Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Shop Talk: Measuring the Value of Ethics and Compliance

Joe Mont | August 14, 2012

In return-on-investment-obsessed Corporate America, compliance executives are in a conundrum: How do you put a value on keeping bad things from happening?


The following executives participated in the July 24 roundtable the ROI associated with strong ethical cultures.

Bob Conlin,
Chief Products Officer,
NAVEX Global

Bradd Easton,
Associate General Counsel & Chief Compliance Officer,

David Foster,
Director Regional Compliance & Investigations,
Kraft Foods

Ed Hughes,
Corporate Vice President, Chief Audit Executive,
Motorola Solutions

Mark Johnson,
SVP and Chief Compliance Officer,
CNO Financial

Bruce Patterson,
VP and Corporate Compliance Officer,
Navistar Inc.

Nancy Phillips,
Manager, Ethics and Compliance Services,
DeVry Inc.

Kris Rapp,
VP, Global Ethics & Compliance,
Hospira Inc.

John Steiner,
Chief Compliance Officer,
Cancer Treatment Centers of America

Randy Stephens,
VP, Compliance,
U.S. Foods Inc.

For More Information on Compliance Week Roundtables

How do you begin to itemize the value of money saved by avoiding regulatory violations? How much is it worth to not have to undertake a pricey corruption investigation? Is it possible to put a number on the hidden costs of disengaged or disgruntled employees?

The challenge of communicating the ROI that comes from building strong compliance and ethics programs was the theme of an executive roundtable last month in Chicago hosted by Compliance Week and NAVEX Global, a provider of software, services, and training to manage governance, risk, and compliance (GRC). The event was attended by nearly a dozen ethics, risk, and compliance executives from a wide range of industries.

The conversation quickly turned from a focus on ROI, to what was instead dubbed “EOI,” the “effectiveness of investment.” There was consensus that most CEOs are willing to invest in tools and systems as long as it can be shown that they work.

The challenge, however, is that upper management and boards tend to be reactionary, not proactive. They need to shift from a defensive mindset focused on cleaning up messes and putting out fires to see “the positive financial returns associated with investments in developing and maintaining ethical cultures,” said Bob Conlin, chief products officer for NAVEX Global.  

That, of course, doesn't mean that identifying trouble spots isn't important. “You've got to cover those bases first,” said Randy Stephens, vice president of compliance for U.S. Foods. “For most people, if they distilled their mission statement down to its essence, it is going to be focused around identifying and mitigating risks. I think that is the primary mission of most compliance departments.”

One of the ways compliance officers justify their worth is by highlighting examples of costly compliance screw-ups at other companies. Bringing to light the transgressions of others not only demonstrates the value of an effective compliance function, it also reminds the C-suite of the importance of a strong ethical culture.

And these days, there is no shortage of illustrative cases. Wal-Mart faces up to $4 billion in potential fines following charges that employees bribed Mexican officials, and the company took a multi-billion hit to its market capital as the news became public. GlaxoSmithKline reached a record $3 billion settlement with the U.S. Justice Department last month to settle charges of False Claims Act violations, the largest healthcare fraud payout in U.S. history. Pfizer recently shelled out $60 million to settle foreign bribery claims.  Duke Energy faces the threat of having its $32 billion merger with Progress Energy invalidated by state regulators in North Carolina because shareholders say they were misled about the executive structure of the merged company.

Conlin says huge fines levied by the Department of Justice and other regulators can present a teachable moment, but probably won't carry the day. “It's too easy for board members to think ‘that won't happen here,'” he said. 

Others pointed out that even the largest penalties can be easily shaken off. Wal-Mart's stock took a hit immediately after its bribery charges were exposed, but a few weeks later it was back to an all-time high. GlaxoSmithKline paid its record-setting fines from cash reserves, set aside for just that sort of a “rainy day” from it's nearly $42 billion in annual revenues.

“Looking at fines and penalties is kind of misleading,” said Kris Rapp, vice president of global ethics and compliance for Hospira. “I would venture a guess that GlaxoSmithKline feels like it has a very good compliance program. Pfizer probably feels like they have a very good compliance program.”

Compliance officers must inform board members and CEOs about the positive financial returns associated with investments in developing and maintaining ethical cultures, Colin said. Research shows that “ethical cultures drive higher productivity and profitability and therefore increase shareholder value,” he added. “Given these facts, it is much easier for compliance professionals to justify GRC system costs as strategic investments,” he says.

U.S. Foods VP Compliance Randy Stephens (right) spoke about how important it is to identify and mitigate risks. At left is Bob Conlin, chief products officer at NAVEX Global.

Nancy Phillips, manager, ethics & compliance services at DeVry Inc., and Motorola Chief Audit Executive Ed Hughes joined in the discussion.

Not only should company leadership support compliance and ethics initiatives, they have to buy into them and set the tone. “Misconduct at the CEO level can unravel years of work,” said one participant. “If they are doing something stupid—that gets the ball rolling.” “It is hard to convince them of the message we are delivering when we don't have their support,” another added.

Establishing tone at the top isn't just a C-Level matter. Disciplining top producers or influential mid-level managers for violating company code sends a strong message. One roundtable participant recalled an auditor fired over a mere $10 bribe that was offered in a foreign country.

Compliance, the panel concurred, also adds value by serving as an information gathering and communication vehicle. “In compliance, if you have a trusted resource and somebody who can get things done across the enterprise, then you are generally improving the corporate culture and improving problem solving capability in a timely fashion. You are moving critical information upstream to the CEO and others and also educating your boards about what is going on,” said John Steiner, chief compliance officer for Cancer Treatment Centers of America. “The absence of that type of structure or behavior poses risk to the CEO because he or she isn't as informed as they should be.”

Bigger Budgets

One of the encouraging signs that indicates that CEOs see the value of compliance is a trend toward investing more resources in the function. Stephens said it is encouraging that many boards and CEOs are starting to reverse the downward spending trend that took hold during the recession. “There was a contraction of the function based on financial contraction in general,” he said. “It is often difficult to pin a value to a program, so I think some people unwisely may have gone too far at that point to try to cut head count or reduce costs.”

According to Stephens, during a poor economy is the worst time to get stingy on compliance. “In difficult economic times the compliance department is probably an area you want to beef up, particularly from the detection and risk phase,” he said, adding that the pressures placed on employees could lead them to “cut corners and do the wrong thing.”

A recent survey by Compliance Week and PwC found that compliance budgets are increasing. The percentage of companies that reported budgets of $3 million to $10 million jumped from 14 percent of those surveyed in 2011 to 21 percent this year.

"Looking at fines and penalties is kind of misleading," said Hospira VP of Global Ethics Kris Rapp. To her left is Mark Johnson, CNO Financial chief compliance officer.

As spending increases, what should those additional resources be spent on? Risk management was at the top of the list for some roundtable participants. Every industry has its embedded risks that are knowingly taken on, said Steiner. In healthcare, for example, those can include patient care, billing, records management, and medical trials.

Another top target for investment, and one related to risk management, is technology. Spending priorities will vary based on “where an organization sits on the GRC maturity spectrum,” Conlin said. Companies just getting started should allocate budget to the development and distribution of key company policies, particularly the code of conduct, and to the training required to support those policies.  There should also be a system in place for employees and partners to anonymously report—via phone and Web—potential issues related to ethical behavior and a system for managing investigations related to allegations of misconduct.   

Rapp agreed that money is well spent when it improves training. Additional spending on systems goes hand-in-hand with that. This is particularly important given the concerns many participants expressed of human resources data.

“Spending [on systems] is helpful to have a better assurance about reaching employees all across the company,” Rapp said. “When new [regulations] come about in our industry we have to spend a lot of time building the data tracking systems. Systems and training are the biggest things.”