What is the value of an ethical audit?
Dr. Bonnie Richley is the Chief Design and Innovation Officer for Interaction Science, a global consulting firm. She is a published author, keynote and motivational speaker. She has held numerous leadership positions in academia and in the public sector. Her work centers on high-impact engagement through individual and team coaching in organizations, adult learning, and transformational change. Email: [email protected]
Show
Compliance audit; Corporate social responsibility audit; Ethics assessment; Ethics assurance; Ethics check; Ethics inspection; Ethics monitoring; Ethics review; Ethics risk analysis; Ethics screening; Forensic audit; Integrity audit; Investigation; Moral audit; Social audit; Sustainability audit Definition of an Ethics AuditThere are many types of audits used by and for organizations, such as financial audits, quality audits, project audits, operational audits, performance audits, and ethics audits. An ethics audit is the systematic, independent, and objective examination and evaluation of the ethical content of the object of the audit. An audit is systematic when it entails typical steps like planning, defining a framework, fieldwork (collecting information and obtaining evidence) using established methods, analysis, judgment, reporting, and documentation. An audit is independent when someone who has no interests on the results of the audit performs it. This is the case when... This is a preview of subscription content, access via your institution. Kaptein M (1998) Ethics management: auditing and developing the ethical content of organizations. Springer, Dordrecht CrossRef Google Scholar Kaptein M (2011) Understanding unethical behavior by unravelling ethical culture. Hum Relat 64:843–869 CrossRef Google Scholar Victor B, Cullen JB (1988) The organizational bases of ethical work climates. Adm Sci Q 33:101–125 CrossRef Google Scholar Download references Author informationAuthors and Affiliations
Authors
Corresponding authorCorrespondence to Muel Kaptein . Editor informationEditors and Affiliations
Section Editor information
Rights and permissionsReprints and Permissions Copyright information© 2020 Springer Nature Switzerland AG About this entryKey Interview Questions for Ethics Audits Step 1. Company ValuesAn organization should have clearly stated values to establish its culture of ethics and compliance. Values that shape a company’s ethical culture through daily work practice could include: integrity, respect, diversity, safety, conscientiousness, creativity, and more. For instance, safety is our company’s number one value — it might not seem an obvious choice, but our people work in nuclear plants, manufacturing, and construction worksites that may contain dangerous hazards. Thus, we’ve made safety a top value that is fundamental to our ethics programs and prioritized in our peoples’ everyday work practices. Step 2. Code of Ethics and Code of ConductThe values chosen in Step 1 should be incorporated into the organization’s code of ethics — our guidelines about behavior and principles to govern decision-making — and the code of conduct, which applies the code of ethics to a range of situations and actions. Both documents should also include high-level guidelines regarding ethics and compliance risk areas. For the code of conduct to be effective at guiding everyday work practices, it should give direction to employees on applying the code of ethics to specific issues that are important to the company. For example, if an employee is working in a foreign country, the code of conduct should provide guidance on complying with the Foreign Corrupt Practices Act rules regarding gifts, gratuities, and entertainment. Of course, having a formal code of conduct doesn’t guarantee real-world compliance. A code of conduct audit will assess whether the code of ethics and code of conduct that exists in paper form is understood and internalized by employees in their lived experience. Internal audit should:
Internal audit should also assess whether the employee code of conduct training is effective in ensuring employees understand its requirements. Download Key Interview Questions for Ethics Audits for a list of questions to help assess the effectiveness of the code of conduct training program in your company. Step 3. Risk AssessmentOnce your company has a code of ethics that employees understand and believe in, the next step is to understand compliance risks as well as risks in the code of conduct guidelines that you provided. To accomplish this, perform a risk assessment to ascertain whether your company is focusing on current business risks as a result of changes in organizations, business practices, and laws and regulations. When preparing each business unit risk assessment for compliance with applicable laws and regulations, be sure to include issues that stem from the code of conduct guidelines such as anti-kickback, anti-bribery, protection of company assets, or harassment issues. Step 4. Ethics and Business Conduct PoliciesAn effective ethics and compliance program should include policies and procedures addressing the particular risks facing a company. For example, policies and procedures relevant to international trade should address risks related to import and export controls, anti-boycott measures, and money laundering, among others. An ethics and business conduct policies audit will assess whether employees are aware of, understand, and are following these policies. Internal audit should examine the list of policies to see if high risk areas from the risk assessment and the code of conduct are addressed. For current policies, conduct employee interviews to assess awareness of relevant policies. Ask employees how well they understand their responsibilities in connection with ethics and business conduct policies, naming each policy individually.
Step 5. Awareness Training AuditIt is not sufficient for a company simply to have policies in place — there must be a program that trains employees to be aware of relevant ethics and compliance issues. When developing or evaluating a training program, you will want to consider:
Step 6. Inquiry and Reporting MechanismsIt’s important that your ethics and compliance program includes a process for employees, suppliers, customers and others who do business with your company to ask questions or report concerns about ethics or violations of laws, regulations, and company policies. To assess the process for investigating concerns reported through mechanisms, such as the company hotline, internal audit should consider the following:
Download Key Interview Questions for Ethics Audits for a list of questions to help assess the effectiveness of a Hotline reporting mechanism. Step 7. Communication ProgramDevelop a communication plan to increase ethics awareness and remind employees that ethics and compliance are important to the company. The most effective communication programs should engage all audiences with specific messages about ethics using a variety of media. Effective communication program components include:
A strong communication program will keep ethics and compliance top of mind for all employees! Step 8. Ethics and Compliance Program Assessment and EvaluationAt all points in the process of implementing an ethics and compliance culture, it is important to maintain continuous program evaluation. There should be regular internal and external audits of your ethics program, and an assessment of how often internal controls are tested. Conduct employee surveys and focus groups to assess employee impressions of the ethics and compliance culture. A constant vigilance and program evaluation is necessary to maintain a strong culture of ethics. Step 9. Leadership CommitmentTo achieve and maintain an ethical company culture, there must be strong commitment from the top to create the perception that ethics and compliance is important to the company. Leadership commitment may be the final step in this list, but it is fundamental throughout the previous eight steps that management take responsibility for demonstrating through their actions the importance of ethics and compliance. There are many ways that organizational structure and activities can demonstrate leadership commitment:
How to Start an Ethics and Compliance CultureA culture of ethics and compliance starts at the top, but most employees at a company will never meet the CEO — for them, ethical culture is what they see up front every day. The message of ethical behavior should flow from the top leadership down to the lower-level supervisors who directly manage the company’s business on a day-to-day basis, and from them to all employees. Download Key Interview Questions for Ethics Audits for a list of questions to ask managers to assess the effectiveness of leadership commitment to ethics and compliance. Develop a Strong Culture of EthicsTo be effective, ethics can’t just be a program administered by the Ethics and Compliance function — an ethical culture must be a process and a responsibility shared by all employees. Developing a strong culture of ethics that employees believe in will help to ensure that internal controls are not being circumvented due to lax ethical standards on the ground. Following these nine steps will help enable internal audit to implement, audit, and monitor an ethical culture where the organization’s values are embodied in its people’s everyday work practices.
Jamal Ahmed is the Vice President of Internal Audit at Day & Zimmermann, Inc. (D&Z) in Philadelphia, PA. The D&Z Ethics Program, under Jamal’s leadership, received an A ranking from Transparency International (TI) in its 2015 Defense Companies Anti-Corruption Index. What value does an ethics audit bring?Why: An ethics audit is a risk management strategy that can help the organization avoid legal liability, protect the organization's mission/those it serves, and model the way for other nonprofits in the community.
What is the purpose of an ethical audit?Ethics audits ensure that behaviors an organization espouses in its code of conduct and policies and procedures exist in practice and that behavior forbidden in these documents does not occur. The risk of neglecting ethics audits can be severe.
What are the benefits and risks of ethics auditing?The purpose of such an audit is to ensure that the organization is complying with ethical standards. There are many potential risks associated with ethical audits, including reputational damage, financial penalties, and jail time for individuals found to be in violation of the law.
|