Converging ethics, governance, and culture
-
Upload
business-integrity-alliance -
Category
Business
-
view
1.570 -
download
1
description
Transcript of Converging ethics, governance, and culture
CONVERGING ETHICS,
GOVERNANCE, AND CULTURE
Michael Brozzetti, CIA
Washington DC
May 12, 2011
DISCLOSURE: Michael Brozzetti represents his personal commitment to protect and guard the Internal Auditing profession's principles
for integrity, competency, confidentiality, and objectivity as provided for within the Institute of Internal Auditors Code of Ethics. Michael
Brozzetti is President of Boundless LLC, an expert internal auditing and governance firm and is Chairman of the Business Integrity
Alliance™ which is a joint venture between zEthics, Inc. and Boundless LLC missioned to advocate and advance the practices
supporting the principles of integrity, transparency, accountability, and risk oversight. Michael Brozzetti is a Certified Internal Auditor®
Learning System training partner with the Institute of Internal Auditors, Villanova University, and the Holmes Corporation. Michael
Brozzetti is currently under consideration for the zEthics, Inc. Board of Directors. Michael has no material holdings in the Capital
Markets.
Relevant Introductory Quotes • “What we really need is a new paradigm for due diligence when it comes to fraud.”
- Former SEC enforcement attorney, Pat Huddleston Interview,
- John Buchanan. “It Could Happen to You.” Conference Board Review – Spring 2011
• “It’s really about intentional opaqueness where transparency is legally required. It’s about taking steps to hide the true nature of transactions…”
• Former Prosecutor of the U.S. Attorney’s Office, George Terwilliger Interview
• John Buchanan. “It Could Happen to You.” Conference Board Review – Spring 2011
• “I have discovered that greater government attention to corporate ethics and compliance activities is a smarter investment than endless federal prosecutions, suspensions, and debarments.”
• Retired Federal Inspector General – May 12, 2011
• “Problems cannot be solved by thinking within the framework in which they were created.”
• Albert Einstein
2
The IIA asked is there a culture of risk?
3
If we define culture as "a way of life - the
behaviors, beliefs, and values that are passed
along by communication and imitation from one
generation to the next" and put it into an
organizational context then we can assume the
term "generation" refers to the hierarchical levels
and parent/child relationships that exist within an
organization.
Who want to talk about
Ethics and Culture?
4
Who thinks culture
affects performance?
5
The Convergence of EGC
6
Governance
Culture Ethics
Ethics
7
Governance
Culture Ethics
Ethics Gone Wrong
Satyam Computer Services Ltd.
• Known as the as the “Enron” of India.
• Some $1 billion in declared revenue at the outsourcing firm turned out to be nonexistent. PwC probed for signing off on financial statements.
• In 2005, the bank's CIO, was ousted for buying preferential stock options from Satyam, even as he awarded the firm major contracts. Satyam was allowed to remain.
• Satyam had been linked not only to financial wrongdoing, but "ultrasensitive data heists“ from customer World Bank.
Source: FOX News
Ethics Gone Wrong
New Century Financial
• New Century Financial Corp, the largest independent provider of home loans to people with poor credit, filed for bankruptcy two years ago amid mounting customer defaults.
• $1 Billion dollar lawsuit filed against KPMG in March 2009 by trustees of New Century.
• “As far as I am concerned, we are done. The client thinks we are done. All we are going to do is piss everybody off.”
- KPMG partner
Financial Week: March 31, 2008 12:01 AM
Ethics Gone Wrong
Enron
• On November 30, 2001 the Company filed bankruptcy and 4,000 employees lost there job that day with only 30 minutes to gather there belongings and exit the building.
• Ken Lay and Jeff Skilling were tried in 2006 for their part in a 53-count indictment covering a broad range of financial crimes, including bank fraud, making false statements to banks and auditors, securities fraud, wire fraud, money laundering, conspiracy and insider trading.
• "Well, thank you very much, we appreciate that . . . asshole.”
– Jeff Skilling, Former Enron CEO & COO
Ethics Gone Wrong Lehman “Alter Ego”
• One of the vehicles that Hudson Castle created was called Fenway, which was often used to lend to Lehman, including in the summer of 2008, as the investment bank foundered.
• Hudson Castle might have walked away earlier if not for Fenway’s ties to Lehman.
• Lehman itself bought $3 billion of Fenway notes just before its bankruptcy that, in turn, were used to back a loan from Fenway to a Lehman subsidiary.
• While Hudson Castle appeared to be an independent business, it was deeply entwined with Lehman. For years, its board was controlled by Lehman, which owned a quarter of the firm. It was also stocked with former Lehman employees.
Source: NY Times
Ethics Gone Wrong Goldman Sachs
Sued by SEC for Fraud
• The federal government charged Goldman Sachs, a prominent New York financial house, with fraud on Friday, accusing the firm of deceiving investors who bought mortgage bonds that select clients already knew were likely to fail.
• The SEC also named Fabrice Tourre, a Goldman Sachs vice president, who helped create and sell the investment deal, which cost investors more than $1 billion when mortgages defaulted.
• April 16, 2010 NY Times
Ethics Getting Better
Computer Associates, Inc.
• Charles Wang and a few other former executives participated in a $2.2 Billion accounting fraud against Computer Associates.
• New leadership executed a Deferred Prosecution Agreement “DPA” with the U.S. Government in 2000 to turnaround the company.
• In 2004, CA ended-up paying $225MM to victimized shareholders.
Ethics Gone Right
Coke • In a nutshell three people, including an
executive assistant at Coke, were busted and charged with stealing trade secrets, as well as a product sample, and trying to flog them to arch-rival Pepsi for $1.5 Million.
• In terms of ethics, the most interesting part about this story was that Pepsi had alerted Coke to what was going on, and Coke immediately called the police.
Principles, Values, and Ethics
15
• Inform our choice of values, morals, and ethics. Principles
• Attitude sets that influence behavior Values
• Standards by which behavior is evaluated for their morality – their rightness or wrongness
Ethics
“Values motivate, morals and ethics constrain”
– Paul Chippendale
Ethics in the Regulatory Context
• Section 406, which directs us to adopt rules requiring a
company to disclose whether it has adopted a code of
ethics for its senior financial officers, and if not, the
reasons therefor, as well as any changes to, or waiver of
any provision of, that code of ethics.
16
Honoring Public Service
17
(11) Employees shall disclose waste, fraud,
abuse, and corruption to appropriate
authorities.
TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635—STANDARDS OF
ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH
Trust in Public Service
18
TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635—STANDARDS OF
ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH
(c) A violation of this part or of supplemental
agency regulations, as such, does not create
any right or benefit, substantive or
procedural, enforceable at law by any
person against the United States, its
agencies, its officers or employees, or any
other person.
Caremark Case Law • Since the 1996 Delaware Chancery Court decision in In re Caremark International Inc. Derivative Litigation,1 the fiduciary duty of corporate directors has been understood to embrace the adoption and maintenance of corporate compliance programs that are designed to detect corporate wrongdoing and bring it to the attention of management and the board of directors.
• Stone v. Ritter involved a derivative action by shareholders of AmSouth Bancorporation ("AmSouth"), in the wake of the disclosure that AmSouth had paid $50 million in fines and civil penalties arising from violations of the federal Bank Secrecy Act.3 The lawsuit alleged that the directors of AmSouth had breached their duty to act in good faith because, while AmSouth maintained a program to monitor Bank Secrecy Act compliance, the program was not adequate to prevent the violations giving rise to the fines and civil penalties.
• First, the Court held that the Caremark standard is the appropriate standard for director duties with respect to corporate compliance issues; and second, there is no duty of "good faith" that forms a basis, independent of the duties of care and loyalty, for director liability. 3 31 U.S.C. §5318 et seq. (2006).
The DOJ after Caremark:
• Legal Guidance Regarding Board Oversight
• The McNulty Memo provides that, when assessing the adequacy of a company’s compliance efforts, prosecutors should consider whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct;
• Such as whether directors exercise independent review over proposed corporate actions, whether directors are provided with information sufficient to enable the exercise of independent judgment, and whether directors have established an information and reporting system reasonably designed to provide management and the board of directors with timely and accurate information.
20
The Corporate Conscience
“A self-aware person will act completely within their
capabilities to their pinnacle, while an ignorant person will
flounder and encounter difficulty.”
- Socrates, Greek Philosopher
21
Governance
22
Governance
Culture Ethics
The “Black Box” of Governance
23
Ethics
Governance
Risk
Compliance
Internal Control
Communication and Trust
What state is the culture in?
Discovery risk Enterprise risk
20th Century Governance Challenges
Ethics
Governance
Risk Management
Compliance
Internal Control
Communication & Trust
What state is the culture in?
Level of transparency into the culture No practical way to continual monitor the “Soft controls” that
shape cultural norms and risk appetites.
Limited foresight into the cultural risks
that manifest misconduct and fraud.
Disclosure, speed, and flow of risk information Often filtered and/or distorted.
Accountability and culpability Case law suggests that not
knowing and ignorance is a
defensible claim.
Over 95% of lawsuits are
settled or dismissed
The Governance System
25
People
Ethics
& Culture
Internal
Adjudication
Process
Internal
External
Technology
Systems / Devices Information / Data
Key Governance Questions?
1. Is it Legal?
2. Is it Ethical?
3. Is it Sustainable?
26
Ethics in Context of a U.S. Law
27
Innocent
Not
Guilty
Guilty
Ethical Judgment Legal Judgment
“Not Guilty, Does Not Mean Innocent”
– University of Pennsylvania Law School Student
Judgment System Difference
• Measured to core
values
• Internally controlled
and adjudicated
• 100% Transparency
• Subject to confession
and repentance
• Immunity-in-
conscience
28
Ethical Judgment Legal Judgment
• Measured to law or
regulation
• Externally influenced
and adjudicated
• Opaqueness (95%)
• Subject to external
punishment and
damages
• No immunity
Mission and Code
29
Sustainability and Integrity in Context
30
• The rules of conduct recognized in respect to a particular class of human actions or a particular group, culture. Ethics
• A way of life - the behaviors, beliefs, and values that are passed along by communication and imitation from one generation to the next.
Culture
• The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
Governance
• Integrity is consistency of actions, values, methods, measures, principles, expectations and outcome. As a holistic concept, it judges the quality of a system in terms of its ability to achieve its own goals.
Integrity
Culture
31
Governance
Culture Ethics
Cultural Tones
32
Undertone Overtone
– Complacency, Laziness, and
satisfaction with status-quo
– Loose controls with
insatiable appetite for risk
– Short-term decision making
at the expense of long-term
benefit sustainability
– Autocratic and self-focused
cultures, internal politics,
power struggles
+ Strong cultural work ethic
that challenges assumptions
+ Tight controls with
thoughtful risk appetite
+ Balanced decision making
considering short and long
term benefit sustainability
+ Collegial and team-focused
cultures, “conscientious
employees,” balanced power
National Association of Corporate Directors
VI. Integrity, Ethics & Responsibility: Governance
structures and practices should be designed to promote an
appropriate corporate culture of integrity, ethics, and
corporate social responsibility.
NACD Comment Letter to SEC
“A strong corporate culture is one of the best tools a
company has for combating fraud.”
- NACD Barbara Hackman Franklin
Rating Scale
1 2 3 4 5 6 7 8 9 10
Poor Excellent
Cultural Elements
• Ethics & Governance - Assess the level of illegal or fraudulent activities; withholding or covering up
information; manipulating government reports; scandal; managerial mischief; misconduct; unethical
behavior; lying; falsification of records; sexual harassment; drug and alcohol abuse; etc.
• Risk Management - Identify risks, quantify and assess the level of risk taking by senior management;
quantify the risk of operational failures, etc.
• Strategic Planning - Assess the organization’s strategic planning methodology and practices;
determine whether managers are allocating sufficient resources to execute the strategic plan effectively
and efficiently; etc.
• Management - Assess the competence and character of management; does the management team
work well together; is management being held accountable for decisions that impact the organization’s
performance, strategic goals and objectives; is management consistent in its decision making; etc.
• Communication - Assess how well the organization communicates the information required to
accomplish goals and objectives; identify when there is a problem with miscommunication of
information or misinformation; etc.
• Organization - Assess the Organization’s Internal Controls, Policies, Procedures and Systems;
identify structural flaws or weaknesses in the organization; etc.
• Empowerment - are employees empowered to perform their duties and responsibilities without fear,
reprisal or reprimand; is management undermining the staff’s ability to perform their duties and
responsibilities; do employees have sufficient training and skills to perform their duties, etc.
• Compliance (Auditing, Quality) - Assess compliance with all laws and regulations; identify problems
or concerns with the
35
External Culture Benchmarks Industry Culture Benchmarks
36
Note: Chart is for illustrative purposes only. Y = Year.
37
Internal Culture Benchmarks Cultural Trend Analysis
Note: Chart is for illustrative purposes only. PY = Prior Year and CY = Current Year trending.
Cultural Assurance
38
BU #3 Executive Survey CEO CFO COO VP HR CIO
Ethics & Governance 8.6 8.2 2.1 1.6 5.8
Risk Management 8.0 7.2 3.1 3.0 5.8 Strategic Planning 7.4 7.6 3.6 3.4 5.2 Management 7.6 7.8 1.4 1.8 5.4 Communication 5.4 6.0 1.1 1.0 4.8 Organization 6.2 7.8 1.8 2.0 5.8 Empowerment 7.2 7.6 2.5 2.0 5.4 Compliance (Audit & Quality) 8.0 4.8 2.3 2.0 6.6
CCI™ Composite Rating 7.3 7.1 2.3 2.1 5.6
Business Unit Survey Business Unit 1 Business Unit 2 Business Unit 3 Business Unit 4 Business Unit 5
Ethics & Governance 4.6 4.7 2.4 5.3 4.3
Risk Management 4.3 4.9 1.0 5.3 3.9
Strategic Planning 3.7 4.0 2.8 5.0 3.9
Management 3.6 4.1 1.3 4.9 3.5
Communication 5.0 5.6 4.3 5.9 5.2
Organization 4.0 4.8 2.5 5.1 4.1
Empowerment 4.5 4.9 2.8 5.6 4.5
Compliance (Audit & Quality) 5.2 5.4 3.8 5.6 5.0
CCI™ Composite Rating 4.4 4.8 2.6 5.3 4.3
This is fictitious data for illustrative purposes only
Drill down and gain dynamic views into the
organizational corporate culture for internal
benchmarking
What conclusions can you yield?
Source: zEthics, Inc.
What conclusions can you yield?
Reporting Category Company Industry
Average
Sector
Average
Region
Average
Ethics & Corporate Governance 2.4 4.6 4.7 5.3
Risk Management 2.8 4.3 4.9 5.3
Strategic Planning 1.0 3.7 4.0 5.0
Management 1.3 3.6 4.1 4.9
Communication 4.3 5.0 5.6 5.9
Organization 2.5 4.0 4.8 5.1
Empowerment 2.8 4.5 4.9 5.6
Auditing / Quality Control 3.8 5.2 5.4 5.6
Composite Rating 2.6 4.4 4.8 5.3
Source: zEthics, Inc.
What conclusions can you yield?
Reporting Category CEO CFO COO CMO CAO
Ethics & Corporate Governance 5.8 1.6 8.2 5.8 8.6
Risk 5.8 3.0 7.2 5.6 8.0
Strategic Planning 5.2 3.4 7.6 5.4 7.4
Management 5.4 1.8 7.8 5.6 7.6
Communication 4.8 1.0 6.0 4.4 5.4
Organization 5.8 2.0 7.8 4.6 6.2
Empowerment 5.4 2.0 7.6 4.6 7.2
Auditing / Quality Control 6.6 2.0 4.8 6.6 8.0
Composite Rating 5.6 2.1 7.1 5.3 7.3
Source: zEthics, Inc.
What conclusions can you yield?
Reporting Category President EVP SVP VP Director
Ethics & Corporate Governance 5.0 6.2 7.0 8.4 8.6
Risk 4.4 6.6 6.6 8.4 8.2
Strategic Planning 2.8 6.6 5.2 5.0 5.6
Management 4.8 6.6 5.8 6.2 7.0
Communication 2.6 5.2 6.6 6.0 6.0
Organization 5.6 6.0 5.6 6.2 7.4
Empowerment 4.8 4.2 6.0 7.2 6.0
Auditing / Quality Control 5.2 5.6 5.4 5.4 7.0
Composite Rating 4.4 5.9 6.0 6.6 7.0
Source: zEthics, Inc.
What conclusions can you yield?
Reporting Category Chairman Non-Exec
Board Company Composite
Ethics & Corporate Governance 2.2 6.4 6.2
Risk 6.0 6.0 6.3
Strategic Planning 2.8 5.2 5.2
Management 3.4 6.2 5.7
Communication 1.0 5.4 4.5
Organization 1.4 6.4 5.4
Empowerment 2.0 5.2 5.2
Auditing / Quality Control 3.8 5.4 5.5
Composite Rating 2.8 5.8 5.5
Source: zEthics, Inc.
Internal Adjudication
44
Code of Conduct
Code of Ethics (Per Professional
Practice Standards)
Company Policy
Regulation
Law
Business Issues
Legal Issues
Ethics Compliance
Ethics Compliance
Management (Independent of Incident)
Audit, Risk, &
Compliance
General Counsel External Legal Counsel
General Counsel
Independent Committee
Independent Committee
Independent Committee
Transparency into Incident Reporting
45
# 1 # 2 # 3 # 4 # 5
Report Filings 16 12 28 25 21
Code of Conduct 5 4 15 5 8
Professional Conduct 4 5 6 5 6
Policy 4 2 3 12 4
Regulation 1 0 4 3 1
Law 2 1 0 0 2
Report Status
Open – In Queue 9 6 11 8 15
In Due Diligence 2 2 7 3 5
Resolved 5 4 10 14 1
Report Resolution (YTD) 1 2 9 2 4
Authority Change 0 1 3 0 2
Disciplinary Action Taken 1 0 4 1 2
Restitution 0 1 0 0 0
Prosecution 0 0 2 1 0
Average Cycle Time (Days) 102 82 55 77 89
Quality for the Ethics Compliance System
46
The Penney Idea A strong principled foundation since 1913
1. "To serve the public, as nearly as we can, to its complete satisfaction. “
2. "To expect for the service we render a fair remuneration and not all the profit the traffic will bear."
3. "To do all in our power to pack the customer's dollar full of value, quality, and satisfaction."
4. "To continue to train ourselves and our associates so that the service we give will be more and more intelligently performed."
5. "To improve constantly the human factor in our business."
6. "To reward men and women in our organization through participation in what the business produces."
7. "To test our every policy, method, and act in this wise: Does it square with what is right and just?
47
More Q&A Time…
48
Michael Brozzetti, CIA
President, Boundless LLC
(215) 687-7376