Board supervision

Getting Serious About Corporate Misconduct

by Marc J. Epstein and Kirk O. Hanson

The pattern has repeated for decades. Corporations set high ethical goals, hire compliance staff, make all the right noises—and then misconduct harms or even destroys the company.  What are we doing wrong in battling corporate legal and ethics failures? What structural changes could make a real difference? 

Corporate boards and CEOs talk about business ethics and reducing corporate misconduct. They sometimes voice their concerns and try to develop approaches that might work. Yet it seems that every day there is a new corporate scandal that headlines the news—and, board members worry that the next one will be at their company. 

For decades, CEOs have made clear statements about the importance of acting more ethically and responsibly. There have been extensive changes in government regulations, and corporations have invested in mandatory corporate ethics training programs and hired Chief Ethics Officers. Business schools have long included ethics and corporate responsibility programs in their required curriculum. 

None of this seems to have made a difference, however. Business ethics have not improved, and we still have as many corporate ethics violations as ever. 

We have spent most of our careers working on questions of business ethics and responsibility. Regretfully, we have to admit our efforts and those of so many others in the business world have failed to reduce the plague of repeated misconduct. We have taken a hard look at what has been done to address the problem, carefully examined what has been at tempted to date—and why it has failed. 

In our new book, Rotten: Why Corporate Misconduct Continues and What to Do About It, we examine in depth why corporations misbehave. We conclude there are some things that can be done now to change the sorry record to date, but the way corporations  and society view ethics, compliance, training, and responsibility must change dramatically. The damage done by corporate misconduct is significant and growing. Billions of dollars of investor money have been lost due to fines, lawsuits, and stock market reactions. Consumers have been mistreated, injured, and had their lives disrupted. Employees have been abused and lost their jobs (and some have lost their lives). In its various forms, corporate misconduct has imposed significant costs on people, communities, industries, economies, and on the corporations themselves. 

People, corporations, and systems can work effectively to be ethical and responsible. They just need a reframing and retrofit to succeed. 

Too often, we hear that greed and misconduct are simply unchangeable features of capitalism. We hear that people, the organizations, and the system are all corrupt. We think otherwise. While the efforts of the past 50 years have indeed failed to stem the tide of corporate scandals, business ethics can be improved significantly through a radical reexamination, rethinking, and redesign of the way people and companies approach the challenges of creating and sustaining corporate integrity. 

We are strongly convinced that the people, corporations, and systems can work effectively to be ethical and responsible, and just need a reframing and retrofit to succeed. Three specific explanations for the ethical failures of businesses are often provided. Some people are bad. Many argue that blame should be focused on the schools, families, and churches that have failed at teaching the ethics necessary for responsible adults. Thus, there is little that companies can do with employees that lack the required ethical foundations. We call this the “Bad Apple” theory. 

Some companies are bad. Others argue that it is less the fault of the individual employees, but rather of incentives, rewards, performance evaluation, governance, and control systems that permit and sometimes even encourage unethical behavior. We call this the “Bad Barrel” theory. 

The economic system itself is bad. Still others suggest that particular industries, geographies, or marketplaces are so corrupted that it is difficult for ethical people or companies to survive unless they adopt the corruption around them. We call this the “Bad Orchard” theory. 

While there are indeed “bad apples,” “bad barrels,” and “bad orchards” in virtually every business sector, there are ways to manage each and improve corporate behavior—if we are ready to take a significantly different approach to doing so. 

Without a major rethinking of what is needed, eye-opening corporate scandals will continue and the human and economic damage done will increase.

Companies need a greatly enhanced level of commitment. There will always be pressures and incentives on corporate leaders to act in ways that favor short-term profits over long run sustainability. While some executives and employees will be able to resist the pressure to misbehave, others will compromise their standards at the slightest hint of pressure or potential embarrassment. Some will adopt clear ethical principles for their organizations, and others will reduce ethics to compliance, even blaming their own misconduct on poorly written laws and regulations. There are actions that executives, boards, and companies can adopt to create structures less likely to experience misconduct in the future. Some of these approaches are new, while others address how companies need to strengthen existing practices. 

Companies may be quick to say they are already doing all these things. Most corporate efforts have been limited to the standard ethics and compliance practices. They have also frequently been badly designed or implemented in a half-hearted way. We propose a new approach, involving leadership commitment among top executives and boards, along with the necessary supporting systems and structures for effective implementation. 

Defining a new approach to creating and implementing corporate purpose.

The 2019 publication of the Business Roundtable Statement on Corporate Responsibility shows the central weakness of corporate ethics efforts. The general and ambiguous commitment to consider all stakeholders allows companies to operate as usual without requiring any new actions. The new definition of corporate purpose must explicitly state the social purpose along with other purposes and, most importantly, provide a plan for implementation. 

This corporate purpose must be well communicated, and leaders must assure that business strategies and actions are clearly and explicitly aligned with that purpose and its ethical commitments. Few companies have taken this step of connecting strategy explicitly to corporate social purpose by creating formal processes (including management control systems, structures, procedures and accountability) to make it happen. Proposed business strategies should identify the risks that may frustrate the company’s stated social purpose, or violate the rights or interests of one or more stakeholders. 

Setting a new tone at the top through genuine moral leadership.

A new approach to corporate leadership and communication, a new tone-at-the-top, is needed. Most CEOs are not seen by their employees as the moral leaders they imagine themselves to be.  The company that is obsessed with growth and profit margins, and incidentally states that it wants integrity, is vulnerable to misconduct. In many companies, the predominant view is that management is focused only on following the letter of the law, or on not getting caught. 

After the Wells Fargo crisis was disclosed, the CEO said that “the culture of the company is strong and based on ethics and doing what’s right.” This led to members of the U.S. Congress to suggest he was “tone-deaf and in denial.” Boards must hire CEOs who understand, articulate, and are consistent on the importance of corporate purpose and ethics. 

Ensuring that ethical implications are always a part of decisions.

"Macro-ethics” issues are the ethical dimensions of major and minor strategic decisions the company makes—new products and markets, new financing instruments, mergers and acquisitions. These decisions often have significant ethics implications or risks. Yet often there is no one at the table whose role is to raise those issues or suggest how to implement the decisions in ethical ways. Ethics should be at the table whenever a major initiative is being considered. Scanning for ethics risks and implications should be part of the analysis for major decisions. 

Ensuring a transparent and safe environment for communication.

Boards must ensure that company leaders create an open, safe culture where employees can raise unresolved questions about the application of the purpose and goals to their own work, and about directives given to them by supervisors in their chain of command. Often, employees have concerns about a questionable directive they receive, but feel compelled to suppress their ethical qualms for fear of angering their boss or even losing their job. Company non-retaliation policies are often of limited credibility to employees, who know there are many subtle ways to retaliate against the employee who raises a difficult ethical question. 

Assuring that incentives and systems are based on core values.

Board members should ensure that company leaders develop incentive programs, systems, and routines in the company that contribute to the company’s purpose and its ethical commitments.  Goals should be challenging, but not so challenging that they encourage unethical behavior, or inadvertently signal that employees are to meet the economic goals at any cost. 

The design of formal systems and processes have the same risk: they may facilitate or frustrate the achievement of purpose and ethical behavior. Infor mal incentives must also be monitored very carefully.  Enron, for example, was widely praised for years for its “out of the box” financial thinking. This eventually led to fraud and to the largest bankruptcy in U.S. history. 

New techniques to anticipate ethics impacts and risks.

The achievement of social purpose and the management of ethical behavior in the corporation require a new approach to ethics risk analysis.  Formal ethics scanning should be adopted to evaluate all proposed products, services, technologies, policies, and marketing campaigns. When companies fail to scan (or to act on what they learn), there are often ethical, legal, and financial responsibilities.  The ethical performance audit, ethical risk audit, and “Sin-dex” should be conducted by corporate leaders, and be a part of the regular evaluations that board members review. 

Increasing board accountability for corporate purpose and ethical behavior.

Many boards pay little attention to the social purpose or ethical behavior of the corporation. A new philosophy of board responsibility, with the board responsible not just to the shareholders but to the corporate purpose itself, is emerging. The most effective boards review and affirm the corporate purpose, how management plans to balance that purpose with economic goals, and how management will create a culture which can serve all stakeholders. 

Reforming current ethics and compliance programs.

Corporate leaders must commit to the reform and improvement of their standard, ineffective ethics and compliance practices. Boards must also improve their own ethics practices by assigning ethics performance and risk to a committee of the board. Their responsibilities should include the re view of ethics and compliance violations, the review of stakeholder surveys related to ethics and culture, and reviews of ethical performance and risk audits. 

There are three tools for evaluating ethical risk and performance: the ethical performance audit, ethical risk audit and the “Sin-dex.” 

Are particular companies prone to misconduct and scandal? Can we predict whether a company we are about to go to work for, do business with, or invest in, will engage in bad behavior? Here are three tools to help answer these important questions. 

  • The Ethical Performance Audit is backward looking, an evaluation of a company’s past ethical performance and capability. What has been the company’s record of ethical performance in the past?  What is the current strength of the company’s efforts to manage ethical behavior?  An ethics audit should include three important components. Measures of past and current ethical and social performance; strength of its corporate culture and systems, and; attitudes and opinions of the employees, and their reports of ethics problems. 
  • The Ethical Risk Audit is forward looking, identifying companies that are likely to engage in misconduct and what type of misconduct may occur.  It evaluates whether the company is crisis-prone or crisis-prepared. Taking past performance and current capability into account, this audit assesses the risk of future ethical violations.  An ethical risk audit investigates and assesses the likelihood that a company will be faced with a future scandal. As a part of both improving corporate conduct and reducing corporate ethical risk, an examination of red flag warnings is often very helpful. 
  • The “Sin-dex” helps with both the processes of looking back and looking forward. It measures which scandals or incidents of misconduct are the most serious. It can also aid the company’s own efforts to evaluate ethics risk by anticipating how serious a specific type of ethical failure might be. It measures the severity and impact on the company’s various stakeholders of both past and potential future issues and activities. Both actual or potential damage and the degree of intentionality that motivated the behavior are included in the evaluation. A rating of 0 to 10 can be used to evaluate likely impact of any incident on both dimensions. 
  • The evaluation of ethics risk is becoming a core skill for any successful company. These three tools are immediately useful for companies that want to improve their management of ethics and compliance and reduce their risk of misconduct. The tools can highlight areas of ethical performance that need to be strengthened and help companies track improvement over time. They can also identify the riskiness of new areas of business and new strategies being pursued. 

Such tools are useful for others as well. Investors have a significant stake in the ethics of the companies in their portfolios. Incidents of misconduct can impact stock price, weaken the confidence of employees and other stakeholders in the company, lead to a drop in sales, and make government permits and approvals harder to obtain. The tools are also useful for current and potential employees. There is increasing evidence that employees take a company’s values and ethical commitments and record into account when seeking employment. 

What should boards do now? Improving corporate ethical performance and reducing the likelihood of corporate misconduct is achievable, but it requires new initiatives, as well as improvements to the standard corporate ethics programs common in companies today. 

CEOs who think that making a token statement or even a strong proclamation on the importance of ethics will make a difference are badly mistaken. An entirely new approach is needed—or the sorry litany of corporate misconduct will continue. 

Board members should ensure that corporate leaders are designing systems that encourage the ethical behavior, and discourage and constrain unethical behavior. When systems become dysfunctional and violations do occur, immediate and decisive action must be taken. 

Individuals and companies have shown evidence of moral decay since the beginning of time. Sometimes it may be the slippery slope, sometimes it is negligence, and sometimes it is intentional. We had hoped that with an increase in ethics training programs over the past fifty years, the appointment of Chief Ethics Officers in most large corporations, and the spread of information through mobile devices would have brought a marked decrease in ethics violations. We were wrong. 

It is critical that board members ensure that corporate leaders implement corporate systems, incentives, governance, and management controls to improve corporate conduct. The red flag warnings should be top of mind as they oversee the appropriate governance mechanisms to reduce corporate exposure to corporate misconduct and violations. 



Boards Can Make A Difference Improving Ethics At Your Company 

Oversee the creation and implementation of corporate purpose that transcends short-term profits and shareholder wealth alone. 

  • Hire a CEO and senior executives who understand that the company must have a broader purpose, and who communicates it effectively and widely. 
  • Ensure that ethics and purpose are included in the analysis of all major board decisions. 
  • Monitor culture and processes for open and safe communications regarding any misconduct by anyone. 
  • Check that incentive, rewards, and other systems are aligned with purpose and ethics. 
  • Review the results of the ethical performance audit, ethical risk audit, and Sin-dex to evaluate past, present, and future ethical performance, and hold leaders accountable for ethical performance. 
  • Include ethical considerations in topics at all board meetings to increase board accountability for purpose and ethics. 
  • Reform existing ethics program practices on the board by assigning ethics performance and risk to a committee of the board whose tasks include the specific review of various reports and analysis of culture and ethics performance and risk. 

Watch For Red Flags: Signs Of Ethical Dangers In A Company 

  • Company record of repeated misconduct. The company has offended repeatedly, and likely has a culture of disregard for ethics and standards. 

  • Industry record of repeated misconduct. Whether the company has repeatedly offended, its competitors have, thereby putting pressure on this firm. 
  • Imperial CEO. He or she cannot be challenged; image as a “star” insulates him or her from criticism or close scrutiny; board just cheers at board meetings. 
  • A star system for promotions. Most highly valued executives take big risks and have big wins; employees are either “stars” or “losers.” 
  • A culture of secrecy. Information is held very tightly.  Even within the company, secrecy and distrust predominate. 
  • A workaround culture. The company expects goals to be achieved no matter what; “don’t tell me how you did it, just do it.” 
  • Betting the farm. Company success is dependent on one product or technological breakthrough; the company cannot survive missing a deadline or failure of a key product. 
  • Financially distressed. The company is on the ropes financially; the CEO’s job is on the line if the company misses even a quarterly target. 
  • Lack of oversight. The board is not competent to provide oversight or is not engaged in active oversight; often composed of celebrities, of CEO friends, etc. 
  • Company operates in bad orchards. The company is active in localities rife with misconduct; concern whether an ethical firm can successfully compete there.


Mark J. Epstein is the former Distinguished Research Professor of Management at Jones Graduate School of Business at Rice University in Houston and was previously professor at the Stanford School of Business and Harvard Business School.

Kirk Hanson is a senior fellow and the former executive director of the Markkula Center for Applied Ethics at Santa Clara University.

This article originally appeared in The Corporate Board and is republished with permission of the authors.



Board composition +
Strategy & innovation +
Board supervision +
Culture +
Team building +
Compliance +
Leadership +
Risk management +
Exec. evaluation & comp +
Cyber security +
Corporate Governance in the Age of Cyber Risks
In collaboration with RANE (Risk Assistance Network and Exchange)
Featured +

Your library is currently empty. Browse the Boardspan Library to get started.

We use cookies to personalize content and to provide you with an improved user experience. By continuing to use this site you consent to the use of cookies.
Please visit our cookie policy for further details.