INTERVIEWER: Hello and welcome to the latest IBAC corruption prevention podcast. IBAC is Victoria’s anti-corruption agency and it’s our role to expose, investigate and prevent public sector corruption and police misconduct. Today we are joined by Mark Gough. Mark is the regional head of compliance case handling for Siemens in Asia and Australia, thank you for talking to us today.
MARK GOUGH: A pleasure
INTERVIEWER: Now, you’ve had a fascinating career working in some very high profile organisations both at home and abroad. You’ve worked for the Australian Federal Attorney-General’s department, the UN and most recently Siemens. Siemens, of course, is a large multinational private sector company and you were brought in to establish an internal investigations function following some quite explosive revelations about corruption in the company. Can you talk us through what happened?
MARK GOUGH: Absolute top-to-bottom non-transparent win-at-all costs do-whatever-it-takes business. Not uncommon in the world of business at that time. Once the scandal broke we were in criminal courts across the world. We went one day to the next from having an absolute reputation, high-tech cutting-edge engineering, a name for over 160 years in Germany, to the bad boy in the world and from that position you are at the lowest ebb possible, so everything is up in some regards. We sued all of our board members for large amounts of money, we’ve won I think 90 per cent of those cases. We took such a strong stance that anyone who was left in the company who knew what went on learned that was definitely no longer the way forward. So, if you impose the absolute message from the board to your senior management group who are newly placed, having replaced the guys who have been sacked, the message goes out very quickly that these are very tough times so you now need to behave very carefully.
From that position the company is in a much stronger position to change and people can understand why you would impose stricter rules, tighter controls. Without the scandal it would have been virtually impossible I believe in such a big organisation. The change environment was not easy but it was a lot quicker than anyone expected. I think within two years every system was in place, the vast majority of the company had been trained on risk and compliance issues. The investigations function was set up and it was my job to put in place the process, the systems, recruit the people, embed the idea of investigations into a company that had never had it and maybe didn’t understand why they needed it. But really by about 2010 we had convinced staff and we had convinced the outside world that we had turned the ship around.
INTERVIEWER: You’ve talked there about the immediate response that Siemens had and also now moving forward. Is the process of recovery still continuing for you?
MARK GOUGH: Absolutely. A compliance program has to keep moving with the company, we had to tweak the compliance program, change a few personalities, maybe move the board around, change a bit of focus on our business. This is where the compliance program hopefully gets embedded and people buy into our argument and then the business owns it. But I also believe that the bigger the organisation the longer it takes. Any change management program, I’ve been through several in the public sector, and they are years in the making, years in the execution, and they are sometimes years in acceptance.
There is no risk free business model. There is no organisation that has staff that has no risk. So the management of how to go forward is, like I said before, the biggest challenge. Anywhere you sit still as a professional you go backwards. So the organisation is continually looking at how do we keep up, how do we manage, especially lessons learned from not only our own experiences but other companies who are going through the same problem. And I think some of our big competitors who laughed at us ten years ago have now slowed down that argument a little because they’ve gone through the same things, but they may have had a different twist on how they did it and how they would rectify this issue. So it’s a never ending circle of behaviour and communication and attitude and culture and values and all those things, but no risk free environment.
INTERVIEWER: You’ve previously talked about how complacency can set in in the absence of a public corruption scandal. How do you tell staff that corruption remains a risk?
MARK GOUGH: Our hardest challenge was once we had embedded everything, how do we make sure it stays? We had a monitor in place for four years, and we had everyone still looking at us and we had criminal cases in a number of jurisdictions, but internally a lot of people moved on very quickly.
It’s back to the “people are our greatest asset or our greatest risk”. As soon as you step away from the vigilance argument, and the vigilance argument can only come from dialogue, it’s not putting something on your website, it’s not having an investigations process or a compliance program, it’s about living that process and to live it you have to have people engaged. A scandal makes life easier because you have momentum. Without a scandal, no momentum. You would expect your staff to have a reasonable level of integrity in general, but I think if you look at the world as a study, you can look in any area you wish to choose to find where human behaviour tends towards not to the criminal but the wrong, and it’s easy to go that way and it’s hard to keep them on the straight and narrow. So it’s human interaction, it’s human management.
INTERVIEWER: Changing the culture of an organisation is a huge task. What advice do you have for public sector organisations, which may be experiencing issues to those you’ve talked about?
MARK GOUGH: Yeah this is a critical issue. The difference between public sector and private sector is generally the bottom line. The pressure on to meet targets for profit and so on drives a lot of activity in the private sector that’s different to the objective of organisations in public sector, but it’s back to people. There’s nowhere, public or private, that if you don’t focus on the people in connection with a program, a compliance program, if you don’t focus on the people nothing will change. Culture is driven by people and if you don’t deal with your people properly and you don’t have the right people leading your culture then you have the wrong culture. This is where the criticality of recruitment and the need for much deeper background checking, and things like that, on our high risk senior managers being recruited, at lower levels it’s not so critical, but the culture is, again like the reputation, it is a very difficult thing to get a hand on, it’s a very difficult thing to create, it has to happen and evolve over time with people living a set of guidelines, like our three values, but everything is driven by people. The direct manager has the biggest impact on culture, whether it be in China or America, that guy determines the culture of the organisation.
INTERVIEWER: Have you noticed any other similarities between the public sector and the private sector?
MARK GOUGH: Same cases, same behaviour, same temptations. Whether it be on the demand side or the supply side it is human behaviour again, it’s our susceptibility to opportunity. Where someone believes there is opportunity without risk of sanction and it’s maybe sanctioned by management without interference, and this was where we had our problem, management didn’t interfere with how people met targets, it’s back to this direct management of people. So the public sector/private sector divide is virtually no different in my view. Look at public sector procurement, you come to us to meet the requirements of the public sector, when we go to you we’re dealing with guys who we expect to have the highest standards of integrity as you would from us. When that doesn’t actually come together the behaviours are exactly the same on whichever side you sit. And having investigated both sides now, again, I see no difference it is really about people not about process.
INTERVIEWER: You’ve served on many anti-corruption policy committees, including the UN convention against corruption. Do you have any advice about what policies or practices public sector organisations should adopt to identify and deal with corruption?
MARK GOUGH: I think nowadays the level of expertise in putting together either legislation or guidance or policy is highly developed, there is very little new or creative structure anymore. I think over the last 10 years there’s been such a focus on how to put together the right structures to protect organisations that the one thing you have to do is identify your own business. What is it that’s particular to your organisation that has a risk? Not everyone does that. People like to buy off the shelf compliance programs. How do I buy something that I just lay over the top of my organisation and that’s the end of my problem? If you can’t identify your own risks you can’t create a compliance program that deals with the risk in your organisation. So I think you need to engage, and a lot of companies do this, a mix of internal and external review to look at what is the culture of the organisation, what’s the practice, what’s the real business, who are the people you’ve got. For example if you only have only lawyers you have a different construct, if you only have blue-collars you have a different construct. So you have to make sure whatever you put in place suits your business.
INTERVIEWER: In your experience are there any other ways for organisations to protect themselves against corruption?
MARK GOUGH: I think technology is now the emerging area. The change in technology for communication is probably the hardest one for us to keep up with. As an investigator, as I keep saying people don’t change, technology changes so quickly and how people communicate. Social media, you name it, people are finding ways to get messages out without a time restriction or maybe scrutiny. So in terms of a compliance program or a conduct guideline there has to be a really clear understanding of the IT environment. A company like us, we have the protection from hackers in terms of our proprietary information, but it works the same on the compliance side: how do we protect information going out or being destroyed that might be of value to the company in dealing with wrongdoing? Again we’re talking about serious money to put these things into place, so I always say that no matter where you set up a compliance program if it has an investigative component it has to have an IT security component or you’re really lost.
INTERVIEWER: In your view are their particular types of people that present the greatest risks to an organisation?
MARK GOUGH: Yeah, people you would say are the best guys in the organisation. Guys at a senior level, signatory authority, expertise, respect, maybe in their 50’s, close to retirement. The average age of the offender, in my experience, is generally in that group. In the UN it was much more about people looking at their retirement options, even though the UN has a very good pension scheme, our senior managers took bad decisions about what they thought their retirement should look like. So guys in their thirties weren’t so heavily involved, yet if you look at our workforce the project managers, the commercials in the projects, they’re generally thirties and forties. They’ve got enough experience to get to run a project but they’re not ready for retirement and we want them to run projects for 10 or 20 years, so those guys lower the average age every now and then but they still rely on someone with that signature and that’s generally someone in their fifties.
INTERVIEWER: Thanks so much for talking to us today Mark and sharing the lessons you’ve learned in both investigation and prevention.
MARK GOUGH: Thank you very much for having me, a pleasure.
INTERVIEWER: That was Mark Gough the regional head of compliance case handling for Siemens in Asia and Australia. Of course, if you want more information about corruption prevention, please go to www.ibac.vic.gov.au or follow us @ibacVic on twitter.