After Volkswagen admitted designing software that provided false emissions data in order to appear compliant with emissions standards, many questions were raised about the culture of the company. The scandal also highlighted the difficulties in locating risk across an organization.
The resignation of Volkswagen’s CEO further illustrates how difficult it is to run an organization from an ethical perspective.
With a multinational company as large as Volkswagen, it is inherently tough to keep an eye on every single aspect of the business. It is, therefore, impossible that a senior Volkswagen executive could have known everything about the engine emissions testing process.
But should it mean that the company gets a free pass? No. Just because a company is large and has thousands of employees does not mean there is an excuse when integrity issues arise. There is no doubt that identifying issues becomes more difficult as a company gets larger, but this just means those companies need to do more to counteract the risk.
To ask questions and find risks takes real expertise which, frankly, not many people possess. It requires people with a range of skills – part business knowledge and part investigative talent. It requires great tenacity and the ability to seriously consider whether someone is telling the truth. They usually need to continue digging for some time. Of course, in a very large field of inquiry, they also need to know where to start. The following are a few ideas on how to approach the task.
Leave no stone unturned
There’s an old saying that some rocks on the beach can only be seen when the tide goes out, and overturning those rocks can actually identify quite a lot of information. A good compliance officer waits for the tide to go out and looks at the rocks, picks them up and examines them. There is occasionally a tendency to ignore the rocks and/or step around them, but this should not be an option. Examining the rocks can be done progressively over time, but you should always be thinking about when the next rock will appear. When it does, examine it.
Know where to look
It’s important to know your company inside out. At Volkswagen, one would assume that the company connects with officials from testing agencies and government departments in each country every time a new vehicle is released. Given this interaction with officials, a prudent compliance officer would have been talking to the engineers and been aware of how the tests were conducted. They would, of course, be looking out for any potential corruption, misrepresentation or trickery.
One would hope that the compliance officer associated with the process would understand the cars, engines and testing procedures and might have been able to ask enough questions to uncover the secret. Due to the sheer complexity of the engines, it might have been hard for them to see the issues for themselves, but it should be fairly reasonable to expect that they could have identified the issues by looking at the tests during and after.
Presumably there was someone at Volkswagen who watched the market and competitors and would have known that a few years ago there was a cohort of companies involved in cheating inspections of diesel truck engines. One would have hoped that, upon learning about that issue, the person would have asked the engineering teams to demonstrate and certify that there were no similar issues in Volkswagen products.
With a strong focus on the actual evidence, this approach may have identified issues much faster. Likewise, there seemed to be other complaints against the company from industry groups or those mentioned in the press. Again, an astute compliance officer would have taken those things seriously and investigated them.
An investigation should have come to the point that we have now reached: public acknowledgement of a major problem. Most people don’t just make up stories and circulate them. Where there is smoke, there is usually fire – it just takes tenacity to push through the smoke to locate it.
Utilize your network
A compliance officer must know to whom he should go to ask questions. He should also know to have a great network and to have good relationships across the company. This means the CO needs to be a likeable person – someone who can strike up a conversation in any setting and who has been at the company for some time. Questions must be direct and aimed at getting to the truth. The compliance teams should ask about things they already know from the press and other places and ask many questions in different formats multiple times to the same and different people. They should ask questions that may not include an obvious specific reference to a possible issue, but where the answer may give rise to other issues.
There will be many people within the company who know what is going on throughout the business and industry; a compliance officer needs to find these people and get to know them. This should not be intended as a false friendship that only exists for the purpose of eliciting information – it should be a genuine attempt to build networks that the CO can use to learn more about the company. They can then use that knowledge to strengthen the compliance infrastructure.