Ethics Risk Assessment

Before developing a Code of Ethics for your business, it is important to first identify what the specific risks for your business/organisation are, and what can be done to minimise these risks. This risk assessment will guide you to identify what should be focused on when developing your codes.

An ethics risk assessment will identify the threats of unethical behaviour and the opportunities for ethical behaviour and ethical performance.

King 2 states that the Board is responsible to conduct a proper risk assessment of the following:

• Physical and operational risks
• Human resources risk
• Technological risks
• Business continuity and disaster recovery
• Credit and market risks
• Compliance risks

Further to conduct risk assessments King 2 also requires from the board to have a risk management process in place, which includes risk reporting.

When doing a risk assessment, the following steps can be used as guideline:

State/identify the risk. Risks could be identified in the following areas: new technology, implementation issues, timing, research and development, impact on suppliers or customers, competition, labour issues, knowledge and skills, quality requirements, sales and throughput, strategic fit, policies/procedures/processes, impact on the environment (social/physical).

Plan protection: This can include avoiding actions or contingent actions.

Evaluate possible protection plans in terms of practicality, cost effectiveness, stakeholder buy-in. Agree on possible scoring plan to later evaluate the implementation.

Finalise plan: Test plan by asking if the steps will address potential problems.

Apart from the more strategic risk assessment above, companies could also find a Value Survey amongst employees useful to find out what the strengths and weaknesses are in this regard. A value survey could cover fields like employee beliefs, communication, leadership, equity, organisational awareness, knowledge and view of rules and regulations in the company.