This document discusses converging ethics, governance, and culture. It begins with introductory quotes about the need for due diligence to prevent fraud and intentional opacity. It then discusses how principles, values, and ethics inform choices and how culture affects organizational performance. The document examines how ethics, governance, and culture converge and influence each other. It also provides examples of ethics gone wrong and right to illustrate the importance of these topics.
1. CONVERGING ETHICS,
GOVERNANCE, AND CULTURE
Michael Brozzetti, CIA
Washington DC
May 12, 2011
DISCLOSURE: Michael Brozzetti represents his personal commitment to protect and guard the Internal Auditing profession's principles
for integrity, competency, confidentiality, and objectivity as provided for within the Institute of Internal Auditors Code of Ethics. Michael
Brozzetti is President of Boundless LLC, an expert internal auditing and governance firm and is Chairman of the Business Integrity
Alliance™ which is a joint venture between zEthics, Inc. and Boundless LLC missioned to advocate and advance the practices
supporting the principles of integrity, transparency, accountability, and risk oversight. Michael Brozzetti is a Certified Internal Auditor®
Learning System training partner with the Institute of Internal Auditors, Villanova University, and the Holmes Corporation. Michael
Brozzetti is currently under consideration for the zEthics, Inc. Board of Directors. Michael has no material holdings in the Capital
Markets.
2. 2
Relevant Introductory Quotes
• “What we really need is a new paradigm for due diligence when it comes to fraud.”
- Former SEC enforcement attorney, Pat Huddleston Interview,
- John Buchanan. “It Could Happen to You.” Conference Board Review – Spring 2011
• “It’s really about intentional opaqueness where transparency is legally required. It’s
about taking steps to hide the true nature of transactions…”
• Former Prosecutor of the U.S. Attorney’s Office, George Terwilliger Interview
• John Buchanan. “It Could Happen to You.” Conference Board Review – Spring 2011
• “I have discovered that greater government attention to corporate ethics and
compliance activities is a smarter investment than endless federal prosecutions,
suspensions, and debarments.”
• Retired Federal Inspector General – May 12, 2011
• “Problems cannot be solved by thinking within the framework in which they were
created.”
• Albert Einstein
3. 3
The IIA asked is there a culture of risk?
If we define culture as "a way of life - the
behaviors, beliefs, and values that are passed
along by communication and imitation from one
generation to the next" and put it into an
organizational context then we can assume the
term "generation" refers to the hierarchical levels
and parent/child relationships that exist within an
organization.
8. Ethics Gone Wrong
Satyam Computer Services Ltd.
• Known as the as the “Enron” of India.
• Some $1 billion in declared revenue at
the outsourcing firm turned out to be
nonexistent. PwC probed for signing
off on financial statements.
• In 2005, the bank's CIO, was ousted for
buying preferential stock options from
Satyam, even as he awarded the firm
major contracts. Satyam was allowed
to remain.
• Satyam had been linked not only to
financial wrongdoing, but
"ultrasensitive data heists“ from
customer World Bank.
Source: FOX News
9. Ethics Gone Wrong
New Century Financial
• New Century Financial Corp, the
largest independent provider of
home loans to people with poor
credit, filed for bankruptcy two
years ago amid mounting customer
defaults.
• $1 Billion dollar lawsuit filed
against KPMG in March 2009 by
trustees of New Century.
• “As far as I am concerned, we
are done. The client thinks we
are done. All we are going to do
is piss everybody off.”
- KPMG partner
Financial Week: March 31, 2008 12:01 AM
10. Ethics Gone Wrong
Enron
• On November 30, 2001 the Company filed
bankruptcy and 4,000 employees lost there job
that day with only 30 minutes to gather there
belongings and exit the building.
• Ken Lay and Jeff Skilling were tried in 2006 for
their part in a 53-count indictment covering a
broad range of financial crimes, including bank
fraud, making false statements to banks and
auditors, securities fraud, wire fraud, money
laundering, conspiracy and insider trading.
• "Well, thank you very much, we appreciate
that . . . asshole.”
– Jeff Skilling, Former Enron CEO & COO
11. Ethics Gone Wrong
Lehman “Alter Ego”
• One of the vehicles that Hudson Castle
created was called Fenway, which was often
used to lend to Lehman, including in the
summer of 2008, as the investment bank
foundered.
• Hudson Castle might have walked away earlier
if not for Fenway’s ties to Lehman.
• Lehman itself bought $3 billion of Fenway
notes just before its bankruptcy that, in turn,
were used to back a loan from Fenway to a
Lehman subsidiary.
• While Hudson Castle appeared to be an
independent business, it was deeply
entwined with Lehman. For years, its board
was controlled by Lehman, which owned a
quarter of the firm. It was also stocked
with former Lehman employees.
Source: NY Times
12. Ethics Gone Wrong
Goldman Sachs
Sued by SEC for Fraud
• The federal government charged
Goldman Sachs, a prominent New
York financial house, with fraud on
Friday, accusing the firm of deceiving
investors who bought mortgage bonds
that select clients already knew were
likely to fail.
• The SEC also named Fabrice Tourre, a
Goldman Sachs vice president, who
helped create and sell the investment
deal, which cost investors more than $1
billion when mortgages defaulted.
• April 16, 2010 NY Times
13. Ethics Getting Better
Computer Associates, Inc.
• Charles Wang and a few other
former executives participated
in a $2.2 Billion accounting
fraud against Computer
Associates.
• New leadership executed a
Deferred Prosecution
Agreement “DPA” with the
U.S. Government in 2000 to
turnaround the company.
• In 2004, CA ended-up paying
$225MM to victimized
shareholders.
14. Ethics Gone Right
Coke
• In a nutshell three people, including an
executive assistant at Coke, were
busted and charged with stealing trade
secrets, as well as a product sample,
and trying to flog them to arch-rival
Pepsi for $1.5 Million.
• In terms of ethics, the most interesting
part about this story was that Pepsi
had alerted Coke to what was going
on, and Coke immediately called the
police.
15. 15
Principles, Values, and Ethics
• Inform our choice of values, morals, and
Principles ethics.
Values • Attitude sets that influence behavior
• Standards by which behavior is
Ethics evaluated for their morality – their
rightness or wrongness
“Values motivate, morals and ethics constrain”
– Paul Chippendale
16. 16
Ethics in the Regulatory Context
• Section 406, which directs us to adopt rules requiring a
company to disclose whether it has adopted a code of
ethics for its senior financial officers, and if not, the
reasons therefor, as well as any changes to, or waiver of
any provision of, that code of ethics.
17. 17
Honoring Public Service
TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635—STANDARDS OF
ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH
(11) Employees shall disclose waste, fraud,
abuse, and corruption to appropriate
authorities.
18. 18
Trust in Public Service
TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635—STANDARDS OF
ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH
(c) A violation of this part or of supplemental
agency regulations, as such, does not create
any right or benefit, substantive or
procedural, enforceable at law by any
person against the United States, its
agencies, its officers or employees, or any
other person.
19. Caremark Case Law
• Since the 1996 Delaware Chancery Court decision in In re Caremark
International Inc. Derivative Litigation,1 the fiduciary duty of corporate
directors has been understood to embrace the adoption and maintenance of
corporate compliance programs that are designed to detect corporate
wrongdoing and bring it to the attention of management and the board of
directors.
• Stone v. Ritter involved a derivative action by shareholders of AmSouth
Bancorporation ("AmSouth"), in the wake of the disclosure that AmSouth had
paid $50 million in fines and civil penalties arising from violations of the
federal Bank Secrecy Act.3 The lawsuit alleged that the directors of AmSouth
had breached their duty to act in good faith because, while AmSouth
maintained a program to monitor Bank Secrecy Act compliance, the program
was not adequate to prevent the violations giving rise to the fines and civil
penalties.
• First, the Court held that the Caremark standard is the appropriate
standard for director duties with respect to corporate compliance issues; and
second, there is no duty of "good faith" that forms a basis, independent of the
duties of care and loyalty, for director liability.
3 31 U.S.C. §5318 et seq. (2006).
20. 20
The DOJ after Caremark:
• Legal Guidance Regarding Board Oversight
• The McNulty Memo provides that, when assessing the
adequacy of a company’s compliance efforts, prosecutors
should consider whether the corporation has established
corporate governance mechanisms that can effectively
detect and prevent misconduct;
• Such as whether directors exercise independent review
over proposed corporate actions, whether directors are
provided with information sufficient to enable the exercise of
independent judgment, and whether directors have
established an information and reporting system reasonably
designed to provide management and the board of directors
with timely and accurate information.
21. 21
The Corporate Conscience
“A self-aware person will act completely within their
capabilities to their pinnacle, while an ignorant person will
flounder and encounter difficulty.”
- Socrates, Greek Philosopher
23. 23
The “Black Box” of Governance
Ethics
Governance
Discovery risk Enterprise risk
Risk
Compliance
Internal Control
Communication and Trust
What state is the culture in?
24. 20th Century Governance Challenges
Level of transparency into the culture
No practical way to continual monitor the “Soft controls” that
shape cultural norms and risk appetites.
Limited foresight into the cultural risks
that manifest misconduct and fraud.
Disclosure, speed, and flow of risk information
Often filtered and/or distorted. Ethics
Governance
Accountability and culpability
Risk
Case law suggests that not Management
knowing and ignorance is a Compliance
defensible claim.
Over 95% of lawsuits are Internal Control
settled or dismissed Communication & Trust
What state is the culture in?
25. 25
The Governance System
People
Ethics Process
& Culture
Internal
Technology
Internal
Systems / Devices Information / Data
Adjudication External
27. 27
Ethics in Context of a U.S. Law
Innocent Guilty
Ethical Judgment Legal Judgment
Not
Guilty
“Not Guilty, Does Not Mean Innocent”
– University of Pennsylvania Law School Student
28. 28
Judgment System Difference
Ethical Judgment Legal Judgment
• Measured to core • Measured to law or
values regulation
• Internally controlled • Externally influenced
and adjudicated and adjudicated
• 100% Transparency • Opaqueness (95%)
• Subject to confession • Subject to external
and repentance punishment and
• Immunity-in- damages
conscience • No immunity
30. 30
Sustainability and Integrity in Context
• The rules of conduct recognized in respect to a particular class
Ethics of human actions or a particular group, culture.
• A way of life - the behaviors, beliefs, and values that are
Culture passed along by communication and imitation from one
generation to the next.
• The combination of processes and structures implemented by
Governance the board to inform, direct, manage, and monitor the activities
of the organization toward the achievement of its objectives.
• Integrity is consistency of actions, values, methods, measures,
principles, expectations and outcome. As a holistic concept, it
Integrity judges the quality of a system in terms of its ability to
achieve its own goals.
32. 32
Cultural Tones
Undertone Overtone
– Complacency, Laziness, and + Strong cultural work ethic
satisfaction with status-quo that challenges assumptions
– Loose controls with + Tight controls with
insatiable appetite for risk thoughtful risk appetite
– Short-term decision making + Balanced decision making
at the expense of long-term considering short and long
benefit sustainability term benefit sustainability
– Autocratic and self-focused + Collegial and team-focused
cultures, internal politics, cultures, “conscientious
power struggles employees,” balanced power
33. National Association of Corporate Directors
VI. Integrity, Ethics & Responsibility: Governance
structures and practices should be designed to promote an
appropriate corporate culture of integrity, ethics, and
corporate social responsibility.
34. NACD Comment Letter to SEC
“A strong corporate culture is one of the best tools a
company has for combating fraud.”
- NACD Barbara Hackman Franklin
Rating Scale
1 2 3 4 5 6 7 8 9 10
Poor Excellent
35. 35
Cultural Elements
• Ethics & Governance - Assess the level of illegal or fraudulent activities; withholding or covering up
information; manipulating government reports; scandal; managerial mischief; misconduct; unethical
behavior; lying; falsification of records; sexual harassment; drug and alcohol abuse; etc.
• Risk Management - Identify risks, quantify and assess the level of risk taking by senior management;
quantify the risk of operational failures, etc.
• Strategic Planning - Assess the organization’s strategic planning methodology and practices;
determine whether managers are allocating sufficient resources to execute the strategic plan effectively
and efficiently; etc.
• Management - Assess the competence and character of management; does the management team
work well together; is management being held accountable for decisions that impact the organization’s
performance, strategic goals and objectives; is management consistent in its decision making; etc.
• Communication - Assess how well the organization communicates the information required to
accomplish goals and objectives; identify when there is a problem with miscommunication of
information or misinformation; etc.
• Organization - Assess the Organization’s Internal Controls, Policies, Procedures and Systems;
identify structural flaws or weaknesses in the organization; etc.
• Empowerment - are employees empowered to perform their duties and responsibilities without fear,
reprisal or reprimand; is management undermining the staff’s ability to perform their duties and
responsibilities; do employees have sufficient training and skills to perform their duties, etc.
• Compliance (Auditing, Quality) - Assess compliance with all laws and regulations; identify problems
or concerns with the
40. What conclusions can you yield?
Industry Sector Region
Reporting Category Company
Average Average Average
Ethics & Corporate Governance 2.4 4.6 4.7 5.3
Risk Management 2.8 4.3 4.9 5.3
Strategic Planning 1.0 3.7 4.0 5.0
Management 1.3 3.6 4.1 4.9
Communication 4.3 5.0 5.6 5.9
Organization 2.5 4.0 4.8 5.1
Empowerment 2.8 4.5 4.9 5.6
Auditing / Quality Control 3.8 5.2 5.4 5.6
Composite Rating 2.6 4.4 4.8 5.3
Source: zEthics, Inc.
41. What conclusions can you yield?
Reporting Category CEO CFO COO CMO CAO
Ethics & Corporate Governance 5.8 1.6 8.2 5.8 8.6
Risk 5.8 3.0 7.2 5.6 8.0
Strategic Planning 5.2 3.4 7.6 5.4 7.4
Management 5.4 1.8 7.8 5.6 7.6
Communication 4.8 1.0 6.0 4.4 5.4
Organization 5.8 2.0 7.8 4.6 6.2
Empowerment 5.4 2.0 7.6 4.6 7.2
Auditing / Quality Control 6.6 2.0 4.8 6.6 8.0
Composite Rating 5.6 2.1 7.1 5.3 7.3
Source: zEthics, Inc.
42. What conclusions can you yield?
Reporting Category President EVP SVP VP Director
Ethics & Corporate Governance 5.0 6.2 7.0 8.4 8.6
Risk 4.4 6.6 6.6 8.4 8.2
Strategic Planning 2.8 6.6 5.2 5.0 5.6
Management 4.8 6.6 5.8 6.2 7.0
Communication 2.6 5.2 6.6 6.0 6.0
Organization 5.6 6.0 5.6 6.2 7.4
Empowerment 4.8 4.2 6.0 7.2 6.0
Auditing / Quality Control 5.2 5.6 5.4 5.4 7.0
Composite Rating 4.4 5.9 6.0 6.6 7.0
Source: zEthics, Inc.
43. What conclusions can you yield?
Non-Exec
Reporting Category Chairman Company Composite
Board
Ethics & Corporate Governance 2.2 6.4 6.2
Risk 6.0 6.0 6.3
Strategic Planning 2.8 5.2 5.2
Management 3.4 6.2 5.7
Communication 1.0 5.4 4.5
Organization 1.4 6.4 5.4
Empowerment 2.0 5.2 5.2
Auditing / Quality Control 3.8 5.4 5.5
Composite Rating 2.8 5.8 5.5
Source: zEthics, Inc.
44. Internal Adjudication
Business Issues
Code of Conduct Ethics Compliance Independent Committee
Code of Ethics
(Per Professional Ethics Compliance Independent Committee
Practice Standards)
Company Policy Management Independent Committee
(Independent of Incident)
Legal Issues
Audit, Risk, &
Regulation General Counsel
Compliance
Law General Counsel External Legal Counsel
44
45. 45
Transparency into Incident Reporting
#1 #2 #3 #4 #5
Report Filings 16 12 28 25 21
Code of Conduct 5 4 15 5 8
Professional Conduct 4 5 6 5 6
Policy 4 2 3 12 4
Regulation 1 0 4 3 1
Law 2 1 0 0 2
Report Status
Open – In Queue 9 6 11 8 15
In Due Diligence 2 2 7 3 5
Resolved 5 4 10 14 1
Report Resolution (YTD) 1 2 9 2 4
Authority Change 0 1 3 0 2
Disciplinary Action Taken 1 0 4 1 2
Restitution 0 1 0 0 0
Prosecution 0 0 2 1 0
Average Cycle Time (Days) 102 82 55 77 89
47. 47
The Penney Idea
A strong principled foundation since 1913
1. "To serve the public, as nearly as we can, to its complete
satisfaction. “
2. "To expect for the service we render a fair remuneration and
not all the profit the traffic will bear."
3. "To do all in our power to pack the customer's dollar full of
value, quality, and satisfaction."
4. "To continue to train ourselves and our associates so that the
service we give will be more and more intelligently performed."
5. "To improve constantly the human factor in our business."
6. "To reward men and women in our organization through
participation in what the business produces."
7. "To test our every policy, method, and act in this wise: Does it
square with what is right and just?
48. 48
More Q&A Time…
Michael Brozzetti, CIA
President, Boundless LLC
(215) 687-7376
mike@BoundlessLLC.com