Culture shift: On ethics and compliance, empower your organisation to mitigate risk

Companies confront ethics and compliance issues every day. Once upon a time, the idea of business ethics was more of an abstract or philosophical notion that seemed more suited for discussion in a university lecture or at a business conference. Today, however, organisations of all sizes and industries must have concrete ways of addressing ethics and compliance issues as a principal component of their business processes.

There are four key elements to an ethics and compliance strategy. These include tone at the top, corporate culture, risk assessments, and testing and monitoring.

Setting the tone at the top

The ethical atmosphere that is created at an organisation or workplace by the attitudes and behaviours of the organisation’s leadership is often referred to as the “tone at the top.” Tone at the top is a major factor in determining whether fraud, bribery, or corruption is likely to take place. That’s because employees lead by example. If their leaders show a strong, zero-tolerance approach to fraud, those who report to them are likely to follow.

An organisation with a strong ethical culture is usually led by a board of directors and senior management personnel who are actively engaged in promoting a culture of compliance, and zero tolerance for fraud and other unethical business behaviour. Effective tone at the top will communicate to the organisation at all levels the type of conduct that is expected, what is considered unacceptable, and what the consequences will be for transgressions. A zero tolerance approach should be followed, as the message it sends to employees is important in creating a maintaining the culture of ethics and compliance at the organisation.

Corporate culture

Speaking of culture, the overall norms, expectations, and recognised acceptable behaviour form the corporate culture of an organisation. By making ethical conduct and compliance with all regulations a part of those norms, the organisation will help promote positive behaviour and integrity among its staff.

Similar to establishing an effective tone at the top, fostering a positive corporate culture hinges on effective communication, and it needs to permeate different layers of the organisation. In other words, providing printed handouts once a year or sending occasional emails about ethical behaviour probably isn’t enough to move the needle and influence the culture at a company. Employees need to hear from leaders how they can help cultivate an ethical workplace. Videos, team-building exercises, new employee orientations, and employee appreciation events all provide opportunities to recognise positive behaviour and reinforce the company’s values.

These messages sink in when employees see their colleagues being recognised and rewarded for maintaining a compliant and ethical corporate culture. When tone at the top and corporate culture are tied together, everyone at the business understands what is acceptable and expected in being a part of the organisation’s success.

Risk management

Before a security system is installed at a home or business, the provider will conduct an inspection to determine risk areas that need attention. Establishing an ethics and compliance framework at an organisation is a similar process – first, an expert risk assessment should be conducted to uncover vulnerabilities that need to be addressed with new processes. This requires looking at how business is conducted, from everyday accounting practices to how goods or merchandise are handled in the warehouse, for example. Various roles at the company should be examined: Are their proper separation of duties? Are employees qualified for their responsibilities? Is the workforce trained to recognise the red flags of unethical behaviour and fraud?

Once those trouble spots are identified, they can be isolated and addressed as part of the organisation’s comprehensive approach to ethics and compliance. The risks should be prioritised – which ones pose an immediate threat? Could they effectively shut down the business? Do they pose a risk of financial, legal, or reputational risk – or all of the above?

Once prioritised, the various identified risks should be assigned for responsibility among company officials. Perhaps the CFO is responsible for assessing and implementing a solution for a problematic accounting practise, for example. Or the compliance officer should be assigned to oversee and improve the way the company handles anonymous fraud tips, as another example. Oversight should be provided by the board of directors (or ownership and executives) to ensure that problem areas have been properly addressed, and the organisation is taking a proactive approach to mitigating risk.

Testing and monitoring

When new processes for ethics and compliance have been implemented (such as an anti-fraud policy and employee code-of-conduct, anti-bribery and anti-corruption training, separation of job duties and responsibilities, an anonymous reporting process for unethical behaviour, and anti-fraud and anti-corruption policies), a thorough testing and monitoring regimen is critical to ensure the new process is working. After all, having the best processes on paper won’t make a positive difference if nobody is monitoring how they are being used whether they are having success. A schedule should be in place that promotes frequent, regular check-ups of the ethics and compliance controls, with metrics that show results.

For example, surprise audits can be an effective way to test if new financial controls have reduced the number of accounting irregularities reported in a quarter, compared to previous results. The risk assessments performed prior to implementing ethics and compliance controls should have identified risk areas, with the new processes aimed at mitigating that risk. Only by testing, and testing frequently, can the organisation determine if the new controls are having the desired effect. If they are not, the company should develop new solutions that specifically target these problem areas in a robust way – and, in time, test them again.


Addressing ethics and compliance issues at an organisation can seem to be a daunting task. With careful preparation, expert help, and a common-sense approach, however, any company can develop or enhance its corporate culture to be proactive in mitigating ethics and compliance risks. The benefits will be obvious – increased productivity, better security, and empowered employees who understand that their organisation values integrity and an ethical work environment.