Some organisations may not regard ethical assurance as a priority. But opportunities can be created when investors, customers and suppliers are attracted to doing business with organisations they trust.
What is ethical assurance?
What are the benefits of ethical assurance?
First steps
Scoping
Recognising and coordinating assurance providers
Gathering and assessing evidence
Reporting
The Institute of Business Ethics defines ethical assurance as:
"The application of ethical values to business behaviour. Business ethics is relevant both to the conduct of individuals and to the conduct of the organisation as a whole. It applies to any and all aspects of business conduct, from boardroom strategies and how companies treat their employees and suppliers to sales techniques and accounting practices.
Ethics goes beyond the legal requirements for a company and is, therefore, about discretionary decisions and behaviour guided by values."
Ethical assurance looks at whether the discretionary decisions and behaviour in the organisation align with ethical values and commitments.
During a time of austerity, some organisations may not regard ethical assurance as a priority. However, opportunities can be created when investors, customers and suppliers are attracted to doing business with organisations they trust.
Consequently they want to know what the organisation stands for - its values, intentions and commitments.
They want to know that the organisation can be trusted to do the right things. In this era of social media and consumer power, now more than ever organisations must avoid hitting the headlines for the wrong reasons. Recent high profile ethical scandals include:
As a consequence, boards are interested in understanding and managing their reputational risks and want to know that management is responding to these risks.
But it’s not just about management of reputational risk. New business opportunities can be created when customers and suppliers are attracted to doing business with companies that respect the interest of others and can even lead to a competitive advantage. A strong ethical culture makes sound business sense.
Relationships of trust can be enhanced when investors are confident that the board is monitoring compliance with its ethical policies.
Ethical assurance helps boards quantify adherence to stated ethical standards and objectives. It helps boards monitor whether objectives for long term value and sustainability are being achieved. Boards need assurance that their message is understood in the business and is driving appropriate behaviours.
Ethical assurance therefore has a critical role to play in strengthening an ethical culture by providing reassurance that the business is adopting the ethical policies and behaviours laid out by the board, or identifying weaknesses to be addressed.
The organisation must have a clear idea of what ethics means in the environment in which it operates. This includes a defined set of ethical values with policies that are communicated and well understood by the people in the organisation.
Board members and senior executives also need to have thought about ethical risks and their impact and have a good idea of the assurance they want. A programme of awareness and training around these aspects that talks about the importance of assurance would therefore be helpful.
The Institute of Business Ethics identified the following as being pre-cursors of assurance in an effective programme to build ethical culture:
Some organisations choose to establish a working group or committee to structure and organise ethical assurance and to give ethical issues an additional profile. This creates an opportunity for internal auditors. They can help to establish an effective assurance framework, work with other assurance providers as well as provide assurance.
With all these things in place some basic questions about ethical assurance can be addressed:
Sometimes cost is used as an argument to discourage or defer ethical assurance. What is overlooked is that it can be an investment that creates benefits.
The next stage is to spend further time thinking about what the organisation wants assurance on. This will revolve around the organisation's key ethical risks and their potential impact.
Every organisation will have an individual view upon its assurance needs and there are a wide range of issues to consider.
The list below groups ethical issues to highlight some, not all, examples of where assurance can be provided.
There are a number of questions to consider in scoping ethical assurance:
Criteria are the benchmarks used to measure or evaluate the underlying subject matter. Suitable criteria are required for reasonably consistent measurement or evaluation. They need to be relevant, reliable, neutral, understandable and complete. The IBE suggests that organisations begin by assuring their ethical performance against the standards set by their own code of ethics.
Organisations have a number of assurance options to choose from to gather and assess evidence.
In some cases managers may be best placed to provide assurance to the board (audit committee). This refers to the use of ongoing performance management arrangements, for example, self-certification by managers and employees confirming they have seen and are applying the company's code of ethics is a useful tool to provide ethical assurance.
In the UK, a key principle of the UK Corporate Governance Code (B.6) states that 'the board should undertake a formal and rigorous annual evaluation of its own performance and that of its committees and individual directors.'
As part of this review process, board members need to ask themselves how well they lead the company in living up to its values. Thus self-certification at both the board and management level can be used to feed into the ethical assurance review.
Internal audit offers the most independent and objective form of assurance to the board (audit committee). The importance of ethical assurance is emphasised in Performance Standard 2110.A1 relating to governance, which states:
'the internal audit activity must evaluate the design, implementation, and effectiveness of the organisation's ethics-related objectives, programmes, and activities'.
For some organisations, ethical assurance is so important it is a feature of every internal audit engagement, while for others it appears as a single review within the annual internal audit plan.
The organisation may also have managers or management teams who have a specific oversight or assurance role such as compliance managers, health and safety, risk managers etc who provide assurance on specific ethical issues.
Understanding who provides assurances in the form of an assurance map is therefore a good idea as it will identify possible gaps and overlaps in assurance to the board.
As part of this, it is also important to see how well assurance is being co-ordinated, for example by a working group or committee considering the effective use of assurance resources.
This might include reviewing the HR Director's monitoring mechanisms to ensure they are comprehensive and relevant and checking that manager's self-assessment declarations are accurate.
To provide assurance internal auditors need to develop a good understanding of ethical risks in their organisation in order to assess how well issues are being managed. When looking at the management of ethical risks internal audit should ensure there is:
Internal auditors may need to go beyond traditional testing when gathering evidence to provide ethical assurance as attitudes and perceptions are relevant when considering the level of commitment to policies and procedures.
Examples include:
While evidence may be gathered from data already available and perhaps already reported, the key difference in an audit engagement is bringing it together to add a new or wider perspective of the key issues.
Providing an assurance opinion is the final stage in the assurance process. There are two ways in which this can be done.
In the first, more traditional approach, the internal auditor or other assurance provider comments on whether and to what extent, the organisation is living up to its values according to the criteria used for evaluation.
The sufficiency of evidence will be used to back up the opinion provided. This report will focus on ethical assurance and using the various criteria will identify issues and make recommendations.
The second approach is to offer an overall opinion based on criteria and findings in different audits (eg Health and Safety, Human Resources, Procurement) and then combine all the findings from these audits into a single report at the end of the year.
It can be supplemented with specific cases to indicate changing attitudes which may or may not be indicative of a wider problem. Success stories reflecting right behaviours should also be highlighted as they will provide the right balance.
Overall, in the second approach, the key focus is to use a combination of indicators embedded in other audits together with some key trends and incidents and present it as an annual statement.
Finally, the need or desire to assure external stakeholders is on the increase and there are a variety of organisations that have developed frameworks or standards to support narrative reporting, including:
Where the organisation chooses to issue an external report, there may be a requirement to ensure the content is accurate and reliable through assurance. This may involve an external assurance provider who may look at the reliability of internal assurances as a starting point.
2050-1 Coordination
2050-2 Assurance maps
2050-3 Relying on the work of other assurance providers
Coordination of assurance services
The Institute of Business Ethics offers a wide range of information, case studies, research and training courses.
The Good Corporation carries out independent assessments of responsible business management. Their web-site includes standards and case studies.
The Global Reporting Initiative develops and disseminates globally applicable sustainability reporting guidelines for voluntary use by organisations.
Through their standards Account Ability offers research, and strategic advisory services to help organisations become more accountable, responsible, and sustainable.