Principle 1 of King IV[1] prescribes that the governing board should lead ethically and effectively. King IV recommends that the governing board individually and collectively, should promote the following six ethical characteristics below in their conduct:

  • Integrity – act in good faith and in the best interest of the organisation (act ethically beyond mere legal compliance);
  • Competence – take steps to ensure that they have sufficient working knowledge of the organisation and the industry it operates;
  • Responsibility – assume collective responsibility for steering and setting the direction of the organisation;
  • Accountability – be willing to answer for the execution of their responsibilities, even when these were delegated;
  • Fairness – adopt a stakeholder-inclusive approach in the execution of their governance role and responsibilities; and
  • Transparency – be transparent in the manner in which they exercise their governance role and responsibilities.

What is ethics and compliance in the context of a business?

Many people associate having ethics with basically ‘doing a good or right thing’ or ‘morality’.[2] Compliance is the act of conforming to compliance obligations[3] relevant to the business in which it operates. Ethics is practical, whereas compliance is responsive.

While the above definitions are certainly true, an effective ethical and compliance system of an organisation extends way beyond ethical behaviour. Organisations have to fully imbed an ethical culture, train staff and communicate in order to improve leadership qualities within its operations in order to protect the interests of its stakeholders.[4] The way in which these practices are rooted and implemented is critical to the organisation’s ability to strengthen its ethical and compliance performance.

An organisation’s good name and the trust of its stakeholders are two of its most important assets. Creating a workplace where ethical conduct is the norm, can reduce the risk of non-compliance and increase ethical conduct throughout the organisation. Therefore, the solution to this challenge, is to have ethics and compliance central to business strategy.

How to make ethics and compliance central to business strategy?

Most people consider this as a mundane task of creating a framework. Well, yes, that is correct! – But surely this is only one portion of what you need to do to instil an ethical culture and get a buy in from stakeholders. Furthermore, a framework should not be a once off exercise that is static.

How do you go about this then, you may ask?

First thing one should consider is to have an accurate picture of existing strengths and areas of vulnerability within an organisation. Below is a universal process that you can use to identify and assess the vulnerabilities, develop controls, monitor, rectify and improve on your organisation’s ethical and compliance performance.

A risk assessment should be the starting point of your internal efforts, followed by gap analysis and, an ethics and compliance program (E&C Program) assessment. Audit reports are also an essential piece of the puzzle.

The above picture is a synopsis of how you can continuously improve. What this means is that, you give yourself an opportunity to keep maintaining the strategy and values of your business through and through; not once off. (You need to – identify; assess; implement controls; monitor your controls; evaluate if your controls are efficient; report on those measures; rectify is there is a need; improve the approach and repeat the process.)

Ethics and compliance as a foundation

Ethics and compliance as a foundation should be considered to be an essential element of organisational behaviour. As a result, the ethics and compliance function (where is exists) assumes responsibility for the organisation’s compliance with the law and regulation, but it does so by serving as a resources and advocate to help leaders across the organisation under their critical role in setting the standard for integrity.

Where an Ethics and Compliance Program (E&C Program) exists, it has to be assessed to check if it is designed to complement and support the organisation’s strategic objectives and not merely as an “add-on” feature of the organisation.

E&C Programs have become an important tool for evaluating and mitigating non-compliance and fraud risks, to improve operations and protect an organisation’s reputations. Organisations that opt to implement E&C Programs, partly mitigate potential penalties and other sanctions that could be imposed against them should something go wrong because they are able to demonstrate what they are striving to; and have measures that are effective to offer protection to its stakeholders.

In particular, an E&C Program is designed to integrate with business objectives and can help ensure that an organisation operates within the law and stays true to its own ethical principles that are important to the company’s business and identity. E&C Programs can benefit companies, their stakeholders, and the public through the prevention, early detection, and resolution of misconduct.

Consider for a moment the level of ethics and compliance integration within your organisation and what values drive the everyday life of your organisation.

Written by Thapelo Mbita

[1] The King Report IV on Corporate Governance for South Africa
[2] Rossouw, D., & Van Vuuren, L. (2010); Business Ethics, 4th Ed, pg 4
[3] Compliance obligations’ is a term that is collectively used to describe requirements that an organisation has to comply with (‘compliance requirements’) and chooses to comply with (‘compliance commitments’). 2018 Generally Accepted Compliance Practice framework, Compliance Institute SA – page 12
[4] Rossouw, D., & Van Vuuren, L. (2010); Business Ethics, 4th Ed, pg 5