How can you guard against that?
Most companies have approached this through compliance programs. You conduct training, you have codes of conduct, and you have whistle-blowing hotlines. But all three of these systems are typically weak, at best.
Training is often generically designed and does not actually engage employees. Leaders then measure the effectiveness of the training based on percent completion. That’s a little like if the Dean of Harvard Business School evaluated the quality of my teaching based upon the percentage of final exams I got back at the end of a quarter. That obviously doesn’t give any indication about whether I’m an effective professor or not.
Codes of conduct are often not that much better. Many employees literally only spend a minute—I found one firm where employees spend three minutes—reading their 50-page codes of conduct, and then they sign a document saying they understand everything and they’re willing to report violations if they observe them. But, here’s what’s fascinating: Almost every company has their employees sign in their code of conduct at the end saying, “If you see a violation, you’re obligated to report it.”
But if you literally survey those same employees the next month, later that year, pick your time, you’ll generally find that only between 20 and 40 percent of employees actually report it. So, you can see yourself that people are not even following the code you’ve distributed.
These are the kind of systems and approaches that firms often spend hundreds of thousands of dollars on. If you think about training, it goes much higher than that. If you have 50,000 employees and you spend two hours a year training them, you’re spending millions of dollars a year in terms of an opportunity cost of employee time. And what are you getting in return? Often not a whole lot in terms of actual changes in behavior or improvement in organizational integrity.
What’s the way forward?
The first step is start measuring. What are we getting in return for all this compliance spend and all these initiatives? Is it actually changing behavior? Is it actually preventing the kinds of conduct that we don’t want within our organizations?
Once you start designing some metrics around that, what you’ll find is that some of it probably doesn’t work as well as you had hoped, or it doesn’t work at all. But this leads to innovation; you actually start thinking about different ways of approaching the problem.
So maybe you don’t roll out a one-hour training to 30,000 employees when it’s not relevant to most of them—you actually figure out which subset of employees this is important to and then you find ways to share it with them.
And instead of just sharing it on January 1st, you figure out when they might actually expose themselves to these risks. Before someone goes to a country where bribery is an issue, for example, you can push out a training module or even a reminder notice. There are so many other possibilities.
Do strong values statements make a difference?
Take technology companies. If you look at the mission and values for a lot of tech firms, they look pretty similar. The goals of connecting the world, making people better off, helping people. And they’re big and inspiring.
But when one starts thinking about, “Well, how do we achieve that?” and start thinking about integrity, a lot of the issues that firms in Silicon Valley face tie back to the mentality that has made a lot of firms great, which I’ll call “Fake it till you make it.” That’s an appropriate environment to get a business off the ground, to be nimble, to not overwhelm the firm with controls.
The challenge then becomes figuring out at which point in the firm’s growth that one needs to take a broader set of responsibilities and really actually live those values. And not just in some superficial sense, but actually designing internal processes and controls and incurring the costs associated with that. A lot of technology firms have had trouble with that transition.
For all the criticism that financial institutions, oil and gas, pharmaceutical companies receive, if you look at their investment in trying to have a more ethical and more compliant workforce, not just in dollars, but in real organizational leadership, it overwhelms much of what the tech firms do.
Which company does this especially well?
Microsoft’s training, which every employee from new hires to the board takes annually, focuses on integrity in the broadest sense. I don’t think it’s an understatement to call it Netflix quality. They make it about people. It actually feels like Microsoft employees dealing with the kind of issues that relate specifically to their business and their industry.
That’s very different than a lot of other companies where, when they know that there’s a new requirement, they go out to a third-party provider to purchase generic “software on X-Y-Z requirement.” Although it might seem like a deal at a couple hundred dollars, thousands of people now have to spend one hour of their time on it, but it doesn’t resonate with anyone.
And, frankly, it’s the kind of thing that makes people hope they have two screens, so they can put it on the second screen, minimize it, and not pay attention to it. They know it does nothing—because it was designed to do nothing.
You see it all the time: Companies layer on these requirements that are “check the box,” and employees know that they’re “check the box,” so people learn that compliance is simply an impediment to their job. Ultimately, you get this terrible outcome where the training produces people who, rather than seeing compliance as integral to building a sustainable and successful business that stays out of the headlines, they see it as a system of controls to circumvent.