Soft internal controls?
Soft controls are intangible controls such as morale, ethical climate, empowerment, competencies, openness, shared values, and, of course, the Big 3: Leadership, Trust, and Integrity.
“How often have you heard of organizations referred in terms such as[1]:
- Having a pervasively toxic and dysfunctional atmosphere?
- Depicting a mentality of ‘do as I say, not as I do?’
- Following a tone at the top that talks the talk but does not walk the walk?
- Demonstrating an entity wide ‘cover yourself’ mindset.”
Perhaps your organization is struggling with some of these questions.
If you are like many in today’s business environment, just hearing these descriptions will make your shoulders tighten and your stomach churn!
None of us wants to join the ranks of those that have been done in by lagging ethics and a weak corporate culture.
I find it ironic that internal controls related to these types of settings are labeled “soft.” Actually, there is nothing soft about either working under, or trying to improve, such circumstances. This is hard stuff—very hard.
Improving soft controls requires aligning culture to mission, acknowledging the impact organization design on risk, as well as transparency and consistency of communication. Successfully managing soft risks may have benefits both internally and externally.
Why am I so passionate about this subject?
I have firsthand experience of the importance of soft controls and why relying on hard controls is not sufficient. I learned the hard way that hard controls can provide a false sense of comfort.
The company I was managing was accused of serious FDA violations. I believe that inadequate soft controls led to the criminal investigation of both the company and several executives including myself.
I have had plenty of time to pose the question: How could a well-established medical device firm with a strong regulatory and compliance organization face criminal charges? The simple answer is that greater attention should have been placed on soft controls.
When most people think of criminal defendants, they picture someone who has intentionally broken the law. Many are not aware that corporate leaders can face criminal prosecution in instances where they did not know—but should have known—about criminal activity in the company. My belief is that the real risk lies with corporate culture, how we manage, communicate and “walk the walk.” These are classic soft controls. While having a strong regulatory and compliance department is a prerequisite, it is simply not enough to adequately manage company and personal liability.
Yes, it can be a crime to be unaware of what is going on inside your organization. Many are not aware that corporate leaders can face criminal prosecution in instances where they did not know—but should have known—about criminal activity in the company. I saw firsthand what can happen when things go awry under our leadership, something I address further in my book, Going Om: A CEO’s Self-Discovery Behind Bars. The company and me, personally, paid a huge price. I still have the scars on my back from that experience.
The Volkswagen emissions scandal otherwise known as “emissions-gate” is a great example. Their company’s formal governance structure was seemingly strong, but the informal communications and the resulting management behavior created a culture that was almost diametrically opposed to its stated values.
Had focus been placed on evaluating soft control gaps between the stated corporate values and the values that were practiced in reality, this might have been identified and addressed well before things got out of hand.
