Disturbing survey on business ethics
The Ethics Resource Center recently published their bi-annual business ethics survey, looking at the American business environment.
While I would not say the changes in results are remarkably different from their prior survey (in 2009), I was surprised by some of the statistics:
- 45% of employees have witnessed misconduct. While this down from 49% in 2009 and 55% in 2007, it is still remarkably high and justifies continued vigilance
- 65% say they have reported the misconduct they saw: the highest level on record
- 22% of those who reported misconduct suffered as a direct result. This is higher than the 15% in 2009 and 12% in 2007, and should be a cause of great concern.
- The only conclusion I can draw is that employees are not aware of their company’s hotline process. The report says only 5% of reported misconduct were via hotlines! Unfortunately, the study did not ask about awareness of hotlines
- The number of companies with ‘weak ethics cultures’ rose from 35% in 2009 to 42%. Yes, folks. This is America we are talking about, not some ‘emerging’ nation!
- 42% say “their company has increased efforts to raise awareness about ethics”. Not the language: they are not saying their company succeeded in improving ethical practices!
- 4% (up from 1% in 2009) report observing offers of improper payments to public officials
The report includes a discussion about the increased pressure on people who are active in social networking (defined as spending 30% (!) or more of their work day on social media sites). Presumably, if you complain through social networks you are more likely to get management attention (not always in a positive way) than if you complain through company channels. Interestingly, 42% of these people think it’s OK to criticize your company on blogs, etc.
The section on page 16 that describes how retaliation occurred is chilling.
Equally chilling was the report that more people (now at 13%) are feeling pressure to bend the rules, or even to break the law.
Fully 34% of employees said their managers do not display ethical behavior (24% in 2009). That will cascade in effect through the organization, with the result that all employees are more likely to violate the code of ethics.
Can you believe that the level of sexual harassment is 11%, up from 7% in 2009? Stealing is up from 9% to 12%, and health/safety violations up to 13%.
The report includes these recommendations:
- Invest in ethics and compliance programs, and make ethics a business priority
- Make ethical leadership part of how you evaluate managers at all levels
- Communicate your personal commitment to ethical conduct
- Use social networks to connect with employees and engage them in ethics-related discussions
- Revisit retaliation policies and practices
- Focus on the supervisors, for their actions (walking the talk) and responses to reports of misconduct are at the heart of the matter
But is this enough?
Is it time to revisit the HR-preferred “talk to your supervisor” and replace it with encouragement to report independently of your supervisor?
Shouldn’t the program be risk-based, looking at the areas of greatest potential harm (which may not include reports of wasting time at work – the most frequently reported misconduct according to the survey), ensuring policies and controls are sound (including training), putting metrics in place, and then monitoring at regular intervals?
How about asking internal audit to assess all or part of the program?
Recent Posts on this Blog
- Risk in the Fourth Dimension January 15, 2017
- How much cyber risk should an organization take? January 7, 2017
- The real risks: the ones not in the typical list of top risks December 31, 2016
- An expert shares his views on the future of risk management December 18, 2016
- Selecting software to help manage user access risk December 17, 2016
- User access risk and SOX compliance December 12, 2016
- Risk and Culture December 9, 2016
- New guidance on operational risk December 3, 2016
- Why do so many practitioners misunderstand risk? November 26, 2016
- A new front opens in the SOX battle November 20, 2016
- Internal audit reports do the function a great disservice November 12, 2016
- My new book on Auditing that Matters is available November 9, 2016
- Time for a leap change in risk management guidance November 5, 2016
- Cyber security and the board October 29, 2016
- The biggest obstacle to effective risk management October 28, 2016
- An Important Cyberrisk Framework January 16, 2017
- Deloitte Shares a List of "Risk" Trends to Watch in 2017 and Beyond January 9, 2017
- What Does the New Year Hold for Internal Audit? January 5, 2017
- The Decision-maker's View of Risk December 19, 2016
- How Much Cyberrisk Should We Take? January 4, 2017
- Do We Know How to Audit Technology-related Risks? December 5, 2016
- The State of Information or Cybersecurity November 28, 2016
- Back to the Future for Internal Audit November 21, 2016
- How Do You Change the Culture of the Organization? November 15, 2016
- Why Does ERM Fail So Often? November 7, 2016