measuring tone at the top

10 Ways To Measure The Tone At The Top

measuring tone at the top

Management’s “tone at the top” is a critical element of effective internal control and corporate compliance programs. While tone at the top assessments may seem “soft” by the standards of most performance indicators for a compliance and ethics program, compliance executives and boards may find such assessments invaluable in surfacing early warning signs of the potential for increased risk of wrongdoing in one or more units of a company’s operations. With the Dodd-Frank Act’s whistleblower program now offering potentially large rewards for tips about possible securities law violations, this could be an opportune time for compliance executives to consider new ways to evaluate their company’s tone at the top[1].

Even for organizations where such assessments are well established, the methods used can be improved in many cases. An assessment of the tone at the top can be used for multiple purposes, for example, including as part of an entity’s review of controls for Sarbanes-Oxley reporting or for determining consistency with the compliance and ethics program recommendations in the U.S. Federal Sentencing Guidelines.

Role for compliance professionals

Increasingly, boards and senior executives are taking tone at the top seriously as a success factor in an overall improved approach to risk management. Compliance executives can play a very important role in assisting policy and decision makers in taking action to enhance tone at the top in a deliberate and systematic way—and then to measure effectiveness and progress.

Ten key ways that board directors, senior management, and compliance and risk management executives can work together or support each other in helping to assess the current state of an organization’s tone at the top are presented below. In addition, each can contribute to an overall program that turns policy into sustainable action:

  1. Extent and nature of wrongdoing—Benchmarking against other companies the number and nature of known incidents of wrongdoing may highlight the extent to which management’s tone has led to compliance with the entity’s policies. If management dismisses minor violations as unimportant, for example, it may indicate a culture of noncompliance that could heighten risks.
  2. Anonymous incident reporting—If the entity has a significantly higher than average proportion of whistleblower reports made anonymously, it may suggest that employees are afraid to report wrongdoing or that protection of previous whistleblowers has been inadequate.
  3. Social media reputation assessment—Monitoring comments and criticism in social media and other online venues can help identify whether views of the entity’s culture suggest an inadequate ethical tone.
  4. Employee surveys—This type of research gathers information on employee engagement with the enterprise and monitors trends. Questions can help in understanding employees’ perspectives on ethical matters. Scores can be compared between units, benchmarked against those of similar entities and compared from year to year to monitor changes.
  5. Tone of management communications—Reading communications from management to employees for tone, in addition to content, may provide insight. Notice boards, broadcast emails, and intranet sites may communicate a tone at the top quite different from the one on display in the boardroom. Consistency is essential to effective and lasting communications.
  6. Group discussion—It is important to invite audit committee members, risk management, and compliance executives to share observations and perspectives regarding management activities, communications, and style with regard to tone at the top. The discussion can lead to new insights and help build consensus on effectiveness of efforts and whether remedial action is needed.
  7. Facility visits—Moving board, compliance and risk management meetings around to various locations can help to gain perspective on an entity’s full scope of operations and enable cooperation with local managers.
  8. Exit interviews—Some departing employees, concerned about burning bridges, may be unwilling to mention ethics and integrity issues that may have contributed to their departure. Others may welcome the opportunity to discuss their experiences, but may provide information only if asked. Exit interviews can provide a vehicle for their comments.
  9. Interviews and focus groups—Interviews can be effective in assessing the tone at the top when they employ a structured approach and when people are comfortable stating their views openly. When employees are reluctant to talk or when employee surveys identify potentially significant but nonspecific concerns, focus groups led by an independent third party may help uncover underlying issues. Anonymous messaging and voting devices, together with an experienced facilitator, can help draw out information.
  10. Customer complaints—Monitoring trends in customer feedback may provide insight into the entity’s culture. The swift and open handling of grievances may indicate an entity dedicated to compliance and ethics, while a pattern of a company’s inadequate responses to customer grievances could suggest characteristics among management that research has associated with antisocial activities such as fraud.

Consider these questions to set your baseline

After reviewing the processes above, consider answers to the following questions as a means to help establish where your organization stands with respect to tone at the top:

  • What quantitative measures are being used to complement qualitative evaluations of the tone at the top?
  • Is the entity’s internal audit function performing assessments of “soft controls” that could be used to help evaluate tone?
  • How do the company’s processes for evaluating the tone at the top compare to those of others that are viewed as leaders in this area?
  • Are employees’ perceptions of the tone at the top trending up, trending down or flat? How do they compare with those of employees at similar or “leading” entities?
  • Are there business units or functions where employees’ perceptions of the tone at the top are much weaker than others? If so, what remediation may be appropriate?

Follow up by setting objectives for new initiatives over the coming months that will advance the desired improvements.


It is relatively easy to understand and convey that how value is created is a critical performance and success factor. In addition, today knowing how value can be destroyed is an equally critical success factor. The tone set at the top can drive value – both positively and negatively. Tone at the top forms the foundation for a culture that inspires trust and confidence—among employees, investors, and all key stakeholders. Compliance professionals are in a strong position to drive and support tone at the top initiatives and measurement systems.

We would like to express our appreciation to Toby Bishop, director of the Deloitte Forensic Center at Deloitte Financial Advisory Services LLP, and Mohammed Ahmed, senior manager at Deloitte Financial Advisory Services LLP, for their contributions to the development of this article.


Donna Epps, DeloitteAbout the Author

Donna Epps is a partner in the Forensic & Dispute Services practice of Deloitte Financial Advisory Services LLP, the national leader of the Anti-Fraud Consultinggroup, and co-leader of Deloitte’s Governance and Risk Management practice.

[1] The Dodd-Frank Wall Street Reform and Consumer Protection Act is a federal statute in the United States signed into law by President Barack Obama on July 21, 2010. It promotes the financial stability of the United States by improving accountability and transparency in the financial system, ending “too big to fail,” protecting the American taxpayer by ending bailouts, protecting consumers from abusive financial services practices, and other purposes.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication.

About Deloitte: Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

About the Author

Donna Epps

Donna Epps, DeloitteAbout the Author
Donna Epps is a partner in the Forensic & Dispute Services practice of Deloitte Financial Advisory Services LLP, the national leader of the Anti-Fraud Consulting group, and co-leader of Deloitte’s Governance and Risk Management practice.

Donna brings a wide range of client service experience to her insights on governance and risk management issues, including 20 years of auditing public and private companies, carrying out regulatory filings with the SEC, and leading regulatory compliance examinations at the state and federal level. In addition, she has worked with the senior management teams of multinational clients in several industries including telecommunications, manufacturing, and oil and gas in conducting complex, multi-year restatements of financial statements, leading Sarbanes-Oxley preparation projects, and providing merger and acquisition related services.

Her current focus is in proactive risk services and enterprise risk management. She works with companies to become risk intelligent with a focus on value protection and value creation.

Donna received her Bachelor of Business Administration degree from Texas A&M University.

Donna can be contacted via email at

Donna contributes to the regular column Your Risk Intelligent Enterprise™ for CCI with Henry Ristuccia and Rob Biskup.

As used in this document, ‘Deloitte’ means Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, and Deloitte Tax LLP, which are separate subsidiaries of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.