Compliance professionals are constantly looking for ways to improve the speakup culture in their organizations. Today let’s look at an example of how difficult that task can be, courtesy of the U.S. Army and a recent audit of its efforts to encourage reporting of sexual assaults.
The Government Accountability Office performed the audit and published its findings last week. The GAO found that despite the Army having policies and procedures meant to prevent and respond to incidents of sexual harassment and assault, the implementation of those policies and procedures is a confusing and disjointed mess. Even worse, longstanding efforts to consolidate those policies into a single, clear process have been thwarted by other, competing priorities.
The result: everyone wants to do something to improve the scourge of sexual harassment and assault, but the Army is too big to get out of its own way and achieve that goal.
That sort of dysfunction is probably quite familiar to most of us here in the corporate world. Indeed, one reason I like to read GAO reports about the military is that they capture so much of what’s wrong with large organizations today. Whatever challenges you have with your own corporate culture, rest assured: the Defense Department has all those same challenges in spades.
So let’s take a close look at this report and see what lessons can apply in the corporate sector.
First, the Background
The Army’s effort to curb sexual assault is known as the Sexual Harassment/Assault Response and Prevention (SHARP) program. SHARP has been around since the mid-2000s, with middling amounts of success. On one hand, reports of sexual harassment rose more than 90 percent from 2016 to 2021, and reports of sexual assault more than doubled from 1,248 in 2007 to 2,530 in 2020. So reporting is up, right?
Well, not so fast. On the other hand, Defense Department surveys of active-duty soldiers estimates that some 40,000 men and women (mostly women) were harassed and 6,700 were assaulted in 2018, the most recent year with data available. So reports of harassment and assault are vastly under-reported.
This should all sound familiar to corporate compliance officers so far. You know that a certain amount of harassment (or fraud, or corruption, or other misconduct) exists in your organization; but the reports you receive are less than whatever the true level is. There are still blockages somewhere along the line: flawed policies, poor leadership, a culture of silence, faulting reporting mechanisms, or some other problem.
The Army’s problems all came to an awful head at the end of 2020, when it fired or suspended 14 officers at Fort Hood, Texas, for various leadership failures related to pervasive sexual assault problems on the base. The worst was the case of Specialist Vanessa Guillén, who disappeared in April of that year. She had been murdered by a fellow soldier, who killed himself in June after he escaped Army investigators taking him into custody.
Those failures led to calls for the GAO to audit why SHARP has been so ineffective for so long. Which brings us to the audit findings released last week.
Four Failures of Policy Implementation
The GAO flagged four specific ways that the SHARP program, and the Army’s policies against sexual harassment and assault generally, are coming up short.
- First, Army SHARP policy is disjointed. That is, key provisions are spread across multiple Army regulations, directives, and memoranda, which has created confusion for commanders and SHARP personnel, and aspects of the policy are unclear.
- Second, Army policy doesn’t fully align with Defense Department policy in some areas, such as sexual assault victims’ access to installation commanders.
- Third, contrary to Defense Department and Army policy, sexual response assault coordinators have inconsistent access to commanders.
- Fourth, while the Defense Department and the Army have developed resources to assist commanders in implementing their SHARP programs, commanders aren’t consistently aware of these resources or where to find them.
At an abstract level, we can say the Army had flaws in policy management (points 1 and 2, above), flaws in reporting mechanisms (point 3), and flaws in training and communication (point 4). If compliance officers want to gut-check your own speakup culture, you could start by asking, “Do we have problems like that here?”
More specifically, you could ask:
Do we have conflicting policy statements about [Insert Misconduct Here] in various operating units or parts of the enterprise? That can happen quite a lot in large, sprawling enterprises such as a multi-national company or a highly acquisitive business that hasn’t integrated its many operating units. This dysfunction speaks to the need for strong policy management tools; and for policies that are simple, clear, and tied to the organization’s ethical values.
Have we fully empowered gatekeepers to assist in escalating misconduct to the right senior managers? That was the fundamental issue with the Army’s sexual response assault coordinators not having access to base commanders. Here in the corporate world, it would be akin to local HR leaders not allowed to report allegations of harassment to central headquarters; or in-country compliance officers not allowed to report allegations of corruption to the chief compliance officer or audit committee.
To address that problem, you would need to give the gatekeeper unfettered access in both policy and practice. So revisit your compliance policy manual to assure the policies are clear; and perhaps offer your gatekeepers an anonymous survey that asks: can you really report serious misconduct to the proper senior executives?
Have we communicated our resources and expectations to First Line managers? That was the issue in the fourth point, above: commanders weren’t always familiar with how they could work with the SHARP program to investigate allegations of assault.
Corporate compliance programs could try to overcome such obstacles in several ways. Certainly you could develop training and executive communications geared specifically for First Line managers, rather than rely on broad-based compliance training issued to all employees. This weakness also seems tailor made for compliance ambassadors, who could help to explain to local First Line managers how the compliance function can help them avoid trouble.
Let’s Not Forget Culture
Despite these various policy management shortcomings, let’s not ignore corporate culture, either. That came to light in the Fort Hood investigation from 2020, which squarely faulted senior leaders for simply not caring all that much about sexual assault allegations. One damning paragraph from that 2020 report:
This dearth of command emphasis on the SHARP Program allowed form to pervasively supersede substance across the installation… The end result has been a SHARP Program that appeared to be compliant on the surface, but was hollow and lacking in leadership attention, day-to-day implementation, broad acceptance by the enlisted soldiers, and full inculcation into the culture and character of the Fort Hood community.
Compliance officers should heed the warning in that message. Senior officers weren’t invested in the objective of changing the culture — and without that commitment, the SHARP program only responded to specific incidents that arose. The officers never used SHARP to its full potential, as a lever that could drive changes in the overall culture.
That, unfortunately, might sound familiar to lots of corporate compliance officers too.