In this special feature, EPA Chair Cheryl Batagol PSM, outlines how organisational culture can build corruption resistance, and how ownership, oversight and assurance provide three lines of defence in protecting organisations against fraud and corruption. This article is a summary of a presentation provided to Protected Disclosure Coordinators, working in Victoria’s public sector.
Culture may be understood as the shared values, norms and expectations that guide people in how they approach their work and interact with each other. Put simply, culture is the way we do the things we do.
Organisational culture is at the very heart of any defence against corruption. While developing culture is often considered to be part of a ‘soft’ skill, in my experience, nothing is further from the truth. Developing a healthy organisational culture is crucial to successfully managing risk. And it is our values, integrity and ethics that are the framework for organisational culture.
The three lines of defence against corruption have organisational culture at the heart.
When I arrived at Environment Protection Authority Victoria (EPA) as its new Chairman in October 2009, a draft report from the Victorian Ombudsman, Brookland Greens Estate - Investigation into methane gas leaks was waiting for me.
Brookland Greens is a housing estate in Melbourne’s south east built within metres of a former landfill. In September 2008, emergency management arrangements were implemented in response to advice from the EPA that the landfill represented an imminent danger to the estate’s residents. Residents were advised to consider evacuating their homes due to the danger of methane gas being generated within the landfill contents. In some houses methane was detected to be at explosive levels.
Fortunately, no-one was injured, however the residents' lives were badly disrupted, their home values affected and there was widespread and significant anxiety. The Ombudsman found that EPA Victoria as well as the landfill operator had failed in their statutory duties at a number of levels and over many years.
While this example does not concern corruption, the Ombudsman’s report highlighted issues regarding EPA’s culture which had led to the failure of its statutory duty, noting “decisions (are) made at higher levels of the organisation and minimal responsibility given to lower level staff.”
This prompted me to ask the EPA executive team whether culture within the EPA had been measured, if so how, and what were the results. It was clear to me that at the time of this incident (around 2007), EPA employees were very clearly approaching their work in ways that helped them to ‘stay safe’, but the organisational culture didn’t empower our people to be the best they could be, to innovate, to speak up, and to be able to constructively criticise.
EPA is a regulator, a service-based organisation and its people are its greatest asset. While a constructive culture enables us to achieve our organisational goals, it also delivers significant, important outcomes for our people who are tasked with fulfilling our statutory duties. Culture goes beyond supporting the work to grow and develop every staff member and maintain their personal satisfaction and integrity, our culture affects our people’s role clarity, their motivation to achieve the EPA’s goals, their job satisfaction and ultimately their intent to stay. Having the right culture at the heart of what we do is vital.
But let us consider an organisational culture where fraud and corruption might flourish. In an essay How to Harden Your Heart: Six Easy Ways to Become Corrupt, American philosopher Amelie Rorty begins by saying:
“Nothing is easier, nothing more natural than sliding down the slippery slope to corruption, and from there to the hardened heart that allows people to redescribe their wrongdoing so that they can accept it as reasonable and confirm it as justified.”
A constructive organisational culture reduces risk and is a critical input in risk management. A constructive culture is one where the employee gets satisfaction from their work, they are encouraged to be self-motivated, to innovate and to achieve results and are acknowledged when they do. If things go wrong, they are encouraged to reflect, identify the core problem and resolve it. There is support from the team and the broader organisation as well as the senior leadership. The organisation has many leaders who model these constructive behaviours.
Organisations with constructive cultures are more focussed on longer-term thinking, strategy. Creation and innovation are valued, and people and relationships are seen as vital elements in the success of the business.
Of course fraud and corruption can still occur, but the likelihood is significantly reduced. The norm is constructive, affiliative, encouraging, and there is opportunity for deep satisfaction from the work. Being outside this norm is much harder for any employee and it is more likely to be detected - and detected early - thus avoiding entrenching behaviours.
So, to return to my point; this demonstrates organisational culture is not a soft skill, but an absolute business essential that increases performance and productivity, and must sit at the heart of a risk management framework.
However, this is not enough. Let me return to the three lines of defence (see diagram above) that are critical to the identification and management of the risk of fraud and corruption.
These three lines of defence are:
- Ownership at every level within the business of what risks are and how they can be managed, risk and control process including risk policies are embedded, performance is regularly monitored and there is staff awareness and training, as well as knowledge of, and access to, grievance management system.
- Oversight of governance including risk and compliance policy review, business continuity, project risk, strategic risk movements and internal review of complaints/grievances.
- Assurance through internal and external audits, access to independent advice on management of risk and controls, use of data analytics and review of complaints system.
An important element in the defence process is the presence of internal and external reporters. Misconduct is much more likely to reported when the culture is a healthy, constructive one.
This control environment is business critical, must be owned from the top of the organisation and must be modelled and practised throughout, reviewed through internal audit and measured.
However, there is one final line of defence against fraud and corruption and that is the personal leadership of public sector employees. Everyone has leadership capacity that they can develop, hone and exercise. It is this leadership that our public sector needs.
Leadership capabilities include:
- cultivating productive culture and working relationships
- communicating with influence
- driving for outcomes, for results
- always exemplifying personal values such as integrity, resilience, courage
- shaping strategic thinking.
There is enormous public value in the development of personal leadership. I urge all public sector employees to think about their personal leadership, and to consider what leadership capabilities they have already built, and what capabilities can they build further? What more do you need to do?
Because ultimately, the last line of defence against corruption is the personal leadership we can all show.