Benchmarking Ethics and Compliance Programs
Verschoor, Curtis C., Strategic Finance
One of the questions asked most frequently by those involved in corporate ethics responsibility is "How are we doing?" The question raised is how an organization stacks up in comparison with what it should do. Intended to form the basis of best practices in ethics and compliance, Foundation Guidelines "Red Book": Application Draft, April 2005, is an online document published by the Open Compliance and Ethics Group (OCEG). This framework document, available at www.oceg.org, details the essential components of an integrated compliance and ethics program and is intended to provide guidelines and benchmarks for:
* Integrated Governance, Compliance, Risk Management, and Ethics
* Mission, Vision, Values
* Compliance and Ethics Programs
* Whistleblower Hotlines
* Codes of Conduct/Ethics
* Compliance and Ethics Training Programs
* Program Audit, Assessment, and Benchmarking
Publication of the OCEG guidance is especially timely considering that the U.S. Sentencing Commission raised the bar on ethics and compliance programs last year by upgrading the necessity for organizations to monitor and oversee the effectiveness of their program to the board of directors level. The Sentencing Commission amendment applies to nonprofit organizations as well as public and privately held corporations.
The OCEG framework document demonstrates how to integrate good governance practices, risk management, ethics, and compliance into normal business operating practices. According to the OCEG, benefits from an effective ethics and compliance program include avoidance of social, reputational, and economic risks and civil liability as well as possible criminal penalties. The six principles that permeate the framework are:
1. Integrate Compliance and Ethics. The set of core values intrinsic to the company should be mirrored in its commitment to ethics and compliance as well as the design of the program and how it operates.
2. Embed Compliance and Ethics Management Processes into the Business.
3. Demonstrate Leadership. The tone at the top is critical, so senior management should consistently put the organization's values into practice and clearly communicate the program's expectations to all employees. Periodic appraisal of employee integrity and ethical behavior should be included as part of the normal performance evaluation process.
4. Require Accountability and Ownership. The compliance and ethics program should motivate a culture within the organization that recognizes the premise that individuals should be responsible for their actions.
5. Provide an Open Culture. Opportunities must be provided for employees to speak up about sensitive issues without being afraid of negative reaction.
6. Measure Performance and Results. Results of periodic evaluation of the program's performance should be used to make improvements.
The components of the OCEG guidance framework structure include four elements: culture, planning, responding, and evaluating. Culture is the central aspect of an ethics and compliance program, according to OCEG, and it is surrounded by the other three. When establishing a new ethics and compliance program, the first step should be for management to have a full understanding of the organization's culture. Typically, elements within culture are deeply embedded behaviors that may not be easy to change. But making necessary changes in the culture of an organization can be the key factor in ensuring success of an ethics and compliance program. The four types of culture that must be considered are ethical culture, governance culture, risk culture, and human capital culture.
The OCEG framework lists the other three components--planning, responding, and evaluating--as necessary to implement. The planning step outlines the objectives of the ethics and compliance program and helps align the program with the objectives of the organization. …