My thoughts on developing an integrity standard

Below are some of the ideas I discussed while on a panel during a recent international meeting on integrity in development aid. The question posed to the panel was whether or not we should support the development of a global integrity standard in our industry. As all the other speakers felt it would be an advisable avenue to develop such a standard, I felt I had to take the other side, if only for the sake of argument. While developing my arguments, it turned out my position was a bit more nuanced than just a yes or no. I ended up covering both sides of the argument. I want to share the ideas I discussed in that forum here, because I believe they represent one point of view in a very complex and sensitive given: integrity breaches, including fraud and corruption, in development aid.

Why I would appreciate an global integrity standard for development aid

First and foremost, I am an internal auditor. As an internal auditor, I like standards because the existence and the application of a standard means I have a reference, a baseline I can hold people accountable to. Of course, as it concerns a standard, it is a rather wide frame of reference, that can be interpreted by different people in very different ways. Herein lies one of the key issues with standards.

But why I don’t believe a global integrity standard is the actual solution

Corruption is like a natural disaster, and should not become a guilt trip

First, if corruption occurs in an intervention, the team or the entire agency under whose watch the issue occurred feels “guilty” or at least “responsible”. Whenever corruption is discovered in an intervention, government donors and agencies feel responsible for the less than optimal use of the public means under their responsibility. In such a situation, it’s interesting to see even the most seasoned of development practitioners almost immediately slide into fight or flight. Such a response is a natural reaction to the trigger of abused funds and trust, but not one that will help solve the underlying issue.

Donors’ and agencies’ main responsibility in combating development aid breaches should be evolutionary rather than revolutionary in nature … it is highly unlikely we will be able to eliminate integrity transgressions overnight, by agreeing on a standard. But by iterating fast, by making the effort, again and again, to identify and actively go after these transgressions, we are in effect doing what we are supposed to do. Our responsibility and a sane, practicable interpretation of “zero tolerance” regarding corruption in development aid is to prevent where possible and to detect, again and again, and when detected, to mitigate aggressively within the confines of the legal frameworks, as completely and as consistently as possible. This is not only a learning experience for us, it is one for those transgressing the ethical boundaries as well. Only over longer term will this lead to prevention. Our detection teaches us lessons on how to make the net better and better, more specific and more nuanced as we go through iterations.

Don’t get me wrong, this is not about condoning integrity transgressions at all. This is about recognizing that not wanting integrity issues and not having integrity issues are two very different things. Wishes do not become reality when we want them to. An integrity standard may ultimately be more a reflection of a wish than a reality.

We need to look at corruption a bit more like a natural disaster and less like a guilt issue. While integrity breaches and corruption don’t necessarily cause the often massive loss of life a natural disaster can cause, it’s impact, if left unchecked, should not be underestimated … integrity issues kill people as well, even if only indirectly. Much like a natural disaster, we know there is a real risk of being exposed to integrity breaches. we just don’t know when and where they will occur, nor what form they will take. If we’ve been good students, if we have exercised due diligence, we will have closed previous gaps. Just like in the case of a natural disaster, we have an important responsibility to try and avoid causing it. That is prevention. We also need to have adequate early warning systems and supporting communication in place. That is detection. And once it hits and we detect its occurrence, we need to react fast and thoroughly. That is mitigation.

A standard just does not provide enough of a detailed framework to ensure all of this is present or being put in place.

A standard does not address the key message about corruption: it exists

Donors and agencies alike need to explicitly recognize the risk of corruption in their interventions. In many programs, recognition of the existence of an issue is a first step. A necessary first step. The problem is that while integrity issues and corruption are a hard reality of the business we are in, that risk is often lost in the transition from donor concept to agency project when initially passed from the donor to an agency or an NGO.

This to me is still the most scary part of any risk … quite often, with hindsight, we realize we could have and maybe even should have known the risk had a significant likelihood of occurrence. Of course hindsight is 20/20. Still, inadequate risk management often translates to inadequate knowledge management, especially across organizational boundaries. We cannot just content ourselves with calling it someone else’s problem. Integrity breaches such as corruption will not go away if we ignore them.

There is of course another side to this coin. Whenever the issues become clear, the solutions often become apparent. Acknowledging a type of problem exists and understanding it in depth often results in having to spend a lot less time in solving it. Enough eyeballs put on a problem make all problems shallow, as Eric Raymond has stated. But that brings us to the next point.

A standard is not an set of operational requirements

A standard is a norm for comparative evaluation, but it is not a guidebook on dealing with integrity breaches nor a set of operational requirements that need to be put in place to combat the occurrence of such. A standard is just a point of reference, a high level baseline.

But anti-corruption measures need to be implementable from an operational point of view. Such an deep integration of anti-corruption measures in daily operational processes is essential because otherwise the necessary safe guards will be discarded when under pressure in a process. In other words, when under pressure, if we are not forced to care, we most likely will not care, especially if the issue is not immediately visible.

With pressure in a process or a project comes focus. That is often a good thing, because results get realized because of focus. However, focus also means discarding those signals that are not directly germane to the subject at hand. If as a project owner I am not forced to go through a certain set of steps which will allow me to make possible integrity breaches visible, my focus while under pressure will effectively prevent me from doing this.

As a standard provides inadequate obligations for operational integration, I believe it will simply not suffice. A set of operational requirements, on the contrary, will. On their own, they will likely not suffice. The solutions for integrity breaches need to be integrated across the programs and projects, otherwise we will only have silo solutions. Hence, in order to be truly effective, the requirements need to be applied both sideways and downwards in a project , spanning all aspects of a project as well as its implementors and partners: in other words, our ethics related solutions need to make all parties involved responsible for dealing with ethical breaches.

Standards provide no longitudinal data

Policy is one thing, but policy needs to be monitored. Monitoring data points need to be established and monitoring systems need to be built. Because that is really the only way to jointly learn from all the mistakes we’re likely to make.

Monitoring needs to happen at the level of individual incidents and accidents, ideally with lessons learned shared across the parties involved in the project or program. This data can the be fed into new projects.

Through data gathering and trend analysis we will be able to focus on the development of more and more detailed set of practical implementation solutions: this is an iterative process, not a one shot realization, as I stated before.

Standards provide no whistleblower protection

This final point is perhaps one of my most pressing concerns. If we want ethical frameworks to succeed, we we need to ensure adequate whistle blower protection: these people feel very alone and if we cannot provide them with safe haven, we should not ask them to come forward to begin with. We need to ensure there are systems are in place to take care of them. A lot of regulations already exist, but need to be signed and applied everywhere.

In conclusion

While I believe the initiative to develop a global integrity standard has merit, I fear it does not go far enough as it is not a truly operational tool, but just an expression of intent. On the other hand, I believe the standards process may prove to be too unwieldy for the results we are after: not an expression of intent, but a solution to one of the most important reputation risks in our business.

And in all of this, not only the view, but also the vantage point needs to be kept in mind. I come not from the policy side, but from the side of operational internal audit.