The Voice of Ethics. Is it the Role of Legal, Compliance, Internal Audit, or Others?

Norman Marks, CRMA, CPA, is a vice president for SAP and has been a chief audit executive and chief risk officer at major global corporations for more than 20 years.


A provocative piece in ComplianceEX (which considers itself a “news and idea exchange for compliance, legal, regulatory, risk and audit professionals") caught my eye. The title is Competing Agendas: Senior Management Must Clarify Compliance Officer, General Counsel Roles.

The theme is that the responsibility of the company’s chief legal officer (often referred to as the general counsel) is “guiding the company according to appropriate legal standards, a primary consideration of this function is the legal defense of the company, and often its directors and officers”. The author asserts, as do many compliance practitioners, that this can interfere with and even conflict with the responsibilities of the chief compliance officer. The author points out that in most companies the chief compliance officer reports to the general counsel, which can create a problem.

The recommendation is that the compliance officer should have “independence, authority and access to the board.”

But if the general counsel is focused on “legal defense” and the compliance officer is focused on complying with the letter of the law (and regulations), who speaks for ethical practices? Who makes sure the firm acts with integrity?

The author gets part of the way to the solution when she says: “The firm needs to set the tone…They need to communicate that what’s required are people of strong moral fiber, excellent and extensive experience, who understand that their mandate is to prevent the firm from getting too close to the line, whether the firm goes over it or not.”

Ethical practices dictate going beyond the letter of the law to complying with its spirit. It means complying with what is expected by society from the firm.

Complying with the letter of the law and acting with a solid legal defense is not the path to long-term success. When actions that are legal but not ethical surface in the news or social media, the reputation of the organization will suffer.

Do you remember the scandal faced by Nike over the use of child labor by its suppliers? Although Nike was able to address the issue and rebound, what company wants to find itself in the news today — with the news (accurate or not) moving across the world at the speed of a tweet?

So who is responsible for the organization acting with integrity? Everybody, from the top of the house on down.

And that includes the general counsel and compliance officers, who should not be satisfied with ensuring legally defensible compliance.

Where does the internal auditor fit in all this? The auditor should be ready to communicate to the appropriate manager of board member any unethical act – even if, or perhaps especially if, it happens at the top. When top managers act without regard to what is right, how do you think their employees will behave?

I welcome your comments.

Posted on Aug 25, 2012 by Norman Marks

Share This Article:    

  1. Norman! Thank you for hitting every single note in perfect pitch for what to me is a symphony of courage! In our current corporate world seldom do folks speak of much less hold the 'line of integrity'.  I have been in my own consulting and training business for the last 30 years teaching from the board room to the factory floor simply...tell the truth.  You have told the truth in your article in a lovely format. 

    Thank you again!

Leave a Reply