By Dale S. Laszig
Castles Technology Co. Ltd.
In the last decade, an unprecedented number of compliance laws have been enacted and updated - everything from health care privacy to workplace safety. Existing laws have been replaced by stricter codes. New laws have cost millions to implement and created lots of churn. But more importantly, are they working?
Are we better off today than we were before the Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability and Accountability Act and Occupational Health and Safety Administration, just to name a few? Can we get beyond watching the watchdogs to a place of core values, where people do the right thing because they want to and not because they're afraid of getting caught?
Regulatory agencies recognize that laws can go only so far in advancing ethical behavior. Most human resources professionals agree that the best ethics policies are based on a solid foundation of self-regulation and individual understanding of right and wrong. These core values can then be reinforced with clearly stated guidelines, a good training program and enlightened professional oversight.
Clear, up-to-date ethical guidelines are crucial to all employees, not just new hires. Some such manuals are written by attorneys for attorneys, so when creating yours, make sure the writing style is accessible and on point.
Does the handbook convey your company's guiding principles and core values in a down-to-earth style that will resonate across all departments, regions and business units? And is the material presented in a reader-friendly format?
In Explicit Business Writing, R. Craig Hogan advocates clear and simple language and liberal use of white space in corporate communications. "Readers should be able to see a clear organizational pattern immediately when they look at an email, memo, letter or report," Hogan wrote. "Explicit business writing uses visual elements to create an information blueprint that guides readers through the information, making it easier to follow and understand. Avoid having only dense paragraphs of text in business writing."
Putting out a book of rules is a good start, but how do you make it engaging for readers? "Humans have an enormous capacity for learning, a capacity genetically coded into us.
This learning capability permits us to change as we receive information from the environment," wrote Harold D. Stolovitch and Erica J. Keeps in Telling Ain't Training. According to the authors, the objective of any training program is not only to impart knowledge, but also to motivate each trainee to change in response to the new information.
Since each individual has a unique way of learning, effective training programs use more than one approach to reach a diverse audience. Printed handouts, videos and interactive exercises are good ways to present material.
These introductions can be reinforced with interactive training by human resources professionals. Role playing, reviewing different scenarios and testing knowledge with self-guided quizzes will keep things lively and relevant, despite how much employees may roll their eyes.
Most companies have formalized processes to monitor activities and prevent deceptions such as tax evasion, tax fraud, abuse of privileged information and misdirection of funds. Such issues are typically reviewed internally by a company board and externally by independent, unbiased auditing agencies.
External review boards render impartial opinions pertaining to corporate codes of ethics, develop case studies on ethics in their professions and introduce preventive measures that further inhibit recurrence.
For example, the National Society of Professional Engineers meets twice a year to decide cases. Its annual Milton F. Lunch Ethics Contest tests members' knowledge of ethical practices.
Another example of an independent review board is the Public Accounting Oversight Board established by SOX to enforce ethical guidelines. SOX was enacted in 2002 in response to ethics breaches by public corporations, including Enron, WorldCom and Tyco, which had falsely manipulated stock prices by misstating financials and creating special purpose entities to hide losses and disguise insider trading.
After these fraudulent activities were discovered, several high-ranking officers were prosecuted, fined and imprisoned. Billions in losses resulted, affecting employees, investors and financial markets.
The post-SOX culture among public companies facilitates full disclosure of financial information to stakeholders and the investment community. Individual managers are held accountable for timely, accurate reporting of financial data. Post-SOX transparency, while not perfect, has helped to restore investor confidence and create better tools for managers and auditors through a procedural framework for dealing with discrepancies.
The PCI DSS was affirmed in 2006 by five major card brands, which subsequently recognized and implemented these standards into each of their respective security policies. They share equally in the governance of the PCI Security Standards Council, an open global forum that oversees the PCI DSS, Payment Application DSS and PIN Transaction Security requirements.
"Today's consumers need to trust that the personal information they are providing to the merchant is secure," said Joan Herbig, Chief Executive Officer of Atlanta-based ControlScan Inc., a provider of PCI compliance and security services that meet the unique needs of Level 4 merchants. "When merchants meet industry compliance standards, they are helping to secure consumers' data as well as protecting themselves from falling victim to a potentially business-ending data breach."
According to Herbig, we are all better off - ISOs and acquirers, merchants, and consumers alike - when compliance boxes are thoughtfully checked and information is secure. "We've found that merchants who are PCI compliant are much more conscious of data security overall and less likely to experience a breach," she said.
Most of us want to behave ethically, but we're only human. Sometimes we may succumb to economic pressures or try to rationalize questionable behavior. If we sign a new account without disclosing related fees, accept cash to avoid paying taxes, or encourage a new merchant to adopt a noncompliant PCI application or product, we don't always consider the impact these small misdeeds have on our company, our community and our personal integrity.
A working knowledge of company guidelines, combined with a healthy dose of common sense, will help us reason things out and make the right choices.
Dale S. Laszig is Senior Vice President of Sales in the United States for Castles Technology Co. Ltd., a manufacturer and global provider of smart card, contactless and POS solutions. She can be reached at 973-930-0331 or firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next