Managing and Auditing Ethics – Starting Point or End Goal?

August 5, 2015

Ethical business practice is an ideal many corporations strive for, but often fall short of due to an overwhelming focus on the bottom line and risk processes in tough global economic times. Companies are having to walk a fine line, and sometimes even cross it to ensure they stay relevant in an increasingly challenging marketplace. An ongoing spate of business scandals uncovered through whistle blowers, internal auditing,  general  investigations  etc., both in the private and the public sector has brought ethics to the forefront of many a corporate dialogue, where trust and reputation are seen to tip the scales against this perceived need to bend the rules to get ahead. Many companies refuse to compromise on an ethical approach to conducting their activities, regardless of any benefits that can be gained from yielding on these principles.
Research conducted by Ethisphere credited 3M with being one of the world’s most ethical companies. It wasn’t just about their highly praised compliance and ethics program, but about how these ethics and values encouraged a higher appreciation of corporate citizenship, and a desire by the company’s employees to focus on their social responsibilities within and outside of the organization. This message needs to permeate beyond just a group of senior executives saying the right things, and requires collective action from the entire workforce to be truly successful. The values, cultures and behaviours of employees, whether governed by an overall ethics charter related to the company’s values, or based on a personal approach to conducting their business activities in a certain manner (whether ethical or not), has a far-reaching impact on the outcomes of the business, and the way that business is seen to interact internally, and by its external stakeholders. From this perspective, the company’s ethical anchor is fastened to the ship by a multi-faceted chain of employees, customers, suppliers and partners, all with a role to play in achieving principled outcomes in their own areas of concern. This of course highlights the need for an all-inclusive approach to ensuring this chain has links of equal strength and integrity, held together by a common goal.
Ethics audits have proven to be a popular way to ensure checks and balances are maintained, and that corporate ethics policies are upheld and adhered to. Traditionally focused on the human resource areas of the business, these audits have remained predominantly checklist based, developed as part of the corporate ethics policy, and focused on improving an organization’s social and environmental performance. Of course, this is vital to ensuring compliance to the specific business and industry ethics guidelines, as well as to relevant legislation. But can auditing a company’s ethics be a once-off audit project aimed at assuring the ethics policy is properly implemented and followed, or should every single audit activity carried out question whether the outcomes of the process audited, as well as the procedures followed, conformed to the companies approach to conducting business in an ethical way, and whether these activities resulted in ethical outcomes?
Assuming the organizational values and ethics are clearly defined, questions can be asked linked to processes followed in every sphere of the business. How does the way we conduct business impact on our stakeholders? Do we ensure we maintain honesty and integrity even when dealing with competitors or suppliers, and potential changes in our market share? How do we interact with the community and natural environment we operate in? Do we take all types of relevant risk into consideration?
Negative or positive organizational cultures and behaviours result in outcomes with consequences that can have far-reaching effects and impact directly on the achievement of the organizational objectives. An effective, uncompromised, principled management team is a vital foundation responsible for setting the tone when it comes to the ethical standards to be followed. However internal auditors have an opportunity to test these outcomes at a far greater holistic level. Process audits, finance audits, IT audits, forensics; all should be conducted with a view to testing the ethical inputs, and the consequences of these inputs on the expected and actual outcomes.
Of course this methodology goes hand in hand with an irreproachable internal audit department, with a strong and ethical code of conduct, able to be seen as the champion of corporate ethics, and the bastion of “the right way”. The code of ethics of the Institute of Internal Auditors (IIA) upholds the principles of integrity, objectivity, confidentiality and competency, and auditors are encouraged to respect and contribute to the legitimate and ethical objectives of the organization. In an industry founded on trust and objective assurance, it is vital that internal auditors consider the ethical implications involved in each and every element of their audit universe and approach.
This certainly corresponds with the modern approach to risk management, where the risk management process, framework and policy is closely entwined with an organization’s culture and its values. In fact a case can be made for risk management being a direct expression of these values.
Risk management seen through an ethics looking glass opens up opportunities to have a profound impact on the way the company operates, interacts with its shareholders, and is perceived externally, and it is important that this view extends beyond just the internal factors at play in the organization. If one looks at the example of the internationally condemned practice of child labour, an organization may make a very public stand about their conviction against the practice, but are they confident that child labour doesn’t occur within their global supply chain? The call is for both risk management and internal audit policies and practices to be universal, integrated, policy driven and systematic across the board, and importantly, closely linked to environmental conditions and the context the organization operates in.
If one considers the ISO31000 definition of risk as the “effect of uncertainty on objectives”, hand in hand with the reality that the vast majority of an organization’s objectives are a consequence of the organization’s strategy, and thus tied to the intentions and values, it is obvious that ethics can and should have an influence on the way a company exposes itself to risks. The assessment and monitoring of these risks will then enable the company to assess the gap between the values and ethics their policy advocates, and the actual implementation of these principles, and the impact they have throughout the corporate value chain.
This approach of ensuring that the risk management and internal audit departments are viewed as the custodians of the ethics policy and framework enables these departments to have a far-reaching impact on the governance of the organization, not just based on compliance to laws, but based on a recognized and acknowledged corporate and individual moral compass, guiding behaviour, culture and values.
The success of companies like 3M has put the spotlight firmly on whether ethical behaviour has become the new yardstick for measuring a company’s success and desirability to investors. With the advances in science and technology, and the changing economic global landscape, companies, and the people that interact with them will always strive for more significant achievements. And this constant striving for greatness will always have to be counterbalanced against ethics, and the consequences of our actions.
“Divorced from ethics, leadership is reduced to management and politics to mere technique”.
James McGregor Burns