Disturbing survey on business ethics
The Ethics Resource Center recently published their bi-annual business ethics survey, looking at the American business environment.
While I would not say the changes in results are remarkably different from their prior survey (in 2009), I was surprised by some of the statistics:
- 45% of employees have witnessed misconduct. While this down from 49% in 2009 and 55% in 2007, it is still remarkably high and justifies continued vigilance
- 65% say they have reported the misconduct they saw: the highest level on record
- 22% of those who reported misconduct suffered as a direct result. This is higher than the 15% in 2009 and 12% in 2007, and should be a cause of great concern.
- The only conclusion I can draw is that employees are not aware of their company’s hotline process. The report says only 5% of reported misconduct were via hotlines! Unfortunately, the study did not ask about awareness of hotlines
- The number of companies with ‘weak ethics cultures’ rose from 35% in 2009 to 42%. Yes, folks. This is America we are talking about, not some ‘emerging’ nation!
- 42% say “their company has increased efforts to raise awareness about ethics”. Not the language: they are not saying their company succeeded in improving ethical practices!
- 4% (up from 1% in 2009) report observing offers of improper payments to public officials
The report includes a discussion about the increased pressure on people who are active in social networking (defined as spending 30% (!) or more of their work day on social media sites). Presumably, if you complain through social networks you are more likely to get management attention (not always in a positive way) than if you complain through company channels. Interestingly, 42% of these people think it’s OK to criticize your company on blogs, etc.
The section on page 16 that describes how retaliation occurred is chilling.
Equally chilling was the report that more people (now at 13%) are feeling pressure to bend the rules, or even to break the law.
Fully 34% of employees said their managers do not display ethical behavior (24% in 2009). That will cascade in effect through the organization, with the result that all employees are more likely to violate the code of ethics.
Can you believe that the level of sexual harassment is 11%, up from 7% in 2009? Stealing is up from 9% to 12%, and health/safety violations up to 13%.
The report includes these recommendations:
- Invest in ethics and compliance programs, and make ethics a business priority
- Make ethical leadership part of how you evaluate managers at all levels
- Communicate your personal commitment to ethical conduct
- Use social networks to connect with employees and engage them in ethics-related discussions
- Revisit retaliation policies and practices
- Focus on the supervisors, for their actions (walking the talk) and responses to reports of misconduct are at the heart of the matter
But is this enough?
Is it time to revisit the HR-preferred “talk to your supervisor” and replace it with encouragement to report independently of your supervisor?
Shouldn’t the program be risk-based, looking at the areas of greatest potential harm (which may not include reports of wasting time at work – the most frequently reported misconduct according to the survey), ensuring policies and controls are sound (including training), putting metrics in place, and then monitoring at regular intervals?
How about asking internal audit to assess all or part of the program?
Recent Posts on this Blog
- Risk and Culture December 9, 2016
- New guidance on operational risk December 3, 2016
- Why do so many practitioners misunderstand risk? November 26, 2016
- A new front opens in the SOX battle November 20, 2016
- Internal audit reports do the function a great disservice November 12, 2016
- My new book on Auditing that Matters is available November 9, 2016
- Time for a leap change in risk management guidance November 5, 2016
- Cyber security and the board October 29, 2016
- The biggest obstacle to effective risk management October 28, 2016
- A revolution in risk management October 22, 2016
- Why do people commit fraud? October 14, 2016
- What could go wrong with strategy and its execution? October 6, 2016
- Is a new maturity model for GRC the right model? September 25, 2016
- The Wells Fargo “Staff Scam”: More questions and fewer answers September 16, 2016
- The astonishing Wells Fargo fraud September 10, 2016
- How Much Cyberrisk Should We Take? December 9, 2016
- Do We Know How to Audit Technology-related Risks? December 5, 2016
- The State of Information or Cybersecurity November 28, 2016
- Back to the Future for Internal Audit November 21, 2016
- How Do You Change the Culture of the Organization? November 15, 2016
- Why Does ERM Fail So Often? November 7, 2016
- Incentives and Ethics: Transparency International Speaks Out October 31, 2016
- A COSO Gem Helps Assess Risks and Related Control Deficiencies October 25, 2016
- Focusing on the Wrong Line of Defense October 17, 2016
- Internal Audit and the Internet of Things October 10, 2016