Now is the time for boards to take culture risk seriously and begin to find ways to understand it in advance of a toxic culture truly damaging an organization. The recent examples of bankruptcy at The Weinstein Company and the rapid loss of $2 billion in market cap at Wynn Resorts only serve to underscore the close connection between leadership and culture and toxic leadership and toxic culture with reverberations and repercussions not only on shareholders but stakeholders of all types.
In this second part of this blog series addressing culture oversight, I suggest three practical tools for boards to exercise proactive oversight on culture issues to enhance discussions that may already be in process. Embedded in these tools are the top ten questions the board should ask management about culture, as well as some of the key dashboard metrics a board should consider getting.
Tool One: Arming the Board With the Right Information From the Right Members of the Management Team
Your chief ethics and compliance officer (CECO) and another executive (perhaps the chief learning, human resources or talent officer) are all good resources to report to the board from time to time and regularly on issues of culture. Indeed, an empowered CECO may be the best bet as she should be reporting to the board (or a committee thereof) on a quarterly basis anyway. His or her dashboard of ethics and compliance metrics should also include some of the key culture metrics described in tool two, below.
Moreover, the board or appropriate committee (audit, risk, compliance, regulatory affairs) should have regular executive sessions with the CECO and perhaps develop more informal methods of regular communication such as a phone call check-in between the CECO and the chair of the audit committee, for example, something I have done in my executive career and to great benefit of the organization.
When a company of a certain size, maturity, and complexity does not have an executive of the appropriate stature taking care of culture issues, it may indicate that the CEO doesn’t think culture is that important. Moreover, if there is an executive who should be thinking about culture issues proactively but is not or is not allowed the ability and resources to do this (for example, budget for a culture survey), that presents another potentially serious culture red flag. Last, other red flags may emerge when senior executives are not able to provide the arguably correct answers to the top ten culture questions the board should ask (listed below).
The Top Ten Culture Questions the Board Should Ask:
For the CEO: What does culture mean to you, and what is the importance of culture to you personally as the leader of the company? How would you, as the CEO, characterize the culture of the organization? Is it healthy, improving, ailing, or under serious stress?
Does the company have an explicit culture program in place and, if so, what does it consist of? Is it intertwined and integrated with the company’s mission, vision, values, and strategy?
If there is no current culture program in place, what is management’s plan to deploy one? What is the plan’s timing, budget, leadership, and details?
How do you measure culture at the company?
How do you keep management at the highest and middle levels accountable on culture issues?
Is there a member of senior management or the c-suite with an explicit remit to manage corporate culture?
Does the company’s performance management program and incentive structure incorporate cultural considerations and metrics? If so, how? If not, what is the plan to incorporate such considerations?
What are the top culture issues at the company today (good, bad, or ugly)?
When there are difficult culture issues (the bad and ugly kind), how does management handle them?
Is management aware of investor, employee, customer, and other stakeholder concerns or perspectives regarding corporate culture? Has there been any stakeholder reach-out on this issue?
Tool Two: The Customized Culture Dashboard
The company’s board should be reviewing a customized dashboard that is updated regularly. Such a dashboard should be unique to each organization but should include many of the following qualitative and quantitative considerations and metrics.
Ethics and Compliance (E&C) Metrics
E&C risk assessments – key data, key topics
Helpline or hotline trends and key issues
Training and communications trends and topics
Pulse surveys on ethics and compliance program
Investigations – type, process, and outcome
Periodic internal and external evaluations of the effectiveness of the E&C program
Employee and Culture Survey Metrics
Culture climate metrics geared at workplace issues including supervisory relationships
E&C program benchmarking against peers
Human Resources Data
Performance management results (with financial and non-financial metrics, as well as environmental, social, and governance metrics, included)
360 leadership assessments or the like
Tool Three: Benchmark Your Company’s Cultureand be Prepared to Intervene
Understand where your organization fits in the spectrum of workplace culture. An example of useful benchmarking may involve using the Ethics Research Center’s Global Business Ethics Survey. Get a culture survey done. Slice and dice it, and work to understand its results. Ask management about the culture climate, the temperature and how it is reflected at different divisions, business units, and more. Do your company’s culture surveys have consequences or are they merely window dressing? If the latter, why do them? If the former, what are the actual concrete consequences? Do “golden boys/girls” who are abusive get counseled, disciplined, or terminated when infractions occur? Or are they ignored or merely slapped on the wrist for things that get others fired?
If and when a culture issue threatens to suffuse the wellbeing of an organization and its leadership, the board must be prepared to intervene in a crisis—before or after it unfolds. The board’s keeping its finger on the cultural pulse and temperature of the company is vitally important to the long-term viability and sustainable profitability of a company.
With Gloom Also Comes the Promise of Light
With all the doom and gloom that toxic workplace culture issues raise, I would also underscore a hopeful note to boards and executives struggling to deal with the organizational cultural issues so clearly brought to the fore in 2017. Unlike the regulatory responses to the excesses of 2002 (Sarbanes Oxley) and 2008 (Dodd-Frank), I would suggest that the appropriate response to cultural issues that are emerging is not new regulation but self-regulation, a voluntary upping of the corporate cultural ante by elevating the importance of ethics, compliance, and risk management within organizations, powered and driven by a strong culture of accountability and “walk the talk” from the top. This entails a voluntary, value-creation mindset at the executive and governance levels of an organization that aligns a strong and resilient culture with sustainable profitability and that likewise recognizes that a toxic culture will in the short and long run lead to value and reputational erosion and possibly destruction.
Thankfully, there are positive tales to be inspired by. A case in point: Microsoft Corp. Under its relatively new CEO, Satya Nadella, who recently wrote a book on the company’s culture, has instigated culture change there that by all accounts has had dramatic and beneficial impacts on all stakeholders, internally (employees) and externally (customers) alike. Nadella’s moves have also benefitted shareholders. When he became CEO in 2014, the share price was around $35; today, Microsoft’s share price is at $92.
With all the negative news, 2018 represents a rare opportunity for management and boards to understand, acknowledge, and tackle workplace cultural issues head on and in a more systematic and conscientious way. Culture is the fabric of an organization and that fabric can either be healthy and sustainable, able to contribute to the development of resilience and creation of value, or brittle, weak, and toxic, leading to financial and reputational vulnerability, value erosion, or even ruin. It is the direct responsibility of leaders—both management and board—to make the right choices on workplace culture.
Dr. Andrea Bonime-Blanc is founder and CEO of GEC Risk Advisory, a strategic governance, risk and ethics advisor, board member, and former senior executive at Bertelsmann, Verint, and PSEG. She is author of numerous books including The Reputation Risk Handbook (2014) and co-author of The Artificial Intelligence Imperative (April 2018). She serves as Independent Ethics Advisor to the Financial Oversight and Management Board for Puerto Rico, start-up mentor at Plug & Play Tech Center, life member at the Council on Foreign Relations and is faculty at the NACD, NYU, IEB and Glasgow Caledonian University. She tweets as @GlobalEthicist. All thoughts shared here are her own. This blog series borrows in part from her forthcoming book with Routledge/Greenleaf (2019), Gloom to Boom: How Leaders Transform Risk into Resilience and Value.
According to acclaimed researcher and author Brené Brown, being vulnerable can be a strategic asset to any organization. Although this may sound counterintuitive to some, Brown made the case for how vulnerability cultivates innovation to a rapt audience of directors and corporate-governance professionals gathered at the 2017 NACD Global Board Leaders’ Summit.
Brown became an Internet sensation after she discussed her academic research on these themes at a TEDxHouston event in 2010. Although her presentation was enthusiastically received by her in-person audience, she was frustrated by negative online comments left on the video. But soon after, she discovered a quote by President Theodore Roosevelt that not only has reframed how she viewed her experience, but also has guided her subsequent work:
“It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.”
Brown then identified the following four qualities that, when operationalized within an organization, will create a culture of courageous leadership:
Vulnerability. Based on Brown’s research, there is no job where a person is not vulnerable. She noted that vulnerability is not the same as cowardice. Rather, it’s the willingness to expose your new ideas to public scrutiny. Without trying to do something new, and risking the possibility of failing horribly, progress can never happen.
Courage. It takes courage to compete in business. Luckily, Brown’s research into the behaviors of 80 senior leaders and more than 300 MBA students demonstrates that courage is a skill that can be taught and measured. She recommends four practices to instill a culture of bravery in an organization: (1) encouraging vulnerability, (2) defining the organization’s values and operationalizing those values, (3) inculcating trust between individuals and teams, and (4) empowering people with “rising skills,” or the skills to pick one’s self up and brush one’s self off after failing. Regarding rising skills, Brown pointed out that if your employees cannot recover from and learn from their failures, they will begin to feel that they need to be on the defensive—a mind-set that can hinder creativity and innovation.
Ethics. One of the most difficult situations a person can encounter in a business setting is standing up to someone who is making unethical choices. According to Brown, ethics should be the grounding framework that drives behavior. When someone acts outside the set of ethics that the organization adopts or outside the law, leaders must be brave enough to call out that person’s missteps. Her point holds particular relevance to directors and executives who are responsible for overseeing business ethics and promoting a culture of ethical performance.
Trust. Brown asked the audience, “If you can’t see a person’s vulnerability, will you ever be able to trust them?” Vulnerability is a key to building trust, and top-performing teams rate trust in their coworkers as the deciding factor for success.
Brown noted that people who lack trust in one another are likely to avoid confronting their fears and anxieties. Trust makes workers brave enough to develop and share their ideas, and allows them to discuss failures in a respectful manner.
“Can innovation come without exposure?” Brown asked. “Can you have innovation without vulnerability? No. It doesn’t exist.”
One of the board‘s key responsibilities is the oversight of a company’s conduct, including the strength of its culture and the effectiveness of its ethics & compliance (E&C) program. In recent years, that responsibility has become even weightier. Recent corporate scandals, such as Volkswagen, Unaoil, and Mitsubishi Motors, have created public skepticism about business ethics, and policy makers have responded with a new emphasis on accountability for both companies and responsible individuals, including directors who are either negligent in preventing fraud or willingly participate in it. Enforcement agencies now scrutinize a company’s E&C efforts before making prosecutorial decisions by inquiring about board oversight in the company’s approach to E&C.
Organizations around the world invest tremendous resources to establish internal E&C programs and prevent corporate wrongdoing. Although E&C was historically a U.S. focus, a number of international standards have heightened the importance of E&C programs globally: the UK Bribery Act; the new International Organization for Standardization (ISO) 19600 Compliance Management System Guidelines; and the OECD Anti-Bribery Convention.
Directors observe these developments and scratch their heads. What does an effective E&C program look like? How can we succeed with E&C without stifling our business? What is the board’s role in E&C oversight? Has any organization gotten it right?
There is good news for directors. There are exemplary organizations—representing a wide variety of sizes, sectors, and industries—that have raised the bar even higher than mere compliance with the law. These organizations have transformed their workplaces through their E&C efforts to yield stronger, more positive results. And even better, there is now a framework to help directors guide their own organizations in establishing such an E&C program.
The Framework: Principles and Practices of High-Quality E&C Programs
In May 2015, the Ethics & Compliance Initiative (ECI) convened a group of 24 thought leaders with E&C program experience, including corporate directors, former deputy attorneys general, former members of the United States Congress, business executives, senior E&C practitioners, and academics. The panel produced a new report with leading principles and practices for effective E&C program implementation: Principles and Practices of High-Quality Ethics & Compliance Programs. The report includes five key principles practiced by organizations not satisfied with “minimum” E&C efforts; these organizations are referred to in the report as high-quality programs (HQPs). The principles, which should be tailored to each company’s individual circumstances, are adapted below from the original report:
Principle 1: Ethics and compliance is central to business strategy.
E&C is both a function on the organizational chart and is considered to be an essential element within every operation.
A high standard of integrity and compliance is articulated as a business objective, and every strategic decision is evaluated for alignment with the organization’s values and standards.
An HQP ensures compliance with law and regulation, and is resourced to help leaders across the organization understand their critical role in setting and meeting the standard for integrity.
The E&C program is expected to provide an independent voice, and regularly updates the board on E&C objectives, risks, and progress.
HQP staff maintains excellence by dedicating themselves to continuous improvement in E&C through innovation, engagement with stakeholders (inside and outside the organization), and consistent consideration of employee feedback.
Principle 2: Ethics and compliance risks are identified, owned, managed, and mitigated.
While organizational values are the heart of any E&C program, risk assessments provide the foundation upon which HQPs are built.
E&C staff collaborates across the organization to support a risk assessment process that identifies, prioritizes, and mitigates risk consistently.
Compliance performance, strength or weakness of organizational culture, employee willingness or fear to report, and other key E&C areas are evaluated and reported to the board as potential risks to the organization.
Leaders at all levels assume ownership for the ongoing identification and mitigation of risks that are relevant to their areas, both inside and outside the organization.
The board is regularly briefed on emerging E&C risks and how the E&C program is monitoring and mitigating risks where necessary.
Principle 3: Leaders at all levels across the organization build and sustain a culture of integrity.
Culture is the largest influencer of business conduct, and leaders are recognized as the primary drivers of that culture.
Leaders throughout the organization are committed to, and responsible for, making ethical conduct and decision making central to the organization and its operations.
The board assumes responsibility for evaluating the performance of senior management in providing ethical leadership and setting a proper tone at the top.
HQPs equip managers and supervisors with the support needed to make those values relevant to their day-to-day operations.
Recognizing that employees at all levels make ethics-related choices every day, HQPs provide resources, guidance, and training that emphasizes to all employees the importance of acting in accordance with shared values, seeking help, and speaking up.
Principle 4: The organization encourages, protects, and values the reporting of concerns and suspected wrongdoing.
HQPs focus on establishing an environment where issues can be raised long before situations are elevated to the level of misconduct.
HQPs prepare leaders and supervisors to respond appropriately if/when employees do come forward with concerns about wrongdoing.
Managers understand the impact of their actions, and HQPs hold them accountable for contributing to a culture that does not support the reporting of concerns.
There are focused efforts to prevent and deter retaliation.
HQPs treat all those who report violations fairly and consistently, and effectively support employees who report suspected violations.
The board is regularly briefed on high-level trends in employee reporting, and management is expected to be transparent with the board when substantive “bad news” transpires.
Principle 5: The organization takes action and holds itself accountable when wrongdoing occurs.
Investigations are timely, neutral, thorough, competent, and consistent.
When a violation is confirmed, the organization responds with appropriate consequences, regardless of the violator’s position within the company.
The organization maximizes learning from every substantiated case of wrongdoing.
HQPs recognize that technology has increased reputational risk.
HQPs have well developed systems for escalating issues, with regular testing for crisis management and response.
When appropriate, HQPs disclose issues to appropriate regulatory and government authorities and work cooperatively to respond to their concerns.
The board is well informed when substantive issues arise that require organizational accountability to stakeholders.
As corporate directors know better than anyone, there is no one approach to effective ethics and compliance. Each company’s circumstances are unique; therefore, their E&C programs must vary accordingly. But there are some universals among organizations that “get it right,” particularly when it comes to implementing a proper E&C tone at the highest levels of the organization. The board has an essential role in setting the expectation that the organization will not be satisfied with upholding only the minimum standard. Understanding the principles and practices that characterize leading E&C practice will help board members engage with management to ensure that the highest standard of integrity is seamlessly aligned with the performance of the organization overall.
Patricia Harned is CEO of the Ethics & Compliance Initiative (ECI) and frequently speaks and writes about workplace ethics, corporate governance, and global integrity. Ronnie Kann is executive vice president of research and program development at ECI, having served chief ethics and compliance officers, general counsel, and chief human resource officers throughout his career. Harned and Kann both contributed as authors to the ECI reportPrinciples and Practices of High-Quality Ethics & Compliance Programs. The Ethics & Compliance Initiative (ECI) empowers its members across the globe to operate their businesses at the highest levels of integrity. ECI provides leading ethics and compliance research and best practices, networking opportunities, and certification to its membership, which represents more than 450 organizations across all industries. ECI is comprised of three nonprofit organizations: the Ethics Research Center, the Ethics & Compliance Association and the Ethics & Compliance Certification Institute. www.ethics.org