Measure the levers that have the most impact on misconduct and develop a strong, effective compliance program.
- Gartner client? Log in for personalized search results.
Why a culture of compliance is more critical than ever for chief compliance and ethics officers (CCEOs)
The costs of failing to identify and mitigate systemic culture and programmatic issues are high — and rising. The SEC awarded hundreds of millions of dollars to whistleblowers in 2024 alone. In cases of pervasive misconduct, impacts verge on catastrophic. Companies with the strongest ethical cultures achieve business results 2.3x better than their peers — yet only 37% of compliance leaders are confident in their ability to evaluate their compliance program’s effectiveness. Amid these high stakes, compliance leaders must build the capacity to identify misconduct risk and pinpoint the most impactful strategies for promoting ethical behavior.
Create a culture of compliance through effective surveys
Use the following guidelines in your surveys to surface and respond to misconduct while gauging compliance program effectiveness.
Measure employees’ perception of culture
Traditional definitions of culture often conflate culture with its drivers and outcomes. This makes it hard to understand how culture impacts employee behavior or how to improve it — and makes a culture of compliance hard to measure.
Gartner defines culture as “the unstated ethical and compliance expectations that employees feel from their colleagues.” This definition has a proven impact on misconduct.
Two metrics of culture can effectively measure an organization’s ethical and compliance expectations: the extent to which the company’s unwritten rules support its compliance and ethics goals, and the extent to which behaviors that employees consider acceptable align with the company’s compliance and ethics policies.
Measure drivers of culture
Three drivers shape the expectations around a culture of compliance:
Positive ethical behavior measures what employees see and hear from colleagues about compliance. It creates a mental framework for employees of acceptable, positive behaviors — such as acting with integrity and transparency, showcasing trust and accountability, and diligently complying with policies.
Perceived ethical commitment goes beyond visible behaviors, measuring how much employees believe their peers genuinely care about compliance and ethics. If employees think their colleagues are not truly committed to ethics, they are more likely to believe that unethical choices will be overlooked.
Corporate ethical identity measures how employees perceive the ethics of their organization. If employees believe they work for an unethical company, they are more likely to justify their own unethical behavior and assume they can get away with it.
Focusing survey questions on cultural drivers of employee compliance will help surface the root cause of misconduct and enable more effective interventions.
Measure compliance quality standards
The real goal of any culture of compliance program is reducing misconduct. But while culture impacts rationalization and malice, 87% of employees struggle with uncertainty around how to comply. Implementing quality standards — documented principles used consistently to guide employee-facing compliance activities — minimizes that uncertainty.
Quality standards promote positive behavior and reduce compliance risk. They can be broadly divided into three themes: promoting employee understanding of compliance obligations, reducing employee effort to comply, and highlighting the personal value of complying.
Measure employees’ observation of misconduct
Employees in organizations with a weak culture of compliance often do not report misconduct when they see it. One-third of employees cite fear of reprisal as the reason.
To assess whether culture and quality standards have an impact on reducing misconduct and encouraging reporting, ask employees about their observations of misconduct. These observations can help with gauging your program’s efficacy in mitigating misconduct. Compare the results with the number of violations actually reported to compliance and those uncovered by audit. This can give insights into whether the culture promotes a proactive speak-up environment where reporters are not afraid of retaliation.
Culture of compliance FAQs
What are the key challenges around building a culture of compliance?
Compliance leaders face challenges in driving employees’ willingness to report misconduct, implementing effective investigation processes at scale, and finding impactful ways to promote ethical behavior companywide.
What are the benefits of a culture of compliance?
Having a strong culture of compliance — one that identifies and mitigates misconduct before it becomes systemic — can save an organization billions of dollars in government fines, private actions and class action lawsuits.
What is the most common situation leading to noncompliance?
There are three potential causes of noncompliance: uncertainty, rationalization and malice. Out of the three, uncertainty is the most common situation that employees encounter. Nearly nine in 10 employees report feeling uncertain about their ability to fulfill compliance obligations at least once.
Attend a Conference
Join Gartner experts and your peers to accelerate growth
Gather alongside fellow leaders on September 8–9 in Grapevine, TX to gain insight on emerging trends, receive one-on-one guidance from Gartner experts and create a strategy to tackle your priorities head-on.
8 – 9 Sep 2025
Gartner Enterprise Risk, Audit & Compliance Conference
Grapevine, TX
Drive stronger performance on your mission-critical priorities.