Contact Us | Site Map

Executive Summary

This survey of one hundred twenty-seven ethics and compliance officers was conducted during the summer and fall of 2006. Interesting features of the programs reported herein, and certain of the data correlations, may prove valuable to organizations as they compare their own activities and strive to strengthen the leadership of executives and board members and to improve the trust and participation of employees in protecting the reputation of the organization and their own integrity.

Relationships Between Ethics and Compliance Offices. Most programs (88%) integrate ethics and compliance responsibilities under one senior executive officer, who is most often (58%) an attorney. Given the influence of the 1991 Sentencing Commission Guidelines with their recommendations that organizations create programs that would “prevent and detect” criminal violations of the law, and the re-enforcing effect of Sarbanes-Oxley’s focus on the responsibilities of senior executives and the board of directors, it is not surprising that so many companies rely on their lawyers to organize, manage or oversee the mechanisms for employees to report misconduct or to seek advice about proper behavior. Who better to teach employees about the law, to manage investigations into possible criminal actions, or to brief board members about related issues, risks and potential liability? As sensible as this may seem, there are at least three problems that may be created by this arrangement.

First, the ethics office, merged with or subsumed under the compliance function, often reports, not directly to the CEO and to the board of directors, but through the legal department,relieving top management and independent directors of both the responsibility and the opportunity for a full, direct report from and interaction with the ethics officer.

Second, utilization of the ethics help-line declines when it goes through the legal department or to a compliance office headed by an attorney. Employees are less likely to report misconduct, if they believe that doing so will result in their being deposed and, eventually, disclosed.

The third problem is that lawyers’ expertise is not in ethics, but in understanding and ensuring compliance with the legal and regulatory requirements for doing business.Consequently, lawyers’ emphasis is likely to be not on ethics, but compliance.

Moreover, corporate attorneys participating in the survey overwhelmingly believe that the principal cause of misconduct is ignorance of laws, regulations and company policies. By contrast, managers are experienced in the business environment, processes and activities which may lead to, or result in, improper conduct. They know that the fundamental causes of unethical and illegal conduct are not ignorance of the law or policies, but failures of leadership, pressures to meet aggressive goals, and their own desire to meet expectations—their boss’s, their teammates’, their own.

Management and Board Reports. The revised Guidelines place responsibility on top management to “ensure that the organization’s program is effective”and on the board of directors to be “knowledgeable about the content and operation” of the program while exercising “reasonable oversight with respect to the implementation and effectiveness.” Nonetheless, the officer in charge of the ethics/compliance office reports directly to the CEO in only half of the companies. That means that nearly half the CEOs lack regular, direct contact with the ethics/compliance program. One-third report to the General Counsel instead.Ethics and/or compliance officers usually meet with the Board of Directors at least quarterly (47%); however, those who do not report to the CEO meet less frequently with the board, with those reporting to the General Counsel meeting least often with the board or not at all.

Pressures on the Ethics/Compliance Offices. Ninety-four per cent ofethics/compliance offices are responsible for investigations into alleged misconduct. One-fourth(25%) of these reported that their performance objectives included an increased rate of case closure over the previous year. Efforts to achieve these objectives caused more than one in four to report either that the quality of investigations had suffered as a result or that they were concerned that this would happen. Nine percent reported that decisions whether to open a case had been affected, and another 18% were concerned that such would result from the increased objectives.

Queried about pressure not to pursue an investigation into alleged misconduct, none of the respondents reported experiencing such pressure from members of the Board of Directors. However, one in three (33%) had felt such pressure from corporate officers, though rarely. More than half (51%) of the ethics/compliance officers had experienced pressure from managers or supervisors not to pursue investigations, with 10% reporting that it occurred frequently.

“Hotlines/helplines”. Most “hotlines/helplines” for reporting possible misconduct are answered by outside contractors (58%).The outsourcing of this service is being contemplated by an additional eleven per cent of respondents. Those considering such a move should be aware that outside contractors, as reported by survey participants, generally experience a lower utilization rate by employees reporting misconduct. Not one of the respondents outsourcing the ‘hotlines/helplines’ reported that any employees had called those lines to seek answers about the company’s code of ethics or for advice about ethics or compliance issues at work.

Background, preparation and development of ethics and compliance
officers. Respondents were overwhelmingly attorneys by training (58%). Others reported backgrounds in management (16%), human resources (11%), finance (8%), audit (3%), academic ethics (2%), risk management (1%) and regulatory affairs (1%).

Sixty-one per cent of respondents stated that they received training before assuming their responsibilities as ethics/compliance officers. Training, however provided, was more likely to address dealing with allegations of misconduct, than with preventing misconduct by advising employees. Also, they were likely to be better prepared for responding to and investigating allegations of employee misconduct, than the possible misconduct of executives and board members. Even fewer respondents were trained to handle potential misconduct involving the organization’s relationships with its customers, suppliers, regulators and other external parties.

Those respondents who were taught how to design training programs for their organizations were nearly twice as likely to learn about compliance training as ethics training and more likely to be prepared to train corporate officers and managers, than hourly employees or the board of directors.

Forty per cent of respondents stated that they received no training before assuming their responsibilities as ethics and/or compliance officers. Of these, approximately three-fourths (73%) said that training was needed.

Due diligence for mergers and acquisitions. Nearly one-third (31%) of ethics/compliance offices have been involved on behalf of their organizations in due diligence regarding the ethics/compliance standards and practices of possible merger or acquisition candidates. Of these, nine percent report that they are involved regularly, another sixty-four percent occasionally, and twenty-seven percent only rarely.

Assessments of Ethics/Compliance program effectiveness. Surprisingly, forty-three per cent reported that no assessment of the ethics compliance program had yet been done, although eleven per cent plan one in the next twelve months. Most often (65%), programs were internally evaluated, rather than by an independent, objective expert.Thirty per cent hired external consultants to assess the program’s effectiveness, and five per cent relied on a peer review by ethics/compliance personnel from another company.

Assessment of the risk of unethical and illegal conduct. More than one third (34%) reported that no risk assessment had yet been done, and only three per cent plan one in the next twelve months. Most often (91%), the risks of improper conduct have been internally assessed. Four per cent hired external consultants to assess the organization’s risks, and four per cent retained a law firm for that purpose.

Between interviews and surveys, respondents would seem at least to have adequate opportunity for input from officers (95%), managers and other employees. It is curious, however, that so few indicate seeking the perspective of Board members, who collectively should represent a broad perspective on how things can and do go wrong in organizations. Moreover, if well informed about issues that have arisen through ethics and compliance activities, directors might be uniquely positioned to anticipate current and likely future risks that may confront the organization.

Clearly, respondents’ review of documents pertaining to corporate “policies, procedures and records” is focused on those documents that pertain directly to legal compliance in general, but not to particularly vulnerable areas of non-compliance risks, such as the protection of sensitive information (the company’s own and that of others) and possible procurement and contracting fraud. Given headline problems that companies have experienced in recent years in areas such as revenue recognition, financial reserves and executive compensation, the lack of attention to these issues in a risk assessment is startling.

Although checking whether ethics/compliance office recommendations were implemented was somewhat more likely to occur in the course of an organizational risk assessment than during an evaluation of the effectiveness of the ethics/compliance office, at best no more than 30% included such follow-up when assessing risks of misconduct.

©2008 Ethos International, Inc. - 5135 Westbard Ave., Bethesda, MD 20816
Read more about your privacy and terms and conditions. All rights reserved.