Ethical Issues in Business: What Boards Need and Want to Know


Published on

Boards are expected to exercise reasonable oversight of the ethics and compliance program, and this is one of many responsibilities they manage. So, how do you maximize the effectiveness of your Board interactions, build trusted relationships, and ensure that both you and your Board are meeting expectations?

This session is designed to answer the following questions:
What is reasonable oversight?
Why do Boards need both briefings and training and what should be included in each?
How can the Board impact corporate culture?
What are the biggest mistakes ethics and compliance officers make with their Boards?
What questions should your Board should be asking you?

Presented by:
Carrie Penman, President, Ethical Leadership Group

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ethical Issues in Business: What Boards Need and Want to Know

  1. 1. CLIENT CONFERENCECarrie Penman, President, Ethical Leadership Group, NAVEX GlobalEffective Interactions with YourBoard of Directors – What BoardsNeed and Want to KnowCLIENT CONFERENCE
  2. 2. CLIENT CONFERENCEEffective Interactions with Your Board of Directors –What Boards Need and Want to Know What are the roles and responsibilities of the Board? How can the Board impact corporate culture? Why do Boards need both briefings and training and whatshould be included in each? What are the biggest mistakes ethics and compliance officersmake with their Boards? What questions should your Board should be asking you?
  3. 3. CLIENT CONFERENCEBoards and executivesare increasingly underthe microscope.
  4. 4. CLIENT CONFERENCEQuestions aboutyou and your Board…
  5. 5. CLIENT CONFERENCE1. I am Chief Ethics or Comp. Officer2. I have ethics responsibilities3. No.About you and your Board…Do you have ethics and/or compliance responsibilities for yourorganization?1. Yes I am the Chief Ethics or Compliance Officer for myorganization.2. Yes, I have ethics/compliance responsibilities but am notthe Chief Ethics or Compliance Officer.3. No.
  6. 6. CLIENT CONFERENCE1. General counsel2. Another member of exec. mgmt3. Reports to exec. management4. The Chief Executive Officer5. A Committee of the Board6. The Chair of the Board7. A dual reporting relationship8. Somewhere elseAbout you and your Board…If you are the Chief Ethics and/or Compliance person - what isyour organizational reporting relationship?1. General counsel2. The CEO or another member of executive management3. Someone who reports to executive management4. A Committee of the Board of Directors5. A dual reporting relationship with the Board and executivemanagement6. Somewhere else
  7. 7. CLIENT CONFERENCEAbout you and your Board…CCO formally reports to the following individual(s)7Source: PWC State of Compliance 2012 benchmarking reportPer PWC State of Compliance 2011study, 8% reported to the AuditCommittee/BoardA - 33%B - 31%C - 3%E - 5%F - 19%G - 10%A - General Counsel / LegalB - Audit Committee / Board of DirectorsC - Chief Risk OfficerE - Chief Financial OfficerF - Chief Executive OfficerG - Other ExecutiveNumber of respondents: 126
  8. 8. CLIENT CONFERENCE1. Very engaged and knowledgeable2. Somewhat engaged, not sure what toask3. They are polite…4. Board engagement???About you and your Board…How engaged is your Board or Board Committee is in theiroversight responsibilities?1. Very engaged and knowledgeable2. Somewhat engaged but they aren’t sure what to ask3. They are polite…4. Board engagement???5. I don’t know
  9. 9. CLIENT CONFERENCETwo types of meetings with the Board Program briefing (Periodically through the year)o Risk assessment – risk areas; changes in risko Implementation of mitigation effortso Trends – internal and externalo Issues and concerns raised through the Programo Executive session Board training (every 1-2 years)o Roles and responsibilitieso Role relevanto Includes case studies
  10. 10. CLIENT CONFERENCEBoards are people too, but…AttentionSpanLevel in Company
  11. 11. CLIENT CONFERENCEBiggest mistakes Ethics Officers make when dealing withtheir Boards: Too much deference (to authority – executives and board) Irrelevance (of information presented) Lack of context (with information presented) Narrow focus on the Sentencing Guidelines, especially Helpline,code, training Status reporters (rather than strategic business thinkers) Failure to prioritize risks/concerns Too much activity reporting; not enough relevant KPI’s/results info Other scope issues:• Coverage of compliance risk universe• Hotline stats vs. all incidents
  12. 12. CLIENT CONFERENCE Reasonable Oversight Direct Access Promoting an ethicalorganizational cultureRoles and responsibilities of Boards
  13. 13. CLIENT CONFERENCERoles and responsibilities of Boards Reasonable oversight Direct access Promoting an ethicalorganizational culture
  14. 14. CLIENT CONFERENCERoles and responsibilities of the Board re: ethics andcompliance “Exercise reasonable oversight with respect to theimplementation and effectiveness of the compliance and ethicsprogram.” “Direct access” to the ethics officer “Promote an organizational culture that encourages ethicalconduct” Receive “effective training . . . . appropriate to suchindividuals’ respective roles and responsibilities.”Source: US Sentencing Guidelines
  15. 15. CLIENT CONFERENCEReasonable oversight: Full Board has knowledge and oversight of the Company’s key risksareas Full Board has knowledge of, and a Committee is delegatedoversight responsibility, of E&C program Oversight as the goal (not “honorary” board members or micro-managers) Board leads by example and ensures accountabilityo Practice the Company’s values and meet its compliancerequirementso Ensure that senior management is held accountable to thesame standards as all employeeso Ensure that compensation/incentives reflects this accountability
  16. 16. CLIENT CONFERENCEReasonable oversight: Ensure that Compliance and Ethics has:o Right peopleo Right resourceso Right support from management and the Boardo Right responsibilities and authorities Provide long term perspective-- compass in a “glocalized” world; bemindful of the great reputation of the organization Help set the tone; support a culture of integrity Establish risk tolerance/appetite Request and review information that provides evidence that risks areeffectively identified and managed
  17. 17. CLIENT CONFERENCEReasonable oversight: what we look for in Programeffectiveness assessments: Is the Board of Directors knowledgeable about the content and operation of theprogram? Does the Board exercise reasonable oversight of the implementation andeffectiveness of the Program and the organization’s culture? Does the organization have a high-level person and a person with day-to-dayresponsibility assigned to manage the program? Is there a defined relationship tothe Board of Directors? Is the Board (or a committee thereof) accessible to individuals with day-to-dayresponsibility including meeting with them in executive session? Does the Board (or a committee thereof) receive timely reports of significantissues and investigations involving the company or any elected officers?
  18. 18. CLIENT CONFERENCE Reasonable oversight Direct access Promoting an ethicalorganizational cultureRoles and responsibilities of Boards
  19. 19. CLIENT CONFERENCEWhat is real, direct access? Is formal reporting enough? Does formal reporting guarantee direct access? Can you have direct access without formal reporting? Have the events/circumstances that trigger a call been defined?
  20. 20. CLIENT CONFERENCEDirect accessFour requirements to decrease in FSG culpability score:1. Individual(s) with operational responsibility have direct reportingobligations to governing authority2. Program detected the offense3. Organization reported the offense4. No E&C program personnel involvedWhat are “direct reporting obligations”?
  21. 21. CLIENT CONFERENCEYou and your Board:Does the Chief Ethics or Compliance Officer of yourorganization meet periodically with your Board or a BoardCommittee?1. Yes, once a year2. Yes, 2 times per year3. Yes, more than 2 times per year4. No5. I don’t know
  22. 22. CLIENT CONFERENCEYou and your Board:Does the Chief Ethics or Compliance Officer of yourorganization meet with the Board or a Board Committee inExecutive session?1. Yes, once a year2. Yes, 2 times per year3. Yes, more than 2 times per year4. No5. I don’t know
  23. 23. CLIENT CONFERENCE Reasonable oversight Direct access Promoting an ethicalorganizationalcultureRoles and responsibilities of Boards
  24. 24. CLIENT CONFERENCE When a Rule, Policy or a Code conflictswith an organization’s culture, theculture trumps – and prevails most ofthe time. In order to have an effective ethics andcompliance program, a company needsto pay as much attention to culture asto policies, training, auditing, etc.We know this: culture will trump compliance
  25. 25. CLIENT CONFERENCEThe challenge: For many Board members, ethics and culture are not in theircomfort zoneo “Give me a financial statement any day!”o Not really sure what to ask you = quiet meetings
  26. 26. CLIENT CONFERENCEThe conversation about culture: Explicit/concrete examples help –o Responsibility or rules— Will people take personalresponsibility to address issues, or is it the job of somebodyelse?o Candor or quiet—Will people speak up if they seequestionable business conduct?o Accountability or acquiescence—What happens to greatperformers who violate the Code?
  27. 27. CLIENT CONFERENCEShaping a culture of integrity: talk to your Board about… Knowing your culture(s)−Employee perceptions (Surveys, focus groups, message boards)−Customer and supplier perceptions (Surveys, social media)−Reports of concern (Helpline data)−HR processes The language and branding shift−Away from compliance on its own−Toward integrity and “doing the right thing”−Selling the vision
  28. 28. CLIENT CONFERENCECulture: what can/should the Board do:• Send visible signals about behavioral expectations throughactions, including compensation• Engage in conversations with leadership about corporateculture• Monitor overall corporate culture and subcultures
  29. 29. CLIENT CONFERENCEQuestions for Board consideration…(From one of our Board training sessions) What do you think are the Company’s cultural weak links? What is the Board doing to set the culture tone?
  30. 30. CLIENT CONFERENCETypes of Board interactions Briefing Training
  31. 31. CLIENT CONFERENCEWhat do you tell them in briefings? Issues and trends Benchmarking – internal and external What’s coming? Status of the Company’s relationships with regulators Full ethics, compliance, and reputational risk universe and anyanticipated changes Audit and monitoring coverage KPIs against your plan
  32. 32. CLIENT CONFERENCEDiscuss current events that could affect your organization:Product SafetyImpact of Subcontractorson ReputationChairman Resigns; Ousted CEO to Meet With FBIDealing with Whistleblowers…Encouraging ReportingBad BehaviorA major discount retail chain faced a challenge when industry regulationchanges impacted its marketing strategy.Bribery and Corruption Concerns
  33. 33. CLIENT CONFERENCEGive them context when reviewing your program:
  34. 34. CLIENT CONFERENCERemember:Boards expect outcome driven information –Don’t just give them a laundry list of issues and statistics– tell them if the clothes are cleaner.
  35. 35. CLIENT CONFERENCETypes of Board Interactions Briefing Training
  36. 36. CLIENT CONFERENCE1. Have had full training2. Same training employees completed3. Received a briefing on E&C Program4. NoneYou and your Board:Has your full Board received ethics and compliance training in thelast two years?1. Yes, they have had full role-relevant training that includes casestudies of issues they may face as board members.2. Yes, they have taken the same training that all Companyemployees have completed.3. They have only received a briefing on our Ethics andCompliance Program.4. No, they have not received any training.5. I don’t know.
  37. 37. CLIENT CONFERENCEBoard training should be: Role relevant Effective
  38. 38. CLIENT CONFERENCETypical elements of Board training: Frameworks for ethics and compliance programs (USSG,OECD, global requirements, risk based) Board’s oversight responsibilities Specific compliance and ethics environment and risks to theorganization and to the Board Creating a culture of integrity—challenges and buildingblocks - Board observations and potential areas of impact Cases relevant to their roles and responsibilities
  39. 39. CLIENT CONFERENCEThey need to know (be trained) about issues they could face Many CCO’s assume that boards know it already and are afraidto discuss Board-specific risks. Boards need and want to talk about things like:oConflicts of interest – personal and organizationaloInsider tradingoGifts, gratuities, influencesoRecognizing their unintended influenceoIssues that have happened with other companies and BoardsoExecutive accountabilityWhat do you tell them in training?
  40. 40. CLIENT CONFERENCEUse case studies and ask how they would respond: You and they will be surprised to learn they aren’t asaligned as they think they are…
  41. 41. CLIENT CONFERENCECase example: the anonymous letter…Several members of the Board receive an anonymous letter statingthat a local Company manager is “playing games with the bookson a project in process in Corruptistan” but the letter provides noadditional information about which project, who is involved, orthe specific alleged financial impropriety. What should the Board do? Does it matter that the report is anonymous? What if the allegation involves a colleague at the Board table?
  42. 42. CLIENT CONFERENCEQuestions the Board should ask you… What information do you get to give you comfort that compliancerisks are covered? Do leaders set the right tone? How are they perceived by employees? Do we have a “make plan at all costs culture?” Is candor rewarded orpunished? What about fear of retaliation? How are we at discipline? Are top performers and high level peopleheld accountable to the Code of Conduct in the same way as otheremployees? Are there any risks that aren’t being addressed as they should be? Do you have visibility to business unit compliance?
  43. 43. CLIENT CONFERENCEQuestions the Board should ask you…(cont.) Do your businesses/functions have the resources you need to doyour job appropriately? Do you feel you have access to the CEO and us whenever you needit? What trends in issue types or company locations are you seeing? Is there anything we should know? What keeps you [ethics officer]up at night? If you had another $1 million to spend, what would you do with it?
  44. 44. CLIENT CONFERENCEQuestions:
  45. 45. CLIENT CONFERENCEThank you!Contact information:Carrie Penman, President, Ethical Leadership GroupNAVEX Globalcpenman@NAVEXGlobal.com45