In a healthy organizational culture, there is a natural, not forced, focus on business ethics, and ethical practices are integrated into the fabric of doing business. Coupled with a strong anti-fraud program, foundational ethics policies result in a decreased risk of fraud. For example, organizations with a published and publicized code of conduct had a 27 percent lower median loss, and a 53 percent reduction in fraud duration, according to a study by the Association of Certified Fraud Examiners. The same study found that organizations with whistleblower incentives had a 31 percent lower median loss, and a 59 percent reduction in fraud duration.
The costs to the bottom line when companies don’t take steps to prevent fraud go well beyond the direct dollar impact of any actual fraud that occurs. There are the related costs incurred from the impact on the brand as well as the more concrete costs of government enforcement actions. In 2012, for example, the Securities and Exchange Commission alone brought 734 enforcement actions against companies, resulting in more than $3 billion in penalties and other fines. Clearly, it is worth the investment in time and resources to develop and maintain an ethical culture.
As a former federal inspector general who is currently assigned to serve as an independent monitor on a variety of cases to help rebuild confidence after instances of corporate misconduct, I have observed several themes and best practices that successful companies have used to help strengthen their ethical culture and better manage their fraud risk. These practices relate to the code of conduct, metrics, training, due diligence, risk assessments, tone, and practice.
A company’s code of conduct must be a useful, living document that is referenced beyond new employee orientation. It must clearly spell out responsibilities of both the company and the employee, including an employee’s duty to report observed misconduct or violations.