Why is risk and compliance important

Reduction of compliance risks

The term "" is on everyone's lips - and not just since the major corruption proceedings in mid-2000 by well-known German companies. It is well known and measurable for companies that violations of the law have and will result in financial damage in the future, consisting of fines imposed by the authorities and education costs. The damage to company reputation associated with violations, on the other hand, does not directly affect companies and is also difficult to quantify. Nonetheless, violations of the law always have an impact on the relationship with suppliers, customers and employees. The latter are regularly unsettled, especially when the law enforcement authorities act, when carrying out their activities and when dealing with inquiries from their work or private environment.

White-collar crime, as the most serious form of an offense, also always has an impact on a company's value system. Ideally, a company has an intact corporate culture that reduces the workforce's insecurities, enables employees to speak without detailed information and enables the company to be successful in the market over the long term. A crisis that is caused by an infringement if a company has not developed a corporate culture or has not developed an intact corporate culture is much worse. Employees lack the orientation that is transferred to suppliers and customers. Long-term employees lose their loyalty and trust in their company, new employees cannot develop it in the first place. Even if the management does not notice much of this - there is unrest internally. It is the responsibility of the management to introduce appropriate corporate systems such as an internal control system and a management system, the object of which is, among other things, to support and further develop a corresponding corporate culture. It is intended to ensure that irregular behavior does not arise in the first place or that it is detected and reported by employees on the basis of the behavioral guidelines [cf. Vedder 2016].

The corporate culture is shaped by the management and designed and implemented by the employees of a company. New employees represent an opportunity and a challenge at the same time. On the one hand, they shape and strengthen a corporate culture of integrity. On the other hand, there is a risk that the existing value systems of new employees and those of companies with an active corporate culture will differ greatly from one another. This often leads from a hidden to an open conflict, which is followed by employee dissatisfaction, which in turn can represent the basis for justification for offenses and thus increase this [cf. Cressey 1973, p. 30].

The aim of this article is to present the risks involved in the selection and hiring of employees in connection with violations and to show how these risks can be reduced.

Culture, program and communication

Company systems, such as the management system and the internal control system, both pursue the goal that companies and their employees should behave in accordance with the law [cf. Vedder 2016]. In particular, the management system contains the principles and measures introduced on the basis of the goals set by the legal representatives, which aim to comply with certain rules and thus to prevent significant violations (rule violations) by internal and external companies [cf. ,, Item 6]. In addition to the other elements mentioned in Auditing Standard 980, the elements of culture, program and communication play an important role for the corporate culture and the understanding of the integrity of individual employees' behavior.

The culture is mainly shaped by the basic attitudes and behavior of the management as well as by the role of the supervisory body ("tone at the top"). The culture influences the importance that the company's employees attach to the observance of rules and thus have a lasting effect on the willingness to behave in accordance with the rules [cf. ,, Item 23]. The introduction of a code of conduct, which is drawn up and communicated by the management, is regularly understood. However, the Code of Conduct is only one component of many in this context. In addition, when selecting new employees, it is important to ensure that they receive all information on the culture.

As part of the program, principles and measures are introduced that are geared towards limiting risks and thus avoiding violations. The program also includes the measures to be taken if violations are found [cf. ,, Item 23]. This includes not only catalogs of sanctions, but also activities such as the operation of a whistleblower system or a business partner screening program (in a broader sense, the company's own employees are also business partners), appropriate training for employees on various issues and guidelines, as well as procedural instructions.

The third essential element is communication. The employees concerned and, if necessary, third parties are informed about the program as well as the defined roles and responsibilities so that they can adequately understand their tasks in the management system and perform them properly [cf. ,, Item 23]. Among other things, reporting channels for risks or established rule violations are defined. In addition, communication strategies are developed that lead to an increase in awareness and acceptance of risks and activities in a department.

Despite the relative clarity about these elements of an e-management system and their design, the approaches to avoiding white-collar crime have their limits in corporate practice. These limits are reflected, for example, in the following areas:

  • Although the company management usually sees the need to develop and introduce behavioral guidelines, these are often not communicated emphatically to the employees. In particular, it is often assumed that middle or lower management or executives have knowledge of the code of conduct. In practice, however, there is a deficit in the knowledge and, above all, in the practical application of these guidelines by managers and, as a result, also by the company's specialists.
  • An important point for the corporate culture and the reduction of the risk is the selection and filling of personnel. Personnel selection is usually based on professional qualifications and interpersonal aspects. - Aspects currently play a subordinate role. However, it is precisely these aspects that are becoming increasingly important. The measures for selecting and staffing personnel are manageable and can therefore be accomplished with little effort. This includes, for example, obtaining original documents such as certificates, carrying out so-called pre-employment screenings in the form of background research, obtaining references or discussing behavior with integrity in the job interview.
  • Company processes and instructions that must be made known to the employee through targeted communication are important for a successful hiring and expected behavior with integrity during the employment relationship. This includes behavioral guidelines, which employees confirm that they have read, or the application of whistleblower systems and hotlines that give employees the opportunity to pass on information or ambiguities to a company's department.

In addition to organizational-technocratic measures, not only technical or economic factors must be taken into account when selecting employees, but also aspects, especially in the case of the recruitment of executives from middle and top management.

Risk minimization through targeted personnel search and onboarding

Therefore, the perspective of the company must be taken that an employee is a business partner who - like other business partners - is to be subjected to an appropriate examination. The business partner employee therefore has a special role: Compared to business partners such as customers and suppliers, they are not only a decisive competitive factor, but also an essential multiplier of the corporate culture. Among other things, employees are influenced by the following measures and characteristics in the permanent development of a corporate culture and must be taken into account when selecting personnel and onboarding:

  • Creation of a job description that is clear and clearly regulates the area of ​​responsibility;
  • Creation of incentive systems to encourage compliant behavior, including consideration in staff appraisals and promotions;
  • Examination of management styles and personnel policy of the company with regard to strengthening aspects (for example the importance of the competence and experience of employees in areas with increased risks);
  • Communication of clearly understandable and communicated principles, which means compliant behavior;
  • Establishment of procedures and processes for the timely identification of risks for violations, for example by setting up a whistleblower system;
  • Ensuring a professional clarification of the facts in the event of violations;
  • Ensuring a uniform and traceable sanctioning of violations as well
  • Implementation of targeted onboarding activities for employees with regard to the technical, but also the aspects.

According to their individual value system, employees are more or less supporters of the corporate culture of their employer. Measures to prevent white-collar crime that focus exclusively on the element of culture would not be effective without further measures that systematically examine future behavior with integrity. Adequate means - taking into account the data protection regulations - are so-called pre-employment screenings, which are particularly suitable for applicants for positions with a high potential for damage (as a rule, middle and upper management, employees with a high level of asset management and employees who take action of the internal control system are not sufficiently recorded) subject to a special review.

A corporate culture of integrity, targeted personnel selection and consistent clarification of the facts in the event of violations lead to a reduction in risks during and after the hiring of new employees.

A practical example: recruiting and onboarding employees under aspects

At the latest with the hiring of a new employee, the discussion with the "business partner" employee begins in the HR department process. Ideally, considerations already begin with the description of a position that is to be filled. Using the following practical example, the considerations when describing and filling a position, especially in the field, are explained in more detail. Positions in other areas of the company are to be applied analogously with gradations.

The medium-sized parent company A, based in Stuttgart, operates internationally in 23 countries and is looking for an employee in one of its business areas. Since the company is currently at the beginning of building up a department, it is using a personnel agency to fill this position. The HR consultant is in direct contact with the HR department and, as a first step, works out a job profile with the help of the following questions:

  • For which business area is the employee being sought?
  • Which regulations have to be observed for the business area?
  • What are the requirements for the candidate? Particularly in sensitive areas - such as in the armaments industry - the candidates must meet high security and confidentiality requirements.
  • What is the basic procedure in the recruiting area? Are additions necessary when selecting employees?
  • When hiring personnel consultancies: How much information can you give the "headhunter" or the candidate about the job and the position?

In a second step, the selection and appointment process is carried out together. The following aspects are important here:

  • How is it ensured that the candidates also meet the requirement criteria?
  • Does the vacancy have to be advertised internally or externally?
  • How do you protect yourself against industrial espionage with foreign candidates?
  • Were there any abnormalities due to the pre-employment screening of the applicants?
  • Can a good friend of an employee be given preference over external candidates?
  • Is it possible to find out the loyalty or compliance of future employees with the rules in the interviews? If yes how?
  • How is the search ensured within the company (hidden invoice, use of aliases for the recruiting project)?
  • How are the internal guidelines for recruiting brought into line with the General Equal Treatment Act?
  • How is the proper utilization of references ensured?
  • How are the employer's requirements for data protection and competition protection met in the context of recruitment?

After creating the job profile and conducting research and interviews, the management is usually presented with three candidates who meet the criteria and have given satisfactory answers to the above questions.

In a third step, the smooth onboarding of the employee in the area is ensured. Experience has shown that the following success factors must be observed:

  • If possible, the candidate should be familiarized with the company's structures before commencing work. For this purpose, a standardized information package tailored to the company has proven to be practicable in practice, which is made available to the candidate before starting work;
  • During the first 100 days, the candidate is supported with the first inventory of risks and measures as well as the effectiveness of existing systems;
  • The candidate is provided with a coach for any technical questions that may arise.

The hiring of employees is certainly the greatest challenge in the context of employee selection and onboarding with regard to the above-mentioned elements of culture, program and communication. Specialists and executives from other areas of the company are usually supported accordingly by members of existing departments. Nevertheless, special aspects must be observed when recruiting employees for areas such as law, internal auditing, purchasing, sales or financial accounting. In addition to the points already mentioned, coordination activities are required, which require the organizational skills of the employees responsible, especially when considering to outsource the activities.


must be understood as an overall corporate set of rules that is binding for all parties involved and must be geared to the size and the respective business area of ​​the company. This means that meaningful and, above all, rules that are suitable for everyday use must be defined and compliance with them must be consistently monitored. Aspects of profit maximization must not be placed above breaches, especially when setting targets. Ideally, the HR department develops a target conformity between the financial requirements and the adherence to targets. This applies not only to the value-adding company units such as sales and purchasing, but to all other company areas. Compliance with rules should therefore also be part of the annual target agreements for employees and, in particular, managers. The use of external specialists is often recommended here, as the introduction and operation of a management system is a challenge for every company.

- Rules should not be formulated in an abstract way. It is much more important that all employees understand the specifications equally and implement them accordingly in their day-to-day work. In the interests of a good corporate culture with integrity, the passing on of information or anomalies must be encouraged - with clear consideration given to the protection of the potentially affected persons. This also includes the protection of the whistleblower. Effective protective mechanisms against information providers must be put in place for this sensitive area.

In this context, the company management should act as a role model for the employees in tandem with the HR department.

As part of the recruitment of new employees, the social disposition and character of the candidates must be questioned even more than before.External personnel consultancies and diagnostic institutes are particularly helpful when filling key positions in companies. As a rule, they provide objective and balanced advice on hiring decisions, thereby reducing liability in the event of an infringement caused by a newly hired employee.

List of sources and further references:

Donald R. Cressey (1973): Other People's Money (Montclair: Patterson Smith, 1973).

(Ed.) (2011): Auditing standard: Principles of proper auditing of management systems (), April 2011.

Vedder, Mirco (2015):: New term with old content? 11/06/2015.


Christian Parsow, Dipl.-Kaufmann, auditor / tax consultant, is a partner responsible for the & Investigations division at WTS Steuerberatungsgesellschaft mbH. His work focuses on special investigations into white-collar crime as well as advice in the areas of internal auditing, management systems, dispute advisory and fraud prevention.

Christoph Schirrmann, M.A., is a partner at the personnel and management consultancy VESTIGA Consulting GmbH. His main focus is on advising mainly medium-sized industrial companies and public institutions when it comes to recruiting specialists and executives.

Joachim Schwarz is a partner at the personnel and management consultancy VESTIGA Consulting GmbH. He advises clients in mechanical and plant engineering as well as in the automotive and aerospace industries on filling primarily technical specialist and management positions as well as in the field.

Mirco Vedder, Diplom-Kaufmann, CIA, CFE, is Director in the & Investigations division at WTS Steuerberatungsgesellschaft mbH. His main areas of focus include the detection and prevention of white-collar crime and advising companies on the implementation of organizational structures to ensure compliance.

[Image source: © Andrey Popov - Fotolia.com]