Integrity Measures: What Works, And What Doesn’t

article2_178880012By Mark Jarratt.

Integrity is a term often cited as a quality indispensable for those with power to approve or deny benefits and access to valuable assets including cash, equipment and information. But how is integrity assessed, and what approaches maximise workforce integrity?

This article briefly presents the vital elements of integrity assessment, commenting on measures which are effective and other approaches which may actually reduce workforce integrity by creating a low trust organisation.

Like motherhood, integrity is widely accepted as a ‘good thing’. It can be defined as honesty, adherence to moral and ethical principles, and soundness of moral character. The opposites of integrity include dishonesty, deceit and corruption.

Integrity features frequently in the media. It seems almost every day brings another report of dishonest or corrupt behaviour. References to the NSW Independent Commission against Corruption (ICAC) and Australian Commission for Law Enforcement Integrity (ACLEI) investigation findings have been prominent, with significant pressure to create similar organisations with wide coercive investigative powers in other Australian jurisdictions.

The high profile of such anti-corruption organisations and statements made by senior politicians and public office holders often appears to be based on a desire for publicity and recognition of a ‘zero tolerance, tough on crime’ approach. Public pronouncements rarely display detailed professional understanding of the most effective combination of integrity, personnel security and other protective measures which maximise staff commitment, encouraging and supporting highly ethical performance.

As H.L. Mencken observed, “For every complex problem, there is an answer that is clear, simple and wrong”. One example is the somewhat intemperate and sensationalist comment made in February 2013 by the then Minister responsible for Customs after detection of criminal conduct by officers and others at Sydney (Kingsford-Smith) Airport: “…hunt these people out, rip them out by the throat if necessary…”

This pronouncement may have temporarily raised the political stakes of the Minister, but such an approach can cause lasting damage by creating an impression that corruption was widespread, exceeding expected tolerable limits, and all officers were therefore under suspicion.

Ironically, politicians – including Ministers – are exempt from the detailed and intrusive personnel security and integrity vetting routinely undergone by most members of the Australian Public Service.

Those who lack a professional background in organisational integrity initiatives often seem to perceive drug and alcohol testing as a universal panacea or ‘silver bullet’ guaranteed to prevent future staff misconduct. The permissible on duty alcohol limit for Customs Officers was set at zero. Such testing unreasonably intrudes on staff personal behaviour, contributing to a low trust organisation where workers are viewed as potential offenders.

‘Silver bullet’ beliefs are also reflected in the misplaced faith invested in the pseudo-science of polygraph testing, which is of little to no value because subjects with sociopathic tendencies often do not physiologically react as expected when telling lies.

Psychometric testing is also used by many organisations for suitability assessment, and although such testing has a scientifically valid basis, it is but one measure which may be implemented.

Fingerprinting of security employees before they are permitted to obtain a licence is another example of unjustified belief in ‘silver bullet’ solutions. One State security regulator was recently asked how many licences had been granted which would not have been issued if the applicant’s fingerprints were available and the answer was none, indicating it is probably a solution in search of a problem.

Hotlines for anonymous reporting of staff misconduct have been introduced by some organisations. They may be of value if the reported information is properly assessed as to source reliability (e.g. using the Admiralty rating system) but can be misused if information supplied maliciously is uncritically accepted.

Further, the most high profile recent cases of corruption in Australian law enforcement were motivated by greed, and the ‘silver bullet’ measures described above would have been ineffective compared to close management supervision (e.g. see the conspiracy to import controlled drugs conviction of Mark Standen, former Assistant Director (Investigations) at the NSW Crime Commission).

The focus on substance testing and other ‘silver bullet’ measures can downplay or ignore other vital elements of an effective organisational integrity regime, as investigative resources are limited. Resources should be deployed ‘for cause’ when unethical employee performance is evident, not as a matter of course for all staff no matter what their duties, or levels of access to valuable, negotiable, or attractive resources and information.

A risk-based approach is more likely to identify the optimal combination of measures to establish and maintain organisational integrity. Such an approach first seeks to identify the nature and extent of exposure by analysis of breach and incident statistics and history, including reports from the public or clients, to determine where genuine integrity vulnerabilities exist. A stated ‘zero tolerance’ approach may sound tough and play well to the uninformed public, but zero risk is unattainable in reality unless the activity is not performed, and zero risk is but one of around one hundred human risk biases resulting in incorrect assessments. Incorrect assessments, in turn, result in incorrect risk treatments or countermeasures, which cost more while not effectively mitigating the genuine risks.

Integrity measures should be based on dispassionate risk-based analysis of vulnerabilities rather than political imperatives, which increase the likelihood that the measures are intended to mitigate political risk not organisational integrity risk. Failure to embed integrity measures into the corporate risk analysis and treatment cycle also creates the danger they will be perceived as ‘set and forget’, and not adjusted to meet subsequent changes in the organisational risk environment.

An effective and comprehensive integrity culture requires the presence of and sustained attention to all of the following elements.

Governance: standards, policies, codes of conduct and procedures clearly articulating the organisational stance on staff misconduct up to and including criminal behaviour, and the responsibility of staff and managers at all levels to be alert to changes in individual trusted insider actions and behaviour which may indicate integrity concerns (e.g. frequently borrowing money from colleagues may be due to a gambling problem). Governance standards provide accessible guidance and explicitly set out the potential consequences ranging from disciplinary action to dismissal, and appeal rights. Clearly defining integrity and conduct standards also reduces the potential for protracted, costly and embarrassing litigation in cases such as dismissal for cause.

Background checking and personnel security vetting: defined processes to assess if a candidate is suitable to be granted access to valuable resources, assets, information, and controlled areas. The initial assessment of identity, background, criminal history, citizenship, and related suitability needs to be supported by a well-developed aftercare program, to ensure that persons granted access remain suitable. Many organisations devote significant resources to exhaustive vetting and integrity checks when a new recruit starts duty, but exposure of organisational assets arises after the person has the key, pass, password, safe combination, or access to controlled areas. Aftercare acknowledges that passing ‘integrity checks’ is the beginning of the process, not the end.

Physical security: measures including effective segregation of assets using barriers, passes, and local monitoring and response (e.g. intruder detection, closed circuit television, security attendants). These encourage persons with trusted access to act as required, protecting the reputation of the organisation, and are a tool that supports desired behaviour.

Asset protection: ensuring high availability of business service delivery and capability by logical and physical controls over information, indelible asset marking, movement of tangible assets, and special measures as applicable (e.g. vaults for evidence in prosecutions, armouries for firearms and ammunition).

Education and Awareness: a vital element of maintaining a security-aware and honest workforce mindful of expected standards of conduct. Education encourages a shared view of organisational integrity arrangements and a collegiate commitment to effective asset, capability and reputation protection. A security aware workforce acts as a force multiplier for security personnel, encouraging a view of anti-corruption and integrity measures as a shared responsibility. Education and awareness can defuse suspicion of integrity and related protective security measures by providing more carrot than stick.

Good workforce behaviour is proven to be increased by reinforcing positive actions rather than adopting an overbearing and punitive approach, which can cause mistrust and suspicion. The punitive approach is counterproductive due to the reduction in trust. High trust organisations deliver their functions more effectively and at a lower cost than low trust organisations, where cooperation, corporate commitment and high morale are less likely.

Integrity assessment must be based on the ‘whole person’ principle to reach a defensible conclusion upon whether the candidate should be granted access to valuable assets and restricted areas.

Concentration on one area in isolation is unlikely to lead to objective assessment of overall candidate suitability. The factor areas listed below are most relevant in deciding with a reasonable level of confidence if a candidate is likely to display integrity and act in a manner acceptable to the employer or asset owner.

Honesty – individuals responsible for resources and valuable assets must be truthful and frank and have no significant history of dishonest or unlawful behaviour. Offences involving premeditated dishonesty, such as fraud or theft, will always raise questions of personal integrity and should be fully investigated.

Trustworthiness – the responsibility and reliability displayed by the individual.

Maturity – the individual’s capacity for honest self-appraisal and ability to cope with stress. Attitudes, behaviour and history may be more useful indicators of maturity than age.

Tolerance – impartiality, flexibility, and appreciation of broader perspectives, even when an individual holds strong personal moral or ethical views.

Loyalty – commitment to democratic processes and to the objectives, ethos and values of the working environment.

The effectiveness of integrity controls will be enhanced if the attitudes, values and behaviour of candidates are assessed based on provided personal information (e.g. birth certificate, educational qualifications, work history, criminal history), declarations made by the person, and background checks using such information. Candidates for positions involving access to valuable assets or with potential to adversely affect organisational reputation should be provided with detailed information setting out the checks to be conducted. Candidates with questionable backgrounds will often decline to undergo such extensive checks, allowing redirection of investigative resources.

All available reliable information, past and present, favourable and unfavourable, must be considered by a trained and experienced assessor when determining suitability. The integrity investigator or assessor should resolve any issues of concern by interviewing the subject.

Casting the onus on the candidate to provide detailed and accurate personal information, supported by signed declarations including informed consent to conduct integrity inquiries, simplifies disciplinary action if the person is later found to have lied or omitted key details. This approach also has the benefit that limited integrity investigative resources can be directed at persons of highest risk instead of treating all members of the workforce as posing equal risk.

Adopting the integrated approach to organisational integrity measures described above, as an element of overall personnel management and asset protection strategies, will help to avoid repetition of Diogenes’ legendary search for an honest man, or woman.

 

Mark Jarratt is Lead Security Consultant in the Canberra Office of consulting engineers Norman Disney & Young. He is a Certified Protection Professional and SCEC endorsed security consultant, and former Chief of Security, Australian Customs. Mark also introduced a comprehensive protective security management framework for the Ministry of National Security, Government of Jamaica, including staff integrity and security vetting measures.

%d bloggers like this: