The Truth Can Hurt Even More When It's Too Late

An industry-leading company recently commissioned two outside firms to perform an objective assessment of its corporate ethics program. Each assessment was extensive, involving interviews with anyone who wanted to talk, and people selected by the teams, ranging from middle management to the CEO. Collectively, the two assessments had interviews or focus groups with over 1000 people at every major location. This probably represents the most comprehensive assessment of ethics program effectiveness factors completed in 2003. (One of the assessments was completed by the law firm of Paul, Weiss, Rifkind, Wharton & Garrison, LLP. The assessment team was led by former Senator Warren Rudman, and their findings were published on Nov. 3, 2003. The other assessment was completed by Ethical Leadership Group, and their findings were published on Oct. 23, 2003.)

A number of their findings would allow any company to conclude that its ethics program was excellent, and report, “We've got ethics covered” to its board. The findings included:

• The company had a Vice President for Ethics and Business Conduct, an Ethics and Business Conduct committee, an Ethics Process Council and designated ethics personnel in each of the business units.
• Ninety-eight percent of employees interviewed recalled receiving ethics training during the past year.
• An ethics hot line had been established, and 98% were also aware of its existence.
• Ethics posters were prominently and widely displayed in the workplace.

Fundamental Issues

It turns out that hidden beneath these comforting findings were some very fundamental issues. The company is Boeing, which has had three major programs worth billions of dollars suspended and more recently seen its CEO resign as the result of an unrelated ethics lapse. The core issues in this case are unfair business practices related to competitors and federal government procurement guidelines, and not Sarbanes-Oxley sanctions.

The primary issues uncovered by the outside assessments included:

• Employees felt that line management must own ethics and compliance in order for it to be effective. Many line managers just didn't get “it,” particularly when “it” meant responding to bad news.
• The extensive ethics organization was primarily accountable to the line managers and tied too closely to the achievement of business objectives, losing critical independence and perhaps objectivity.
• Senior management was insufficiently involved in the development and implementation of ethics and compliance policies and processes.
• Almost half of the rank and file population did not believe that the ethics hot line could be called anonymously. It did not appear to have 24/7 coverage, limiting when and how employees could report problems in confidence. Many employees expressed fear of retaliation, and frustration with the time it took to conduct an investigation.
• Internal training, monitoring and oversight of procurement integrity and handling of third-party information was not as strong as written procedures, policies and guidelines. Companies in active acquisition mode are particularly exposed. They are integrating different cultures and assuming unknown risks. Ethics programs of the parent company and the acquired companies have to be constantly reviewed and updated to have “effective programs” in all parts of the new organization.

Overall, the assessments concluded that a contributing factor was that, as in many companies, the Ethics Officer was not truly a member of the Corporate Governance power structure. The ability to understand issues and influence priorities was therefore limited. This example is one that should be taken seriously by other companies because it illustrates that having an ethics program that is trusted, widely embraced and actively used is the real benchmark.

'We've Got Ethics Covered'

Companies have a natural impatience to check “done” regarding ethics programs and return to traditional strategic initiatives, and many such companies feel that the significant resources required by Sarbanes-Oxley Section 404 are all they need, or can afford right now. A number of companies have told us, “We've got ethics covered.” Boeing thought it had it covered too, until it found out the hard way that its program did not prevent damaging incidents, and until careful examination uncovered major weaknesses. Its program was not really effective despite its laudable investment, and the truth hurt even more because it was too late.

The word “effective” is important here, for two reasons. One is that under Federal Sentencing Guidelines, the existence of an “effective program” is a mitigating factor if a company is convicted or pleads guilty to ethical violations. The Guidelines have gotten considerably tougher, making it important to differentiate between an incident caused by a single rogue employee and a systemic corporate governance shortfall. The other reason is that customers also judge whether a company has an “effective program.” Boeing may not face any Federal Sentencing Guideline issues, but was judged by its customers to have a systemic deficiency, and is being painfully sanctioned in the form of lost contracts and diminished public confidence.

Having an 'Effective Program'

I expect that qualification as having an “effective program” will become a very important measuring point for CEOs and company boards. Boeing actually thought that it was meeting the criteria, yet discovered the hard way that having a program that is “clearly enunciated, broadly communicated and widely understood” did not make the program operational or effective.

The qualifying criteria are emerging every day, from assessments like these and from litigation. Several things are already clear:

• Boeing did not get any credit for the things it had done right. The “hidden” issues were significant, and resulted in sanctions and the replacement of its CEO.
• Sarbanes-Oxley is only a piece of the measurement of an “effective program,” and limiting focus to its provisions will leave major exposures like those experienced by Boeing.
• Comprehension, trust in the process and evidence of its regular use need to be core measures of an “effective program.” The existence of a code of ethics, brochures and training does not automatically lead to comprehension, trust and use.
• Judgment of whether a company has an effective program can be in the court of public opinion, or in a court of law. The consequences of a negative judgment are enormous for the company and its officers, and the judgment is on what was in place at the time the incident happened. Companies are not allowed to scramble to quickly to try to meet the criteria after the incident is discovered.

Two options seem prudent for CEOs and boards, given the stakes: an internal report, and a qualified independent review.

Conclusion

It seems that this example provides some very important insight. Companies need to re-examine whether they are sure they really “have it covered” and can pass the “effective program” measurement. As Boeing discovered, the stakes are too high to rely on hope and the desire to claim the task is finished. The frankness and insight that can be gained from an objective outside assessment may be the only way to know for sure what is still missing, or ineffective.

An industry-leading company recently commissioned two outside firms to perform an objective assessment of its corporate ethics program. Each assessment was extensive, involving interviews with anyone who wanted to talk, and people selected by the teams, ranging from middle management to the CEO. Collectively, the two assessments had interviews or focus groups with over 1000 people at every major location. This probably represents the most comprehensive assessment of ethics program effectiveness factors completed in 2003. (One of the assessments was completed by the law firm of Paul, Weiss, Rifkind, Wharton & Garrison, LLP. The assessment team was led by former Senator Warren Rudman, and their findings were published on Nov. 3, 2003. The other assessment was completed by Ethical Leadership Group, and their findings were published on Oct. 23, 2003.)

A number of their findings would allow any company to conclude that its ethics program was excellent, and report, “We've got ethics covered” to its board. The findings included:

• The company had a Vice President for Ethics and Business Conduct, an Ethics and Business Conduct committee, an Ethics Process Council and designated ethics personnel in each of the business units.
• Ninety-eight percent of employees interviewed recalled receiving ethics training during the past year.
• An ethics hot line had been established, and 98% were also aware of its existence.
• Ethics posters were prominently and widely displayed in the workplace.

Fundamental Issues

It turns out that hidden beneath these comforting findings were some very fundamental issues. The company is Boeing, which has had three major programs worth billions of dollars suspended and more recently seen its CEO resign as the result of an unrelated ethics lapse. The core issues in this case are unfair business practices related to competitors and federal government procurement guidelines, and not Sarbanes-Oxley sanctions.

The primary issues uncovered by the outside assessments included:

• Employees felt that line management must own ethics and compliance in order for it to be effective. Many line managers just didn't get “it,” particularly when “it” meant responding to bad news.
• The extensive ethics organization was primarily accountable to the line managers and tied too closely to the achievement of business objectives, losing critical independence and perhaps objectivity.
• Senior management was insufficiently involved in the development and implementation of ethics and compliance policies and processes.
• Almost half of the rank and file population did not believe that the ethics hot line could be called anonymously. It did not appear to have 24/7 coverage, limiting when and how employees could report problems in confidence. Many employees expressed fear of retaliation, and frustration with the time it took to conduct an investigation.
• Internal training, monitoring and oversight of procurement integrity and handling of third-party information was not as strong as written procedures, policies and guidelines. Companies in active acquisition mode are particularly exposed. They are integrating different cultures and assuming unknown risks. Ethics programs of the parent company and the acquired companies have to be constantly reviewed and updated to have “effective programs” in all parts of the new organization.

Overall, the assessments concluded that a contributing factor was that, as in many companies, the Ethics Officer was not truly a member of the Corporate Governance power structure. The ability to understand issues and influence priorities was therefore limited. This example is one that should be taken seriously by other companies because it illustrates that having an ethics program that is trusted, widely embraced and actively used is the real benchmark.

'We've Got Ethics Covered'

Companies have a natural impatience to check “done” regarding ethics programs and return to traditional strategic initiatives, and many such companies feel that the significant resources required by Sarbanes-Oxley Section 404 are all they need, or can afford right now. A number of companies have told us, “We've got ethics covered.” Boeing thought it had it covered too, until it found out the hard way that its program did not prevent damaging incidents, and until careful examination uncovered major weaknesses. Its program was not really effective despite its laudable investment, and the truth hurt even more because it was too late.

The word “effective” is important here, for two reasons. One is that under Federal Sentencing Guidelines, the existence of an “effective program” is a mitigating factor if a company is convicted or pleads guilty to ethical violations. The Guidelines have gotten considerably tougher, making it important to differentiate between an incident caused by a single rogue employee and a systemic corporate governance shortfall. The other reason is that customers also judge whether a company has an “effective program.” Boeing may not face any Federal Sentencing Guideline issues, but was judged by its customers to have a systemic deficiency, and is being painfully sanctioned in the form of lost contracts and diminished public confidence.

Having an 'Effective Program'

I expect that qualification as having an “effective program” will become a very important measuring point for CEOs and company boards. Boeing actually thought that it was meeting the criteria, yet discovered the hard way that having a program that is “clearly enunciated, broadly communicated and widely understood” did not make the program operational or effective.

The qualifying criteria are emerging every day, from assessments like these and from litigation. Several things are already clear:

• Boeing did not get any credit for the things it had done right. The “hidden” issues were significant, and resulted in sanctions and the replacement of its CEO.
• Sarbanes-Oxley is only a piece of the measurement of an “effective program,” and limiting focus to its provisions will leave major exposures like those experienced by Boeing.
• Comprehension, trust in the process and evidence of its regular use need to be core measures of an “effective program.” The existence of a code of ethics, brochures and training does not automatically lead to comprehension, trust and use.
• Judgment of whether a company has an effective program can be in the court of public opinion, or in a court of law. The consequences of a negative judgment are enormous for the company and its officers, and the judgment is on what was in place at the time the incident happened. Companies are not allowed to scramble to quickly to try to meet the criteria after the incident is discovered.

Two options seem prudent for CEOs and boards, given the stakes: an internal report, and a qualified independent review.

Conclusion

It seems that this example provides some very important insight. Companies need to re-examine whether they are sure they really “have it covered” and can pass the “effective program” measurement. As Boeing discovered, the stakes are too high to rely on hope and the desire to claim the task is finished. The frankness and insight that can be gained from an objective outside assessment may be the only way to know for sure what is still missing, or ineffective.