Guidelines for the Development of an Ethics Safety Net

ABSTRACT. Large organisations are especially advised to consider the possibility of an Ethics Helpdesk in which all employees and managers can report all suspected cases of unethical conduct, critical comments, dilemmas and advice for which there is insufficient room within the organisational hierarchy. A helpdesk is a central contact point where it is decided who the most appropriate person is to deal with a given case. The helpdesk model is characterised by low barriers in its easy accessibility, positive approach and the simple procedures employees need to follow. It offers employees consistent support while relying on the responsibilities of the individual employee as much as possible and it facilitates adequate monitoring and reporting. A helpdesk increases the chances of detecting unethical conduct which enables management to take adequate and timely measures against improper conduct. This article formulates principles, discusses critical factors and considers three models for adopting a sound and integrated ethics safety net. It also presents a case study and shows why organisational openness needs to be institutionalised. KEY WORDS: codes of ethics, culture, ethics helpdesk, ethics officer, ethics management, internal ethics safety net, whistle blowing

Dr. Muel Kaptein is a Senior Consultant at KPMG Ethics & Integrity Consulting and is Director of Ethicon, the Centre for Ethics Management at Erasmus University Rotterdam. He has been involved in the development and implementation of various projects to institutionalise whistle blowing, including the KPN Telecom helpdesk discussed in this article.

Muel Kaptein

Introduction The introduction of the business code of ethics (see, for example, KPMG, 1999a, b, c, d, 2000; London Business School & Arthur Anderson, 2000; Weaver et al., 1999) has increased the need for companies to detect non-compliance with codes and to take the appropriate measures. Regardless of how well a code is embedded, the possibility of unethical conduct remains. Only in an ideal world unethical behaviour does not exist. The more ambitious the norms and values formulated by the code, the greater the likelihood that incidents will erode the credibility of the code and of the company itself, with all the consequences that may ensue. It is therefore important that working relationships contain selfregulating and self-correcting mechanisms against unethical conduct (see Table I for some benefits of timely detection of unethical conduct). Many codes therefore, encourage employees to challenge each other on unethical behaviour and to inform the manager if required (e.g. General Electric and General Motors). An ethics code makes it easier for employees to challenge each other, but also offers management grounds for challenging employees and imposing sanctions when necessary. As follow up to a code, companies often also implement management systems in order to detect unethical conduct early (Ethics Resource Centre, 1994; KPMG, 2000; Weaver et al., 1999). The extent of unethical conduct is not the only information that is relevant in the assessment of the ethics of a corporation. The extent to which the organisation tries to prevent unethical conduct and whether it addresses unethical conduct adequately is just as important. The

Journal of Business Ethics 41: 217–234, 2002. © 2002 Kluwer Academic Publishers. Printed in the Netherlands.

218

Muel Kaptein TABLE I Possible benefits of adequate detection of unethical conduct

Detection of incidents can result in: – Limiting the damaging effects of the violation or breach of conduct. For instance, early identification of a victim of bullying could prevent long term absenteeism as a result of psychological complaints. – Reducing the chances of repeat behaviour by the same person. If a perpetrator gets away, the chance of repeat behaviour increases. The threshold, after all, gets lower and lower. – Reducing the chances of more serious violations by the same person. Serious criminals often start out as petty thieves. If a violation is turned a blind eye, the perpetrator will have fewer moral objections to committing a more serious offence the next time. – Preventing the degeneration of the corporate culture. Leaving undesirable behaviour uncorrected can create the impression that the organisation is not that serious about compliance. The attitude of “Why should I be holier than my colleague?” could lead to copycat behaviour. – Correcting the violation, thus emphasising organisational norms. That which is tolerated reveals the actual norms of the organisation. A manager that challenges employees on excessive use of the telephone for private calls during business hours creates a norm. In contrast, unchallenged violations actually undermine the credibility of the norms in question. – The possibility of violations being reduced altogether. Timely detection and counter measures have a preventive effect. The realisation that unethical conduct is not only detected but also addressed works as a deterrent. Often, violators who have been caught confess that they thought they could get away with it. – The possibility of implementing a preventative policy. If no lessons are learnt from mistakes or inadequacies in the organisation, the chances are that similar incidents may occur elsewhere in the organisation.

ethical content of a corporation, as defined by Kaptein (1998, 2000), consists among other things of the extent to which unethical conduct is internally visible (the corporate virtue of visibility), discussible (the corporate virtue of discussability) and sanctionable (the corporate virtue of sanctionability). Also, Bird (1996) stresses the moral duty of corporations to prevent organisational blindness and deafness: i.e. not seeing or hearing the unethical conduct and ethical dilemmas of its employees. Practice, however, reveals that employees encounter obstacles to challenging each other and their managers and vice versa (like those mentioned in Table II), which hinders corrective measures from being taken. Fifty-five percent of the American working population experience barriers to challenging each other or their manager (KPMG, 2000). As long as these barriers exist and unethical conduct cannot be adequately discussed with immediate colleagues and the manager, it is necessary that organisations have an internal safety net which circumvents the usual hierarchical channels through which employees can report incidents. An internal ethics safety net can

be defined as all the corporate institutions and functionaries where employees can raise issues like incidents and dilemmas outside of the hierarchical line of management. Larger organisations in particular often have an internal ethics safety net. In addition to line management, they could for instance have a compliance officer against the misuse of insider information, company security against theft and criminality, and a counsellor for intimidation and aggression. Over and above this, companies usually have occupational social workers, occupational doctors, staff councils, auditors, internal review boards, and legal advisers employees can contact. Employees can often also contact the Purchasing department (e.g. in connection with issues relating to blackmail, corruption and exerting unacceptable influence during negotiations), the Environmental department (e.g. with regard to illegal dumping, waste of resources and noise pollution), the Customer department (e.g. in connection with selling harmful products, intimidating consumers and neglecting consumer complaints) and the IT department (e.g. with regard to downloading undesirable information,

Guidelines for the Development of an Ethics Safety Net

219

TABLE II Obstacles to challenging unethical conduct Obstacles to challenging a colleague on unethical conduct include: – The person who challenges is dismissed as being a busybody, know-all or moralist. – The stone is cast back by pointing out the shortcomings of the challenger. – The perpetrator threatens with counter actions. – The perpetrator believes that everyone does it and that s/he should not be blamed for it. – The perpetrator admits to having acted wrongly, but does not accept the consequences of the action. – The perpetrator believes s/he is entitled to appropriating company resources. Obstacles to informing the manager of unethical conduct of a colleague include: – The employee is seen as a telltale (or thinks that s/he is seen as a telltale), thereby undermining team solidarity. – The manager believes that s/he is quite capable of detecting unethical conduct and does not depend on the help of colleagues to do this. – The manager tells the staff member to go back and sort out the problem him/herself. – The perpetrator undertakes undermining actions or starts a counter offensive. – The manager wants to avoid the risk of the incident opening a Pandora’s box. – Due to confusion as to which norms exactly are involved, grounds lack for challenging the perpetrator. – The manager is personally involved in the incident and wants to save his or her skin by sweeping it under the carpet. – The manager is partly responsible for allowing the incident to happen and does not wish this to come to light. Obstacles to approaching higher management include: – Raising the issue is seen as a motion of no confidence in colleagues and the manager. – Raising the issue is seen as betrayal of the group. – The higher echelons send the employee back because they do not feel responsible for problems in the lower echelons. – The higher echelons do not have the time or priorities to pay attention to similar issues. – The more the violation forms part of the culture of the organisation, the less inclined the higher echelons will be to deal with it. Swimming against the stream is therefore no attractive prospect for the employee in question. – Employees are often not clear about the relationship between their manager and his/her superior: do they get along very well, or is it a potentially explosive relationship? In either case, a report can have a contrary effect and the reporting employee has no guarantee that the issue will be dealt with the necessary care.

visiting dubious sites and sending offensive emails). Employing a lot of different service points for reporting ethical issues involves risks. First of all, service points may not be prepared for dealing with employees who have something to report, while employees may assume that they are. Secondly, as a result of a multitude of services, the safety net may become obscure, which means that employees do not know where to go to with which question. A third risk is that the safety net offers insufficient coverage of the issues with which employees are confronted. If there is no service

point for reporting a matter that is not officially identified, the employee will end up being sent from pillar to post. Similarly, there is the risk of insufficient coordination between the service points. This may happen as a result of, for example, a lack of liasing between compliance officers or conflicting standards. Or due to the Security department’s mediation of a sexual intimidation case (because the incident is reported as a case of damage to corporate property when the victim tries to take revenge), without (as the true state of affairs comes to light) involving or informing the counsellor who is formally responsible for

220

Muel Kaptein

resolving sexual harassment cases. Finally, the risk exists that the board lacks a clear overview of all incidents. An incident can, for example, go unnoticed or it might get counted twice because it gets manifested in more than one channel without management realising it concerns one and the same matter. If an ethics safety net is not sound, it can lead to perpetrators remaining unpunished, the increased possibility of a recurrence, the culture degenerating and employees losing confidence in the company. This results in poor achievements and even in their leaving the company (the exit option as described by Hirschman (1970)). Another possible repercussion is that employees report incidents externally (so-called external whistle blowing or the voice option which Hirschman (1970) speaks of ), bringing the organisation into discredit. An empirical study by Rothschild and Miethe (1999) reveals that external whistle blowing only exists where employees “come to believe that internal channels are closed to them” and therefore, that the organisation is not open enough. Furthermore, by virtue of the U.S. Federal Sentencing Guidelines for Organizations, companies with adequate procedures for reporting violations are handed down a reduced sentence when employees break the law (Ferrell et al., 1998). The Business Charter for Corporate Citizenship of the ICC and the OECD guidelines for multinational companies also highlight the importance of sufficient opportunities for employees to raise incidents without the fear of negative repercussions. The crucial question for ethics management is therefore, how organisations can create a sound internal ethics safety net for resolving (or helping to resolve) undesirable behaviour encountered by employees which cannot be resolved satisfactorily with colleagues and management. In this regard, fifty-one percent of the thousand largest U.S. companies have an ethics hotline for staff to report incidents anonymously (Weaver et al., 1999), and ten years after it was established in 1992, the Ethics Officers Association has 720 members from profit and non-profit organisations. At the same time, there are hardly any ethics officers in companies based in other countries (see The Conference Board, 1999; London

Business School, 2000). In the literature, attention is paid to the need for internal whistle blowing procedures and an internal ethics officer (Conference Board, 1999; Ewing, 1977; Ferrel et al., 1998; Gellerman, 1989; Izraeli and BarNir, 1998; Kaptein, 1998; Near and Miceli, 1996; Stewart, 1980; Trevinio et al., 1999; Weiss, 1994) and research has been conducted on the functioning of ethics officers and ethics hotlines (Ethics Officer Organization, 1997, 2001; Morf et al., 1999; Trevinio et al., 1999). Little has however been written about other forms of institutionalising internal ethics safety nets, and scant attention is paid to the methods that are available to companies for developing a customised internal safety net. Where mention is made of the need for whistle blowing procedures, this is usually followed by the brief advice that an ethics hotline is desirable, without indicating what the options and decision-making moments are and how a similar structure can be given shape. This article offers guidelines for setting up an internal ethics safety net, or for improving an existing one. The design of an ethics safety net depends on the principles to which the organisation wishes to adhere. Subsequently, a number of factors are discussed that are critical to the design of the safety net and where two or more principles are difficult to reconcile. This is followed by a discussion of three models that can potentially be used to create an internally coherent safety net. The article concludes with a description of one of these models as employed by KPN Telecom. The ethics helpdesk model offers a service that complements the usual tasks of the ethics officers as well as a philosophy that better reflects the responsibilities of management, internal departments and employees. This article therefore, has a message for organisations that already have an ethics officer and ethics hotline, as well as those organisations with a different safety net model or no safety net at all.

Principles for an internal safety net To properly organise an ethics safety net, a company must first identify the principles

Guidelines for the Development of an Ethics Safety Net it wishes to adhere to. The importance the company subsequently attaches to each of these principles will determine the set-up of the safety net. Table III lists nine such principles.

Principle 1: It is the responsibility of the victim or witness to challenge the perpetrator and to raise the incident with management or support staff when the perpetrator does not respond adequately In the first instance, it is up to the victim or the witness to challenge the perpetrator personally and to resolve the problem if possible. Even if the perpetrator does not respond positively, it is up to the victim or witness to go to the line manager to raise the problem. If this does not have the desired effect, it is the responsibility of the victim or witness to raise the problem with senior managers or request assistance outside of the usual direct channels (see for example Bovens, 1998).

Principle 2: It is the responsibility of management to recognise incidents and to take care that they are resolved It is a primary responsibility of the direct line manager to adequately identify and resolve incidents that occur within his department or unit (see Kaptein, 1998). It is therefore particularly important when setting up a safety net, to avoid a design where the safety net threatens to replace

221

management responsibility. “For all your incidents go to the safety net”, is not the message management wants to send to employees. It is not without reason that a safety net is called a safety net (for the managerial channels). There are organisations, therefore, that see the appointment of a counsellor as an interim solution, until managers are deemed adequately equipped to resolve internal departmental problems themselves. In some instances, organisations also choose the option of allowing only managers to consult the safety net, thus reinforcing their responsibilities as much as possible.

Principle 3: It is the responsibility of the support staff to recognise incidents and to see to it that they are resolved Support staff are there to support management and to increase efficiency. Support staff have specific in-house expertise and aim for a uniform way of working within the organisation. As such, the personnel department could have a responsibility to deal with misconduct in the workplace that affects the well-being of employees, the legal department could deal with legal violations, and the finance department could deal with fraud. And because support staff relationships with employees are less hierarchical, the threshold for reporting incidents is lower. Moreover, the greater the responsibility of the support staff, the more independence it will have in deciding how to deal with an issue or incidents.

TABLE III Principles for the design of an internal ethics safety net 1. It is the responsibility of the witness or victim to challenge the perpetrator and raise the incident when the perpetrator does not respond adequately. 2. It is the responsibility of management to recognise incidents and to see to it that they are resolved. 3. It is the responsibility of the support staff to recognise incidents and to see to it that they are resolved. 4. Clear structure and procedures for reporting incidents. 5. Low threshold for reporting incidents. 6. A professional and thorough approach to dealing with incidents. 7. Quick and efficient intervention if and when an incident occurs. 8. Credibility and integrity of the safety net. 9. Organisation-wide opportunities to learn from incidents.

222

Muel Kaptein

Principle 4: Clear structure and procedures for reporting incidents It must be clear to all employees which incidents should be reported to whom and what the possible follow-up steps are (ILO, 2000). Questions to which an organisation should provide answers for its employees include: “Which person should be approached for which incident?”, “Who can be turned to for dilemmas, questions, criticism and complaints?” and “What are the different procedures for the different types of reporting?”. Principle 5: Low threshold for reporting incidents In the event that management does not respond adequately to a reported incident, it must be made as simple as possible for staff to report unethical conduct outside the hierarchical line of management. The higher the threshold, the more incidents that will end up falling to the wayside and the greater the chance of escalation and of external whistle blowing. Principle 6: A professional and thorough approach to dealing with incidents Any person who reports an incident should receive professional and proper assistance: from listening to the incident being reported to its interpretation to deciding on how it should be dealt with to setting up an inquiry and if appropriate, to drawing the necessary conclusions and seeing to a follow-up (see also Izraeli and BarNir, 1998). Employees are entitled to a professional approach and companies have the duty to offer that (ILO, 2000). Principle 7: Quick and efficient intervention if and when an incident occurs In most instances, quick action is required to avoid the problem intensifying and to show that the problem is being taken seriously (see also the other benefits in Table I). From an efficiency point of view, it also makes sense to set up a

safety net as economically as possible (Micelli and Near, 2000).

Principle 8: Credibility and integrity of the safety net Conclusions with respect to who the perpetrator is, the extent to which s/he can be blamed and the measures that have to be taken, should always be reached in an independent and consistent manner. The reporting employee must feel assured that the information revealed in confidence will be treated with the necessary respect and that “they will not suffer retaliation if they use the internal channels” (Near and Miceli, 1996). It is lethal for a structure built on trust if employees (victims, witnesses as well as perpetrators) have insufficient confidence in the integrity of the responsible officers.

Principle 9: Organisation-wide opportunities to learn from incidents In order to prevent similar incidents from being repeated elsewhere in the organisation, it is of crucial importance that the organisation as a whole learns from such incidents. This is essential from the business point of view (to avoid more costs and trouble), but also from an ethical perspective. The ethical organisation learns from incidents by incorporating corrective and preventative activities in its structure and culture (Bovens, 1998; Kaptein, 1998).

Some critical factors Where there is conflict between two or more of the above principles, a choice must be made. Such choices determine the eventual model that is selected for the ethics safety net. Organisations have to address these questions in order to produce a carefully considered layout for the ethics safety net. Table IV highlights some critical factors that need to be addressed in the design of the ethics safety net and that will be discussed briefly here.

Guidelines for the Development of an Ethics Safety Net

223

TABLE IV Critical factors in the design of an internal safety net Critical factors 01 Avoiding unnecessary reporting or identifying all incidents? 02 An internal and/or external contact point?

03 A single service point or one service point per issue? 04 Centralised and/or decentralised? 05 For staff and/or external stakeholders? 06 A single officer for all staff or a multitude of officers? 07 Full-time or part-time officer?

08 Investigation by manager and/or by internal department? 09 Centralised and/or decentralised registration? 10 Separate or combined supervising and supporting functions? 11 Anonymous reporting or identification? 12 Complaints commission or not? 13 Which department does the ethics net fall under? 14 Reporting only incidents, or dilemmas as well?

Conflicting principles Efficiency versus effectiveness Low thresholds (remains within the organisation) versus low thresholds (anonymity) and credibility (independence) Low thresholds (easily accessible) and clear structure versus efficiency and credibility (no conflict of interests) Efficiency and professionalism versus low thresholds (contact point within own unit can be more familiar) Efficiency and credibility versus effectiveness and credibility Efficiency versus effectiveness Professionalism and low thresholds (no possible interference with other tasks) versus low thresholds (relatively more officers) and efficiency Personal line responsibility versus professionalism and responsibility of internal department Organisation-wide learning versus line responsibility Credibility versus efficiency Effectiveness versus employee’s personal responsibility Efficiency (flexibility) versus credibility Efficiency versus credibility Personal responsibility of line management and employees versus low thresholds

Critical factor 1: Avoiding unnecessary reporting or identifying all incidents?

Critical factor 2: An internal and/or external contact point?

The higher the threshold, the fewer incidents that will be reported to the contact point, the greater the chance that serious incidents will not be exposed. However, as the threshold to the contact point becomes lower, the likelihood that it will be used for trivialities (the so-called vacuum-cleaner effect), increases. All problems, regardless of their validity and seriousness are absorbed, removing management and staff responsibilities and creating a lot of work for the contact point.

It could be useful especially for smaller organisations to have a contact point outside the organisation. This can be jointly organised by a number of companies in the same location, region or sector. According to Trevinio et al. (1999), a number of U.S. companies outsource their telephone hotlines to outside consultancies or security companies in distant cities. Fifteen percent of the members of the Ethics Officers Association outsource their internal reporting system. Another nineteen percent have a hybrid (internal/outsourced) system (EOA, 2001). Not only can outsourcing the contact point be less

224

Muel Kaptein

expensive for companies, but it can also ensure that issues are treated professionally and quickly. It is particularly difficult to guarantee confidentiality in a smaller company given that everyone knows each other. An external contact point can serve to instil trust in unprejudiced treatment, confidentiality and anonymity. The potential disadvantages of using an external contact point include a lack of insight into the organisation and culture; difficulty in gaining the employees’ confidence; and employees interpreting outsourcing as a sign of poor management commitment to ethics (see also Trevino et al., 1999).

Critical factor 3: A single service point or one service point per issue? An important advantage of a single service point is that employees can be easily informed about the structure of the safety net and how to contact it. A single service point can also be cost effective because it avoids duplication. It also offers a central point from which to get an overview of all reported incidents. A disadvantage of a single service point is the extent to which the corporation’s reputation is dependent on it: if the service falls into discredit (e.g. due to a single misdemeanour) the functioning of the safety net as a whole is threatened. Moreover, a lot of knowledge and expertise are usually expected from people staffing a single service point. There is also the danger that, as fewer people staff the central service point, it gets more difficult to make a distinction between possible conflicting roles. For example, if an incident is reported and needs to be investigated and the “suspect” requests support in his/her defence at the same time.

Critical factor 4: Centralised and/or decentralised? The benefits of a decentralised safety net (i.e. per unit) are employee and manager recognition of the local office(r) and the officer’s experience with the local culture. Furthermore, it emphasises the unit management’s responsibility to supervise the safety net. Employees could doubt

the trustworthiness of a central counsellor and argue that “s/he is not one of ‘us’ but a management stooge”. The more counsellors there are from different hierarchical levels (and ethnic backgrounds and gender), the better the needs of a diverse staff will be met, consequently lowering the threshold to reporting. However, the higher the position of the officer, the more authority s/he will have with management. Local officers run the risk of having no access to the board. Moreover, a decentralised position also creates the risk that the officer concerned gains no experience (because of the proportionally few incidents s/he needs to deal with). This leads to a situation where if and when a case arises, the officer tries too hard to prove the usefulness of his/her function that s/he loses sight of the coresponsibility of others in resolving the incident. Like Don Quixote s/he takes up the battle against the perpetrator at great risk of being accused of fanaticism and not giving adequate consideration to others’ viewpoints and interests.

Critical factor 5: For staff and/or external stakeholders? Another question that arises when setting up a safety net is whether the contact point should also be accessible to external stakeholders. Some incidents will be noticed sooner by external stakeholders (especially if they are the victims) than by employees and managers. Moreover, a contact point for external stakeholders will make it clear to external stakeholders that the organisation is serious in its commitment to addressing and preventing unethical conduct by its employees. In addition, the company may also learn valuable lessons from reports from external stakeholders. A possible disadvantage of making the ethics safety net accessible to external people is that they may be left with the impression that the company is not capable of detecting and preventing unethical conduct by itself. Furthermore, a contact point for external stakeholders also involves higher costs (higher staffing, more communication, higher telephone costs with a free number, plus more calls from stalkers). A further disadvantage is that a contact point for external

Guidelines for the Development of an Ethics Safety Net stakeholders may raise expectations, which, if not met, may damage the company’s reputation.

Critical factor 6: A single officer for all staff or a multitude of officers? The greater the number of ethics services and officers, the more comprehensive the structure and consequently, the more accessible the safety net. However, the more services there are, the greater the chance of inadequate coordination. The ideal number of officers will therefore depend, among other things, on the number of employees, the geographical spread of employees and the nature and scope of the problems. Texaco, for instance, has appointed a compliance officer per location world wide (50 in total) for reports of violations of its business code. Other companies appoint a specialist compliance officer per type of issue company-wide. In this arrangement, a separate compliance officer would be appointed for procurement ethics, confidential information and corporate property, etc.

Critical factor 7: Full-time or part-time officer? The trend in smaller U.S. organisations, from an economic point of view, appears to be one of adding the task of compliance and ethics contact point to those of someone within a particular department (EOA, 1997). Of the members of the Ethics Officers Association who responded to the survey in 2000, fifty-four percent are full-time ethics officers and forty-six percent are part-time (EOA, 2001). When the part-time officer is not a full-time member of the support staff but is part of the business operations, s/he has the advantage of remaining involved in practice and developments on the work floor. Also, the threshold for such a part-timer is lower because the rest of the staff sees him/her as “one of us.” Possible disadvantages are reduced accessibility and less independence and time constraints due to other tasks may lead to neglecting officer tasks and responsibilities.

225

Critical factor 8: Investigation by manager and/or by internal department? The model of the ethics safety net that is used partly determines whether or not managers can carry out investigations themselves. Managers who personally conduct an investigation show that they take their responsibilities seriously. Such an approach could also increase the speed of the investigation, avoiding perpetuation of the incident or escalation of conflict. However, the more complex these investigations get, the greater the chance for an unprofessional approach. A manager investigating his/her own staff also runs the risk of causing lasting damage to mutual relationships and affecting the trust employees have in him/her. While employing support staff guarantees professionalism, the risk of insufficient insight into the specifics of the incident and adequate involvement of management in the incident also exists.

Critical factor 9: Centralised and/or decentralised registration? Central registration of all incidents increases opportunities for organisational learning. It can contribute to the timely detection of trends and linking of incidents. However, registration costs time and money. It is also a question of what exactly to register and how to safeguard confidentiality. Taken to its extreme, a manager would have to centrally register every incident, even every suspicion. In many cases the board will insist that they be promptly informed about at least the more serious cases of sexual harassment, fraud, gross breaches of internal guidelines, legal transgressions and violations of external stakeholder rights.

Critical factor 10: Separate or combined functions of supporter and investigator? On the one hand, it is desirable to combine the functions of supporter and supervisor, since both functions require the same knowledge. For example, officers to whom private trading has

226

Muel Kaptein

to be reported can simultaneously investigate whether managers and employees comply with this regulation. In addition, some questions can lead to better investigations and on the basis of the experience gained through such examinations, investigators can offer superior answers to the questions posed. On the other hand, an employee that presents an officer with a dilemma with respect to adhering to standards cannot subsequently qualify for advance inspection of his/her compliance with these same standards. It is also not desirable that the information the employee makes available to the officer at the time of his/her enquiry is used against him/her during inspection. This could lead to a situation where someone who is willing to share his or her dilemma stands a better chance of being inspected than someone who does not. It could create the impression that employees should not ask any questions while it is exactly what the organisation is trying to stimulate.

Critical factor 11: Anonymous reporting or identification? The option to report incidents anonymously lowers thresholds. This, however, also increases the risk of hoax calls, abusive calls and employees shedding all responsibility after reporting. Moreover, anonymous callers are not available for further consultations. Another question is to what extent can the anonymity of the caller be guaranteed. Sometimes the case may be so intertwined with the function of the reporting employee that no matter how much care the officer takes, s/he cannot avoid relinquishing the identity of the employee in the process of addressing the case. There are organisations that only take the matter up with the authorities if the reporting party gives permission to do so. Other organisations guarantee in principle the confidentiality of the reporter’s identity but would in exceptional circumstances sacrifice the anonymity of the reporter without his or her permission in order to take measures against the perpetrator.

Critical factor 12: Complaints commission or not? Sixty-six percent of U.S. companies that have an ethics officer also have an ethics commission (EOA, 2001). The presence of an ethics or complaints commission can serve the purpose of emphasising that complaints and dilemmas are taken seriously and that issues are dealt with objectively and professionally. The presence of such a commission, however, can also result in assessments becoming slower and less flexible and in employee reservations about reporting incidents because of doubts in the confidentiality of the commission, especially with a broad representation.

Critical factor 13: Which department does the ethics net fall under? In U.S. companies, twenty-three percent of the contact points for reporting unethical conduct fall under personnel affairs, twenty-three percent under administration, nineteen percent under legal affairs, twelve percent under internal audit and eleven percent under finances/accounting (Ethics Officers Association, 1997). The department the contact point falls under influences employees’ perception of the contact point. If it falls under a department that is more financially oriented, the safety net will be seen as a service for staff with complaints of primarily financial violations. If it falls under personnel affairs, it is more likely to attract reports of social violations. Placing it directly below management can enhance the independence of such a contact point. A disadvantage of this is that members of the management team may not have enough time to devote to the supervision of the safety net.

Critical factor 14: Reporting only incidents or dilemmas as well? Should the safety net be intended for unethical behaviour alone or should it also be open to staff facing a dilemma and requiring advice only? A safety net exclusively for unethical behaviour will have far fewer contacts than one that is open to

Guidelines for the Development of an Ethics Safety Net

227

questions, problems and dilemmas. Moreover, the broader the scope of issues that can be raised, the more positive the role of the safety can be. If it only deals with incidents, the net will be associated with trouble, crisis, guilty parties and costs.

Three models The choices a company makes with regard to the above critical factors (on the basis of the principles here described) will determine the structure of the internal safety net. In this regard, roughly three models can be distinguished for an integrated and coherent internal safety net: (1) the ethics officer, (2) the ethics co-ordinator and (3) the ethics helpdesk. In the case of a single safety net there is one officer who covers all types of violations. Depending on the choices made with respect to the critical factors, different variations on the theme of this single safety net may include centralised or decentralised officers, internal or external officers and, for instance, full-time or part-time officers. The ethics officer can also be indicated with the term “counsellor”, “compliance officer”, “integrity officer”, “integrity counsellor” or “ombudsman”. In small companies in particular this should be the favoured model. Someone from outside the internal hierarchy is appointed as ethics officer, whom staff can approach for both social and financial forms of unethical behaviour. The ethics officer decides, in consultation with the reporting employee, what the next step should be and who should be involved in the issue. With a composite safety net, there are different

Figure 1. Model for a single safety net with an ethics officer.

service points for different types of violations. If potential staff issues can be clearly distinguished and separated from each other, different ethics service points can work well alongside each other. Clear communication about the scope of the different service points and coordination between the service points is essential. It is the ethics co-ordinator’s task to see to it (behind the scenes) that the scope of the different service points are clear and clearly communicated. The integrated composite safety net has a single central service point for all types of violations and from behind which all the officers operate (whether or not physically). The functionaries of the so-called Ethics Helpdesk (or helpline or hotline) decide on the follow-up of a report. The term “helpdesk” is also an invitation to staff to approach the service with questions and dilemmas. This name also emphasises their personal responsibility in a positive way (the help aspect). At the same time, the organisation also recognises its responsibility (the helpdesk has the task of referring staff to the appropriate service). Staff (and also external stakeholders) can

Figure 2. Model for a composite safety net with an ethics coordinator.

228

Muel Kaptein

Figure 3. Model for an integrated composite safety net with an ethics helpdesk.

also approach the officer directly who must then feed this back to the helpdesk. As the ethics officer, the helpdesk can be consulted in connection with all forms of unethical behaviour. It is the responsibility of the helpdesk to refer the enquirer to the appropriate service point. If there is no service point for a specific type of issue, the helpdesk has to see to a proper follow-up for the enquirer so that s/he is not left stranded. This integrated composite approach will enjoy the preference of large organisations in particular, where there may be a multitude of violations and where often a multitude of service points has sprung up. The difference to the model with the ethics officer is that the latter is much more active during the follow-up and the resolution of the case, whereas the exclusive aim of the helpdesk is to ensure that reports and queries are properly channelled and referred. In contrast, the ethics officer has much greater personal authority to initiate investigations, etc. (see Table V for the differences). The ethics helpdesk works as follows: 1. Intake. The caller (internal and possibly also an external stakeholder) is offered a sounding board for discussing a complaint, dilemma or question. The points for attention during this phase include gaining insight into the specific case, listening to the feelings of the caller, building trust and explaining the procedures and possibilities offered by the Ethics Helpdesk. The helpdesk worker is, however, not personally responsible for the subsequent counselling and compliance tasks.

2. Registration. The helpdesk worker registers the details of the call in the system. 3. Referral. On the basis of a rough description of the report, it is determined who the appropriate officer in the organisation is to follow up the request. For this purpose, the helpdesk worker needs to have an ethics safety net map of the organisation that indicates the appropriate member of staff for a particular issue. 4. Follow-up. In consultation with the caller, the helpdesk worker then makes an appointment for the follow-up support: by whom and when, for instance, contact will be made. It is the helpdesk worker’s responsibility to ensure that contact is made between the caller and the appropriate officer. The helpdesk also keeps track of the follow-up process. The officers are also responsible for the registration by the helpdesk of requests made directly to them. The helpdesk regularly reports to management.

Different roles in the safety net Due to the different roles within a safety net, it is sensible to think about which service takes on which role. Table V shows the possible roles of the different services. As demonstrated by Table V, the ethics officer can take on a variety of roles. The risk in this respect is that the reliability and effectiveness of the safety net may be jeopardised. The table also clearly shows the importance of the role of line management in the

Guidelines for the Development of an Ethics Safety Net

229

TABLE V Roles in the safety net

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16

Different roles in the safety net

EO

EC

HD

CL

CO

ECM

Contact/information point Coach Referrer Intermediary Endorser Investigator Supporter in defence Adviser on measures/sanctions Registrar Policy adviser Booster Follow-up care Supervisor Norm-setter Decision-maker on Sanctions Controller

X X X X X X X X X X X X X

X

X

X

X

X

X

X X X X

X

X X X

X X

X

X

X

SS

LM

X

X

X X X

X X X X

X X X X

X X X

X X X

X X X X X X X

IRB

X X X X X

X X X X X X X

X

X

X

X X X

X

EO = Ethics officer, EC = Ethics coordinator, HD = Helpdesk, CL = Counsellor, CO = Compliance officer, ECM = Ethics commission, IRB = Internal Review Board, SS = Support staff, LM = Line management.

ethics safety net. The next section describes the KPN Telecom safety net as illustration of the helpdesk model.

KPN Helpdesk Security and Integrity KPN Telecom is a company that offers a wide range of telecommunication services. With 38,500 employees in the summer of 2001, it is one of the top five European telecom companies. The company is listed on the Amsterdam, New York, London and Frankfurt stock exchanges. Following a preparation period spanning more than two years, KPN introduced a company code of conduct in October 2000. The code of conduct, comprising 2100 words and entitled What Unites Us, applies to the entire staff. The code describes the ambitions and responsibilities recognised by the company per stakeholder (clients, financiers, staff, business partners, competitors, environment, society and legislators, both domestic and international). The code also defines the rules of conduct for employees regarding, for example, confidential information,

interpersonal behaviour, corporate assets and ITmeans. The Board of Directors decided that for staff and external stakeholders to see the code as a credible ambition, the company should have a comprehensive and sound safety net before publishing the code. With the safety net, the board wants to send a clear message that there is a sounding board for the problems of employees and that many forms of misconduct are not private, but corporate issues. After extensive discussions, the decision was made in favour of the ethics helpdesk model.

Scope The KPN code of conduct refers extensively to the helpdesk. “KPN employees may encounter problems, incidents and questions related to observing the code. If these problems cannot be resolved by the line organisation and/or with the persons directly involved, employees may contact the KPN Security & Integrity Helpdesk,” the code states. Possible issues with which staff may approach the helpdesk can vary from leaking

230

Muel Kaptein

confidential information, unauthorised use of passwords, conflict of interests, bullying, sexual intimidation and, for instance, harm to stakeholders like consumers and suppliers. The helpdesk is also available for questions and dilemmas relating to, for example, insider knowledge, purchasing, personal behaviour, cultural differences, sideline activities and the use of company resources for private purposes. Managers can also contact the helpdesk for support in resolving integrity issues in their departments or units. The contact point is for the exclusive use of staff, and not for external stakeholders because such an expansion would be significantly more complex and experience is first needed to be gained with the current set-up. Moreover, in the context of the implementation of the code, stakeholder-owners were appointed who are chiefly responsible for communicating with the relevant stakeholders and finding out about incidents and issues stakeholders are concerned about.

Accessibility, staffing and working method All employees have access to the Security and Integrity Helpdesk that can be reached via a free phone number, 24 hours per day, seven days per week. Since January 2001, the helpdesk has employed eight staff members and a manager. The helpdesk is chiefly centrally financed so as to emphasise its importance to the organisation as a whole. Rates for research activities have been pre-established and are charged to the subdivisions without exception. The functions that are part of the helpdesk service are explicitly defined and set out in a protocol. The helpdesk worker functions as first point of contact and support for people with a complaint relating to compliance with or interpretation of the code. The helpdesk worker has the additional tasks of referring the caller through and monitoring the process. The helpdesk worker supports the caller and offers him or her a sounding board. Once the nature of the problem has been identified, follow-up appointments are made. Normally, the helpdesk worker would refer the caller to the appropriate officer within KPN. The helpdesk worker also

registers the call in the system. Because the rearguard also registers their actions in the system, the helpdesk worker can monitor progress and, if required, urge the rearguard to act with more speed. The helpdesk worker also acts as a filter to avoid as far as possible trivial issues receiving the full treatment. Helpdesk workers also have the specific task of stipulating the caller’s responsibilities in resolving the incident internally. In order to make the caller aware of his/her personal and functional responsibilities and to prevent abusive calls, anonymous calls are not accepted. It is only when the issue is of a sufficiently serious nature, supported by hard evidence, and the caller has credible grounds for wishing not to be identified that the helpdesk may decide to take action on the basis of an anonymous call.

Rearguard The rearguard includes counsellors who are familiar with each organisational unit and who deal with unacceptable interpersonal behaviour, integrity investigators who investigate incidents and compliance officers who supervise the adherence to internal and external rules. The integrity investigators carry out investigations where the line organisation is possibly also involved in the incident and/or if specific expertise is required. It is usually up to the managers to decide whether to carry out an investigation personally or to involve the integrity investigators. KPN has separate compliance officers, among others for privacy, insider knowledge, company resources, purchasing and IT. Employees can also directly approach the counsellor in the department or unit or the relevant compliance officer. In that event, the rearguard officer in question will see to the (initial) support of the caller. The information to be registered is submitted and entered according to the agreed standard procedures and is forwarded to the helpdesk. While the implemented model has one central service point (the helpdesk), the individual service points also remain directly accessible (except for the complaints commission, which can only be accessed via the line). Figure 4 contains a schematic

Guidelines for the Development of an Ethics Safety Net

231

Figure 4. Ethics safety net of KPN.

representation of the structure of the safety net of KPN. At least once a year, all employees involved in the ethics safety net get together to share experiences and discuss bottlenecks. When the helpdesk was set up, the safety net staff members were instructed in the structure and functioning of the helpdesk and received training in dealing with reports properly.

Confidentiality An important prerequisite for the effectiveness of a safety net is the level of confidentiality with which information is treated. All helpdesk and rearguard staff emphasise to their callers the confidentiality of conversations. It is up to the caller to decide whether to surrender his or her anonymity and, for example, to submit an official complaint against a perpetrator. In all cases where the caller reports inappropriate behaviour of

which s/he is the victim, s/he retains the right to withdraw the complaint. The helpdesk workers also fulfil no other function inside the organisation. Moreover, both technical and organisational measures have been taken to guarantee confidentiality as far as possible and to prevent loss, theft or unauthorised use of information. In this regard, the registration system is located on a separate server that is accessible only via the KPN intranet to authorised KPN staff whose tasks require them to have access. The same applies to physical access to the helpdesk. The KPN staff concerned are all screened and bound by a duty of confidentiality.

Communication Within KPN, existence and functioning of the helpdesk are communicated to employees in different ways. In the first instance, the helpdesk is clearly mentioned in the KPN code of conduct

232

Muel Kaptein

that each KPN member of staff has to comply with. In addition, brochures and fact sheets with information, rules and guidelines about the helpdesk are available and can be requested by any KPN employee. All employees carry a personal identification card with the number of the helpdesk on it. Finally, detailed and up-todate information is available via the KPN Intranet.

Reporting The head of security reports to the chair of the Board of Directors as well as to the management of the different business units. The latter takes place on a regular basis (at least once a month) and concerns the nature and scope of requests received via the helpdesk. Three full-time analysts prepare the relevant reports in line with the structure of the code of conduct. They are responsible for analysing the registered data and translating this into adequate management information (in terms of the seriousness of the problem, its causes, the relationship between different reports, weaknesses in the organisation, prevention strategies). On this basis, management can take concrete steps for improvement. A similar evaluation enables management sensitivity to the correct implementation of the KPN code of conduct and hopefully contributes to departmental discussions on improving implementation. When KPN prepares external reports on compliance with the code of conduct, the information generated by the helpdesk will also be included.

Effectiveness In the first year after the introduction of the helpdesk, approximately 800 to 900 reports were registered by the helpdesk per quarter, which in turn resulted in about 200 to 300 investigations per quarter. A large number of reports relate to misuse of property and theft. A survey that was circulated among staff a year after the helpdesk’s inception, shows that most employees are aware of the existence of the safety net and that they

have sufficient confidence that there is room within the organisation for addressing incidents. In the same period, the audit department carried out an investigation of the performance of the helpdesk itself. The systems and procedures appeared to withstand the test, but the activities and benefits of the helpdesk needed to be more effectively communicated. These first signs of success can be accounted for particularly by the fact that the helpdesk forms part of a wider business philosophy with a positive underlying tone. The rearguard too, is enthusiastic about the helpdesk structure because their tasks are well coordinated not only among each other, but also within the organisation. It is especially important that the head of the helpdesk remains alert to the collapse of the safety net.

Conclusion The model chosen by KPN is characterised by its easy accessibility and a simple reporting structure. Blind spots are avoided because the helpdesk has the responsibility of pointing callers in the right direction. Helpdesk workers cannot turn employees away with the excuse that they cannot help them. Good coordination between counsellors, compliance officers and company security is necessary for the helpdesk to function properly. The central helpdesk design facilitates adequate supervision and reporting. At the same time, the helpdesk is not a contact point where staff can simply raise issues without any further ado. The helpdesk philosophy emphasises employees’ personal responsibility in finding a solution to the problem (as opposed to the helpdesk simply taking over the issues and problems). The preference for a broad set-up also makes positive input possible. The helpdesk does not only serve the interests of the company, but also those of the employees. The helpdesk functions as outlet for staff confronted with dilemmas, thus institutionalising openness around the line organisation without undermining openness within the line organisation and the work processes. In this respect, the integrity approach and the compliance approach (Paine, 1994) are integrated: internal organisational openness and personal

Guidelines for the Development of an Ethics Safety Net responsibility of staff are stimulated, in turn linked with monitoring and compliance to the code. In addition to the informed decision KPN made with respect to the critical factors described in this article, the implementation of the safety net also meets a number of crucial criteria. These include management commitment, correspondence with the code of conduct, clearly defined procedures for the functioning of the safety net, training for the people involved, communication and awareness-raising activities aimed at staff, regular reporting and regular effectiveness assessments of the safety net itself. Organisations often have a starting point for improving their ethics safety net. Organisations that have delegated ethics policy to a given employee could start with a review of the ethics service points and identify blind spots. A similar coordinator would be wise to get all the representatives of the different service points around one table (the second model). Organisations that already have a counsellor or compliance officer could determine to what extent the range of duties could be expanded (the first model). Perhaps the security department could be made more visible as a contact point. Organisations that already have an established complaints or information helpline for external stakeholders could consider opening this up to staff (third model). And that brings us back to the purpose of this article: offering companies tools for assessing the quality of their present safety nets and improving them where necessary.

References Bird, F. B.: 1996, The Muted Conscience: Moral Silence and the Practice of Ethics in Business (Quorum Books, Westport). Bovens, M.: 1998, The Quest for Responsibility: Accountability and Citizenship in Complex Organizations (Cambridge University Press, Cambridge). Conference Board: 1999, Global Corporate Ethics Practices: A Developing Consensus (New York). Ethics Officer Association: 1997, EOA Member Survey 1997 Report. Ethics Officer Association: 2001, EOA Member Survey 2000 Report. Ethics Resource Centre: 1994, Ethics in American

233

Business: Policies, Programs and Perceptions (Ethics Resource Centre, Washington). Ewing, D. W.: 1997, Freedom Inside the Organization: Bringing Civil Liberties to the Workplace (New York). Farrell, B. and D. Cobbin: 1996, ‘Mainstreaming Ethics in Australian Enterprises’, Journal of Management Development 15(1), 37–50. Ferrell, O. C., D.T. LeClair and L. Ferrell: 1998, ‘The Federal Sentencing Guidelines for Organizations: A Framework for Ethical Compliance’, Journal of Business Ethics 17, 353–363. Gellerman, S. W.: 1989, ‘Managing Ethics from the Top Down’, Sloan Managing Review (Winter), 73–79. Hirschman, A. O.: 1970, Exit, Voice and Loyalty: Responses to Decline in Firms, Organizations and States (Cambridge University Press, Cambridge). International Labour Organization: 2000, Violence at Work (International Labour Office, Geneva). Izraeli, D. and A. BarNir: 1998, ‘Promoting Ethics Through Ethics Officers: A Proposed Profile and an Application’, Journal of Business Ethics 17, 1189–1196. Kaptein, M.: 1998, Ethics Management: Auditing and Developing the Ethical Content of Organizations (Kluwer Academic Publishers, Dordrecht). Kaptein, M. and J. Wempe: 1998, ‘Twelve Gordian Knots When Developing an Organizational Code of Ethics’, Journal of Business Ethics 17, 853–869. Kaptein, M. and van J. Dalen: 2000, ‘The Empirical Assessment of Corporate Ethics: A Case Study’, Journal of Business Ethics 24, 95–114. KPMG Germany and Universität Erlangen-Nürnberg: 1999a, Unternehmensleitbilder in Deutschen Unternehmen (Frankfurt). KPMG Ethics & Integrity Netherlands, Dutch Employers Association, and Society for Professionalmorality and Crimeprevention: 1999b, The Organization with Integrity: The Value of Businesscodes (The Hague). KPMG Business Ethics & Integrity Services India: 1999c, 1999 Business Ethics Survey Report India. KPMG Canada: 1999d, Business Ethics Survey: Managing for Ethical Practice (Toronto). KPMG Integrity Management Services: 2000, 2000 Organizational Integrity Survey (Washington DC). London Business School and Arthur Andersen: 2000, Ethical Concerns and Reputation Risk Management: A Study of Leading UK Companies. Mahoney, J.: 1997, ‘Business Ethics in Great Britain’, in P. Werhane and R. E. Freeman (eds.), Encyclopedic Dictionary of Business Ethics (Blackwell), p. 78.

234

Muel Kaptein

Micelli, M. P. and J. P. Near: 2000, ‘Whistle-blowing as Antisocial Behavior’, in R. A. Giacalone and J. Greenberg (eds.), Antisocial Behavior in Organizations (Sage Publications, Thousand Oaks). Morf, D. A., M. G. Schumacher and S. J. Vitell: 1999, ‘A Survey of Ethics Officers in Large Organizations’, Journal of Business Ethics 20, 265–271. Near, J. P. and M. P. Miceli: 1996, ‘Whistle-blowing: Myth and Reality’, Journal of Management 22(3), 507–526. Paine, L. S.: 1994, ‘Managing for Organizational Integrity’, Harvard Business Review 72, 107–117. Rothschild, J. and T. D. Miethe: 1999, ‘Whistleblower Disclosures and Management Retaliation: The Battle to Control Information about Organization Corruption’, Work and Occupations 26(1), 107–128. Stewart, L. P.: 1980, ‘Whistle Blowing: Implications for Organizational Communication’, Journal of Communication 30(4), 90–101.

Trevinio, L. K., G. R. Weaver, D. G. Gibson and B. L. Toffler: 1999, ‘Managing Ethics and Legal Compliance: What Works and What Hurts’, California Management Review 41(2), 131–151. Weaver, G. R., L. K. Treviño and P. L. Cochran: 1999, ‘Corporate Ethics Practices in the Mid1990’s: An Empirical Study of Fortune 1000’, Journal of Business Ethics 18, 283–294. Weiss, J. W.: 1994, Business Ethics: A Managerial Stakeholder Approach (Wadsworth, Belmonth).

Business-Society Management, F4-64, Rotterdam School of Management, Erasmus University Rotterdam, P.O. Box 1738, 3000 DR Rotterdam, The Netherlands E-mail: [email protected]