Figure 7 1 COSO ERM Framework Source Enterprise

Figure 7. 1 COSO ERM Framework Source: Enterprise Risk Management – Integrated Framework: Executive Summary, Committee of Sponsoring Organizations of the Treadway Commission, September 2004, p. 5

TABLE 7. 1 IDENTIFICATION OF BUSINESS RISKS AICPA/ CICA* RISK FOCUS/CATEGORIES Company Objectives x Areas of Impact: Reputation Assets, Revenues, Costs Performance Stakeholders x x Sources of Risk: Environmental Strategic Operational Informational Financial x x Specific Hazards or Perils: Degree of Control over the Risk INSTITUTE OF INTERNAL AUDITORS x Lawsuits Fire Theft Earthquake/Natural Disasters x x x Little, Some, Great x Documentation * CICA became CPA Canada (CPAC) in January 2013 x x x

FIGURE 7. 2 ETHICS RISK & OPPORTUNITY IDENTIFICATION & ASSESSMENT (ERISA) PHASE 2 PHASE 1 Compare activities to expectations to identify ethics risks and opportunities Develop a projected, ranked understanding of stakeholder interests/expectations PHASE 3 Reports by • Stakeholder group • Product or service • Corporate objective • Hypernorm value • Reputation driver Reputation Driver: Trustworthiness, credibility, reliability, responsibility Identify Rank: Urgency, power, legitimacy Confirmation Dynamic analysis Hypernorm: Honesty, fairness, compassion, integrity, predictability, responsibility Performance: Inputs, outputs, quality

TABLE 7. 2 ETHICS RISKS Ethics Risks exist when the ethical expectations of stakeholders are not met: – Resulting in loss of reputation and stakeholder support. – Preventing full and/or efficient achievement of strategic objectives. Important Ethics Risks: • Organizational culture risks exist when an organization’s culture fails to provide sufficient support and guidance to ensure a culture of integrity. • Mindset risks exist when decision makers, employees, and agents are: – improperly motivated, or – use ethically unsound rationales for their decisions. • Systemic risks often originate outside an organization and affect an entire system of activity.

Figure 7. 3 Fraud Triangle Motive Greed, Ego, Status, etc. Usual Focus of Risk Management 7 Basic Rationales Opportunity Rationalization D. L. Crumbley et al, 2005, p. 3 -131 – comments in yellow added Prof. Len Brooks, Rotman School of Management, University of 5

Table 7. 3 Seven Common Rationalizations of Immoral Decisions • • Denial of responsibility Denial of injury Denial of the victim Condemnation of the condemners Appeal to higher loyalties Everyone else is doing it Entitlement Red Flags "Business Ethics and Moral Motivation: A Criminological Perspective", Joseph Heath, Journal of Business Ethics, (2008), 83: 595 -614 Prof. Len Brooks, Rotman School of Management, University of 6

FIGURE 7. 4 DIAGNOSTIC TYPOLOGY OF ORGANIZATIONAL STAKEHOLDERS STAKEHOLDER’S POTENTIAL FOR COOPERATION STAKEHOLDER’S POTENTIAL FOR THREAT SOURCE: G. High Low Type 4 Type 1 Mixed Blessing Supportive Strategy Collaborate Involve Type 3 Type 2 Nonsupportive Marginal Strategy Defend Monitor Savage et al, “Strategies for assessing and managing organizational shareholders”, The Executive, Vol. 5, no. 2, May 1991, 65.

TABLE 7. 4 GRI DISCLOSURES See. G 4 https: //www. globalreporting. org/resourcelibrary/GRIG 4 -Part 1 -Reporting-Principles-and-Standard-D GENERAL STANDARD DISCLOSURES SPECIFIC STANDARD DISCLOSURES Management Approach Strategy & Analysis Indicators Organizational Profile Economic Material Aspects & Environmental Boundaries Social Stakeholder Engagement Labor Practices & Decent Report Profile Work Human Rights Governance Society Ethics & Integrity Product Responsibility Sustainability Ethics - Corporate Social 8 Responsibility/Sustainability

Figure 7. 5 GRI G 4 DECISION PROCESS Choose Core or Comprehensive Option Choose Reporting Principles General Standard (Background) Disclosures Specific Standard Disclosures

TABLE 7. 6 GRI G 4 & QUALITY DECISIONS See BOUNDARY https: //www. globalreporting. org/resourcelibrary/GRIG 4 -Part 1 -Reporting-Principles-and-Standard-D PRINCIPLES FOR DEFINING Report Content Report Quality Balance Comparability Accuracy Timeliness Clarity Reliability Sustainability Ethics - Corporate Social 10 Responsibility/Sustainability Stakeholder Inclusiveness Sustainability Context Materiality Completeness

TABLE 7. 7 GRI G 4 5: CATEGORIES & ASPECTS IN THE GUIDELINES See TABLE https: //www. globalreporting. org/resourcelibrary/GRIG 4 -Part 1 -Reporting-Principles-and-Standard-D Paste in Table 5 from p. 44 Sustainability Ethics - Corporate 11 Social Responsibility/Sustainability

TABLE 7. 8 UN GLOBAL COMPACT’S TEN PRINCIPLES Human Rights 1. Businesses should support and respect the protection of internationally proclaimed human rights; and 2. Make sure that they are not complicit in human rights abuses. Labour 3. Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining; 4. The elimination of all forms of forced and compulsory labour; 5. The effective abolition of child labour; and 6. The elimination of discrimination in respect of employment and occupation. Environment 7. Businesses should support a precautionary approach to environmental challenges; 8. Undertake initiatives to promote greater environmental responsibility; and 9. Encourage the development and diffusion of environmentally friendly technologies. Anti-Corruption 10. Businesses should work against corruption in all its forms, including extortion and bribery. Source: https: //www. unglobalcompact. org/what-is-gc/mission/principles

TABLE 7. 9 ISO 26000 Guidance on Social Responsibility - Overview Clause/Topic 1. Scope 2. Terms, definitions 3. Understanding Social Responsibility 4. Principles of Social Responsibility • Accountability • Transparency • Ethical behaviour Respect for: • Stakeholder interests • The rule of law • International norms of behavior • Human rights 5. Fundamental Practices of Social Responsibility • Recognizing Social Responsibility • Stakeholder identification & engagement 6. Social Responsibility Core Subjects • Organizational governance • Human rights • Labour practices • Environment – rationale, core issues • Fair operating practices • Consumer issues • Community involvement & development 7. Integrating Social Responsibility (SR) throughout an organization • Understanding organization’s SR • Voluntary initiatives for SR • Enhancing credibility re SR • Reviewing & improving actions & practices re SR • Communication on SR • Relationship of organization’s characteristics to SR Source: ISO 26000 Guidance on Social Responsibility, First Edition 2010 -11 -01, Figure 1, www. iso. org

Figure 7. 6 Schematic Overview of ISO 26000: Guidance on social responsibility

TABLE 7. 10 Techniques for the Measurement of Ethical Processes & Performance Written objectives Existence - broad, specific by function Content – comprehensive set of values, clarity of coverage, relevance Date of most recent revision Annual sign off – yes/no, minimal, involving reporting responsibility Guidance given to directors, management, employees Process - training sessions, workshops, and employees Consultation with ombudsperson, others Comprehensiveness of coverage (e. g. , new employees) Frequency, currency – board review, dissemination Understanding of issues Rating developed by persons responsible for ethics program for each level of employee Tests are available (e. g. , defining issues, stage of moral reasoning) Inclusion of ethical concerns Evaluation by management in decision making In “the development of plans, setting of goals, search of opportunities, allocation of resources, gathering and communication of information, measurement of performance, and promotion and advancement of personnel” Frequency of coverage as agenda item Commitment by all levels to the organization's ethical values Rating by ombudsperson Reports of ethical problems - fraud, customer and employee complaints Visible encouragement by top management Achievement of ethical objectives Combination of - existence, stage of completion of plans, number of events, dollars spent, numbers experienced Monitoring and continuous improvement Identification of person(s) responsible Adequacy of resources allocated Periodic reports to senior management and Board Evident action based on feedback Effectiveness of reporting Existence - internal, external Impact analysis on employees and external stakeholders Effectiveness analysis by researchers Favourable/unfavourable mentions in the media

TABLE 7. 11 AA 1000 Accountability Assurance Standard Summary Purpose, Sustainability Reporting and Assurance: • The AA 1000 Assurance Standard is a generally applicable standard for assessing, attesting to, and strengthening the credibility and quality of a reporting organizations’ sustainability reporting, and its underlying processes, systems and competencies. It provides guidance on key elements of the assurance process (is a standard guiding the audit of sustainability reporting). • The AA 1000 Assurance Standard is primarily intended for use by assurance providers in guiding the manner in which their assurance assignments are designed and implemented. • Assurance should provide confidence in the report’s underlying information to the reporting organization’s stakeholders, particularly the direct users of the report. Assurance of sustainability reporting prepared in accordance with generally accepted standards : • The AA 1000 Assurance Standard supports assurance (whether made public or not) of reporting that adheres to specific standards and guidelines, and is customised by the reporting organisation. It is specifically designed to be consistent with, and to enhance, the Global Reporting Initiative Sustainability Reporting Guidelines, as well as other related standards. Commitment by reporting organizations: • Reporting organizations commit to (1) identify and understand their environment, (2) respond to their stakeholders’ aspirations, and (3) provide an account to their stakeholders regarding the organization’s decisions, actions and impacts. Assurance principles: • Materiality: the assurance provider must evaluate if the report contain all the important information about the reporting organization’s sustainability performance required by the organization’s stakeholders for making informed judgements, decisions and actions. • Completeness: the assurance provider must evaluate the extent to which the reporting organization has not omitted any material aspects of its performance. • Responsiveness: the assurance provider must evaluate whether the reporting organization has responded to stakeholders’ concerns, policies, and relevant standards; and adequately communicated these responses in the report. Evidence (supporting the reported figures and disclosures ): • The assurance provider must evaluate whether the reporting organization has provided adequate evidence to support the information contained in the report. Assurance statement (i. e. auditor’s opinion): • The assurance statement should address the credibility of the report and the underlying systems, processes, and competencies that deliver the relevant information, and underpin the reporting organization’s performance. • Elements of the assurance statement (i. e. auditor’s report): statement on use of AA 1000; description of work performed; conclusion on the quality of the report and; underlying organizational processes, systems, and competencies; Additional comments if necessary Assurance provider standards (i. e. auditor’s independence and competencies ): • The credibility of a report’s assurance relies on the assurance provider’s competencies, independence, and impartiality. – The assurance provider should be independent of the reporting organization and impartial with respect to the organisation’s stakeholders. Any interests that detract from this independence and impartiality need to be transparently declared by the assurance provider. – The assurance provider must be impartial in its dealings with the reporting organization’s stakeholders. – Assurance providers and the reporting organization must ensure that the individuals involved in any specific assurance process are demonstrably competent. – The organisations through which individuals provide assurance must be able to demonstrate adequate institutional competencies. * For a full version of the AA 1000 Assurance Standard, 2008, is downloadable from http: //www. accountability. org/images/content/0/5/056/AA 1000 AS%202008. pdf

TABLE 7. 12 Employee Rights Themes In North America Privacy and dignity of person, personal information and property: § Boundaries of personal rights, employers rights and right of the public § Proper procedures: notification and consent § Testing for substance abuse § Harassment, sexual and otherwise § Civil work environment Fair treatment: § Discrimination: age, race, sex, employment, pay § Fair policies § Is equal treatment fair? Healthy and safe work environment § Expectations: reasonability, right to know, stress, family life, productivity § Quality-of-life concerns: smoking, health § Family-friendly workplaces Ability to exercise conscience § Blind loyalty § Whistle-blowing Trust – the key to leadership, innovation, loyalty, and performance – depends on ethics § Operations: downsizing, contingent workforce

FIGURE 7. 7 MASLOW’S HIERARCHY OF NEEDS Self-actualization, Fulfillment Ego Esteem, Respect Love, Affinity Social Safety Physical Physiological

TABLE 7. 13 HEATH’S SEVEN RATIONALIZATIONS OF UNETHICAL ACTIONS • • Denial of responsibility. Denial of injury. Denial of the victim. Condemnation of the condemners. Appeal to higher loyalties. Everyone else is doing it. Entitlement. Source: “ 7 Neutralization/Rationalization Techniques”, a speech by Joseph Heath at the Centre for Ethics at the University of Toronto, April 9, 2007, later published as “Business Ethics and Moral Motivation: A Criminological Perspective, ” Journal of Business Ethics, 83 (2008): 595 -614.

FIGURE 7. 8 Anti-bribery Developments: 1975 -2016 Scandal, New Legislation or Development Lockheed Bribery Scandal Foreign Corrupt Practices Act (U. S. ) [FCPA] – bribes, facilitating payments, fines Transparency International Founded [TI] – corruption ratings, www. transparency. com OECD Anti-bribery Convention Corruption of Foreign Officials Act (Canada) [CFPOA] United Nations Convention Against Corruption Siemen’s Bribery settled for $1. 6 billion to U. S. & German governments Bribery Act (U. K. ) & Daimler Bribery Scandal (U. S. FCPA/German Co. ) Niko Resources (Canada’s first significant case) To 1976 Unfettered 1977 1993 U. S. only 1997 -9 1999 2003 2008 2010 Other countries join Focus on bribing foreign officials only Focus of Regulation 2011 U. S. first prosecution for extra-territorial actions U. K. goes after bribes to foreign officials , & to business as well as non for-profit people, & facilitates extra-territorial reach

Table 7. 14 Comparison of U. S. FCPA and U. K. Bribery Act Source: http: //www. transparency-usa. org/documents/FCPAvs. Bribery. Act. pdf Reprinted with permission from Transparency International – USA. See text in insert

FIGURE 7. 9 PHASES OF A CRISIS Cost To Organization Unanticipated Crisis Anticipated Crisis Continuing Reputational Impact Post. Crisis State Reached Control Begins Time Phases Controlled Pre-crisis Uncontrolled Reputation Restoration

TABLE 7. 15 HOW TO INCORPORATE ETHICS INTO CRISIS MANAGEMENT Prevention and warning: § Code of conduct: identify values, adopt, emphasize and make effective § Identify potential ethics problems and warning indicators, and pre-plan responses, as part of an ongoing enterprise risk management and contingency planning program § Ethical “red flags” or warning indicators: § Training to emphasize how to identify and what to do about them § Check as part of an ongoing enterprise risk management system § Encourage by publicizing good examples, and awarding paper medals Analytical approach: § Apply a stakeholder-analysis framework as discussed in Chapter 5: § External ethics consultant § Checklist or specific time to consider: § ethics issues, alternatives & opportunities Decision itself: § Ethics/company’s values: integrate into the decision making: § Consider how the crisis or its impact can be influenced ethically–timing, cost, mitigation? § Specific consideration of how to improve the organization’s reputation drivers including–trustworthiness, responsibility, reliability, and credibility § Specific ethical communications objectives § Assign ethics watch-dog responsibility § Use a checklist or template with specific ethics objectives § Apply moral imagination as discussed in Chapter 5 Communications on ethical intent to: § Media, employees, customers, government, public & other stakeholders