Managing Organizational Integrity Risks

 

Managing Organizational Integrity Risks

Thursday, August 4th, 2016 - 11:30
Thursday, August 4, 2016 - 10:34
With the release of the IBM Center report, Ten Recommendations for Managing Organizational Integrity Risk by Dr. Tony Molina, Kent State University, we aim to help federal managers meet the requirements of A-123 by providing them with a better understanding of organizational integrity risks (e.g., reputational risk) and offering approaches they can use to effectively manage those risks.

Risk is unavoidable in carrying out an organization’s objectives. Whether government agencies or private sector hospitals the work they do -- providing services to people -- is always surrounded by uncertainty.  While organizations cannot respond to all risks, one of the most salient lessons from past crises and negative reputational incidents is that both public and private sector organizations would benefit from establishing or reviewing and strengthening their risk management practices.

Agencies are well advised to work to the greatest extent possible to identify, evaluate, and manage challenges related to mission delivery and manage risk to a tolerable level.  In fact, the Office of Management and Budget (OMB) has recently issued an updated Circular A-123 to ensure federal managers are effectively managing risks agencies face toward achieving its strategic objectives and arising from its activities and operations.

With the release of the IBM Center report, Ten Recommendations for Managing Organizational Integrity Risk by Dr. Tony Molina, Kent State University, we aim to help federal managers meet the requirements of A-123 by providing them with a better understanding of organizational integrity risks (e.g., reputational risk) and offering approaches they can use to effectively manage those risks. Integrity risks are of central concern to managers at all levels of government because a lack of trust in public institutions’ integrity erodes their ability to perform effectively.

Defining Integrity Risk

Organizational integrity is defined as an organization func­tioning consistently with the purposes and values for which it was created. There are two types of integrity issues an organization must monitor:

  • Integrity violations are actions on the part of organizational members that undermine organizational integrity.
  • Integrity risks consist of conditions and behaviors that increase an organization’s vulner­ability to integrity violations.

Effectively managing integrity risks involves identifying and mitigating the factors that contrib­ute to them, including:

  • The organization’s ethical climate
  • Perceptions of unfairness in how employees are treated
  • Responsibility diffusion
  • Role conflicts
  • Performance management

Elements of an Organizational Integrity Systems

An organizational integrity system incorporates the following:

  • Compliance-based tools focus on control mechanisms that are used to ensure legal compli­ance through upholding codes of conduct, monitoring employees, reporting procedures, and enacting disciplinary measures.
  • Values-based tools are directed toward ensuring that the organization’s core values are reflected in the day-to-day activities of the organization.

The key to effectively managing and promoting integrity within an organizational culture is to strike the right balance between these two tools. To illustrate the use of these tools, this report presents case studies that examine the integrity systems at four large healthcare organizations:  

  • Cleveland Clinic
  • Mayo Clinic
  • Veterans Health Administration, Department of Veterans Affairs
  • Military Health System, Department of Defense

In the cases of Cleveland Clinic and Mayo Clinic, well-integrated systems of compliance and values-based tools are highly successful in creating organizational cultures that promote integrity. As a result, both organizations have a clearly defined sense of purpose around which their resources are marshaled, and core values are effectively integrated into daily routines and practices.

Effectively managing organizational integrity risks requires using the right combination of compliance-based and values-based tools. Because this combination must be suited to the particular institutional context, there is no “one-sized-fits-all” approach.

Ten Recommendations for Managing Organizational Integrity Risks

The fol­lowing recommendations can help to create an organizational culture that supports integrity:

  1. Balance emphasis on rules and sanctions (compliance-based tools) with values-based tools.
  2. Ensure that all members of the organization understand that they have a responsibility to promote integrity.
  3. Implement integrity initiatives in terms of concrete behaviors.
  4. Explicitly incorporate values into decision-making processes.
  5. Provide ongoing training for integrity-related practices.
  6. Ensure alignment of the formal and informal elements of organiza­tional culture.
  7. Facilitate open communication about integrity-related issues and recognize and reward ethical conduct.
  8. Provide a mechanism for members to consult about integrity-related issues.
  9. Conduct systemic integrity risk assessments on an ongoing basis.
  10. Ensure that performance management systems are in alignment with the organization’s ethical goals.

This report continues the IBM Center’s long interest in risk management This report serves as an excellent companion piece to recent IBM Center reports which examined other aspects of risk man­agement that can help government agencies.In his report Managing Risk, Improving Results: Lessons from Improving Government Management from GAO’s High-Risk List, Donald Kettl examines the types of risk identified by the Government Accountability Office and how agencies can more effectively guard against such risks.In their report Improving Government Decision Making through Enterprise Risk Management, Doug Webster and Tom Stanton discuss how agencies can more effectively deploy and use an enterprise risk management approach.