"Safeguarding Reputation and Fiduciary Integrity" Converging Ethics, Governance, and Culture Michael Brozzetti, CIA, CISA, CGEIT 1
Disclaimer The views and opinions expressed herein are solely those of Boundless LLC and its principal, Michael Brozzetti, and do not necessarily represent the views and opinions of their partners, affiliates, or associates. 2 2
A picture is worth a 1,000 words 3
The relation of Law and Ethics 4
Quotes on governance today What we really need is a new paradigm for due diligence when it comes to fraud. Former SEC enforcement attorney It s really about intentional opaqueness where transparency is legally required. It s about taking steps to hide the true nature of transactions Former Prosecutor of the U.S. Attorney s Office I have discovered that greater government attention to corporate ethics and compliance activities is a smarter investment than endless federal prosecutions, suspensions, and debarments. Former Federal Inspector General 5
Ethical vs. Legal Governance Innocent Guilty Ethical Governance Legal Governance Not Guilty Not Guilty, Does Not Mean Innocent University of Pennsylvania Law School Student 6
Judgment Systems and Governance Ethical Judgment Measured to ethics and values Internally controlled and adjudicated Minimum exposure to civil and criminal liability Legal Judgment Measured to law or regulation Externally controlled and adjudicated Maximum exposure to civil and criminal liability 7
Governance Governance Ethics Culture 8
Governance Elements People Ethics & Values Process What area is most important for organizational success? Internal Technology Internal Adjudication External Systems / Devices Information / Data 9
Governance Elements People Ethics & Values Process Internal Technology Internal Adjudication External Systems / Devices Information / Data 10
20 th Century Governance Challenges Accountability and culpability Case law suggests that not knowing and ignorance is a defensible claim. Over 95% of lawsuits are settled or dismissed Ethics Governance Risk Management Compliance Disclosure, speed, and flow of risk information Often filtered and distorted. Internal Control Communication & Trust What state is the culture in? Level of transparency into the culture No practical way to continual monitor the Soft controls that shape cultural norms and risk appetites. Limited foresight into the cultural risks that manifest misconduct and fraud. 11
Governance Today: Still a Black Box? Ethics 12 Discovery risk Governance Risk Compliance Internal Control Communication and Trust What state is the culture in? Enterprise risk
The Convergence of EGC Governance Ethics Culture 13
Governance is rooted in Ethics and Culture 14
If you want to know the Tone at the Top Ethics Governance 15 Risk Management Compliance Internal Control Communication & Trust Corporate Culture then listen to the Song at the Bottom
AICPA Audit Guide The effectiveness of internal control cannot rise above the integrity and ethical values of the people who create, administer, and monitor them. 16
Ethics Governance Ethics Culture 17
Principles, Values, and Ethics Principles Inform our choice of values, morals, and ethics. Values Attitude sets that influence behavior Ethics Standards by which behavior is evaluated for their morality their rightness or wrongness Values motivate, morals and ethics constrain 18 Paul Chippendale
Case Study: Goldman Sachs The federal government charged Goldman Sachs with fraud accusing the firm of deceiving investors who bought mortgage bonds that select clients already knew were likely to fail. 19
Case Study: Citi Group On November 28, 2012 the Judge Jed Rakoff refused to approve a settlement deal between the SEC and Citigroup for allegations that Citigroup dumped dubious assets onto investors whom lost $700MM, while Citigroup profiteered $160MM in the deal. 20
Case Study: SEC Veteran Blows the Whistle U.S. SEC Mr. Darcy Flynn, a 13 year old veteran, blows whistle to Congress (Committee on the Judiciary ) Allegations that over 9,000 files related to Matters Under Inquiry (MUIs) are systematically destroyed over 17 years Claims included the destruction of records relating to Madoff, Goldman, Lehman, and other important cases 21
Honoring Public Service TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635 STANDARDS OF ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH (11) Employees shall disclose waste, fraud, abuse, and corruption to appropriate authorities. 22
Trust in Public Service TITLE 5: ADMINISTRATIVE PERSONNEL: PART 2635 STANDARDS OF ETHICAL CONDUCT FOR EMPLOYEES OF THE EXECUTIVE BRANCH (c) A violation of this part or of supplemental agency regulations, as such, does not create any right or benefit, substantive or procedural, enforceable at law by any person against the United States, its agencies, its officers or employees, or any other person. 23
The Regulatory Ethics Effect on Boards The fiduciary duty of corporate directors has been understood to embrace the adoption and maintenance of corporate compliance programs that are designed to detect corporate wrongdoing. 24
Culture Governance Ethics Culture 25
Cultural Tones Undertone Complacency, Laziness, and satisfaction with status-quo Loose controls with insatiable appetite for risk Short-term decision making at the expense of long-term benefit sustainability Autocratic and self-focused cultures, internal politics, power struggles Overtone + Strong cultural work ethic that challenges assumptions + Tight controls with thoughtful risk appetite + Balanced decision making considering short and long term benefit sustainability + Collegial and team-focused cultures, conscientious employees, balanced power 26
NACD Comment Letter to SEC A strong corporate culture is one of the best tools a company has for combating fraud. - NACD Barbara Hackman Franklin Rating Scale 1 2 3 4 5 6 7 8 9 10 Poor Excellent 27
External Culture Benchmarks Industry Culture Benchmarks Note: Chart is for illustrative purposes only. Y = Year. 28
Internal Culture Benchmarks Cultural Trend Analysis Note: Chart is for illustrative purposes only. PY = Prior Year and CY = Current Year trending. 29
Cultural Assurance Business Unit Survey Business Unit 1 Business Unit 2 Business Unit 3 Business Unit 4 Business Unit 5 Ethics & Governance 4.6 4.7 2.4 5.3 4.3 Risk Management 4.3 4.9 1.0 5.3 3.9 Strategic Planning 3.7 4.0 2.8 5.0 3.9 Management 3.6 4.1 1.3 4.9 3.5 Communication 5.0 5.6 4.3 5.9 5.2 Organization 4.0 4.8 2.5 5.1 4.1 Empowerment 4.5 4.9 2.8 5.6 4.5 Compliance (Audit & Quality) 5.2 5.4 3.8 5.6 5.0 CCI Composite Rating 4.4 4.8 2.6 5.3 4.3 Drill down and gain dynamic views into the organizational corporate culture for internal benchmarking BU #3 Executive Survey CEO CFO COO VP HR CIO Ethics & Governance 8.6 8.2 2.1 1.6 5.8 Risk Management 8.0 7.2 3.1 3.0 5.8 Strategic Planning 7.4 7.6 3.6 3.4 5.2 Management 7.6 7.8 1.4 1.8 5.4 Communication 5.4 6.0 1.1 1.0 4.8 Organization 6.2 7.8 1.8 2.0 5.8 Empowerment 7.2 7.6 2.5 2.0 5.4 Compliance (Audit & Quality) 8.0 4.8 2.3 2.0 6.6 CCI Composite Rating 7.3 7.1 2.3 2.1 5.6 30
Internal Adjudication Business Issues Code of Conduct Ethics Compliance Independent Committee Code of Ethics (Per Professional Practice Standards) Ethics Compliance Independent Committee Company Policy Management (Independent of Incident) Independent Committee Legal Issues Regulation Audit, Risk, & Compliance General Counsel Law General Counsel External Legal Counsel 31
Transparency into Incident Reporting # 1 # 2 # 3 # 4 # 5 Report Filings 16 12 28 25 21 Code of Conduct 5 4 15 5 8 Professional Conduct 4 5 6 5 6 Policy 4 2 3 12 4 Regulation 1 0 4 3 1 Law 2 1 0 0 2 Report Status Open In Queue 9 6 11 8 15 In Due Diligence 2 2 7 3 5 Resolved 5 4 10 14 1 Report Resolution (YTD) 1 2 9 2 4 Authority Change 0 1 3 0 2 Disciplinary Action Taken 1 0 4 1 2 Restitution 0 1 0 0 0 Prosecution 0 0 2 1 0 32 Average Cycle Time (Days) 102 82 55 77 89
Quality for the Ethics Compliance System 33
Mission and Code 34
Closing Quote A self-aware person will act completely within their capabilities to their pinnacle, while an ignorant person will flounder and encounter difficulty. - Socrates, Greek Philosopher 35
Thank you! Michael Brozzetti, CIA, CISA, CGEIT Boundless LLC mike@boundlessllc.com "Safeguarding Reputation and Fiduciary Integrity" 36 36