Strategic Integrity Management as a Dynamic Capability
Michael Fuerst and Andreas Schotter
In recent years, integrity and compliance management have developed beyond being reactive and rather static mitigation activities for correcting or minimizing negative effects from ethics breaches or other managerial misconducts. Today, leading firms deploy integrity and compliance management approaches that proactively influence organizational core processes and employee behaviors. There are two main reasons for this change, including increased pressures from outside of the firm to become better corporate citizens, and from within the firm, driven by more educated and diverse employees, especially from generations "X" and "Y."1 Both trends are reactions to the many publicized cases of company misconduct, such as corruption (e.g., Siemens 2008), accounting fraud (e.g., Enron or Lehman Brothers), and human rights violations (e.g., Shell) over the last decade. We therefore suggest that in the interest of preventing and reducing those cases in the future a more analytic and less ideology-driven discussion about the real and systemic root causes of integrity issues needs to take place. We describe how leading firms use integrity management dynamically as a strategic tool that creates positive effects on firm performance.
Unethical conduct should not just be viewed as lack of integrity or lack of certain character qualities of some individual employees. Such a perspective does not recognize the complexity of most corporate integrity or compliance issues. Research has shown2 that the apparent frequency of ethical misconduct is being caused by organizational factors, including corporate cultures that create enormous psychological pressures on individuals. This then leads to situations where even managers who are considered highly moral deviate from everyday ethical norms. Even more importantly structural causes are typically the driving forces behind systemic misconduct. These include unbalanced incentives systems that determine bonuses, salary increases or career progression without any consideration of moral behaviors,3 a lack of responsible leadership,4 or a climate in which speaking up is not an accepted practice but instead, represents a career risk that could lead to repercussions.5
Jennings6 uncovered some of the reasons for the collapse of companies based on ethics issues in her book, Solutions to the Corporate Integrity Quandary. Companies need to be more proactive in integrating general organizational processes and structural designs rather than being reactive and defensive, solely focused on mitigation and damage control. In this chapter, we describe how dynamic integrity management processes can be integrated into organizational systems in order to avoid negative conduct. Further, we will build a road map of how integrity management can actively drive positive effects on firm performance.
THE SOURCE OF CORPORATE INTEGRITY ISSUES
The popular claim that organizational compliance failures are mainly caused by the ethical misconduct of a few individuals, often referred to as "bad apples," does not really address the actual structural problem of integrity and compliance failures.7 At best, this is moral finger-pointing, which is not helpful in identifying the underlying causes in a systematic and sustainable way. In order to adequately identify and judge ethical misconduct it is not enough just to focus on motives and the lack of individual level character traits followed by post hoc punishment of the alleged ethics' offenders. We argue that organizations should base their compliance processes on deep contextual understanding and on clearly defined organizational integrity drivers and on interdependencies of these two in order to gain control over threats to misconduct in organizations.8
Another critical point within the ethics, compliance, and integrity debate is ambiguous terminology. Here especially, the term "compliance" seems to be problematic for practical design and implementation of integrity and compliance management programs. The reason is that the existing terminology is at best vague and interpretations are very scattered, context dependent, and often not easy to understand across the entire organization. For example, does compliance mainly refer generically to the compliance with legal, industry specific or internal standards and values, or are there other norms, standards, and values that are not explicit or not located within the organization itself? If there are other norms, what are they and what do they mean to the daily operation of organizations? For example, should there be a formal integrity and compliance manager and should this manager be explicitly responsible for detecting and punishing corruption, bribery, accounting fraud, privacy, quality, regulatory, IT compliance breaches, human rights, or antitrust violations? Or should compliance management be not so much an issue-driven task but instead a programmatic management approach that supports the development of values-driven best practices and ethical behaviors from all internal and external stakeholders?9 We use the term compliance in an alignment and evaluation sense and we use the term integrity to refer to an overarching, behavior-driving principle that is values driven and that incorporates a specific set of managerial and organizational values across the entire organization, while taking environmental dynamism into account. By environmental dynamism10 we refer to the increasingly more prevalent phenomenon that organizations have to constantly adjust to multiple institutional and cultural environments across diverse geographic and demographic boundaries that are often transitional, as in the case of emerging markets. But no matter how a corporation frames its integrity and compliance program, a values-driven approach instead of a rules-based approach is the most effective strategy to empower employees in an organization to behave with integrity in critical situations, systemically, effectively, and in compliance. This then leads to higher, rather than lower, levels of ethical conduct.11 So the question remains: what should a blueprint for such an integrity management system look like?