Turn Compliance Beliefs Into Action: Impact Tone at the Bottom

Friday, May 11, 2012

Thomas Fox

59d9b46aa00c70238bb89056cfeb96c0

Tone at the Top has become almost a by-word in the compliance world these days.

It is specifically mentioned in the US Department of Justice’s (DOJ) 13-point minimum best practices compliance program as well as the UK Ministry of Justice’s (MOJ) Six Principles of Adequate Procedures.

How does a compliance practitioner tap into ethical beliefs of a company’s employee base? However, a company’s ‘tone’ is much more than that simply at the top of the organization.

There is tone at both the middle and bottom. One of the greatest challenges of a compliance practitioner is how to affect the ‘tone at the bottom’.

In a recent article in the Spring 2012 Issue of the MIT Sloan Management Review, entitled “Uncommon Sense: How to Turn Distinctive Beliefs Into Action”, authors Jules Goddard, Julian Birkinshaw and Tony Eccles looked at this issue when they explored the “often overlooked, critical source of differentiation is [a] company’s beliefs.”

One of the questions that the authors answer is: how to tap into this belief system? They posit a structured manner to obtain this information. By using these techniques, they believe that companies can rethink their “basic assumption and beliefs” and identify new directions for their organization.

The authors listed seven approaches that they have used which I believe that the compliance practitioner can use to not only determine ‘Tone at the Bottom” but to impact that tone. They are as follows:

Assemble a group. You need to assemble a group of employees who are familiar with the challenges of doing business in a compliant manner in certain geographic regions. Include both long-time employees and those who are relatively new to the organization. The authors also suggest that if you have any employees who have worked for competitors or for other organizations in your industry you include them as well.

Ask questions. You should ask the members of this group to articulate their basic assumptions about your compliance model, about the management model, about your company’s business model and the future of the industry in general. Ask them to do this individually and not as a group.

Categorize the responses. Now comes the work by the compliance practitioner or compliance team. These assumptions will usually fall into two groups. The first is assumptions that everyone agrees upon-the common beliefs. The second is those assumptions that only a few of the participants will identify – this is what the authors call the “uncommon beliefs”.

Develop tests for common beliefs. For those beliefs that are labeled common – you should consider how you know these to be true? The authors caution that simply because the group may believe that the company operates a common industry or that we “do it because it has always been done this way” is necessarily a “hard fact.” Consider what test you could perform to verify the common belief that you desire to test. The authors note that the purpose here is to “identify the ‘common nonsense’ beliefs that everyone holds that are not actually hard laws of nature.”

Develop tests for uncommon beliefs. Here the authors suggest that you need to consider why some people think that these beliefs are true. What is the information or experience that they have drawn upon? Is there any way for you to test these uncommon beliefs?

Reassemble the original group. You should reassemble the original group and have them consider the beliefs that were articulated by them individually in the context of your compliance model and how both your company and your industry do business. Lead a discussion that attempts to identify any assumptions or beliefs that ‘are quite possibly wrong, but worth experimenting with anyway.”

List of Experiments to perform. The authors believe that the outcome of the first six steps will be “a list of possible experiments [tests] to conduct” to determine the validity of the common and uncommon beliefs. These tests can be accomplished in the regular course of business, through a special project with a special team and separate budget. You should agree on the testing process and review your testing assumptions throughout the process. This process can and should take some time so do not set yourself such a tight time frame that it cannot be fully matured.

I find this list to be a very interesting way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested by the authors I believe you can find out not only what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program.  It is my belief that employees want to do business in an ethical manner.

Given the chance to engage in business the right way, as opposed to cheating; will win the hearts and minds of your employees almost all of the time. By using the protocol suggested by the authors you can not only find out the effect of your company’s compliance program on the employees at the bottom but you can affect it as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

Cross-posted from Tom Fox Law

Possibly Related Articles:
4795
General
General Legal
Legal Compliance Enterprise Security Risk Management Leadership Employees Ethics cco
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.