Corporate Integrity – A booster shot for survival

Q: What are the main risks that can impact the long-term success of organisations?
A: Bribery and corruption, like fraud, can spike during extraordinary events such as natural disasters, wars and pandemics, and result in disruption to normal business and individual activities.

Every organisation should have a ransomware incident response plan in place and it should be regularly tested, reviewed and updated. This plan must include the roles and responsibilities of all stakeholders including IT, legal, compliance, human resources, operations, communications, end users and so on.

A complex regulatory environment exerts pressure on businesses to take risks to make short-term profits and compromise on long-term value. To guard against this, organisations should adopt environmental, social and governance (ESG) commitments.

Q: Do additional checks and balances have to be adopted by companies in stressed operating environments?
A: In the future it will be necessary for employees across roles to be more aware of the dangers of accounting, and reporting fraud and manipulation.

Boards, audit committees and the management, must analyse and continue to monitor, as well as implement essential controls such as division of responsibilities or system access. These may be compromised in a virtual work environment or as a result of workforce displacement and disconnected procedures.

Q: How does a company maintain corporate integrity, and generate long-term value for communities and other stakeholders, against the current macroeconomic backdrop?
A: Corporate integrity and long-term value are interrelated where integrity and trust are built over time, and long-term value is enhanced by maintaining ethics and truthfulness.

Organisations need to maintain these standards especially during challenging conditions, and they must be seen by communities and other stakeholders as upholding values. This is something we reiterate in our conversations on ESG.

Companies must embed proactive ESG thinking into their strategic plans and day-to-day operations. Some questions that need to be asked include: how does our strategy affect the environment, society and stakeholders; and how do we minimise the negative impact while maximising returns to all stakeholders.

Impact needs be monitored, measured, reported and audited. By enhancing the commitment and communication of ESG practices, corporates will be able to witness clear market advantage over their ‘browner’ peers.

Performing proportionate risk-based screening on new third parties on a consistent and robust level that’s in proportion to the level of risk, will identify and assess possible legal, reputational or financial risks.

Risk ranking of third parties according to the organisation’s risk appetite and integrity agenda will determine the level that an enterprise is willing to accept.

Appropriate action such as the addition of specific contract clauses, must be taken to mitigate any red flagged risks during due diligence before engaging a third party. Be prepared to walk away if the risk cannot be adequately mitigated.

Q: How should organisations that operate in emerging markets damage proof against risks?
A: Businesses in emerging markets are making concerted efforts to reduce misconduct through various steps such as putting corporate integrity high on the management agenda, encouraging employees to blow the whistle on misconduct, increasing the focus on cyber and data protection, and addressing third party integrity issues.

Talking about corporate integrity is a good start because it helps to build a culture of trust and honour across the entire business. Cultivating a ‘speak up’ and ‘active listening’ culture is a key sign of how deeply ingrained integrity is. It is crucial to establish efficient mechanisms to prevent individual employees from disclosing problems to regulators, enforcement bodies or the media.

Currently, data protection is a top priority in the corporate environment and businesses need to implement protection strategies and policies in accordance with the Personal Data Protection Act, No. 9 of 2022.

Appointing a data protection officer and continuous monitoring through regular audits can minimise noncompliance with regulations.

Furthermore, companies need to use the latest technology and techniques to assist in the detection of problems, and enhance vigilance since attacks can trigger externally (cyber attacks) or internally through data leakage and insider threats.

Attempts by businesses to increase their integrity will be undermined if their third parties are involved in poor conduct such as exploiting loopholes, paying bribes, employing child labour, creating fictitious stockout situations, piggybacking on slow-moving stock-keeping units (SKUs), selling counterfeit items or getting kickbacks from distributors in exchange for favoured contractual conditions.

Therefore, conducting proper due diligence before onboarding a third party vendor is crucial to mitigating long-term risks. It is necessary to check whether the third party has adhered to regulatory requirements, and determine if there are negative reports, any involvement in litigation, loan defaults, bankruptcy, regulatory noncompliance and criminal activity.

Q: How has EY Forensic & Integrity Services helped organisations cushion themselves against risks?
A: Risk management is crucial in a global firm especially in today’s multi-jurisdictional regulatory environment. Fraud, unethical business practices and compliance issues may arise practically everywhere and the repercussions have never been more severe.

EY Forensic & Integrity Services works with companies to design and help implement their integrity agendas, define their desired outcomes and measure their progress. EY teams can provide the people, technologies, processes, tools and insights that will help instil a culture of integrity in the business.

– Compiled by Yamini Sequeira


Hiranthi Fonseka
Partner – Ernst & Young

Jude Fredrick
Consultant – Forensic & Integrity Services, Ernst & Young