Management’s “tone at the top” is a critical element of effective internal control and corporate compliance programs. While tone at the top assessments may seem “soft” by the standards of most performance indicators for a compliance and ethics program, compliance executives and boards may find such assessments invaluable in surfacing early warning signs of the potential for increased risk of wrongdoing in one or more units of a company’s operations. With the Dodd-Frank Act’s whistleblower program now offering potentially large rewards for tips about possible securities law violations, this could be an opportune time for compliance executives to consider new ways to evaluate their company’s tone at the top.
Even for organizations where such assessments are well established, the methods used can be improved in many cases. An assessment of the tone at the top can be used for multiple purposes, for example, including as part of an entity’s review of controls for Sarbanes-Oxley reporting or for determining consistency with the compliance and ethics program recommendations in the U.S. Federal Sentencing Guidelines.
Increasingly, boards and senior executives are taking tone at the top seriously as a success factor in an overall improved approach to risk management. Compliance executives can play a very important role in assisting policy and decision makers in taking action to enhance tone at the top in a deliberate and systematic way—and then to measure effectiveness and progress.
Ten key ways that board directors, senior management, and compliance and risk management executives can work together or support each other in helping to assess the current state of an organization’s tone at the top are presented below. In addition, each can contribute to an overall program that turns policy into sustainable action:
After reviewing the processes above, consider answers to the following questions as a means to help establish where your organization stands with respect to tone at the top:
Follow up by setting objectives for new initiatives over the coming months that will advance the desired improvements.
It is relatively easy to understand and convey that how value is created is a critical performance and success factor. In addition, today knowing how value can be destroyed is an equally critical success factor. The tone set at the top can drive value – both positively and negatively. Tone at the top forms the foundation for a culture that inspires trust and confidence—among employees, investors, and all key stakeholders. Compliance professionals are in a strong position to drive and support tone at the top initiatives and measurement systems.
We would like to express our appreciation to Toby Bishop, director of the Deloitte Forensic Center at Deloitte Financial Advisory Services LLP, and Mohammed Ahmed, senior manager at Deloitte Financial Advisory Services LLP, for their contributions to the development of this article.
About the Author
Donna Epps is a partner in the Forensic & Dispute Services practice of Deloitte Financial Advisory Services LLP, the national leader of the Anti-Fraud Consultinggroup, and co-leader of Deloitte’s Governance and Risk Management practice.
 The Dodd-Frank Wall Street Reform and Consumer Protection Act is a federal statute in the United States signed into law by President Barack Obama on July 21, 2010. It promotes the financial stability of the United States by improving accountability and transparency in the financial system, ending “too big to fail,” protecting the American taxpayer by ending bailouts, protecting consumers from abusive financial services practices, and other purposes.
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication.
About Deloitte: Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
About the Author Donna Epps is a partner in the Forensic & Dispute Services practice of Deloitte Financial Advisory Services LLP, the national leader of the Anti-Fraud Consulting group, and co-leader of Deloitte’s Governance and Risk Management practice. Donna brings a wide range of client service experience to her insights on governance and risk management issues, including 20 years of auditing public and private companies, carrying out regulatory filings with the SEC, and leading regulatory compliance examinations at the state and federal level. In addition, she has worked with the senior management teams of multinational clients in several industries — including telecommunications, manufacturing, and oil and gas — in conducting complex, multi-year restatements of financial statements, leading Sarbanes-Oxley preparation projects, and providing merger and acquisition related services. Her current focus is in proactive risk services and enterprise risk management. She works with companies to become risk intelligent with a focus on value protection and value creation. Donna received her Bachelor of Business Administration degree from Texas A&M University. Donna can be contacted via email at firstname.lastname@example.org. Donna contributes to the regular column Your Risk Intelligent Enterprise™ for CCI with Henry Ristuccia and Rob Biskup.
As used in this document, ‘Deloitte’ means Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, and Deloitte Tax LLP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.