Standing Ovation

Image by yuichi.sakuraba via Flickr

I just read Scott McNealy's farewell letter to Sun employees and was struck by a couple of paragraphs I'd like to share:

"What we did right and wrong at Sun over the years might make for interesting reading. However, I am not a book writer. I am a husband, father of four, and a builder and leader of people who want to make a difference.

But spare me a bit of nostalgia. Not of the mistakes we made, and lord knows I made a ton. But of the things we did right and well.

First and foremost, Sun innovated like crazy. We took it to the limit (see Eagles). And though we did not monetize our inventions as well as we could have, few companies have the track record in R&D that we had over the last 28 years. This made working at Sun really cool. Thanks to all of you inventors and risk takers who changed how we live.

Sun cared about its customers. Even more than we cared about our own company at times. We looked at our customer's mission as more important than ours. Maybe we should have asked for more revenue in return, but our employees were always ready to help first. I love this about Sun, which I guess makes me a good capitalist, if not a great capitalist.

Sun did not cheat, lie, or break the rule of law or decency. While we enjoyed breaking the rules of conventional wisdom and archaic business practice, and for sure loved to win in the market, we did so with a solid reputation for integrity. Nearly three decades of competing without a notable incident of our folds going off course morally or legally. Not all executives and big companies are bad. Really. There are good companies out there. Special thanks to all of my employees for this. I never had to hide the newspaper in shame from my children."

While tempted to comment on all I find admirable in these paragraphs, I think it's better to let them stand on their own. I tip my hat to Mr. McNealy and all the employees at Sun.

2009 Most Influential in Business Ethics List

Last week I had the opportunity to spend a day with one of our newer clients, learning about their Compliance and Ethics program, goals for next year and overall philosophy on fostering a culture based on ethical decision making and caring for their customers. One of our topics for discussion was quantifying the return on their ethics and compliance programs, which is often a difficult number to ascertain. While it's somewhat straight forward to calculate time savings in various stages of the various business processes that are part of your GRC programs, it becomes more difficult to calculate the full impact. For instance, how do put a number on not being fined for FCPA violations, or not having a class-action lawsuit filed against you for bad labor practices, or increased sales from consumers who trust your business more than your competitors? It was a lively discussion, and one that I hope to have more often in 2010 as I visit more of our customers.

I was reminded of the conversation when I saw Ethisphere's 2009’s 100 Most Influential People in Business Ethics list last week. The list is comprised of people in eight different categories spanning government, non-profits, education and corporations. When you look at the names of the companies represented by these individuals and consider their market success, you can begin to get a good idea that while it may be difficult to exactly quantify the ROI of a culture of integrity, there clearly is a strong correlation between culture and business success.

I was especially pleased to see a number of EthicsPoint's customers represented on the list, and would like to congratulate the following people for their outstanding efforts and accomplishments in the field of business ethics over the past year:

• Peter Solmssen – General Counsel, Siemens
• Sharon Allen – Chairman, Deloitte
• Bill Gates – Founder, Bill and Melinda Gates Foundation
  
• Kathleen Edmond – Chief Ethics Officer, Best Buy
• Brian Martin– SVP and General Counsel, KLA-Tencor
• Pascal Bourdin – SVP, and GM of European Chocolate Business, Kraft

Congratulations to all the winners!

Lies, Damn Lies and Statistics

Seems to be the season for publishing the results of surveys and other research - I just got finished reviewing PricewaterhouseCooper's excellent report,

Image by TW Collins via Flickr

The Global Economic Crime Survey which contains some great data for those of us concerned about fraud and other financial misconduct to consider.

One of the things that stuck out to me - especially considering the results from the ERC's 2009 National Business Ethics Survey - was that PwC did not see any statistical difference in the level of economic crime for companies that had suffered during the economic downturn from those that did not suffer. Hence, they conclude that economic crime remains a pervasive business risk, which does not discriminate among its victims based on the relative degree of their financial performance. They do note, however, that organizations sufferng from the downturn did report higher levels of accounting fraud.

Among the other data I found interesting:

• Tips were the detection method in 34% of the cases - with the hotline system accounting for only 7% - reinforcing the need to both foster an environment in which your employees and others feel comfortable bringing issues forward in conversations as well as the need for a consistent approach to capturing and investigating these issues
• While internal audit is consistently detecting less of the reported frauds over time, the combination of anti-fraud controls and a strong ethical culture appears to be improving the detection of economic crime
• There is a correlation between reported frauds and the frequency of fraud risk assessments - In other words, if you look for it, you will find it.

Finally, and what should concern you if you hold a leadership position within your organization, respondents have consistently underestimated their exposure to fraud. Regardless of the research you're reviewing, the data is pretty compelling - fraud and other misconduct occurs in good economic times and bad. Having a strong ethical culture and good controls reduces the amount of fraud, and its associated losses. So what are you doing to reduce your risk?

Ethics Bubble?

Image by ecstaticist via Flickr

Just spent some time reviewing the Ethics Resource Center's 2009 National Business Ethics Survey . There's some very interesting data in the report - some of which seems contradictory, which means I'm going to be spending more time this weekend digging into the details.

On the positive side, the survey revealed that:

• Misconduct at work is down
• Reporting of observed misconduct is up
• Ethical cultures are stronger, and
• Pressure to cut corners is lower.

But before we start congratulating ourselves too much, however, there were some cautionary data as well. For instance, 30% of people who observed behavior that constituted a "red flag" (activities that may be indicative of material fraud or questionable actions taking place) said they did NOT report it. You can't take appropriate action to mitigate potential misconduct if you aren't aware of it!

Furthermore, there is an interesting analysis of results from past Business Surveys that may suggest we are in an "ethical bubble."


If you look at the chart, you'll see that in the last economic downturn, reported misconduct also decreased, but as the economy improved, misconduct rose with it. While the sample may be a bit small, the parallels between the S&P Index and observed misconduct are fairly consistent. The ERC surmises this may be because in hard times management may talk (and inspect) more on the importance of high standards. Thus, misconduct goes down.

This really has me thinking...On one hand, I know that most of our clients are putting their money where their mouth is - allocating resources to ethics and compliance programs and making a true commitment to fostering an ethical culture. I don't see this changing as we exit the down turn. But the chart is revealing. Curious as to your thoughts - are we really in a bubble? Is this latest good news fleeting?

I'll leave you with the advice the ERC has for Ethics and Compliance Professionals:
Focus on culture and collect data! Now is the time to assess your culture and put in place processes - especially regarding the collection of potential violations of your stated code of conduct - for how you manage issues and events that expose your organization to risk.

Quick Links

Image via Wikipedia

I've come across a number of really great research reports over the past few weeks, and wanted to share them with you. In each case I'm finding myself going back and finding a new nugget that directly relates to Governance, Risk and Compliance, and the challenges our customers and prospects face. I'd encourage all of you to download these reports if you have not already done so.

Kroll Global Fraud Report
This is the latest of the Kroll Fraud reports, where they survey hundreds of senior executives across the world to understand the impact of fraud and corruption, both in individual industry segments and in specific geographic regions. One of the things that stood out to me on first reading was that the overall incidence of reported fraud did not increase significantly during the past year, despite what was expected. But there are differences across the various industries and countries worth understanding.

If you'd like to get a quick overview of the contents in the report, you can attend a webinar we are hosting with Blake Coppotelli and David Holley of Kroll.

Transparency International's Global Corruption Report 2009
Learned about this one from the excellent FCPA Blog. This is a really comprehensive report (weighs in at 496 pages!) which definitely requires multiple visits. But to give you a taste of what's inside, consider:

• 90% of the top 200 businesses worldwide have adopted business codes, but fewer than half report they monitor compliance!
• Companies with anti-corruption programs and ethical guidelines are found to suffer 50% fewer incidents of corruption. While that may seem obvious -especially based on other research - the question I would have is why, then, do not all companies have business codes, and why do relatively so few monitor compliance?

Fulbright's 6th Annual Litigation Trend Survey
Stumbled on the 5th annual survey last year, so was pleased to learn the latest version is out. Interestingly, as opposed to what Kroll reports, this survey of mostly General Counsels, Head of Litigation, and people with titles just below those (e.g. Senior Counsel, Associate General Counsel, etc.) reported that the incidence of companies reporting corruption/bribery investigations over the past 12 months has nearly doubled since last year! But bribery/corruption is not the only thing with which these respondents are challenged. According to the survey 40% have seen increases in wage & hour, multi-plaintiff and employement cases over the past year.

As I said, there is a lot of great information in these reports - hopefully you'll learn something as well!

The New Normal

Image via Wikipedia

With Less, Do More

The other day I read Microsoft CEO Steve Ballmer’s latest executive e-mail, entitled The New Efficiency. A few of his thoughts resonated with me, and in my opinion, have broad applicability to the market segments and business functions we serve at EthicsPoint. I’d encourage you to read all his comments, but want to highlight a few here.

Ballmer’s email starts with,

In all the talk about the economy, one term that comes up more and more frequently is something called “the new normal.” I like this phrase because it speaks to the fact that economic reality has undergone a fundamental shift over the course of the past 12 months.

So what is the nature of this shift? After years of economic expansion fueled by unrealistic rates of consumption and unsustainable levels of private debt, the global economy has reset at a lower baseline level of activity. Today, people borrow less, save more, and spend with much greater caution.

This is the new normal and it will be with us for some time to come. The issue now is how to respond.

I think Mr. Ballmer is spot on with this line of thinking – despite some encouraging signs of economic recovery, I think it’s going to take longer and be more difficult than any of us want, and even after the recovery has been achieved, the marketplace in which we all compete will be completely different than it was prior to the meltdown.

Mr. Ballmer goes on to stress the importance of cutting costs, but points out that no company ever cut their way to greatness. Rather, to ultimately succeed, you need to do two things – increase productivity and provide value to your customers – the trick is how you achieve these two objectives simultaneously. He writes:

For years, we’ve talked about how information technology enables companies to do more with less. But during this economic reset, IT provides business leaders with the answer to a slightly different question: Can my company with less, do more?

Other trends give this question even greater urgency. Workforces are more distributed and employees are more mobile. Government regulations are increasing and compliance requirements are mounting. Data security is more important to preserve and more difficult to maintain.

At EthicsPoint, we’re seeing Mr. Ballmer’s comments play out in our customer base every single day. Compliance mandates are mounting, governmental enforcement is strengthening (witness the increase in FCPA prosecutions and Corporate Integrity Agreements), rates of employee misconduct – if not increasing – are at least holding steady, and compliance, audit, HR and other budgets are being cut. The only way to effectively manage in this environment is to find ways to build efficiencies into your processes – increase the level of collaboration, communication and insight across the enterprise, while eliminating waste, and the barriers that create and maintain organizational silos.

As I’m going through our own internal 2010 budgeting and strategy-setting sessions, I’m challenging myself and my team to think about Ballmer’s question: how can we – with less, do more?

What are you doing?

Detecting Fraud

Image by Roby© via Flickr

KPMG released their Fraud Survey 2009 the other day. Among some of their findings were:

• Nearly a third of executives expect some form of fraud or misconduct to rise in their organizations
• 66% of respondents reported that inadequate internal controls or compliance programs at their organizations enable fraud and misconduct to go unchecked.
• Roughly a quarter of respondents lack effective protocols on how investigations should be conducted and what point the board of directors should be alerted to potential concerns. (check out our website in the next few days to sign up for a webinar addressing internal investigations)

There was a lot of thought-provoking data in addition to the stats above. But the one thing that got me thinking was their finding that 47% of executives believed that Internal Audit, Legal or Compliance would be the most likely to uncover fraud in their organization - the number one source for detection. Yet they note in their report that this contrasts with the findings in both the ACFE Report to the Nation 2008 (tips were identified there as the number one source) and their own KPMG Integrity Survey 2008-2009 that cited Internal Audit as among the least likely channels to which employees would feel comfortable reporting misconduct.

From an EthicsPoint perspective, we've always said the venue is not important - whether fraud is detected by people reporting via a hotline, though face to face conversations with their manager, HR or other appropriate personnel, through controls or other methods - what's important is that your organization have a strong ethical culture, a way to collect reports of misconduct, and a system to consistently investigate, document, resolve and ultimately analyze each report.

But I'm curious as to your reactions - In your own organization or experience, what do you think is the most important channel for detecting fraud?