Real SCM Challenges. Real SCM Experts. Real SCM Solutions.™
|
Real SCM Challenges. Real SCM Experts. Real SCM Solutions.™ |
|
HOME
|
Tone at the Top: Value Added Auditing for LeadershipBy: Henry Lindborg, Ph.D. Fraudulent practices by self-serving CEOs and other corporate officers –abetted by disengaged, complicit, or incompetent boards of directors--have caused massive losses to investors and employees, the collapse of large companies and low public confidence in the integrity of corporate governance. In response, Congress (in Sarbanes-Oxley of 2002), the SEC, and attorneys-general have acted swiftly to strengthen regulations and prosecute offenders. Other bodies have revised or created frameworks for addressing risk management and for reviewing board composition, competence and responsibilities—including setting CEO compensation.1 At the same time, social and environmental concerns have led international organizations to draw guidelines for global enterprises. Stakeholders want assurance of integrity in the governance, finance, and operations of corporations. They are demanding ever higher standards of corporate citizenship, beginning with accountability at the top. “Tone at the top,” refers to ethical standards set by leadership, chiefly CEOs. It connotes not only compliance with the law, but also integrity that builds trust and influences the conduct of others. The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management Framework assumes that “the effectiveness of enterprise risk management cannot rise above the integrity and ethical values of the people who create, administer and monitor entity activities”.2 A second assumption is that however an organization is structured for strategic management, the accountability of senior leaders is undiminished. In fact, how a firm is configured, with assignment of authority and responsibility, manifests corporate values—which are deeply influenced by leaders. Quality management frameworks also give high priority to the responsibilities and commitment to quality of “top” or “senior” leaders—ISO 9000 and the Malcolm Baldrige National Quality Award, for example. Historically, Phil Crosby’s measurement of quality “maturity” by whether the quality profession is represented at the vice presidential or board levels was an early recognition that core quality values, strategy and power have to be leveraged within organizational hierarchies.3 However, this wisdom too often has been obscured by ignoring the role of the board, as well as engaging the rhetoric of empowerment, distributed leadership, and networked organization. Enron, admired for its networked structure, preached employee entrepreneurship and empowerment of “good ideas.” Its disastrous practice, built on complex and opaque relationships, lacked a structure of accountability. While a variety of organizational models and distributions of responsibility may be effective, an integral, ethical approach requires a structure that aligns power and principle, beginning with the CEO and the board. However an organization is configured for strategy, its ethical system needs first to be addressed within hierarchy--beginning with the CEO, whose role is usually most visible. According to a 2003 Hill & Knowlton, Korn/Ferry International survey, 80% of North American CEOs see themselves as primary managers of corporate reputation. After financial performance, unethical behavior and poor service were each ranked as the greatest threat to reputation by 50% of Asian, European and North American CEOs, with 75% reporting having enhanced internal controls in response to corporate scandals.4 The relationships of strategic stakeholder interests to risk management and “tone at the top” implied by this survey are treated explicitly and systemically in the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management Framework, which includes integrity and ethical values, management’s philosophy and operating style, organizational structure, and assignment of authority and responsibility.5 Though the CEO plays a central part in addressing COSO’s elements of “internal environment,” CEO autonomy—so rooted in the popular image of decisive, strategic leaders—is limited by the role of the board. Celebrity CEOs eclipse the boards who hire them, but directors have emerged from the shadows as their shortcomings have been identified and, lately, as scandals that ought to have been foreseen have erupted. Since 1996, Business Week has identified best and worst boards and has begun tracking improvements in board performance. During the 1990’s boards came under scrutiny for failing to represent shareholder interests, especially in setting executive compensation, and for abdicating responsibility for risk management. Boards have been accused of tolerating inappropriate levels of corporate risk, including insensitivity to moral boundaries, by leaders displaying a “dark side” of charisma: the tendency to embrace “dramatic,” poorly aligned and risky strategies, a strong sense of entitlement marked by seeking special privileges, the belief that others’ interests are extensions of their own, resistance to criticism, and enjoyment of control. 6 More recently, boards’ basic competence in fiscal, as well as leadership matters has been called into question. Most visible in hiring and firing the CEO and setting her/his compensation, the board is pivotal as the corporation’s formal link to shareholders. Final responsibility for decision control rests with the board. Though boards do not implement, they influence and monitor. Their advice and active participation are critical to effectiveness in strategic decision-making and risk management.7 Recently galvanized by government regulation and stung by public criticism, boards have become more actively engaged in stakeholder—as well as stockholder—management, with issues such as whether to separate the roles of CEO and board chair under consideration. Advent of Sarbanes-Oxley and regulatory reforms are also affecting how boards interpret interrelationships of risks, audit and ethics. In addition, new organizational structures beyond those mandated by law, key to initiating any change, are offering avenues for audit functions to influence organizations’ ethics. In one well-known case, for example, an Ethics Office, under the leadership of the CEO and General Counsel (with periodic review by the board) has been established. 8 At the same time, there have been calls for a more clearly defined role for internal auditing in guiding ethical conduct. The Institute of Internal Auditors (IIA) proposes creating the position of Chief Audit Executive (CAE), who adds value by “providing advice, counsel, and opinions regarding the organization’s efficiency and effectiveness in risk management, corporate governance, and internal control.” He or she also serves as “a consultant by supporting and advancing an ethical tone at the top, educating management on best practices, and helping the organization maintain a balanced control environment.”9 The CAE reports administratively to the CEO and functionally to the board, acting as the linchpin connecting governance and control systems. The board’s involvement in strategic risk management, employing the counsel of the CAE, places the influence of auditing professions at the structural apex of corporate control, influencing ethics and deployment of values—including those critical to social responsibility. The Institute of Internal Auditors’ (IIA) Standard 2130 on Governance states that internal auditing contributes to governance by evaluating and improving processes for establishing and communicating goal and values, monitoring accomplishment of goals, insuring accountability and preserving values. 10 However, by what means values are deployed from the apex-- from board, CEO and (potentially) CAE to the rest of the organization—is a central question. In making recommendations to the court reviewing XXX corp, XXX Breeden found an “ethics pledge” to be an important mechanism accompanying establishment of the Ethics Office. “If an employee is asked to do something that he or she believes may violate the Pledge, the employee has the ability to go directly to the General Counsel, the CEO and ultimately to the board of directors to determine whether the conduct would or would not be appropriate. For each employee the Pledge is in effect a guarantee from the board of directors that senior managers will be held to the same high standards of conduct that are asked of anyone.” 11 Without formal structures and a strong culture, however, a concerned employee’s climb to the top may prove a tortuous journey. Though important symbolically, ethics pledges don’t respond the question of how corporations actually define and limit their ethical responsibilities. Tim Hatcher proposes an answer based upon “ethics architecture,” essentially structured on audits. Organizations, he writes, begin by “identifying all compliance and values drivers-items that create the need for a focus on ethics. They include compliance, laws, rules, regulations, principles, and best practices.”12 This architecture involves arenas of environment and labor practices, which are increasingly significant as risks to global firms. How values, risk, and stakeholder management are coherently presented within a system that makes sense to every level of the organization is critically important. Without skills and mechanisms to build such a framework, a CAE may be reduced to a figurehead—or at best find her or himself confined to areas of legally defined financial risk. Though these areas are foundational, they represent only one set of risks and of corporate values. More values means greater complexity, however. The COSO Framework, presently our best guide to a holistic approach to risk, acknowledges the difficulty of defining and deploying ethical values, weighing “the concerns of the enterprise, employees, suppliers, customers, competitors and the public. Balancing these concerns can be complex and frustrating because interests are often at odds. For example, providing an essential product (petroleum, lumber or food) may cause environmental concerns.” 13 Indeed, balancing (or failing to balance) competing values is a key indicator of the quality of “tone at the top.” Simon Zadek, CEO of Accountability and an important voice for corporate social responsibility, provides four “levels” of business cases for corporate citizenship that are helpful in defining such values. The first is defensive. The aim is to reduce pain, avoid financial loss, and protect reputation. The second is cost/benefit, focused on activity that produces potential financial gain. The third level is strategic: “Corporate citizenship becomes an integral element of the company’s broader strategic approach to long-term business performance.” The final level makes the case for learning, innovation, and risk management in a new economy. 14 Tone at the top is modulated differently at each level. This is no surprise to quality professionals. Zadek’s model “makes strategy the starting point and corporate citizenship the contributor, rather than seeking to present it as a distinct profit center that subsequently seems isolated from the main thrust of the business.” This logic echoes David Garvin’s approach to “strategic quality management.” Beginning in the 1980’s, Garvin was influential in moving quality from a defensive and isolated posture, urging managers to “to stop thinking about quality merely as a narrow effort to gain control of the production process, and start thinking more rigorously about consumers’ needs and preferences.” In the strategic view, Garvin stated, “Quality is not simply a problem to be solved; it is a competitive opportunity.” 15 In quality thinking, corporate citizenship entered this picture as “performance excellence” (Baldrige) took into account not only customer satisfaction but also stakeholder relationships. Over the last two decades strategic thinking has come to acknowledge stakeholder relationships as “the essential assets that managers must manage…the ultimate sources of organizational wealth.” 16 In order to realize economic success—or even to survive—the firm must understand its stakeholders: “Individuals and constituencies that contribute, either voluntarily or involuntarily, to its wealth-creating capacity and activities, and who are therefore its potential beneficiaries and/or risk bearers.”17 The poster-firms for corrupt practices--Arthur Andersen, WorldCom, and Enron—provide ample evidence of how acting at the expense of key stakeholders—not just stockholders—creates high levels of risk. While a stakeholder perspective would suggest that corporations should be at level three of Zadek’s hierarchy (corporate citizenship integrated with strategy), for many firms, this is not the case. Just as we find companies still struggling with quality as “a problem to be solved,” we discover many seeking to reduce pain, avoid legal sanctions, or just improve efficiency. The most defensive firms are likely to revert to command and control behavior. They seek rules by which to be guided and laws which they must obey—and which must be imposed upon others. At the top, CEOs are newly concerned that they must sign off on the corporation’s financial integrity. (Their attorneys may have advised them on federal sentencing guidelines for fraud.) Attention to compliance may have increased emphasis on good information, as against simply data. Audits are employed to reduce risk of prosecution and damage to reputation. Fear of punishment (in Kohlberg’s system, the rudimentary level of moral development) is a primary motivation. At the level of cost/benefit, the company may be confident of its financial audits, though leaders may complain of the added cost of compliance with the requirements of Sarbanes-Oxley or other regulations. Corporate social responsibility is understood, but (beyond simply doing business legally) is weighed against the “bottom line”—sometimes skeptically. 18 However, there is healthy respect for survival values, as well as concern about issues of “perceived quality of management” by stakeholders. 19 Efficiency is a core value. At the third level, risk is assessed strategically, and leaders consider long-term corporate sustainability in cost/benefit analyses. The strategic implications of initiatives such the ISO 14000 Series are reviewed, and increased emphasis is given to how audits add value, how they are linked to mission objectives, as well as to the importance of interrelationships among audits and how internal structures support them. At level four, the corporation takes seriously elements such as community and environmental responsibility, long-term investment and innovativeness, as measured by Fortune Magazine’s reputation survey, and is likely to have defined“ethics architecture.” 19 The organization defines accountability in terms of its ethical system. That is, it speaks to why it embraces standards of conduct and corporate performance. Accountability is more than compliance. Ethical reasons for compliance with regulations or standards required for doing business, as well as with standards voluntarily chosen, are clearly articulated. From the top and across the culture, audit results are interpreted according to core values. Level four organizations practice “knowledge as wisdom.” They learn through relationships as well as data, information and conceptual understanding. They address “consequences … at an ethical, global and stewardship level.” 20 Leadership is not only aware of corporate citizenship initiatives, such as the “Global Eight,” but has assessed performance on mission objectives through a “holistic responsibility audit,” which includes “quality management systems, environmental practices and energy conservation, human resources and human rights, and community relations.” 21 Tone at the top of the level four organization is quite different from that at a level one. At level one, the order of the day is vigilance for “red flags” such as lack of enforcement of conduct codes, poorly understood, complex business arrangements, and evasiveness about financial statements. 22 At best, the ethical tone is governed by remaining within the law. Between levels one and four, where strategy, learning, and audit are integrated, is a shift in consciousness. At level one, tone is set by addressing risks of being sanctioned, looking bad, losing money. At level four, it is set by addressing these, along with a more complex set of risks, assessed in terms of values, stakeholder relationships, and strategic success. Reputation is understood to be based not only on absence of fraud, but also upon ability to innovate, attract and retain qualified personnel, exercise environmental stewardship, build community relationships, satisfy customers, improve processes, engage in fair labor practices. Not only idealism, but long-term risk management underlies such a view, and for practical reasons new standards are being developed. The recently revised (2003) SA8000 Standard for Social Accountability, for example, includes elements of labor, hours, compensation, health and safety. Along with the environmental standard, ISO 14000, it represents a means for firms to audit to their espoused values, providing assurance to stakeholders. In fact, standards for labor and environmental practices are multiplying, but the underlying message is clear: Firms that want to survive will not only espouse values but provide compelling evidence of living them with integrity. What then, are opportunities for members of ASQ’s Quality Audit Division and others whose competencies are rooted in the Body of Knowledge of the Certified Quality Auditor? First, leadership positions, including CAE, will be opening for those with high level skills in auditing. These will not be restricted to financial auditors. Second, management education will expand its interest in audits, providing opportunity to offer thought leadership and instruction. Third, the career opportunities at all levels will grow as auditing assumes an integral and “value added” stance. Each opportunity brings with it important requirements. Auditors increasingly will be called upon to participate in setting corporate values and strategy, to assist in striking balance among stakeholder relationships. Choosing standards that reflect corporate values and stakeholder requirements, as well as discovering appropriate benchmarks and best practices, demand a leader who looks outward. Auditors will need to remain in touch with the evolution of a range of interrelated standards, as well as to master the tools and techniques for identifying stakeholders, their requirements, and the risks they bring. They will need to be grounded in quality thinking as manifested in Baldrige, as integrated in the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management Framework , and as practiced in audits to a range of standards. Auditors will also need to talk the language of top leadership and the boardroom. They will need to understand business ethics and values, not only as philosophical discipline or professional code of conduct, but on a practical level. They will need tools and techniques for defining and deploying ethical values in firms, and they will have to partner with human resources or ethics offices to insure that audit and corporate ethics are linked in training programs. They will need to analyze their organization’s level of awareness to develop a “value added” case for the auditing profession, making appropriate arguments of benefit to survival, legal conduct, financial gain, sustainable strategy, corporate citizenship, and organizational learning. They will need to cross disciplines, to engage with communities of practice in quality management, human resources, finance, organizational development, law, community development, political science, ethics, environmental science, and education to integrate and promulgate an evolving body of knowledge. Within ASQ, making connections across Divisions offers promise, as does partnering with outside organizations advancing value added auditing. Finally, auditors will need to find their public leadership voice to make a case for their contributions to values and ethics, as well as to operations. This is an opportunity to be seized. Previous Articles:
Summer 2003: Baseball Rules |
|
Copyright © 2004 LeanSCM llc. All rights reserved. Legal Statement. |
