LRN published their 2008 LRN Ethics and Compliance Risk Management Practices Report (.pdf) (free registration required) The report is based on a survey of senior ethics, legal, risk and audit professionals, with 461 completed surveys.
The key findings of the report:
- Ethics and compliance programs are maturing
- Companies identify their top two ethics and compliance risks as electronic data protection and data privacy
- A majority of companies perform formal risk assessments involving multiple functions
- Companies cite engaging employees and making education more relevant as their top challenges in prevention
- Detecting violations still presents a significant challenge
- Multinational companies face bigger challenges at their international regions than at headquarters
- Few larger companies actively manage ethics and compliance risks within their supplier and partners’ network
- Lack of resources – budget and staff – continues to be the leading challenge in conducting risk assessments and in implementing prevention programs
LRN conducted a similar survey in 2007, so this report is able to identify trends (to the extent two data points make a trend). I hope that they conduct a survey this year to see if these trends stay true.
“More and more companies are recognizing that ethics and compliance is the new frontier of business strategy. Increasing research demonstrates that forward-looking companies that put in place comprehensive and holistic ethics and compliance programs – i.e., programs that do not simply ensure the organization meet all regulatory requirements but that embed values-based business conduct into their culture – enhance their capabilities to compete in the marketplace. Without the distractions that accompany conflicting ethical viewpoints and goals or concerns over potential and actual rules infractions. Companies should concentrate on the workforce or the management of compliance infractions, companies can thrive through inspiration, motivating employees to be their best. An ethical work environment leads to more productive and profitable organizations.”
The report also pitches the LRN Ethics and Compliance Risk Management Process:
An integral component of enterprise risk management is to holistically build a strong
control environment with a culture of corporate ethics, by defining, preventing, detecting,
responding and evaluating as part of five key steps for building a sustainable compliance risk
- Define business ethics and corporate compliance risks to create a comprehensive risk profile.
- Prevent ethics and compliance lapses/failures with hard and soft controls, including business ethics and corporate compliance training.
- Detect noncompliance with the law, regulations, company code of ethics and corporate governance practice via multiple reporting methods.
- Respond swiftly and publicly to allegations and potential violations.
- Evaluate results and make continuous improvements.
An LRN illustration of their process: