French philosopher Albert Camus is often quoted as saying, “Integrity has no need for rules.” In the corporate ethics world, this poses several challenging questions: does it mean we have no need for rules or laws when making ethical business decisions? How would we know what ‘the right thing’ to do is?
Camus went on to state, “Nothing is more despicable than respect based on fear.” On this basis, how do we create a workplace where a culture of integrity, trust and respect are the driving forces behind our decision-making, rather than just a set of rules?
An effective internal controls framework has long been accepted as a necessary business tool to enable compliance with applicable laws and regulations, and to ensure there is a system of checks and balances to detect inappropriate transactions.
It’s not enough to merely comply
The internationally recognised COSO Framework comprising operational, reporting and compliance objectives is well-known. However, it’s also acknowledged, and proven by many corporate failings, that a controls framework implemented without a culture built on the highest standards of integrity is simply not enough.
A more insightful question is: how could we use the power of integrity as an effective internal control to help us decide what’s right and to find the courage to do it?
In a discussion, Anthony O’Reilly, former chief ethics officer, State Street Corporation and head of professional practices, Internal Audit, Siemens, was clear: “Policies and procedures are insufficient because they presume decisions are always a choice between a ‘right way’ and a ‘wrong way’.
“Many decisions involve choices between two acceptable options. Integrity principles, when properly codified, help people think through all the dimensions of ‘right versus right’ choices, so we can make more informed choices.”
We need to apply integrity-based principles, within the boundaries of accepted rules and laws, to elevate decision-making and expand our horizon to include choices beyond what is right versus what is wrong. This will enable leaders to broaden their strategic thinking to not just what should they do in accordance with laws and rules, but what could they do, aligned with company policies and values.
In this way, making choices and managing trade-offs through the integrity lens becomes a more purpose-led activity. For example, clearly stating why we need to conduct due diligence procedures as part of a supply chain policy, explaining how the steps are aligned to the company values, and the financial and non-financial impacts of getting it wrong, will help to empower greater ownership and accountability of the decision-making process.
Changing for the better
Making integrity a reality and finding ways to inspire employees so they feel safe making the right choices is not always easy. We should not presume that behaving with integrity is straightforward or clear-cut. It can be complex and requires guidance as well as judgment.
Controls are often needed to remind people what to prioritise, especially when introducing a change. O’Reilly shares another example:
“We introduced a set of controls to require a specific element of culture to be accounted for in specific ways as part of the employee performance process. We trained managers on how to apply these, but manager decisions failed to apply them with enough consistency. So, we controlled this process by over-riding outliers until the practice became properly embedded.
“This quickly drove a change in the culture, resulting in a significant correlation between the cultural attribute and the performance ratings and rewards as a consequence.”
Combining policies and procedures with integrity-based controls has a multiplier effect, accelerating the ability of leaders to foster a culture of psychological safety and openness. Controls are needed in any business process where we want groups to apply consistency. In this respect, applying a set of integrity principles to business decisions is no different than applying a set of standards to a business process.
Many organisations, for example, are now implementing diversity, equity and inclusion controls as part of the recruitment process, such as widening the search for candidates from more diverse groups and pools of talent and removing identifying primary diversity characteristics from CVs to mitigate the risk of bias.
Measuring the impact of integrity
As Roger Steare wrote in his book Ethicability, integrity can be defined as the sum of all principles that guide the way we live and behave with others.
If, as individuals, we choose a particular set of principles, such as fairness, trust, honesty, respect and compassion, we can use these to inform our choices and deliver better outcomes. Therefore, in order to measure the impact of integrity, we need to first identify the specific outcomes that reflect integrity.
Examples of measurable integrity-based outcomes include analysing no-bid decisions for prospective clients, and/or turning down projects due to the nature of work or other integrity-related risk factors, through to hiring decisions. Do the decisions reflect inclusive working practices such as accessing talent from diverse socio-economic backgrounds, for example, or searching for candidates with neurodivergent skills and capabilities?
One thing is clear: although identifying those outcomes may not be easy at first, we should embrace each opportunity to demonstrate the positive consequences when we get it right. “Ultimately it is too simplistic to take measures such as ‘compliance breaches’ as a proxy for ‘integrity’,” says O’Reilly. “We need to devise other measures that help us to understand why certain outcomes have come about.”
Knowing which way to turn
Implementing integrity-based controls and principles into our day-to-day decision-making processes means that these ultimately will become a ‘set of rules’. These are rules that can guide and inform risk-based choices on a values-led basis, create a psychologically safe place to use our voices without fear, and give us the guidance we need to decide what is right.
In a way, Camus was right. Maybe integrity does indeed have no need for rules because, together with the guardrails of internal controls to embed and interpret ethical principles on a consistent basis, it becomes a rule in its own right. Integrity is the right thing to do.
Tracey Groves is a partner and Lucy Cryan is a manager, both at StoneTurn, a global advisory firm on regulatory, risk and compliance issues.