1. Risk Analysis
Starting one’s own business without disclosure to the employer The case study reveals a situation where corporate rules of conduct are breached by a Medical Director who sets up his own business. In companies with a strong organisational culture, there are policies regarding the possibility of setting up a private business parallel to the responsibilities of the employees exactly in their capacity as employees. In some cases, all those who intend to start their own businesses in parallel with the activities under the employment contract have to inform the direct manager. In other cases, this is strictly forbidden because it is considered an opportunity for misbehaviour. The situation described in the case study informs us that the Medical Director of Health MD did not disclose the set-up of his own business to the company management.
Inappropriate use of the employer’s assets for his/her own business There is also a second breach of general business ethics standards. This consists in the circumvention of informing and obtaining the permission from the appropriate manager of Health MD before using the company’s assets for his own business purposes by the Medical Director. The use of any information, company papers, programs and sales data from the company for private interests may be allowed only with the approval of the direct manager but the Medical Director did not proceed in the direction of obtaining the necessary internal approvals before using the assets of the company.
2. Measures for Protecting the Company
To avoid further conflicts of interest, understood as violations of the company’s rules, minimum requirements relating to specific processes must be implemented.
These processes need to include periodical reinforcement of the Code of Ethics, trainings on Ethics and Compliance policies, workshops with applied case studies, establishment of specific processes for each employee to inform the supervisor when he/she intends to set up his/her own business.
Another measure to be implemented would be the following: to document the permission of using the company’s property. This works as a deterrence measure, preventing any misuse of the company’s property by making people ask themselves ‘what if someone finds out’, but also as a form of internal proof when the company needs to analyse a potential breach of the company’s policies and procedures.