Where Is Your Company Most Prone to Lapses in Integrity?

••• Every sizable organization has integrity gaps—areas where what’s considered appropriate behavior diverges from the norms set by its leaders. Within these pockets, things like offensive language, overly aggressive sales practices, or conflicts of interest may be overlooked or even implicitly condoned. Such lapses not only endanger the reputation of the company but also pose regulatory and liability risks. Many corporate leaders don’t discover the magnitude of integrity gaps until a problem has blown up into a crisis and the threat of government action or litigation looms. Board members are often taken by surprise, asking, Why didn’t we spot this earlier? Shouldn’t we have known where we were vulnerable and how? Compliance and ethics programs are supposed to prevent such crises, but the people running them are often playing defense rather than strategically rooting out trouble before it grows and spreads. Fortunately, however, company leaders can get ahead of the risks by setting up systems for early detection through routine data collection. Integrity gaps arise for several reasons. In a geographically dispersed organization, local norms and cultures can vary widely, making it a challenge to set unified standards and expectations. In an extensive global survey examining fraudulent business practices, for instance, EY found that no senior managers in Switzerland approved of misstating financial performance. But the same survey found that more than a quarter of managers in Vietnam and Indonesia were willing to engage in such deception. Attitudes and ethics can also differ by demographic segment. EY’s survey revealed that one in five employees under age 35 could justify paying cash bribes to help a business survive an economic downturn, but among employees over 35, only one in eight could. Before your organization can develop a plan to identify integrity gaps in its culture, it needs to accept two things: First, _some_ misconduct occurs at your firm. When I looked at data from a host of internal reporting sources for three innovative Fortune 100 companies—none of which has faced a recent civil or criminal charge—I found that on average, each firm had experienced a violation that could lead to regulatory sanctions (such as a bribe or financial fraud) once every three days. While their organizations have issues more frequently because of their size, these companies also have some of the most robust and effective controls I’ve seen. Their violations were much smaller than the kind that hit the news, but they illustrate that even companies that invest heavily in compliance will have some malfeasance within their ranks. Second, a considerable amount of misconduct is not going to be internally reported. Violations that company leaders learn about through traditional channels are probably only the tip of the iceberg—and that should make leaders nervous. Though some attorneys argue that a company shouldn’t proactively try to identify misconduct because it could turn into discoverable evidence that might be used against the firm, “ignorance is bliss” is not a sustainable way to run a business. Allowing integrity gaps to grow is especially unwise in an era when employees are increasingly likely to bring allegations straight to the media or regulators if they feel ignored by their leadership. ## Gathering Data to Identify Gaps Once you’ve acknowledged that integrity gaps exist in your organization, how can you figure out where they are? Just ask. Randomly giving employees a simple survey can provide a ground-level view of practices that senior leadership may be missing—and help you identify where the problems lie. The survey has three questions: ### 1. In the past quarter have you observed any of the following? Please check all that apply: (a) conflicts of interest, (b) sexual harassment, (c) bribes or inappropriate gifts, (d) accounting irregularities, (f) antitrust violations, or (e) theft. While the kinds of misconduct companies need to ask about will vary with their business models and risks, the question above includes examples of the most pertinent problem areas. Different organizations, and subgroups within them, will get dramatically varying responses to this part of the survey. I have seen some companies where fewer than 0.5% of employees report observing certain types of questionable behavior. But that figure can reach 10% or more in individual geographic and functional subgroups in some firms. When analyzing the survey data, you should focus on looking for _integrity_ problems rather than strictly _legal_ violations. For example, a senior manager might regularly say things that wouldn’t legally constitute sexual harassment but that nonetheless make employees deeply uncomfortable. Or an employee might believe he witnessed a payment that would violate the U.S. Foreign Corrupt Practices Act when it was technically a facilitation payment permitted under the law. These issues are still worth identifying because anything employees perceive to be a violation can affect workplace morale. Moreover, they often can be leading indicators of more-serious misconduct that will develop into legal or regulatory exposure. ### 2. If you observed questionable conduct, did you report it? Please answer yes or no for each of the following: (a) conflicts of interest, (b) sexual harassment, (c) bribes or inappropriate gifts, (d) accounting irregularities, (e) antitrust violations, or (f) theft. Leaders, especially those who are legally focused, sometimes take false comfort in the fact that they have a code of conduct that requires employees to report any violations they see. In reality, however, that promise is a check-the-box exercise for many employees. The responses to the second question will often illuminate gaps between the code and actual behavior. Gartner, which is regularly asked to survey companies’ employees about their organizational culture, has observed that reporting rates vary significantly for different kinds of violations. Workers are most likely to report a theft of company property or accounting irregularities; 46% of those who observed a theft reported it, and 41% of those who saw fraudulent accounting practices did. However, the reporting rate is considerably lower in other instances, including inappropriate gift giving (27%) and conflicts of interest (34%). Notably, Gartner’s data shows that the average reporting rate is less than 50% for all types of violations, whether they’re HR related, sales related, or regulatory related. ### 3. If you noted earlier that you didn’t report the questionable conduct, why not? Please provide a separate answer for each of the following: (a) conflicts of interest, (b) sexual harassment, (c) bribes or inappropriate gifts, (d) accounting irregularities, (e) antitrust violations, or (f) theft. The potential reasons employees don’t report wrongdoing are numerous. They may fear retaliation, be reluctant to get involved, feel conflicted because the incident involved a friend, or worry that exposing the misbehavior could undermine the firm’s goals or financial performance. Fear of retaliation tends to be most common; in surveys done within companies, 10% to 30% of employees list it as their major concern. Many of the barriers to reporting are institutional problems that require understanding the source of employees’ concern. Others, like not wanting to get involved, indicate that the reporting process itself is—or at least is rumored to be—too cumbersome. Companies that work to reduce that perception can increase reporting rates. In a recent internal pilot, compliance leaders at Kimberly-Clark went back to employees who had reported integrity issues (nonanonymously) and asked them whether they felt the reporting process was fair and whether they would recommend it to a colleague. Notably, the compliance executives did not ask whether the people reporting problems agreed with the outcome of investigations; instead they emphasized the aim of improving the process to ensure that people knew their input was valued and respected in the organization. On the basis of the feedback, Kimberly-Clark now is refining how it communicates to and trains people about the reporting process. Identifying gaps is not a onetime HR exercise in finding the “bad apples.” To get answers to these three questions, organizations can simply send employees a short “pulse” survey or integrate a survey into routine compliance training. Critically, data collection should be conducted anonymously—that is, without capturing individuals’ names or identities—to encourage complete candor. Anonymity can be preserved while the firm gathers nonidentifying metadata, including the location and rank of employees (assuming there are more than a few dozen people in each subgroup). That information will reveal to managers which parts of the organization deserve greater attention. To ensure employee confidentiality, many companies hire a third-party consultant to conduct the surveys and restrict access to their data to in-house compliance, legal, and audit teams. ## Learning from the Data Data from this simple survey can produce three types of insights: ### Where to focus. Identifying the location of specific integrity gaps—by both function and geography—can be extremely valuable. By analyzing data on violations in these areas, companies can unearth the causes of misconduct and devise a strategy to address them—perhaps by redesigning incentives, creating new controls, or conducting training. Identifying gaps is not a onetime HR exercise in finding the “bad apples” and separating them from the good. Violations often happen among the most dedicated and successful employees. These people may even be especially susceptible to certain kinds of misbehavior. For example, high-performing sales employees may feel more pressure to inappropriately book sales if they’re behind on the budget at the end of a quarter. This is why data collection should be done periodically across different groups of employees throughout the year. Ideally, each quarter a randomized subset of employees would be surveyed. ### Better ways for employees to voice concerns. While it may be obvious that norms will differ among countries, offices, and even teams, figuring out how they differ and what to do about them is a challenge. Employees’ survey responses helped a large consumer products company tackle this. From them the firm learned that in one country where citizens feared monitoring and reprisal by an authoritarian government, workers were hesitant to call their local integrity hotline. To make them more comfortable about reporting their concerns, the company created a toll-free number for them in the United Kingdom. ### The true size of the iceberg. To prevent wrongdoing, you need to understand issues that may be developing below the surface. Yet it’s often difficult to know what kinds of problems are slipping through compliance processes (like hotlines) and other internal controls. The survey data can help companies better estimate the actual amount of misconduct within the organization—and the amount that’s not being reported. Ultimately, this kind of modeling will help senior leaders get a clearer picture of the integrity issues and violations that otherwise would probably never come to their attention. ## CONCLUSION Many leaders publicize their firms’ commitment to integrity and say that their employees should feel empowered to speak up if they see something questionable. Yet the best leaders don’t rely on these statements alone. Instead they collect data to monitor and assess whether their organizations actually adhere to their ethical standards. Sustaining a company’s cultural integrity requires constant vigilance—and measuring progress is the best way to manage it effectively. Data that allows leaders to proactively identify emerging gaps is a critical tool for staying one step ahead of problems that might land their companies in the next day’s headlines.