Moral leadership: a balanced set of controls

Many have argued for a better morality of companies and their directors, managers and employees. It is our opinion, however, that a better morality is not simply translated into more and improved �rules�. Moral leadership asks managers to review what the company�s morality entail and shape the company based on this. The challenge is to implement a balanced set of controls.

Many government leaders and supervisory bodies have recently highlighted the importance of a good relationship between market and morality. An improvement in the morality of market parties is an essential condition for economic recovery. With this in mind, companies need to accept their moral responsibilities as government control and tightened supervision of companies is not the only remedy. The question for companies is, therefore: What exactly is the morality of a company and what do these entail? This question has been answered differently over the last decade. We would like to distinguish between three periods.

Company code

For a long time it was thought that the morality and ethics of companies could be captured in a company code, so the company�s ethics could be literally read. The company code records what its responsibilities to the various stakeholders are, as well as the internal values and norms it has defined for itself.

An increasing number of companies have developed their own code over the last forty years. KPMG research among the Fortune Global 200 shows that of these companies only 3% had a code in the early seventies. This percentage increased at the beginning of the nineties to 14% and currently 86% have a code.

However, as more companies developed their own codes (and also started to resemble each other in other aspects), the codes lost their meaning. The change in thinking started early this century when it became clear that companies with large-scale accounting fraud did in fact have appealing codes. A company such as Enron had a beautiful code, over sixty pages, forbidding every type of fraud. But what is the use of a code if the conduct of the directors and top managers is contrary to that code?

Compliance programmes

This started a second period from which the ethics of a company can be read; not so much that the company code was relevant but how the company code was introduced. That is why, over the last couple of years, legislators, branch organisations and supervisory authorities stimulate companies to take measures to introduce codes. The creed is �put your money where your mouth is� as the scope of such compliance and ethics programmes shows the morality and ethics of a company. Increasingly, the size of a sanction on a violation of the law depends on the scope of the company�s compliance programme.

Larger companies, especially, have undertaken a range of compliance measures over the last few years. At two-thirds of these companies their staff sign the code, three-quarters have their staff participate in ethics training, 56% conduct a periodical strategic risk analysis, 60% screen their suppliers on integrity, and 90% have a whistleblowing hotline for reporting misconduct.

But are we there yet? What do all these measures tell us? The financial institutions in the US that (almost) fell over the last year all had handsome compliance programmes. Signing a code is well-meant, but what is the meaning when it happens without thinking because there are already so many rules. Training is commendable, but what is the meaning when the executive finishes with the words: �So, now back to the real work?� As a result of this, we are now at the beginning of a new period.


The third period is that of actual company culture. When you want to assess and influence the behaviour of people within companies, you have to first look at the system of internal shared values, norms and responsibilities. Morality can not be read from a code or compliance programme, but from the real intentions and behaviours of directors, managers and employees. What values and norms do they themselves have? What do they find important and what are their motives? What moves them?

In the coming period company culture will take an important place in the control and monitoring of companies. The question companies have to answer is therefore: What exactly is a company culture of integrity? Companies need to establish how to anchor this in the company and how the company can account for this to the supervisory authorities and stakeholders.


What characterises a company culture of integrity? To start answering this question we, as KPMG, initiated a project last year with the name Hypegiaphobia, a term defined as the fear of taking responsibility. Together with companies, supervisory authorities, politicians and civilians we have looked at how taking responsibility within and outside organisations is stimulated. This, amongst other things, is realised through a better balance between rules and trust. We have looked at the possibilities to stimulate self-regulation, other than through introducing greater laws and legislation. From the examples we have gathered from companies who promote self-regulation innovatively and effectively, we have distilled the common characteristics, the so-called �Trust Rules�, into principles to organise trust.

What are the common characteristics of a company culture of integrity in which trust rules? We name a few:
  • There is an alignment between the values and norms of directors, managers and employees, the content of the company code and the legitimate expectations of external stakeholders;
  • The company strives for a balance between individual interests, company interests, the interest of external parties and society�s interests;
  • Directors and managers show a good, captivating, example;
  • Directors, managers and employees, give, get and take responsibility and can be held accountable for this;
  • There is an openness to discuss moral questions and dilemmas amongst each other;
  • There is no blind trust, but informed trust;
  • The misuse of responsibilities is punished and one learns from mistakes and transgressions; and
  • The factors that determine status and success within the organisation (and the perception thereof of directors, managers and employees) correspond with the desired values;

  • Development

    Based on the changes in the market as perceived by us (meaning: what stakeholders expect from companies and what these companies actually do), we foresee in the future, amongst other things, the following four developments:

    Soft controls as basis for hard controls. An expected development is that control measures that concern company culture (also called soft controls) will determine the additional hard controls. This is exactly the opposite of the usual scenario whereby soft controls were only used when hard controls were insufficient. Some companies already experiment with this to also reduce the cost of compliance. Therefore, a better balance between rules and trust will come into being; a balance which will not only lead to a better company culture, but also to more flexibility, more innovation, lower costs and more entrepreneurship.

    Update and upgrade codes and mission statements. As mentioned previously, company codes have resembled each other more and more over recent years. Therefore, many companies do not use the possibility to express their identity through their code. It is expected that many companies will readjust their code and provide it with a new zest. Furthermore, it is also expected that mission statements will come higher on the agenda. The question already arises within the financial sector: What exactly is a bank? Also, within other sectors (and in particular, those sectors that are under fire) the question will arise: What are the grounds for existence, the licence to operate and the guiding motive of the company?

    The effectiveness and efficiency of compliance programmes. Less of the actual breadth and scope of compliance programmes � the measures a company takes � will be on the agenda in the coming years, but more the quality and effectiveness of those measures. Do whistle blowing procedures make people feel secure enough to expose offences? Are reports being dealt with adequately and do people learn from their offences? Compliance programmes will also be more risk-based; measures are primarily taken based on identified relevant risks, whereby the risks are matched to the mission, the company code and the applicable law and legislation.

    Monitoring and justifying of company culture. Monitoring of culture will become increasingly important. Supervisory authorities will demand it. For companies it is important to research what the desired culture is, how to translate this into measurable criteria and how these can be measured periodically and become part of the cycle of planning and control. On the one hand, these soft controls will be measured separately (as the so-called entity level controls) and on the other hand they will be integrated into the existing risk assessment and audit programmes at process level.


    Moral leadership concerns the implementation of a balanced set of controls. It concerns the correct balance between soft controls (aimed at the company culture) and hard controls � the rules, procedures and systems. The challenge is therefore to have efficiency, ethics and effectiveness going hand-in-hand.

    Rob Fijneman, Muel Kaptein, Edo Roos Lindgreen and Philip Wallage are partners, associated with KPMG and work in the field of governance, risk and compliance. They are also all associated with various universities as professors.