New Issue Published

Read Latest Issue

Back to top

Once bitten, twice shy? Not for VW: highlighting the need for internal GRC controls.

Reputation can make or break a business. It can take years for an enterprise to become synonymous with a positive…

Once bitten, twice shy? Not for VW: highlighting the need for internal GRC controls

21st February 2018


Reputation can make or break a business. It can take years for an enterprise to become synonymous with a positive image, but all of that can be undone by one scandal. Negative press lives long in the memory and results in consumers choosing to do business with competitors without much of a second thought – an effect that can last for years. It takes a lot of resilience and resources for a brand to bounce back from a reputation hit, two luxuries many don’t possess.

Despite the stakes being so high, there are organisations that continue to risk it all by not having the right internal governance, risk and compliance (GRC) processes in place. Such functions shine a spotlight on every inch of the enterprise, ensuring that there aren’t any unethical shadow dealings that can escalate. After all, it doesn’t take the actions of the entire enterprise to cause a scandal, but one unmonitored department or individual.

Case in point: Volkswagen (VW)

A number of reports have linked the automotive maker to animal and human experiments which took place between 2014 and 2015. Both monkeys and humans were apparently exposed to diesel fumes in a bid to prove that the fuel had become less harmful due to developments in the technology. The experiments were commissioned by the now dissolved European Research Group of Environment and Health in the Transport Sector (EUGT), an independent research body that was part-funded by VW.

VW responded to the reports by saying that a small internal group had mistakenly pushed for the tests and that they did not reflect VW’s ethos. Whatever your thoughts on the response, it highlights that a department was able to act without C-level oversight and they used that freedom to engage in an activity that resulted in the company being widely condemned by environmentalists, politicians and consumers. 

Exacerbating the situation further is that it follows relatively closely on from ‘dieselgate’. In September 2015, it was revealed that VW had been cheating in emissions tests to make their diesel vehicles seem less polluting than they actually were. The company eventually admitted that 11 million of its cars were affected.

VW took a big financial loss, particularly in the US where it was hit with a criminal penalty, lawsuits from the Government and customers, as well as having to repurchase or make retrofits to affected cars. Some reports put the financial implications at around £22 billion.

Despite the figure, some believe the company got off relatively lightly. VW was not fined by any EU government or regulator, and the scandal drove the company’s cost-cutting and shift towards electric cars – two strategic decisions it is now actually profiting from. However, this second scandal may have more lasting impacts if consumers decide that VW has offended once too many.  

A lack of oversight also caused the financial crash

While VW’s actions will have consequences for the brand, it won’t trigger a global financial crash. Back in 2008, the breakdown of the financial world was caused by banks allowing their profit centres to do their own thing in order to stimulate as much outward growth as possible. There was no centralised control but the assumption that banks were ‘too big to fail’ meant that everyone turned a blind eye. Everything soon came tumbling down. In the UK, RBS required a bailout from the Government to ensure it could remain operational and support the country’s economy.

Soon after the crash, regulators started introducing more stringent rules to ensure that financial institutions couldn’t act in the same way. While this obviously changed how banks could operate, it also altered consumer expectations. They blamed the financial crash on the corporate world and, as a result, now expect all enterprises to not just simply comply with regulations, but to operate at a higher standard. If they don’t, customers vote with their wallets while other stakeholders lobby against them on social media and other platforms. Consumers have become the ultimate regulator.

Instilling a strong corporate culture

Firms should no longer view culture and compliance as a way of mitigating losing existing customers, it should be seen as a way of attracting new ones. Consumers want to buy from businesses which are acting ethically. If companies are continuously linked to poor conduct, not paying taxes or any other negative press, it simply pushes potential new customers to competitors. As such, it’s time for companies to enter a new phase – ‘self-governance’.

While regulations will hold firms to a certain standard, self-governance enables organisations to operate at levels above. Instead of external bodies setting the minimum expectations, the boardroom does. The C-level sets the tone from the top and leads by example to show what is required from the rest of the enterprise.

When there are common culture objectives, all internal processes can then be implemented in a way that ensures the entire enterprise is working towards achieving them. Functions that are typically run as silos – internal audit, compliance, legal and risk management, for example – can be centralised and managed with consumerised GRC technology which enables individual employees to play their part. This streamlines data collection and analysis, and ensures that actionable business intelligence which is completely relevant to the overall strategic goals is produced. This aids decision-makers to drive the organisation forward.

Furthermore, such an approach also helps to harbour an overall culture of trust and values. When a company’s ethos is embedded in the woodwork, employees can see the ultimate goal and how they fit into the plan. They are less likely to carry out activities with the sole purpose of benefitting themselves and potentially placing the organisation’s reputation at risk in the process. Similarly, it also encourages them to speak up when they see flaws or questionable activity. 

Ultimately, businesses can no longer take the stance that compliance with regulations is enough. It’s those that can prove that they are exceeding legal requirements, as well as wider consumer expectations, which are the ones that will increase influence and market share.

Written by, John Palmiero, SVP of EMEA at MetricStream

Categories: Articles, Logistics

Discover Our Awards.

See Awards

You Might Also Like