Corporate directors are personally responsible for overseeing a company’s risk management efforts and its culture. The two roles are related, according to a recent Risk & Compliance Journal article (Whistleblowing Programs, 2017), which points to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) internal control framework.
But the two are not always explained in terms of an individual board member’s responsibility.
For example, the “Whistleblowing Programs” article tells us that COSO’s internal control framework “emphasizes the oversight role of the board of directors with respect to ethics and compliance programs.” It calls for organizations to communicate “deficiencies” in a timely manner to those parties responsible for taking corrective action, including the board of directors.
COSO sees the board of directors, with senior management, as being responsible to 1) demonstrate commitment to integrity and ethical values; 2) exercise oversight responsibility; 3) establish structure, authority, and responsibility; 4) demonstrate commitment to competence; and 5) enforce accountability (Anderson & Eubanks, 2015).
These are essential responsibilities of any governing body, without a doubt. The prominent role the board should play in overseeing a culture of ethics and compliance is reinforced by regulators, articles in ethics and compliance-related magazines, and ethics industry-related organizations such as Ethisphere and ECI (Ethics & Compliance Initiative).
But “the board” is usually referred to as though it were a monolithic entity, even though we all know that a board is made up of many individuals, each of whom must decide how to fulfill his or her role. Patricia Harned, ECI’s CEO, recently wrote an article outlining one course of action for an individual director (Harned, 2017).
She says, “if you are a director and you want to monitor the well-being of your organization’s culture, you should not allow any board meeting to adjourn unless the following questions have been answered to your satisfaction.” (See the full article for additional details.)
- What have we [the organization] done to communicate that integrity matters to us?
“Boards should expect that in the time that has passed since their last meeting, multiple efforts have been made by management to communicate the importance of organisational values and standards in everyday business activity. Directors should ask for [specific, related] metrics.”
- To what extent do our employees feel pressured?
“Ask management to regularly distribute a pulse survey among employees to gauge levels and sources of pressure. When significant shifts occur, management should be able to explain root causes and address efforts to resolve any issues.”
- What’s the bad news, and how did it surface?
“Ask business leaders to develop systems to capture reports made to supervisors about everyday mistakes, challenges, and other negative feedback that surface in operations. Management should be able to provide the board with a high-level summary report, on a regular basis, of the concerns that are being raised.”
- What do employees think about the culture?
“Employees often have strong views about the well-being of corporate culture, yet they are not asked for input nearly enough.”
- To what extent have our turnover rates changed?
“When employees are dissatisfied with their jobs, they leave the organization. When corporate culture becomes toxic and trouble is brewing, they leave in droves. Ask management to provide regular reports of employee turnover, especially in key operations where performance pressure is higher.”
Harned’s closing message for each member of a board of directors? “The message that culture is important and that it will be vigorously pursued begins with you.”
Ethical Advocate provides ethics and compliance training and consultation to organizational leaders. Contact us for information about comprehensive ethics and compliance solutions, including ethics and compliance training and confidential and anonymous hotlines.
Anderson, Douglas J. and Gina Eubanks. Leveraging COSO Across the Three Lines of Defense, July 2015. https://www.coso.org/Documents/COSO-2015-3LOD.pdf
Harned, Patricia J. “Corporate Culture: Five Questions for the Boardroom.” Board Agenda (Insights webpage), July 17, 2017. http://boardagenda.com/2017/07/17/corporate-culture-five-questions-boardroom/
“Whistleblowing Programs Become Part of Compliance DNA.” Risk & Compliance Journal, May 22, 2017. http://deloitte.wsj.com/riskandcompliance/2017/05/22/whistleblowing-programs-become-part-of-compliance-dna/