Hear us out: there are costly security risks, like fraud, cybersecurity, and business interruption, looming around every corner in today’s business world.
But one inexpensive way that organizations can boost their security against these risks is by cultivating an ethical culture, according to Amanda “Jo” Erven, president and founder of Audit. Consulting. Education LLC and author of Becoming the Everyday Ethicist.
CFO Brew spoke to Erven about finance’s role in creating an ethical culture, what it costs to boost ethics, and what organizations should be looking out for.
In your view, what’s the connection between an organization’s ethical culture and its security, whether it be fraud, cybersecurity, and financial security?
I think that leaders at an organization set the tone from the top. And what the top cares about, the rest of the organization will follow. And if the top cares about things like security—whether that’s cybersecurity, if they care about fraud—if they put those resources towards those things, then the rest of the organization will fall into place.
And if they don’t, if they emphasize other things, such as profits, or being the first to the market, regardless of the consequences, then that is the mentality of the organization. So I feel that if the top cares about security, the rest is going to. They set ethical culture, in its entirety, in my mind.
What are the biggest ethical risks that you see right now, particularly in light of some of the recent economic challenges that we’ve had, and some that may be coming up?
I think cutting corners is always an ethical risk. I think that in times of potential recession, you’re going to have people within an organization that still are going to try to find ways to make their numbers, to get their bonus, to get that stock price to what they want it to be, and unfortunately, that leads to bad behavior.
I think it is a slippery slope when you start to cut corners. And when you start to [say], “This little bit won’t matter; we’ll figure out a way to bring this revenue forward, or push it off,” it starts there. But the problem is, it doesn’t end there. It never does.
It doesn’t matter if you do it once or a hundred times. In my mind, it’s still the wrong thing to do.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
What role does finance, the CFO chair, have in promoting ethics?
When I think “tone from the top,” I think of any of those C-suite positions. The CFO—being one of the critical ones—perhaps is the one who needs to stand up to the CEO and the board, when they are putting too much pressure on meeting the numbers.
They really need to be the one who stands up to those people that say, “Get there however you can.” I honestly think that they have an extremely important position in ensuring ethics are not compromised within the finance organization. Obviously, they’re at the top of it, so they lead the way.
What does it cost to build an ethical culture?
I don’t think it should cost too much at all. All it takes is to talk about it and walk the talk about it. And both of those things are fairly free. Now, I know it does take time out of busy schedules to talk about it, but I don’t think it should take any time at all to walk the talk. So it is about going back to, “What is the tone you want to set?”
I am a lover of a great ethics policy. But I would prefer they learn from your actions, not words on a piece of paper. So again, that costs very little time and effort.
I think managers would prefer to put their earmuffs on and not hear about it or talk about it, but the best organizations that have gotten through an ethical crisis have brought it to the surface.
They talked about it, they trained on it. They say, “This happened; this is what should have happened.” I think that goes with cybersecurity: we cannot hide the fact that we’ve been hacked. We need to talk about why it happened, how it happened, what could we have done to prevent it.
Every crisis should be lessons learned, and what I see is that not happening.
How do organizations inadvertently incentivize unethical behavior?
By focusing too much on the numbers and not enough about what goes into those numbers. So we inadvertently just say we need to hit the budget, or we’re over budget, or under budget. It is always too much about the numbers and not about the behavior behind the numbers.—DA