Part two in a three-part series by David Fitzsimons. Read part one here.
Baseline Buy-In Level – you can start out by assuming that no one outside of the ethics and compliance department gives much thought to ethics. And there are admittedly many people in organizations whose ethics are never tested due to the nature of their jobs. Unfortunately, their apathy can have a contaminating affect on those in ethically vulnerable positions. Compounding this is a basic human flaw – seeking comfort, people intellectually and emotionally remove themselves from the fray because ‘it will never happen to me.’ Like the person who consistently drives too fast and ends up sliding off the road and into a ditch because the roads are a little icy on that day. These kinds of events can occur because people feel invulnerable or safely insulated due to success with prior, similar experiences. ‘I drive down that highway every day at 65 mph and nothing bad ever happened before. How could this have happened to me?’ Why? Because conditions can change. Speeding along at 65 mph might be OK on dry pavement, but icy pavement is slippery and maintaining the same speed on an icy surface means losing control and having a bad experience. The same kind of risk-taking/insular dynamics find their way into domestic and international business dealings. For instance, speeding along a business deal in China by taking care of the right people means you could very well end up in the FCPA ditch, and this is no cheap towing job. And, as if this isn’t challenging enough, you have a small percentage of your employee population, in corollary with the general population, that is predisposed to cheating as a way of “getting ahead.” “It’s tied in with self-esteem,” says University of Massachusetts psychologist Robert Feldman in an article entitled: “Understanding the 10 Most Destructive Human Behaviors. He adds: “We find that as soon as people feel that their self-esteem is threatened, they immediately begin to lie at higher levels.” Feldman has conducted studies in which people lie frequently with 60% lying at least once during a 10-minute conversation. And lying is not easy. One study concluded that lying takes 30% longer than telling the truth. (Interestingly, recent studies have found that people lie in workplace email more than they did with old-fashioned writing.)
When people with these traits are in ethically vulnerable positions as far as money- or deal-handling, the potential for disaster is enormous. This isn’t to suggest that a process redesign or some kind of cultural transformation will eradicate every possible reason why people in companies bring their self-esteem issues into the workplace and do corrupt things. But even if complete eradication is not a reachable goal, working toward it lowers the odds of getting caught up in a government enforcement action. There are currently 89 companies under investigation for alleged violation of FCPA; this is troubling – first, because it suggests a certain overzealousness as far as enforcement action, and second, because it largely penalizes US companies and US individuals (there are other countries’ companies on the list, but it’s about 95% US) for conducting business in foreign countries in accordance with local customs. Overseas enforcement has been spotty so it has bred kind of a loose and fast business environment. For example, China is stepping up enforcement of its anti-bribery laws throughout China. In the meantime, huge sums of money are getting spent on lawyers by US taxpayers to prosecute violators, and those being investigated, both corporations and individuals, are spending millions in legal fees to defend themselves. So besides being an absolute boon for the legal profession, companies and individuals are getting financially battered because lawyers insist on getting paid. For most of the companies on the list of FCPA violations, it all could have been avoided. For example, for some companies on the FCPA list, it could have been as simple as having an exhaustive due diligence process that would have insisted on more detailed financials to prevent acquisition of a company that was loaded with red flags. For others, it could have meant abandoning the idea of doing business in a country where there is virtually no separation between government officials and commercial contacts. And then for others, it could have meant clamping down on aggressive sales organizations that were entertaining and gifting to the hilt. These things are very complex and there is no one-size-fits-all solution. Given the financial stakes, however, it deserves attention. Your baseline buy-in level is truly about awareness, perspective and information-sharing. It’s about preparing yourself for the task at hand, and lining up the resources to do it.
Cultural aspects of anti-corruption – every language used today has subtle nuances. Certain key English-speaking ethics and compliance terms, like truth, trust, bribe, whistle-blow, etc. don’t necessarily translate accurately into other foreign languages, like Russian, Cantonese and Mandarin. Therefore, material has to be developed in the native languages of international hotspots, like Russia, former USSR satellite countries, Korea, China, and Angola. It’s not as simple as drafting a code of conduct in English and then sending it off to the foreign translators. There has to be quite a bit of give and take between the organization preparing the material, and the translators hired to put it into foreign languages. Every language used reflects the cultural aspects of the groups speaking it. If bribery is considered a standard business practice in certain countries, then the word “bribery” when translated directly may or may not have the same connotations and stigmas as the underlying translated word, which is tied to the cultural thinking and beliefs of the culture (English-speaking western countries) that created it. For the purposes of anti-corruption, what you are really doing is superimposing a cultural norm onto a completely different culture in kind of a segmented (i.e., you are asking them to rethink one small slice of their overall culture), foreign way. This is no small task and relies on using a combination of substitute native language words that somehow link the Western application and understanding of the word “bribery” with native words that have the same connotations and moral weight.
CIT Application – Successfully managing critical incidents, such as employee behavior that has led to corruption allegations, is critical to organizational vitality. By definition, a critical incident is an occurrence or condition that interrupts normal business procedure. The incident or incidents should be significant enough to present opportunities for updated organizational preparation and learning. Many organizations have addressed this by using the “Critical Incidence Technique.” The “CIT” is a way to directly observe human behavior that directly and indirectly touches the issue or issues at hand. This gathered information is subsequently used to change behaviors, perceptions and business procedures so that the cycle is broken. The profound thinking is as simple as this, “if you don’t learn from your mistakes, you’ll continue to make the same mistakes.” This is not to suggest that organizations don’t respond to incidents in various ways, and do whatever they can to comply with remedial actions in the wake of an unpleasant and costly event. But it appears that opportunities for permanent change have not been realized in many organizations due to a lack of appreciation of the long-term benefits to an organization that come through permanent organizational change, not one that just tips one way or the other depending upon prevailing winds. This had led to a lack of funding and commitment to organizational development, organizational effectiveness, organizational change and other vestiges of the ‘80s since many of these early attempts at such were marginalized, ultimately shunted off to the HR wing. However, since many of the ideas presented for organizational change are sound, and since many organizations are suffering at the hands of US Justice because of alleged and confirmed FCPA allegations, it might be worth moving past the stigma and implementing a plan to figure out what the workforce story is and then coming up with a way to change it. This plan will require organizational change, through new learning and new outlooks. You start by gathering information from employees and other key stakeholders. Information about critical incidents can be gotten in various ways, but in order to get to the behaviors and perceptions of stakeholders, which is a considerable basis for ethical and non-ethical action, we recommend the Gibbs Reflective Cycle. Here it is put to use to draw critical information out from people directly involved in an investigation or some ethics violation. It is important to ask questions such as these within 60 days of the alleged event so the information recorded more accurately depicts true behaviors and perceptions among direct and indirect participants.
|Stage:||Sample Questions (which would need to be tailored):|
|1||Description of Event||Describe in detail the event. Where were you? Who else was there? Why were you there? What were you doing? What were other people doing? What was the context of the event? What was your part in this? What parts did other people play? What was the result?|
|2||Feelings and Thoughts||Try to explore and describe feelings inside your head when you heard about the event? How were you feeling when the event started? What were you thinking about at the time? How did it make you feel? How did other people make you feel? How did you feel about the outcome of the event? What do you think about it now?|
|3||Evaluation||Try to evaluate or make a judgment about what has happened. Consider what is good about the experience. Consider what was bad about the experience. What went well? What didn’t go so well?|
|4||Analysis||Break the event down into its component parts so they can be explored separately. (You may need to ask more detailed questions at this point.)|
|5||Conclusion||What else could you have done? Reflect on all the previous questions.|
|6||Action Plan||During this stage, if the event happened again, what would you do? What lessons have you learned? What kinds of learning and training are needed to prepare this organization better?|
The aggregated information gathered by way of the above questions will show your organization’s current state (in terms of behaviors and perceptions) in Stages 1-5 and a glimpse of the future state in Stage 6.
Using Gibbs as shown above is an inductive way to gather information. It can be time-consuming, but it will, in fact, yield extremely valuable information. Or, if you want a broader cultural perspective working on a more deductive basis, you can identify aspects of your organization that represent its key values and assumptions and then give individuals an opportunity to respond to those cues. For example, an instrument called the Organizational Culture Assessment Instrument (OCAI) was developed to identify an organization’s culture profile. It has now been used in almost 10,000 organizations worldwide. However, you should be aware that the outputs – “Clan,” “Hierarchy,” “Adhocracy,” “Market” make for interesting conference room discussions, but if you are a “Clan” organization instead of a “Hierarchy,” how does this information get you closer to figuring out what steps you need to take to create a corruption-free workplace and avoid another FCPA allegation? In much the same way as FIRO B, Myers-Brigg and Belbin team-member profiling, how valuable is it for us to know that 4/5 team member are “Analysts” or “Autocrats” when we could barely scrape together five people to sit on the team in the first place? Creating categories like these are helpful, but not really practical. The days of bloated corporate staffs looking to fill up days with team-building exercises and reviews of generic, category driven, culture studies are long gone. The development of custom instruments that work in your environment, targeting a specific topic (i.e., anti-corruption) and generating specific output that ties directly to the change management plan are generally preferable. Your output won’t be sweeping, but it will be specific, meaningful and useable.
Regardless of whether you use custom or generic instruments, or a combination thereof, information can be gathered through a combination of face-to-face individual interviews, focus groups and e- and print surveys.
Change Readiness Assessment – it’s important to gather both factual and emotional information to figure out your organization’s current state; in other words, taking a snapshot of your organization during a compressed period of time and then studying the photo. A key item in determining the current state is determining how much individual and organizational resistance there is to change. Researchers in this area have come up with four primary categories of resistance:
|Reason for resistance||Explanation||Bearing on Anti-Corruption|
|It threatens their self-interest||People inherently calculate the cost of any change and the benefits or penalties that could ensue as a consequence. This could mean losing something they value (e.g., money, power, prestige, control, or even their job). If the cost-benefit calculation doesn’t at least break even, there will be resistance.||Indirect stakeholders (non-vulnerable): non-event – there is no threat either way.Direct stakeholders (vulnerable): this is a big one, definitely applies; if you head up sales in the Far East and you have to make your number, there is definitely some hard thinking going on about how much the rules might need to be bent in order to maintain current income/lifestyle levels.|
|They don’t understand it and they don’t trust it.||Individuals commonly resist things that they do not understand. Thus, change resistance results from not grasping the nature of or need for change. The most challenging trust-based resistance issues relate to situations in which individuals have disdain for the organization itself.||Indirect stakeholders: most are not even going to take the time to understand it or mistrust it; the online training sessions are for many just an annoyance because they can’t relate most of it to their own jobs and priorities. Any knowledge spread could be helpful as far as creating potential advocates who could conceivably influence those in vulnerable positions, but this depends on frequency of any interaction between vulnerables and non-vulnerables, timing of observation, ethics and compliance knowledge retention, vigilance and courage — not a likely mix of circumstances and personal characteristics.Direct stakeholders: any multinational that doesn’t take the time to help these people understand it, and exactly what the stakes are, is setting itself up for a nasty FCPA violation. Whether or not employees and other concerned stakeholders trust what they are being told is less important than the tension that exists between local customs and corporate edicts. The greater the tension, the more the vulnerable person will struggle with each and every major business decision; the key for the multinational is to raise consciousness to a level where it is virtually impossible for the vulnerable employee to go ahead with an unethical business deal, be negligent in a due diligence review or do something else unethical without being aware of potentially severe financial consequences. “Trust” doesn’t play much of a factor here; whether you trust management or not, if you pick up a newspaper and the business section is splattered with stories about financial scandals, it is pretty black and white; there is no grey area, or organization-specific interpretation clouding anything up. The only way trust can be used on the organization’s side is if there is an environment created where the employee or other stakeholder feels comfortable enough, or has enough trust in the organization to come forward with information that might be detrimental to revenue opportunities or political powerhouses without worrying about being penalized for whistle blowing|
|They have different thoughts about the need, direction, tempo and scope of change.||Some people may not see the need for the change in the first place. Others agree that there is a need for change, they just disagree with the chosen route. Some believe that the change will do more harm than good. Finally some people are skeptical that the organization has the resources and/or fortitude to see the change through successfully.||Indirect stakeholders: non-event – they don’t have much of a stake in any of this beyond hoping that whatever is put in place stops vulnerables from ruining things for everyone else; need, direction, tempo and scope are mere minutia to these people.Direct stakeholders: it seems like most corporations do nothing until something happens, and then when it does, they bombard people with meetings, booklets, intranet copy, mandatory training and other ‘remedial’ deliverables. In many cases, this is merely window-dressing to mollify the DOJ or other government enforcement agency. This typically bears no relationship to a proactive, long-term change management plan that rolls out timely information in a more civilized manner and actually increases awareness and ensures information retention in vulnerable positions. The latter would be the ideal because it really underscores the corporate commitment to the change rather than one part of a government enforcement settlement. (A flurry of one-size-fits-all deliverables within a compressed time period generally demonstrates otherwise.)|
|They fear and/or have low tolerance for change.||Sometimes people resist change because they lack confidence in their ability to perform any required new actions. Other individuals resist change for attitudinal reasons. They may not like being pushed out of their comfort zone, or they may have a pessimistic or skeptical disposition. This source of resistance is onerous because it is difficult to change attitudes and dispositions.||Indirect stakeholders – for this group, this wouldn’t apply; if anything, they support the changes (therefore there is no fear or loss of confidence) because if they are made, they won’t have to suffer at the hands of coworkers in vulnerable positions who do corrupt things and cause others (them) to lose stock values, revenue opportunities and employment opportunities.Direct stakeholders: this is a big one, definitely applies; the key thing is the competitive environment; if, for example, a salesperson’s competitors are trading wrist watches with local government officials, how much confidence would this individual have in a new organization that plays by the rules while his or her competitors continue to break all the rules and take all the business? In other words, an organization’s change management strategy has to be realistic, it has to be something that can actually be applied within that organization, and within that particular geographic region. In some cases, this might mean not doing business in certain un-policed geographic regions rather than superimposing unattainable standards on the players in that particular market. The key thing is, attitudes and perceptions can be altered, and changed for the better. Organizations have to demonstrate the necessary sensitivity to local environments, and then make some tough calls about the viability of doing business there. Either way, a strong executive-led advocacy team, working within the schematic shown in the “Define” section, is an absolutely necessity to deal with attitude and perception creep.|
Once a change agent analyzes the individual and organizational inhibitors of change, the change management plan must cite each barrier and then identify viable strategies (both general and stakeholder-specific) for jumping over each barrier.
This information is important because it tells you where you are now, not only in terms of barriers, but in terms of potential acceptance and day-to-day incorporation. Without knowing this, you would have no way to determine, through subsequent assessment (either qualitative or quantitative) what kind of progress you’ve subsequently made against the current state baseline. A key part of any change management exercise, fueled by 6-Sigma methodologies, is sitting down and coming up with the ideal future state. Within the context of anti-corruption, this would mean an organization that is free of any corruption allegations. This would be the ideal output. And in order to make this ideal a reality, you have to remove the individual (learned through the Critical Incidence Technique) and institutional change inhibitors (learned through the Change Readiness Assessment) before you make any changes. Actual changes could include anything from disseminating multi-lingual codes of conduct to updating recruiting and hiring practices to instituting new performance management systems.
Generally, most organizations just plow ahead and make the changes and then hope for the best in terms of utilization and acceptance of new ideas, standards and approaches. Other, more prudent organizations take a step back conduct a bonafide change readiness assessment to get a feel for what kind of response will come from key stakeholders – before going ahead with any kind of change implementation. The idea is to get input from stakeholders (e.g., Board members, senior executives, 3rd parties [vendors; distributors], employees, investors, etc.) and then use this information to help refine the plan to get from the current state to the future state. This information is best gathered through either face-to-face and/or phone interviews using a questionnaire.
Here are sample change readiness assessment questions that look at barriers and acceptance from a broader standpoint:
|1. What are the major goals and objectives that you/your unit are expected to meet?|
|2. How is the effectiveness of your unit or department measured or evaluated? Is your unit structured effectively to achieve a high level of performance?|
|3. Are there formal written or documented processes or procedures within your area, unit or department? To what extent are these processes and procedures well organized/effective? Do people in your unit/department use standardized processes to do their work?|
|4. List in order of priority the areas within the company that are most in need of improvement? What steps could be taken to improve these areas? Which areas should be considered targets for anti-corruption?|
|5. Please indicate which areas of the organization are managed and structured most effectively in terms of anti-corruption?|
|6. What areas of the company need to significantly improve the quality of anti-corruption?|
|7. How effective is the leadership within your unit or department?|
|8. In terms of anti-corruption effectiveness, what are the three most critical things that need to change within your unit/department and within other units and departments that you work with?|
|9. To what extent do you and/or your colleagues in your unit/department understand the company’s strategic goals and direction?|
|10. Do you understand the goals and objectives of the anti-corruption project? Do you understand your potential roles and/or responsibilities on this initiative? What information do you need to improve your understanding of this initiative?|
|11. What can you or others in your unit do to support/contribute to this effort? Are you willing to take additional training in order to have a more active role on this project?|
The answers to these questions can be used to refine your ultimate plan because you are getting more information and diverse insights. And by incorporating this kind of feedback from interviewed stakeholders, you are gaining their buy-in. They see themselves as being part of the actual solution, which is extremely empowering. It’s also very useful because you’re going to need their support/resources as you move fully into implementing organizational changes. Involved, empowered stakeholders will ultimately drive the program forward. Stakeholders who are dictated to, whose input is ignored, are, by default, put in a passive role. Stakeholders play the role that they are cast in, just like actors.
All this data – from both the Critical Incident Technique, and the Change Readiness Assessment — needs to be pulled together into a meaningful report presenting the facts and recommended action, with data sliced and diced to the needs of key stakeholders.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
About the Author
David Fitzsimons, Principal of Just Got Word LLC, leads this New York City-based change management firm, which helps organizations improve the way they perform through meaningful, positive change. David has over 25 years’ experience consulting to companies like Lockheed Martin, Exxon-Mobil, Pfizer, ITT, Con Edison and Public Service Enterprise Group. David has won numerous industry awards for his work as writer and producer. A frequent public speaker and published author, he is a 6-Sigma Black Belt with deep experience in organizational change, ethics and compliance, leadership development, sales/marketing, HR strategy, benefits and compensation, outsourcing and other key corporate initiatives.