Corporate ethics critical for true risk management
Ethics is a difficult subject. It is also known as moral philosophy, which is a short way of saying that there will be endless arguments and disagreements about what it means in the first place.
Although it purports to study good and bad and right and wrong, the problem with ethics is that there is no single definition – it is utterly subjective.
Corporate ethics is equally subjective. What one company deems to be ethical behaviour will differ from another.
There is also the problem that people confuse (often deliberately) ethics and legality. Or to put it another way, unethical and illegal are not the same thing. There is a big gap between legal and illegal, and it is perfectly possible to have things that are legal, but, still unethical.
However, there is a basic understanding by most human beings as to the sorts of behaviour that are ethical or unethical. And when an employee feels that there is unethical behaviour in his company, then he or she can report it.
hide
But the role of whistleblower is a lonely, frustrating and ultimately dangerous one.
No-one knows this more than Paul Moore, now heading up his own consultancy, Moore, Carter & Associates, but best known as the whistleblower and former Head of Group Regulatory Risk at HBOS. He has been effectively shut out of the financial services industry as his reward [see related story].
Mr. Moore was, however, the perfect person to provide the keynote speech at the Institute of Risk Management annual conference, and set the scene for discussions on corporate ethics and the role of risk management. He was, after all, the risk professional whose warnings were ignored, and was sacked for his trouble.
His talk was filled with statements that should become a risk professional’s mantra:
- Culture is far more important than process or structure in risk management;
- You can’t create the right culture where there are laws of governance that do not allow one to speak the truth to power;
- Self serving statements without corroboration bear no weight;
- Risk management is not about not taking them.
Mr. Moore explained to the IRM Forum that the biggest risk to an organisation is a ‘cultural indisposition to challenge.’ He added: “There is no doubt that you can have the best governance processes in the world but if they are carried out in a culture of greed, unethical behaviour and indisposition to challenge, they will fail.”
He stressed the importance of being able to challenge, and the importance of independent checking of material things. “Check if statements made are actually true, whether it is a report or a comment… Forensic skills are very important – we have to be evidence-based in everything we do.”
Mr. Moore also referred to his submission to the U.K. Treasury Select Committee, in which he talked of a ‘completely inadequate separation and balance of powers between the executive and all those accounting for their actions and reining them in, i.e. internal control functions such as finance, risk, compliance and internal audit, non-executive chairmen and directors, external auditors, the FSA, shareholders and politicians.’
Continuing the themes set out by Mr Moore, a workshop immediately followed his presentation entitled ‘Ethics, Weak Signals and Effective Risk Management’.
The workshop was led by Richard Anderson, a risk management practitioner, previously with PwC. He started by pointing out that achieving risk management objectives depends on four things. These are to:
- take more managed risk;
- avoid unnecessary problems and pitfalls;
- create the right performance culture; and,
- set the appropriate corporate ethics and behaviour.
Mr. Anderson added that it was possible to do too much. For example to take too much managed risk could lead to problems. But, equally, if you avoid all problems you risk inaction, he said.
Similarly, if you focus too much on performance culture, you can risk burn out, and, if corporate ethics are too restricted, then it is possible to end up with eggshell syndrome.
Mr. Anderson stressed that it is important to get the balance right, to remain in what he described as ‘the performance zone’.
As an example of organisations that failed to hit the right balance, he pointed to Enron and certain banks, where there was a culture that almost totally excluded ethics. And there was simply too much emphasis on taking risk and performance culture.
“There are enormous tensions between ethics and performance culture,” said Mr Anderson. “We are now living in a sort of post-ethical society. Every corporation and every individual is expected to ‘max out’. It is how we are driven at school and at work. My feeling is that as they are pushed in that performance direction, their ability to exercise ethics becomes harder. But without ethics, we end up in the Enron situation,” he continued.
Ethical behaviour has to start at the very top. According to Mr Anderson, there is no doubt (and research backs this up) that if there is any sign of non-compliance or evasion seen at the top, it will spread through the organisation like wildfire.
The issue of ‘weak signals’ was developed in the workshop. There is a fundamental problem with whistle-blowing, which is that employees are reluctant to report for two reasons, said Mr Anderson. The first is the perceived futility of reporting, since it is believed that nothing will be done, and the second is fear of repercussions. He warned of the ‘dangerous silence’ and said that companies had to find ways to re-engage employees.
He then talked about the need for ‘sensitivity to weak signals’ and the ability to pick up these weak signals early on, in order to provide enough time for action. “You have to listen to employees and engage with them, but, they will only talk if they think that they will be treated in an ethical manner,” he said.
But, how can companies engage staff, and learn to pick up on these weak signals?
The workshop came up with various methods:
- discussion forums for staff (either physical or online);
- effective whistle-blowing policies;
- create active participation to counteract the ‘dangerous silence’;
- dissemination of changes in policies, rules and guidance;
- full time leadership to work at the highest level, with a non-executive overseeing the overall ethical dimension of the organisation.