Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Human Resource Management

Helplines & Hotlines - Society of Corporate Compliance and Ethics

Helplines & Hotlines: What We Know and
Can Improve About Reporting
Dave Childers:
CEO, EthicsPoint
Paula J. Desio:
Chair for Ethics Policy; Ethics Resource Center
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
About ERC
• Non-profit; established in 1922
• Promotes advancement of high ethical standards and
practices in public and private institutions
• Key activities
– Identify objective indicators for benchmarking program impact
– Use expertise to inform public dialogue on ethics, ethical behavior
– Analyze current and emerging issues
– Offer insight to encourage behavior of highest integrity
– Work to enhance public trust in capital markets
2
About EthicsPoint
• EthicsPoint is the market leader in business process
optimization for Issue, Event, and Loss Management
• Key activities
– Hotline Reporting System that addresses compliance on a Global Scale
– Support for movement from disconnected Governance, Risk, and
Compliance (GRC) solutions to centralized and consistent reporting,
analysis, and management of incidents across the organization
– State-of-the-art Software-as-a-Service (SaaS) incident management
tools that enable enterprise-wide views of risk—including current trends
and retrospective views
3
Contemporary Emergence of Hotlines
1980’s
1986
1991
1996
High risk
companies
install “fraud
and abuse”
hotlines
Defense
Industry
contractors
begin
compliance
programs
US Federal
Sentencing
Guidelines
encourage nonretaliatory
reporting
CareMark
decision
defines director
liabilities for
non-compliance
2002
SOX passes
requiring a
hotline for all
publicly traded
companies
2004
US Federal
Sentencing
Guidelines
amended to
encourage both
anonymous and
confidential
reporting
2004
Senate Finance
Committee
introduces
“national notfor-profit
governance”
white paper
2005
2006
California passes
“SOX- type”
requirements for
non-profit
organizations
France sets
Data Protection
guidelines
following its
“rejection” of
McDonald’s
hotline
We need Employees to Report Misconduct
It takes 20 years
to build a reputation
and five minutes to lose it.
Warren Buffett
5
What We Know…
6
High
Incident
Volume
High rates of misconduct + low reporting
when observed = HIGH RISK
MEDIUM
MEDIUMINCIDENT/MEDIUM
INCIDENT/MEDIUM
IMPACT
IMPACTOCCURRENCES:
OCCURRENCES:
--Increased
Increasedchallenges
challengesininthe
the
investigation
investigation
--Inter-departmental
process
Inter-departmental processdemands
demands
--Potential
Potentialfor
forregulatory
regulatoryoversight
oversight
Facilities
Issues
LOW
LOWINCIDENT/HIGH
INCIDENT/HIGHIMPACT
IMPACT
OCCURRENCES:
OCCURRENCES:
HIGH
--Process
HIGHINCIDENT/LOW
INCIDENT/LOWIMPACT
IMPACT
Processmandates
mandatesand
andregulation
regulation
OCCURRENCES:
drive
OCCURRENCES:
driveresponse
response
--Volume
--Scope
of
investigation
includes
Volumedictates
dictatesscalable
scalableapplication
application
Scope of investigation includes
--Communication
Communicationand
andprocess
processmultiple
multipledepartments
departments
consistency
--Management
consistency
Managementof
ofprocess
process
--Time
and
activity
management
Reporting
Time and activity management
- Reportingto
tooutside
outsideagencies
agencies
--Escalation
Escalationand
andoutcome
outcomereview
review
Wage &
Hour
Low
Incident
Volume
Theft
Conflict of
Interest
Unethical
Behavior
Misuse of Company
Resources
Community
Affairs
Illegal Activity
Harassment
Low Impact
Foreign
Corrupt
Practices
Data
Breach
Insider
Trading
Financial Fraud
High Impact
Awareness of Anonymous Reporting Mechanisms
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
8
Awareness of Misconduct Is on the Rise
Percent observing
misconduct
High-profile corporate debacles,
followed by passage of S-OX (2001-2002)
NBES
2000
NBES
2003
NBES
2005
NBES
2007
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
Pressured Employees Observed More Misconduct
Felt
Pressure
Did Not Feel
Pressure
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
10
Percent observing
misconduct
Many Employees Still Do NOT Report
NBES
2000
NBES
2003
NBES
2005
NBES
2007
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
Reporting Varies by Level
Percent not reporting
misconduct
2007 NBES Average = 42%
Top
Management
Middle
Management
First Line
Supervisor
NonManagement
Management Level
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
Reporting Also Varies by Function
U.S. Employees NOT Reporting Misconduct
Percent not reporting
misconduct
2007 NBES Average = 42%
Professiona/
Technical
Admin/
Clerical
Other
Sales
Skilled
Laborer
Manual
Laborer
Functional Lines
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
Reality is…Hotlines Are Under-Utilized
Someone
Outside
Organization
Other
Supervisor
Other
Responsible
Person (including
ethics officer)
Higher
Management
Hotline
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
14
Perception vs. Reality Disconnect
The Retaliation Trust/Fear/Reality Disconnect
80 percent believe that
management does not
tolerate retaliation
36 percent of those who
didn’t report feared
retaliation
Only 12 percent of those
who did report experienced
retaliation
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
Perception vs. Reality Disconnect
Top Reasons for Lack of Reporting
Percentage of non-reporters
2003 NBES
2005 NBES
2007 NBES
n/a
Did not believe corrective
action would be taken
n/a
I resolved the issue myself*
Feared retaliation (from
at least one source)
Reasons for not reporting
Note: n/a represents items not asked in
previous survey administrations
© ERC All Rights Reserved
Broadening Awareness of Incidents and Risk
17
Risk Reduction Framework
Issue Awareness
Improved
Data Quality
Resolution
Process
Consistency
Reduced
Retaliation
18
What Matters Do Employees Report?
Percentage of Employees Who Did NOT Report Observed Misconduct
Improper hiring practices
67%
Discrimination
65%
Bribes
64%
62%
Internet abuse
Lying to stake holders
59%
Lying to employees
58%
Sexual harassment
51%
Putting own interests ahead of org
47%
Misuse of confidential org info
47%
Misreporting hours worked
46%
Using competitors inside info
46%
Environmental
45%
Abusive behavior
45%
Alteration of documents
45%
Alteration of financial records
43%
Provision of low quality goods & services
Safety violations
Stealing
41%
37%
36%
*All data shown is from ERC’s National Business Ethics Survey
© ERC All Rights Reserved
What Matters Are Being Reported?
*EthicsPoint internal data,
1700+ clients, all industries
AM
CPE
EEOC
ES
F
G
HR
I
K
MIS
Finance and Accounting Matters
Customer/Partner/Competitor Issues
Equal Opportunity/Affirmative Action Issues
Environmental, Health and Safety
Corruption and Fraud
Government Activity / Regulatory
Human Resources/Employees
General Inquiry/Question/Other
Items not mentioned above
Asset/Information Misuse and Access
Hotlines Capture Some Issues More Than Others
Percentage reporting to hotline
Behaviors Reported to Hotline Most Frequently
Note: Remaining
behaviors assessed
in survey reported
at or below average
hotline rate of 3%
2007 NBES
Bribes
Using competitors
inside info
Discrimination
Improper hiring
practices
Alteration of
Financial Records
Sexual
Harassment
Misuse of
Confidential
Information
Alteration of
Documents
*All data shown is from ERC’s National Business Ethics Survey
© ERC All Rights Reserved
What We Can Improve…
22
ERC Substantiates that Programs Increase Reporting
Programs Can Make a Significant Difference
35%
Little to No Implemented
program + weak
ethical culture
38%
Poorly Implemented
program + weak
ethical culture
70%
Well Implemented
program + weak
ethical culture
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
23
EP Client Experience Substantiates that
Programs Increase Reporting
24
EP Client Experience Substantiates that
Programs Increase Reporting
25
Measuring a Well-Implemented Program
One-quarter of US workforce
perceive company to have wellimplemented ethics and
compliance programs
25%
45%
30%
Well-Implemented Program
Poorly Implemented Program
–
–
–
–
–
–
Awareness
Written standards of conduct
Ethics training
Advice line
Anonymous or confidential reporting
Discipline system
Evaluation of ethical conduct
Implementation
– Willingness to seek ethics advice
– Receipt of positive feedback for ethical
conduct
– Employee preparedness for misconduct
– Mgmt can be questioned without fear
– Rewards for following ethics standards
– Questionable means NOT rewarded
– Org encourages ethical conduct
– Employees believe org is ethical
Little/No Program Implementation
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
Reporting of Misconduct Varies by Sector
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
27
Reporting of Misconduct Also Varies by Job Function
Types of Employment
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
28
Union Membership is Relevant to
Observations and Reporting
Observed
Reported
Retail Trade
Transportation
& Warehousing
Finance &
Insurance
Health Care &
Social Assistance
*All data shown is from ERC’s 2007 National Business Ethics Survey
© ERC All Rights Reserved
29
Recommendations
•
Assess and tailor your hotline to meet your organization’s inherit risk
factors and cultural challenges
•
Ensure Organizational Readiness
•
•
–
Establish systems to capture reports that are made to management
–
Identify Stakeholders and Evaluate Resources
–
Address Retaliation
Enable stakeholder feedback so that issues can be raised quickly and
safely
–
Tone from the top and open door policies supported by a trusted hotline
–
Follow up with “reporters” to validate the value of the system
–
Train management to recognize, address and document reports of misconduct
–
Escalate issues to management / audit committee
Ensure that issues raised are immediately assessed and resolved
–
Probe with follow-up questions to mitigate frivolous and unsubstantiated reports
Recommendations
•
Periodically assess all reports and review to identify “hot spots” or
new risk areas
•
–
Geographically
–
Managerial
–
Training
–
Assimilation
–
Cultural
Benchmarking
–
Incident categories
–
Post corrective outcome
–
Trend analysis
•
Review and Improve the Process
•
Consider policy approaches outside the box
–
Different methods of reporting: how viable?
–
Policy considerations: lessons from other sectors
Related documents
Annex 3 Sample Management Response to Evaluation and
Annex 3 Sample Management Response to Evaluation and
University Ethical Culture Plan - University Ethics & Compliance
University Ethical Culture Plan - University Ethics & Compliance
Evaluated Proposals in Ireland
Evaluated Proposals in Ireland
Secondary Value Influences
Secondary Value Influences
Student Video - Air Traffic Safety Action Program (Bati)
Student Video - Air Traffic Safety Action Program (Bati)
A model for ethical decision-making
A model for ethical decision-making
eleanor_roosevelt_ci..
eleanor_roosevelt_ci..
Download