Developing Ethics and Compliance Programs for Small to Medium-Sized Organizations

While ethical breaches that occur in Fortune 500 companies tend to get the most publicity, they also happen with great frequency in small to medium-sized enterprises (SMEs). According to the National Defense Industrial Association, the overwhelming majority of organizations that are suspended or debarred from engaging in government contract work due to ethical misconduct are smaller entities. And as with larger organizations, small business owners can be held criminally liable for illegal acts committed by their employees while performing their job duties.

In truth, the risk of misconduct is present in any organization, regardless of size. And it only takes one rogue employee acting in an inappropriate manner to cause irreparable damage to a smaller organization’s reputation. Unfortunately, too many SMEs fail to set up an effective ethics and compliance program, often due to concerns over cost or a shortage of manpower.

An Informal Approach to Ethics and Compliance Works Best for SMEs

Larger organizations typically discover the need to create a separate department headed by a chief ethics and compliance officer to develop and implement their ethics initiatives. The department works in lockstep with top management and reports to the board of directors on a regular basis. SMEs are less likely to have the need for such a structured approach, and even if they wanted to create a dedicated ethics and compliance department, resource limitations would likely prevent them from doing so.

A more practical solution for SMEs is to take more of an informal approach to developing and implementing ethics and compliance programs. This typically will not require the addition of more staff or the creation of a separate ethics and compliance department.

SME Ethics Program Development Procedure

As with larger enterprises, SMEs should take a risk-based approach to the development of an ethics and compliance program. The first step is to identify the specific compliance risk areas the organization faces. It is also important to determine the core values of the organization that will encourage ethical conduct and add value to the business operation. Questions to ask when attempting to pinpoint the core values can include:

  • What does our organization stand for?
  • What is most important to us?
  • What matters most to our stakeholders?
  • ow do we want to be viewed by our customers?

Once the key risk areas and core values have been identified, the next step is to establish a set of standards of ethical conduct and compliance controls that, when followed, will reduce the organization’s exposure to risk in each area. Developing a code of conduct and a written set of guidelines will give a clear indication to employees and stakeholders of what is considered acceptable – and unacceptable – behavior.

It is important to designate one individual who is responsible for promoting these standards and controls. In a smaller organization, this role can often be assumed by a key employee, which prevents the need to hire a dedicated ethics and compliance officer.

The next step in the process is to provide training to employees on the newly created ethics and compliance standards. In a smaller organization, it may not be necessary to conduct formal training sessions. Instead, the individual who has been designated as the ethics and compliance program leader can implement more of a teaching and coaching approach on an individual or small-unit basis.

One advantage smaller organizations have is that, because of their size, it can be easier to take a targeted approach to ethics and compliance training. For instance, the training for the company accountant can focus more on fraud prevention, while the sales staff can receive tailored training covering appropriate gift-giving practices when dealing with customers and prospects.

Promoting Ongoing Ethics and Compliance

In addition to the development and implementation of the ethics and compliance program, it is important for a smaller organization to have a system in place for monitoring adherence to the standards. Even an SME can benefit from an internal reporting mechanism such as a third-party hotline that enables employees to report incidents of misconduct in an anonymous and confidential manner.

All hotline reports should be reviewed and acted upon as quickly as possible. The Appendix section of the Lighthouse Services whitepaper “Best Practices for Handling an Ethics Hotline Report: Developing Policies and Procedures for Conducting an Effective Ethics Investigation” includes a checklist that can serve as a helpful guide during the investigative process.

Finally, it is essential to take appropriate disciplinary action when improper conduct occurs. The failure to do so will send a message that your organization does not take ethics and compliance seriously, a message that can quickly infiltrate and damage the culture of a smaller organization.

Related Posts

Enter your keyword