The Control Environment component of the COSO compliance framework is also known as the “tone at the top”. It is how management at all levels conducts themselves and how their actions – which as we know often speak louder than words – are perceived by others. The Association of Certified Fraud Examiners recognizes that fraud within an organization can be reduced by setting the right tone at the top, as it will set the standard for other levels of management below.
We all learn by example, and we look to our leaders to set those examples. If senior management sets examples of honesty and integrity, then mid-level and lower-level managers and supervisors will have good examples of leadership to follow, as will staff employees. Senior management must commit to extending the same quality of honestly and integrity to all stakeholders of an organization – the customers, suppliers, investors, employees, etc.
The converse is also true: bad behavior will be mimicked by others. If senior management sets the tone that it’s okay conduct business in an unethical manner, then this message will be sent throughout the organization. To the honest employee, this will cause stress and will conflict with their ethical values; they may be in a position to have to commit acts of fraud in order to keep their jobs because of the demands of management. The damage to be done may be initially to customer and supplier relationships, but will eventually turn inwards as employees defraud the organization itself.
It should be noted that the examples our business leaders set – much like those of our political leaders – extends to their actions inside the organization and outside in their personal lives. Yes, the two are interwoven. In several of the high-profile white collar fraud cases of the past several years, we saw how the gains from the fraudulent actions of senior executives were used to fuel overly-lavish lifestyles. Such lifestyles, if achieved by honest means, are the valid fruits of one’s labors. However, if they are the result of ill-gotten gains, they only serve as good examples of control environments gone bad.
In terms of the supply chain and its interconnected links, we can now see the effect of good versus bad control environments:
- The mistreatment of customers can lead to lost sales, which will lead to a slowdown of all processes throughout the organization, resulting in reduced purchase volumes from suppliers, possibly leading to increased costs when volume discounts no longer apply.
- The mistreatment of suppliers can lead to supply chain disruptions when raw materials or purchased parts are not available, as suppliers prioritize other customers or drop the organization as a customer. Employee layoffs or work reductions will likely occur, and some valued employees may leave the organization, believing it better to jump off a sinking ship than to go down with it. Sales order fulfillment will be negatively affected, and customers may turn business over to competitors who can ship on time and in the needed quantities.
- The mistreatment of employees – including being overworked, mismanaged (and poorly graded on evaluations), or forced to achieve unattainable goals – can lead to valued employees leaving, a lack of desire by the employee to perform more than the minimum required to collect their paychecks, and employees committing fraud against the organization in an example of “rage against the machine”.
(Forcing an employee to achieve unattainable goals includes setting the goals unreasonably high, not providing training, not providing the right technology or other tools, and otherwise not enabling or actually preventing the employee’s ability to succeed.)
Does your organization treat its suppliers with the same level of value that customers are treated with? In many cases, there is a tremendous disparity between the treatment of customers and suppliers, with employees taking note, and their bad or lackadaisical attitudes towards suppliers the result. Many supply chain vendor compliance programs place heavy burdens on suppliers to perform to levels that the organization cannot themselves achieve. These programs are typically managed, at their core, counter to the basic premise of the justice system in the United States: that we are innocent until proven guilty. Further, various aspects of these vendor compliance programs – especially those dealing with the assessments of chargebacks (financial penalties for non-compliance) – are actually in violation of various provisions of the Uniform Commercial Code. Ask yourselves what examples are being set for your own employees and the employees of your suppliers? How likely will these suppliers or employees react to help in a crisis to your organization?
To try and gauge the effects of the tone at the top on employees, consider an analysis reported by the Gallup Management Journal in October 2006. Employees who were not engaged – those who were warm bodies and came to work everyday and did their jobs but were not “movers and shakers” – eclipsed engaged employees by nearly a 2:1 margin. (Engaged employees are the ones who are innovators and dedicated workers who are moving the company ahead.) However, there was also a nearly 2:1 margin of engaged employees to disengaged employees, employees who are purposely subverting the beneficial actions of engaged employees by causing disruptions in the company.
How many of these not engaged employees could be motivated and helped to become engaged, and what made some of the disengaged employees turn to such acts against the company? Could some of them too be motivated and helped to become at least the level of not engaged?
Another disturbing statistic comes from a survey conducted by Deloitte and Junior Achievement, who report that 41% of teens surveyed in 2007 believed that a person must act unethically to progress. In 2005, only 22% of teens surveyed expressed this view. I think it’s a safe assumption that these teens are learning by the examples set by the actions of adults as reported in the news, these actions occurring both inside and outside the workplace, and the news being reported to us in faster and more compressed formats than before.
We can only look to ourselves and other leaders to turn these tides; we must be willing to stand up and ask ourselves “what is the right thing to do”? Not what’s legal to do, but what’s right to do, greed and getting ahead aside. When we each begin setting the right tones, those tones will spread to others; we will achieve integrity in our supply chains, and our internal controls will be effective in providing a solid foundation for how we should act in our business and personal lives. In terms of SOX compliance, the Control Environment truly establishes the foundation upon which the other COSO components rely.
Our thanks to this article’s author, Norman Katz, CFE, President of Katzscan, Inc. (www.katzscan.com). of Katzscan, Inc. is a consulting firm located just 20 minutes north of Fort Lauderdale, Florida, specializing in supply chain technologies & operations. Norman graduated from the University of Florida in 1985 with a Bachelor of Science degree in Business Administration majoring in Computer Information Sciences. Norman is a Certified Fraud Examiner, a Florida licensed Private Investigator, and holds a Certification in Corporate Governance from Tulane University College of Law. Information on detecting and reducing fraud in the supply chain can be found at www.supplychainfraud.com. Information on supply chain governance can be found at www.supplychainsox.com. Norman can be e-mailed through his web sites or contacted by telephone at 954-942-4141.
DISCLAIMER: This Corporate Governance article is provided as an informational resource and does not constitute legal advice. The information provided in this article is based on the laws in effect at the time the article was published. Laws related to this article’s topics may change over the course of time. Visitors to this website should not rely upon or act upon this information without seeking professional legal counsel.