January 28, 2017
- The value of a risk register January 21, 2017
- Risk in the Fourth Dimension January 15, 2017
- How much cyber risk should an organization take? January 7, 2017
- The real risks: the ones not in the typical list of top risks December 31, 2016
- An expert shares his views on the future of risk management December 18, 2016
- Selecting software to help manage user access risk December 17, 2016
- User access risk and SOX compliance December 12, 2016
- Risk and Culture December 9, 2016
- The Idea of a Unified Risk Oversight Council March 10, 2017
- The Integration of Governance, Risk, Compliance, and Related Activities March 6, 2017
- Cybersecurity Effectiveness February 27, 2017
- Cyber Root Cause Alarm Bells Are Ringing February 20, 2017
- Reports That Provide Actionable Information February 14, 2017
- What Is Holding the Company Back? February 6, 2017
- Do Internal Audit Reports Matter? February 1, 2017
- Monitoring Laws and Regulations and Their Effect on Your Organization January 24, 2017
- An Important Cyberrisk Framework January 16, 2017
- Deloitte Shares a List of "Risk" Trends to Watch in 2017 and Beyond January 9, 2017