Managing ethics risk successfully

The Ethics Risk Handbook closes gap between risk and ethics

Unethical business practices pose a significant risk to businesses and until now we have lacked a solid framework for managing that risk.

“Ethics risk is real, and it can and must be managed like any other risk. Here, for the first time, is a detailed guide on how to do it,” says Dr Leon van Vuuren, Executive: Business and Professional Ethics at The Ethics Institute. “Our newly published Ethics Risk Handbook is all about moving the management of ethics risk into the organisation’s operational processes, and thus making it concrete.”

“We have seen a steady increase in the demand for ethics risk assessments over the last five years,” says Dr van Vuuren.

One can speculate on the reasons underlying this increase in demand. Amongst the prominent reasons for this increase are the introduction of Social and Ethics Committees through the new Companies Act and the introduction of the Integrity Management Framework in the public sector. Both of these governance reforms have placed the strategic oversight of the ethics performance of organisations on the radar of governance bodies and executive management. “It is simply not possible to exercise the governance duty of strategic oversight of ethics management without organisations conducting proper ethics risk assessments.”

The Ethics Risk Handbook closes this gap by providing guidelines for integrating an organisation’s ethics risk into its existing risk management programme. “Traditional risk management tends to focus on operational, legal, HR, IT and governance risk but, given its potential downside, ethics risk has to be approached as rigorously.”

Collaboration between ethics and risk
The Ethics Risk Handbook is the result of a group effort between staff and members of The Ethics Institute and the Institute of Risk Management South Africa (IRMSA). It recommends that once ethics risk is identified by the ethics officer, or other person nominated to handle ethics, the risk is assessed jointly with the risk manager and entered onto the organisation’s formal risk register. It would then be managed by the ethics officer and the relevant risk owner.

For example, ethics risk relating to sexual harassment would be jointly managed with HR, while ethics risk relating to regulatory compliance would be jointly managed with Legal. The ethics officer would retain responsibility for monitoring progress and reporting, and the whole process would be covered by the internal audit.

To download The Ethics Risk Handbook, click on