Accepting and reviewing complaints from anyone i.e. members of the public | Accountability culture |
Anonymous feedback | Audit trails – digital records that capture everything that happens on systems |
Authorization and authentication – limited number of people who can access systems and resources | Clear roles and responsibilities |
Clearly defined decision authority that always falls to a named person | Code of conduct |
Compliance audits | Compliance management |
Continuous monitoring | Decision rationales |
Disciplinary action | Disciplinary policy |
Escalation processes | Governance bodies |
Incident reporting | Independent review |
Internal controls e.g. approval processes | Managing low performance |
Monitoring systems | Non-compliance reporting |
Oversight boards | Peer review |
Performance goals | Performance management process |
Policy enforcement | Record keeping |
Red flag system | Remedial measures |
Responsibility documentation e.g. RACI matrix | Risk assessments |
Risk management processes | Separation of duties |
Stakeholder feedback | The principle that accountability can’t be delegated |
Transparency processes | Whistleblower programs |
5-whys
A train crashed.
Why?
The locomotive engineer was going too fast.
Why?
The locomotive engineer was under pressure to meet a schedule.
Why?
The operations team is often missing deadlines and is under pressure to improve.
Why?
Executive management has been underinvesting in systems and infrastructure for more than a decade such that the firm has serious capacity and reliability issues.
