GRC professionals in particular know the importance of tone at the top. When a leader has an ethical lapse, the ramifications can be far-reaching. Michael Volkov discusses the potential fallout of managerial misdeeds.
Company managers are the linchpin of a corporate compliance program. Without belaboring the “Tinker to Evers to Chance” baseball analogy, a corporate culture of compliance requires an important information and accountability flow (or cascade) from leadership to senior managers to on-the-ground managers. It is at this level that the compliance message requires effective communications and conduct by managers directly to employees. This is where the rubber meets the road.
More companies are coming to this realization and affirmatively enhancing managers’ ability to communicate important ethics and compliance messages and demonstrate by day-to-day examples how to implement such ethical principles in their supervisory and work responsibilities. Managers are an important reflection of a company’s culture.
A company places an extraordinary amount of trust in its managers. They carry an important message and have direct responsibilities over their employees. It is no accident that employees, when surveyed, prefer to report their concerns to their immediate supervisor. In fact, many companies explicitly encourage such reporting in their compliance program policies and code of conduct. This reporting preference reflects a basic human desire – seeking approval from an immediate superior.
But what happens when there is a breakdown in the manager’s own ethical commitment? Recent studies have shown that managers commit fraud and other misconduct at a high rate of almost 40 percent. To compound this problem, managers who engage in misconduct often do so on more than one occasion. In other words, manager misconduct, when it occurs, does so on a repeated basis.
This reality presents serious challenges for a CCO seeking to rely on this important player in the compliance world. Managers carry an important burden, and they need to be monitored for risks and misconduct. If here is a breakdown among managers, such misconduct can have a disastrous impact on the surrounding employees, the culture of the company and the risk of increased misconduct by employees.
It is beyond obvious that employees who know or observe their managers to engage in misconduct are more likely themselves to engage in nefarious acts. A lawless community will experience higher rates of misconduct.
To counter instances of manager misconduct, companies hope (and pray) that employees will instead choose to report the manager rather than join the manager in any improper scheme. This is the real delicate balance – a culture of compliance may itself preserve its performance by reporting managers who engage in misconduct. Whether this will occur depends on the extent to which a company’s ethical culture has taken hold and whether employees have adopted the company’s culture as part of their own makeup.
Companies sometimes spend so much time focused on third-party risks that managers and employees are “taken for granted” or ignored on the risk scale. Hopefully, this attitude will mature into a healthy balance between managing third-party risks and internal manager/employee risks. An internal focus is important and can be very successful, especially in light of the direct control and influence a compliance program can exert on its employees. A CCO can engage in a variety of strategies and mechanisms for monitoring managers and employees – in fact, such compliance activities can result in improvements to more difficult areas, such as monitoring third-party behaviors.
This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.