Inoculate Your Company Against WikiLeaks
For months, the world has watched the WikiLeaks drama unfold. At the Corporate Executive Board, we held our collective breath waiting for the first hint that Julian Assange would turn his attention to a company rather than a government. The shoe dropped last week when he claimed to have tens of thousands of documents on a major bank demonstrating unethical behavior, and rumors soon focused on Bank of America, sending the firm’s stock down by more than 3%.
All Firms Are at Risk…
Over the past few days I’ve spoken with executives who say, “Well, we’re not a big bank or a BP—this WikiLeaks thing isn’t a real issue for us.” They take false comfort in the belief that only industries embroiled in large scale corporate scandals or mishaps have to fear this kind of exposure. Virtually every organization today has one (or several) pockets where a scandal is festering—the leadership team just doesn’t know it. Between new whistleblower incentives and an increasing array of avenues like WikiLeaks, enabling the disclosure of confidential information, employees feel increasingly empowered to publicly share information they once would have kept hidden, even under dire circumstances.
The genie is out of the bottle. We can rail against this wave of transparency (to no avail), or we can turn it into a force for good within our organizations. The key is to measure your corporate culture and to identify those pockets where you are exposed. As Steven Williams, Managing Director in our Corporate Integrity practice, identified several weeks ago while analyzing BP’s internal investigation of the Deepwater Horizon oil rig accident, culture, not process, is the essential risk management control. Most mid-sized to large enterprises have a solid corporate culture, but even the very best usually have functions, business units, factories, or geographic operations that present a substantially higher risk of misconduct, accidents, or quality failures than the rest of the enterprise.
…And They Need a Strong Culture to Protect Them
The good news is that you can measure your corporate culture and identify those pockets of exposure before they create serious problems.
Hundreds of companies have asked us to assess aspects of their culture, and we have surveyed about half a million employees in the process. A few truths present in every case:
- Employee discomfort in speaking up is a leading indicator of compliance failures and is strongly correlated with certain facets of overall business performance;
- The vast majority — 85% — of employees don’t believe it is their job to follow their quality management systems, even when the quality system specifies their personal role; and
- Most employees do not share bad news and negative feedback because they fear it will affect their careers, with the typically employee noting that he would allow up to $10 million in corporate earnings to be destroyed to avoid reporting bad news or negative feedback.
WikiLeaks and the recent spate of corporate accidents and quality failures create a burning mandate for companies to start measuring, examining, and actively managing their cultures. Tone at the top is very important, but it is insufficient to inoculate the organization against the pockets of disease that invariably break out and quickly spread to the public domain — with e-mails, memos, and video-clips from employee smart phones to fuel the news stories. The old adage, you can’t manage what you can’t measure, applies to culture too.
CEB’s RiskClarity Service will enable you to measure and manage corporate culture. The tool helps companies tackle cultural problems head on by: 1) identifying potential culture risks; 2) benchmarking results across peers; 3) analyzing findings down to the business unit level; and 4) determining actionable solutions. To learn more about using our Cultural Diagnostic at your organization, please contact me.