CONVERGING ETHICS, GOVERNANCE, AND CULTURE Michael Brozzetti, CIA Washington DC May 12, 2011DISCLOSURE: Michael Brozzetti represents his personal commitment to protect and guard the Internal Auditing professions principlesfor integrity, competency, confidentiality, and objectivity as provided for within the Institute of Internal Auditors Code of Ethics. MichaelBrozzetti is President of Boundless LLC, an expert internal auditing and governance firm and is Chairman of the Business IntegrityAlliance™ which is a joint venture between zEthics, Inc. and Boundless LLC missioned to advocate and advance the practicessupporting the principles of integrity, transparency, accountability, and risk oversight. Michael Brozzetti is a Certified Internal Auditor®Learning System training partner with the Institute of Internal Auditors, Villanova University, and the Holmes Corporation. MichaelBrozzetti is currently under consideration for the zEthics, Inc. Board of Directors. Michael has no material holdings in the CapitalMarkets.
2Relevant Introductory Quotes• “What we really need is a new paradigm for due diligence when it comes to fraud.” - Former SEC enforcement attorney, Pat Huddleston Interview, - John Buchanan. “It Could Happen to You.” Conference Board Review – Spring 2011• “It’s really about intentional opaqueness where transparency is legally required. It’s about taking steps to hide the true nature of transactions…” • Former Prosecutor of the U.S. Attorney’s Office, George Terwilliger Interview • John Buchanan. “It Could Happen to You.” Conference Board Review – Spring 2011• “I have discovered that greater government attention to corporate ethics and compliance activities is a smarter investment than endless federal prosecutions, suspensions, and debarments.” • Retired Federal Inspector General – May 12, 2011• “Problems cannot be solved by thinking within the framework in which they were created.” • Albert Einstein
3The IIA asked is there a culture of risk?If we define culture as "a way of life - thebehaviors, beliefs, and values that are passedalong by communication and imitation from onegeneration to the next" and put it into anorganizational context then we can assume theterm "generation" refers to the hierarchical levelsand parent/child relationships that exist within anorganization.
Ethics Gone WrongSatyam Computer Services Ltd.• Known as the as the “Enron” of India.• Some $1 billion in declared revenue at the outsourcing firm turned out to be nonexistent. PwC probed for signing off on financial statements.• In 2005, the banks CIO, was ousted for buying preferential stock options from Satyam, even as he awarded the firm major contracts. Satyam was allowed to remain.• Satyam had been linked not only to financial wrongdoing, but "ultrasensitive data heists“ from customer World Bank.Source: FOX News
Ethics Gone Wrong New Century Financial • New Century Financial Corp, the largest independent provider of home loans to people with poor credit, filed for bankruptcy two years ago amid mounting customer defaults. • $1 Billion dollar lawsuit filed against KPMG in March 2009 by trustees of New Century. • “As far as I am concerned, we are done. The client thinks we are done. All we are going to do is piss everybody off.” - KPMG partner Financial Week: March 31, 2008 12:01 AM
Ethics Gone WrongEnron• On November 30, 2001 the Company filed bankruptcy and 4,000 employees lost there job that day with only 30 minutes to gather there belongings and exit the building.• Ken Lay and Jeff Skilling were tried in 2006 for their part in a 53-count indictment covering a broad range of financial crimes, including bank fraud, making false statements to banks and auditors, securities fraud, wire fraud, money laundering, conspiracy and insider trading.• "Well, thank you very much, we appreciate that . . . asshole.”– Jeff Skilling, Former Enron CEO & COO
Ethics Gone WrongLehman “Alter Ego”• One of the vehicles that Hudson Castle created was called Fenway, which was often used to lend to Lehman, including in the summer of 2008, as the investment bank foundered.• Hudson Castle might have walked away earlier if not for Fenway’s ties to Lehman.• Lehman itself bought $3 billion of Fenway notes just before its bankruptcy that, in turn, were used to back a loan from Fenway to a Lehman subsidiary.• While Hudson Castle appeared to be an independent business, it was deeply entwined with Lehman. For years, its board was controlled by Lehman, which owned a quarter of the firm. It was also stocked with former Lehman employees.Source: NY Times
Ethics Gone WrongGoldman SachsSued by SEC for Fraud• The federal government charged Goldman Sachs, a prominent New York financial house, with fraud on Friday, accusing the firm of deceiving investors who bought mortgage bonds that select clients already knew were likely to fail.• The SEC also named Fabrice Tourre, a Goldman Sachs vice president, who helped create and sell the investment deal, which cost investors more than $1 billion when mortgages defaulted.• April 16, 2010 NY Times
Ethics Getting BetterComputer Associates, Inc.• Charles Wang and a few other former executives participated in a $2.2 Billion accounting fraud against Computer Associates.• New leadership executed a Deferred Prosecution Agreement “DPA” with the U.S. Government in 2000 to turnaround the company.• In 2004, CA ended-up paying $225MM to victimized shareholders.
Ethics Gone RightCoke• In a nutshell three people, including an executive assistant at Coke, were busted and charged with stealing trade secrets, as well as a product sample, and trying to flog them to arch-rival Pepsi for $1.5 Million.• In terms of ethics, the most interesting part about this story was that Pepsi had alerted Coke to what was going on, and Coke immediately called the police.
15Principles, Values, and Ethics • Inform our choice of values, morals, and Principles ethics. Values • Attitude sets that influence behavior • Standards by which behavior is Ethics evaluated for their morality – their rightness or wrongness “Values motivate, morals and ethics constrain” – Paul Chippendale
16Ethics in the Regulatory Context• Section 406, which directs us to adopt rules requiring a company to disclose whether it has adopted a code of ethics for its senior financial officers, and if not, the reasons therefor, as well as any changes to, or waiver of any provision of, that code of ethics.
17Honoring Public Service TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635—STANDARDS OF ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH (11) Employees shall disclose waste, fraud, abuse, and corruption to appropriate authorities.
18Trust in Public Service TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635—STANDARDS OF ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH (c) A violation of this part or of supplemental agency regulations, as such, does not create any right or benefit, substantive or procedural, enforceable at law by any person against the United States, its agencies, its officers or employees, or any other person.
Caremark Case Law• Since the 1996 Delaware Chancery Court decision in In re CaremarkInternational Inc. Derivative Litigation,1 the fiduciary duty of corporatedirectors has been understood to embrace the adoption and maintenance ofcorporate compliance programs that are designed to detect corporatewrongdoing and bring it to the attention of management and the board ofdirectors.• Stone v. Ritter involved a derivative action by shareholders of AmSouthBancorporation ("AmSouth"), in the wake of the disclosure that AmSouth hadpaid $50 million in fines and civil penalties arising from violations of thefederal Bank Secrecy Act.3 The lawsuit alleged that the directors of AmSouthhad breached their duty to act in good faith because, while AmSouthmaintained a program to monitor Bank Secrecy Act compliance, the programwas not adequate to prevent the violations giving rise to the fines and civilpenalties.• First, the Court held that the Caremark standard is the appropriatestandard for director duties with respect to corporate compliance issues; andsecond, there is no duty of "good faith" that forms a basis, independent of theduties of care and loyalty, for director liability.3 31 U.S.C. §5318 et seq. (2006).
20The DOJ after Caremark:• Legal Guidance Regarding Board Oversight• The McNulty Memo provides that, when assessing the adequacy of a company’s compliance efforts, prosecutors should consider whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct;• Such as whether directors exercise independent review over proposed corporate actions, whether directors are provided with information sufficient to enable the exercise of independent judgment, and whether directors have established an information and reporting system reasonably designed to provide management and the board of directors with timely and accurate information.
21The Corporate Conscience“A self-aware person will act completely within theircapabilities to their pinnacle, while an ignorant person willflounder and encounter difficulty.” - Socrates, Greek Philosopher
23The “Black Box” of Governance Ethics Governance Discovery risk Enterprise risk Risk Compliance Internal Control Communication and Trust What state is the culture in?
20th Century Governance ChallengesLevel of transparency into the culture No practical way to continual monitor the “Soft controls” that shape cultural norms and risk appetites. Limited foresight into the cultural risks that manifest misconduct and fraud.Disclosure, speed, and flow of risk information Often filtered and/or distorted. Ethics GovernanceAccountability and culpability Risk Case law suggests that not Management knowing and ignorance is a Compliance defensible claim. Over 95% of lawsuits are Internal Control settled or dismissed Communication & Trust What state is the culture in?
25The Governance SystemPeople Ethics Process & Culture Internal Technology Internal Systems / Devices Information / DataAdjudication External
26Key Governance Questions?1. Is it Legal?2. Is it Ethical?3. Is it Sustainable?
27Ethics in Context of a U.S. LawInnocent Guilty Ethical Judgment Legal Judgment Not Guilty “Not Guilty, Does Not Mean Innocent” – University of Pennsylvania Law School Student
28Judgment System Difference Ethical Judgment Legal Judgment • Measured to core • Measured to law or values regulation • Internally controlled • Externally influenced and adjudicated and adjudicated • 100% Transparency • Opaqueness (95%) • Subject to confession • Subject to external and repentance punishment and • Immunity-in- damages conscience • No immunity
30Sustainability and Integrity in Context • The rules of conduct recognized in respect to a particular class Ethics of human actions or a particular group, culture. • A way of life - the behaviors, beliefs, and values that are Culture passed along by communication and imitation from one generation to the next. • The combination of processes and structures implemented by Governance the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. • Integrity is consistency of actions, values, methods, measures, principles, expectations and outcome. As a holistic concept, it Integrity judges the quality of a system in terms of its ability to achieve its own goals.
32Cultural Tones Undertone Overtone– Complacency, Laziness, and + Strong cultural work ethic satisfaction with status-quo that challenges assumptions– Loose controls with + Tight controls with insatiable appetite for risk thoughtful risk appetite– Short-term decision making + Balanced decision making at the expense of long-term considering short and long benefit sustainability term benefit sustainability– Autocratic and self-focused + Collegial and team-focused cultures, internal politics, cultures, “conscientious power struggles employees,” balanced power
National Association of Corporate DirectorsVI. Integrity, Ethics & Responsibility: Governancestructures and practices should be designed to promote anappropriate corporate culture of integrity, ethics, andcorporate social responsibility.
NACD Comment Letter to SEC“A strong corporate culture is one of the best tools acompany has for combating fraud.” - NACD Barbara Hackman Franklin Rating Scale 1 2 3 4 5 6 7 8 9 10 Poor Excellent
35 Cultural Elements• Ethics & Governance - Assess the level of illegal or fraudulent activities; withholding or covering up information; manipulating government reports; scandal; managerial mischief; misconduct; unethical behavior; lying; falsification of records; sexual harassment; drug and alcohol abuse; etc.• Risk Management - Identify risks, quantify and assess the level of risk taking by senior management; quantify the risk of operational failures, etc.• Strategic Planning - Assess the organization’s strategic planning methodology and practices; determine whether managers are allocating sufficient resources to execute the strategic plan effectively and efficiently; etc.• Management - Assess the competence and character of management; does the management team work well together; is management being held accountable for decisions that impact the organization’s performance, strategic goals and objectives; is management consistent in its decision making; etc.• Communication - Assess how well the organization communicates the information required to accomplish goals and objectives; identify when there is a problem with miscommunication of information or misinformation; etc.• Organization - Assess the Organization’s Internal Controls, Policies, Procedures and Systems; identify structural flaws or weaknesses in the organization; etc.• Empowerment - are employees empowered to perform their duties and responsibilities without fear, reprisal or reprimand; is management undermining the staff’s ability to perform their duties and responsibilities; do employees have sufficient training and skills to perform their duties, etc.• Compliance (Auditing, Quality) - Assess compliance with all laws and regulations; identify problems or concerns with the
36External Culture BenchmarksIndustry Culture Benchmarks Note: Chart is for illustrative purposes only. Y = Year.
37Internal Culture BenchmarksCultural Trend Analysis Note: Chart is for illustrative purposes only. PY = Prior Year and CY = Current Year trending.
38Cultural AssuranceBusiness Unit Survey Business Unit 1 Business Unit 2 Business Unit 3 Business Unit 4 Business Unit 5Ethics & Governance 4.6 4.7 2.4 5.3 4.3Risk Management 4.3 4.9 1.0 5.3 3.9Strategic Planning 3.7 4.0 2.8 5.0 3.9Management 3.6 4.1 1.3 4.9 3.5Communication 5.0 5.6 4.3 5.9 5.2Organization 4.0 4.8 2.5 5.1 4.1Empowerment 4.5 4.9 2.8 5.6 4.5Compliance (Audit & Quality) 5.2 5.4 3.8 5.6 5.0CCI™ Composite Rating 4.4 4.8 2.6 5.3 4.3 Drill down and gain dynamic views into the organizational corporate culture for internal benchmarking BU #3 Executive Survey CEO CFO COO VP HR CIO Ethics & Governance 8.6 8.2 2.1 1.6 5.8 Risk Management 8.0 7.2 3.1 3.0 5.8 Strategic Planning 7.4 7.6 3.6 3.4 5.2 Management 7.6 7.8 1.4 1.8 5.4 Communication 5.4 6.0 1.1 1.0 4.8 Organization 6.2 7.8 1.8 2.0 5.8 Empowerment 7.2 7.6 2.5 2.0 5.4 Compliance (Audit & Quality) 8.0 4.8 2.3 2.0 6.6 CCI™ Composite Rating 7.3 7.1 2.3 2.1 5.6 This is fictitious data for illustrative purposes only
What conclusions can you yield?Source: zEthics, Inc.
What conclusions can you yield? Industry Sector Region Reporting Category Company Average Average Average Ethics & Corporate Governance 2.4 4.6 4.7 5.3 Risk Management 2.8 4.3 4.9 5.3 Strategic Planning 1.0 3.7 4.0 5.0 Management 1.3 3.6 4.1 4.9 Communication 4.3 5.0 5.6 5.9 Organization 2.5 4.0 4.8 5.1 Empowerment 2.8 4.5 4.9 5.6 Auditing / Quality Control 3.8 5.2 5.4 5.6 Composite Rating 2.6 4.4 4.8 5.3Source: zEthics, Inc.
What conclusions can you yield? Reporting Category CEO CFO COO CMO CAO Ethics & Corporate Governance 5.8 1.6 8.2 5.8 8.6 Risk 5.8 3.0 7.2 5.6 8.0 Strategic Planning 5.2 3.4 7.6 5.4 7.4 Management 5.4 1.8 7.8 5.6 7.6 Communication 4.8 1.0 6.0 4.4 5.4 Organization 5.8 2.0 7.8 4.6 6.2 Empowerment 5.4 2.0 7.6 4.6 7.2 Auditing / Quality Control 6.6 2.0 4.8 6.6 8.0 Composite Rating 5.6 2.1 7.1 5.3 7.3Source: zEthics, Inc.
What conclusions can you yield? Reporting Category President EVP SVP VP Director Ethics & Corporate Governance 5.0 6.2 7.0 8.4 8.6 Risk 4.4 6.6 6.6 8.4 8.2 Strategic Planning 2.8 6.6 5.2 5.0 5.6 Management 4.8 6.6 5.8 6.2 7.0 Communication 2.6 5.2 6.6 6.0 6.0 Organization 5.6 6.0 5.6 6.2 7.4 Empowerment 4.8 4.2 6.0 7.2 6.0 Auditing / Quality Control 5.2 5.6 5.4 5.4 7.0 Composite Rating 4.4 5.9 6.0 6.6 7.0Source: zEthics, Inc.
What conclusions can you yield? Non-Exec Reporting Category Chairman Company Composite Board Ethics & Corporate Governance 2.2 6.4 6.2 Risk 6.0 6.0 6.3 Strategic Planning 2.8 5.2 5.2 Management 3.4 6.2 5.7 Communication 1.0 5.4 4.5 Organization 1.4 6.4 5.4 Empowerment 2.0 5.2 5.2 Auditing / Quality Control 3.8 5.4 5.5 Composite Rating 2.8 5.8 5.5Source: zEthics, Inc.
Internal Adjudication Business Issues Code of Conduct Ethics Compliance Independent Committee Code of Ethics (Per Professional Ethics Compliance Independent Committee Practice Standards) Company Policy Management Independent Committee (Independent of Incident) Legal Issues Audit, Risk, & Regulation General Counsel Compliance Law General Counsel External Legal Counsel 44
45Transparency into Incident Reporting #1 #2 #3 #4 #5 Report Filings 16 12 28 25 21 Code of Conduct 5 4 15 5 8 Professional Conduct 4 5 6 5 6 Policy 4 2 3 12 4 Regulation 1 0 4 3 1 Law 2 1 0 0 2 Report Status Open – In Queue 9 6 11 8 15 In Due Diligence 2 2 7 3 5 Resolved 5 4 10 14 1 Report Resolution (YTD) 1 2 9 2 4 Authority Change 0 1 3 0 2 Disciplinary Action Taken 1 0 4 1 2 Restitution 0 1 0 0 0 Prosecution 0 0 2 1 0 Average Cycle Time (Days) 102 82 55 77 89
47 The Penney Idea A strong principled foundation since 19131. "To serve the public, as nearly as we can, to its complete satisfaction. “2. "To expect for the service we render a fair remuneration and not all the profit the traffic will bear."3. "To do all in our power to pack the customers dollar full of value, quality, and satisfaction."4. "To continue to train ourselves and our associates so that the service we give will be more and more intelligently performed."5. "To improve constantly the human factor in our business."6. "To reward men and women in our organization through participation in what the business produces."7. "To test our every policy, method, and act in this wise: Does it square with what is right and just?