Good Anti-Corruption Practices in Defence Companies

June 2013

Raising the bar Good anti-corruption practices in defence companies

Part II: 104 Examples of good practice “Those defence companies that do take corruption risk seriously have the chance to be seen by their government clients as better companies with which to do business. As governments toughen their attitudes towards corruption, having a reputation for zero tolerance of corruption will be a distinguishing asset for a defence company.”

The Rt Hon Lord Robertson of Port Ellen KT GCMG honFRSE PC, Former Secretary General of NATO June 2013

Raising the bar Good anti-corruption practices in defence companies

Part II: 104 Examples of good practice Contents

Introduction 1 I. Leadership, governance & organisation 2

A1: Public leadership statement against corruption 3 A2: External - Facing leadership commitment against corruption 5 A3: Internal - Facing leadership commitment against corruption 8 A4: Company statement of values 11 A5: Membership of initiatives that promote anti-corruption/business ethics 15 A6: Board committee/individual responsible for anti-corruption programme 16 A7: Senior individual responsible for anti-corruption programme 17 A8: Regular monitoring and evaluation of the anti-corruption programme 19 A9: Regular review and update of anti-corruption programme 29

II. Risk management 32

A10: Corruption risk assessment 33 A11:Due diligence on agents 37 A12: Contractual and processes to monitor and audit agents 38 A13: Policy and contractual terms for subcontractors and suppliers 39

III. Company policies & codes 44

A15: Anti-corruption policy 45 A16: Zero tolerance to corruption 48 A17: Easily accessible anti-corruption policy 50 A18: Anti-corruption policy that applies to all employees 53 A19: Anti-corruption policy that applies to all senior executives and Board 54 A20: Conflicts of interest policy 56 A21: Gifts policy 61 A22: Hospitality policy 62 A23: Facilitation payments 67 A24: Political contributions 69 A25: Lobbying 72 IV. Training 74

A26: Written guidance on anti-corruption programme 75 A27: Anti-corruption training programme 78 A28: Anti-corruption training programme provided in all countries 81 A29: Anti-corruption training provided to senior executives and Board 83 A30: Anti-corruption training provided to employees most at risk 85

V. Personnel & helplines 87

A31: Reporting on conflicts of interest 88 A32: Disciplinary procedures 91 A33: Well-publicised whistle-blowing hotlines 93 A34: Well-publicised resources to seek advice 96 A35: Non-retaliation policy 100

Introduction

This report is Part II to the Transparency Most examples of good practice are in International UK report ‘Raising the bar: the public domain. Where the good Good anti-corruption practices in practice is from non-published, internal defence companies’. company information, we have asked and received the company’s permission to It puts forward 104 examples of good reproduce extracts here. defence industry practice, based on the 34 questions in the Defence Companies We have extracted good practice Anti-Corruption Index (CI) which was examples from as wide a range of published in October 2012. companies in as many different environments as possible. Nonetheless, Our objective is to help raise anti- those scoring in higher bands are naturally corruption standards in the defence sector the ones with the better practice, so they worldwide by publishing examples of what will appear more often. we regard is good practice and to show defence companies what their peers are This report and all the examples found doing. within are organised by question and available online at http://companies. The responses to the 34 questions in defenceindex.org/good-practice. the Index were aggregated into five “pillar areas”: leadership, governance, & organisation; risk management; company policies & codes; training; personnel & helplines. The diagram below shows these pillars and the main elements that comprise each of them:

1 I. Leadership, governance & organisation

A1 PUBLIC LEADERSHIP STATEMENT AGAINST

CORRUPTION SELECT GOOD PRACTICE Based on public information: 20% (26 out of 129) companies scored 2 out EXAMPLES of 2

Based on public and internal information: 50% (17 out of 34) companies Bechtel scored 2 out of 2 PUBLIC Code of Conduct, p. 5-6 “Of course, ethics for us is a business QUESTION: imperative. People hire us because Does the company publish a statement from the Chief Executive Officer or they trust us. That trust has been the Chair of the Board supporting the anti-corruption principles of the earned over many decades and must company? be earned again every day for everything we do. In my view, clients trust us because ethics is the GUIDANCE NOTES: foundation for what we do and who The assessor is looking for evidence of the strength of the company’s external we are. It always has been. Doing the commitment to its anti-corruption principles through public statements from its right thing, and putting that above all leadership as opposed to, for example, internally published, non-public else is what drives Bechtel and our statements. The criteria for this question has been tightened following values, business decisions, and consistency checks. The reasons for doing this were: i) many cases where the success. statement is formalistic and/or compliance focused; ii) cases where the Ethics isn’t just about words, or paper, statement discusses business values without specifically addressing or “tone.” Too often people treat commitment against corruption; iii) cases where the statement does discuss the ethics as a compliance matter rather company’s ethics programme, but on inspection this programme has no than a much broader standard of significant anti-corruption element based on publicly available information. behaviour. As many of the headlines have shown over the past two decades, you can have world class SCORING CRITERIA: compliance programs, codes of 2: The CEO / Chairperson issues a statement supporting its strong conduct, and speeches by stance against corruption specifically. Alternatively the CEO / management that deliver all the right Chairperson makes several strong statements that promote the whole messages. The “tone from the top” ethics programme, under which it is clear that anti-corruption is a can be perfect — but the business significant component (as judged by review of the company’s ethics and its ethics can still be corrupt. and anti-corruption policies). While I believe we have an incredible 0: There is no apparent support or there are only minor statements, for commitment to ethics — it is in our example a preface or introduction to the Code of Ethics or without the DNA — to be effective, this signature of the CEO. commitment must be backed up every day by “actions.” That means delivering appropriate consequences, both positive and negative; and doing so consistently over time. This is what I mean by “Ethics in Action.” To fail to deliver consequences or to deliver the wrong ones undermines the commitment and the trust in it by employees and others. To use an overused cliché: “actions speak louder than words.”

3 COMPANIES WHICH SCORED 2: At Bechtel — there is zero tolerance Northrop Grumman towards ethical violations. There has PUBLIC never been a doubt about this in my BASED ON PUBLIC INFORMATION: mind.” Code of Ethics

'A flawless reputation for integrity ACCENTURE requires the awareness and ALLIANT TECHSYSTEMS (ATK) Fluor involvement of every employee. We BAE SYSTEMS PUBLIC must never forget that a single act can BECHTEL CORPORATION Preface to the Sustainability Report, destroy years of effort, and even the CACI INTERNATIONAL signed by David Seaton perception of an ethical lapse can be DAY & ZIMMERMANN as damaging as the real thing. Our DYNCORP INTERNATIONAL "I am particularly proud that Fluor continues to be a leader in the Standards of Business Conduct equip FLUOR CORPORATION us with the information we need to GENERAL DYNAMICS elimination or reduction of corrupt business practices. As stakeholders ensure uninterrupted ethical behavior CORPORATION across the enterprise, and to guide us GOODRICH CORPORATION well know, Fluor was a founder of the WEF's PACI in 2004. We continue to should corrective steps need to be JACOBS ENGINEERING taken.' KBR INC. provide important leadership to PACI KONGSBERG GRUPPEN ASA as well as to the WEF's Global Agenda MEGGITT Council on Corruption." 2010 Corporate Social Responsibility NEC CORPORATION Report NORTHROP GRUMMAN Jacobs Engineering ‘In 2010, the men and women of CORPORATION PUBLIC Northrop Grumman committed to RAYTHEON COMPANY provide sustainable performance ROCKWELL COLLINS Company website improvement for our stakeholders, SAAB AB “Corruption issues aren’t always including shareholders, customers, SAIC clear-cut, but our zero-tolerance employees and the communities SERCO GROUP approach to them is”. where we live and operate. We are TEXTRON --Craig Martin, President & CEO measuring our performance against THALES S.A. our defense industry peers as well as THYSSENKRUPP AG Kongsberg against broader industry standards. TOGNUM This report provides an overview of UNITED TECHNOLOGIES PUBLIC our performance. CORPORATION CSR 2010: A key element in achieving our 'The Group operates predominantly performance goals is to do so with a within the defence, offshore oil and strong focus on absolute integrity and gas and maritime segments. Parts of attention to our core values’ the international market for defence BASED ON PUBLIC + INTERNAL materiel and oil and gas equipment INFORMATION: are alleged to be among the worst in ThyssenKrupp AG the world as regards corruption. This PUBLIC BAE SYSTEMS is a fact that we acknowledge, and it BECHTEL CORPORATION http://www.thyssenkrupp.com/en/kon requires even more of us, our zern/commitment.html DAY & ZIMMERMANN regulatory framework, our compliance DYNCORP INTERNATIONA and our conduct. In 2010, we revised 'Corruption and antitrust violations FLUOR CORPORATION our corporate Code of Ethics and threaten these success factors and JACOBS ENGINEERING worked systematically on our anti- will not be tolerated (zero tolerance). KBR INC. corruption programme. This takes first For us, bribes and cartel agreements KONGSBERG GRUPPEN ASA priority in our compliance programme, are not a means of winning business. MEGGITT and we invest considerable resources We would rather forgo a contract and NEC CORPORATION in training, attitude-shaping efforts fail to reach internal goals than act RAYTHEON COMPANY and preventative procedures.' against the law'. ROCKWELL COLLINS SAAB AB SAIC SERCO GROUP THYSSENKRUPP AG

TOGNUM

A2 EXTERNAL-FACING LEADERSHIP COMMITMENT

AGAINST CORRUPTION SELECT GOOD PRACTICE EXAMPLES Based on public information: 10% (13 out of 129) companies scored 2 out of 2

Based on public and internal information: 26% (9 out of 34) companies Accenture scored 2 out of 2 PUBLIC

Noted from UNGC COP Supplement: "In January 2008, our chairman & QUESTION: CEO signed a Letter of Commitment to Does the company’s Chief Executive Officer or the Chair of the Board the Secretary-General of the United demonstrate a strong personal, external facing commitment to the anti- Nations, expressing Accenture’s corruption principles of the company? support for the Global Compact and its principles. Building on that, as noted

above, in July 2008, our chairman & GUIDANCE NOTES: CEO signed a commitment supporting The assessor is looking for evidence of the level of personal commitment of the the PACI Principles for Countering company’s leadership to its anti-corruption principles through, for example, Bribery, including a commitment to public speeches and interviews, personal involvement with industry anti- embrace a zero-tolerance policy corruption initiatives, etc. towards bribery and to develop a practical and effective implementation

program." SCORING CRITERIA: In addition, in the past year, our 2: The CEO / chairperson demonstrates an active external engagement international chairman, who works in anti-corruption matters. closely with our business operating 1: There is evidence of such engagement though this is either delegated group chief executives in strategic or only occasional. growth countries, agreed to serve as the anticorruption compliance 0: There is little to no engagement apparent. ambassador to the businesses operating groups. In this role, the international chairman will further flow-down the importance of

anticorruption compliance from the Legal group to the business operating

groups through awareness messaging and inclusion of anticorruption

compliance considerations in business decision making processes."

Fluor

PUBLIC

2009, Alan Boeckmann, Chairman

and Chief Executive Officer, Fluor Corporation, USA

http://www.weforum.org/pdf/gac/next

_steps.pdf

First, and most important, the CEO must lend his or her imprimatur to a

zero tolerance policy against corruption. She or he must lead by

creating a culture where everyone knows that it is okay to do the right

thing, even when that might mean losing money.

5 COMPANIES WHICH SCORED 2: Fluor has walked away from sponsored the Intercollegiate Business multimillion dollar projects in countries Ethics Case Competition, held in where corruption is so institutionalized connection with the Ethics & that there is no other way to work. We Compliance Officer Association’s believe that the sacrifice of today’s annual conference. We continue to BASED ON PUBLIC INFORMATION: missed business opportunity is well sponsor the Raytheon Lecture on worth the long-term benefits of Business Ethics series at Bentley ACCENTURE creating a more level playing field. University, which provides a forum for BECHTEL CORPORATION And, it is this type of leadership respected CEOs and other leaders to CACI INTERNATIONAL behaviour that helps employees feel share insights on ethical business DAY & ZIMMERMANN safe in making equally “right” practices. In the international arena, FLUOR CORPORATION decisions in the face of corruption. we continue our active involvement MEGGITT Above all, those of us at the top of the with the Aerospace Industries of NORTHROP GRUMMAN organization must set an appropriate America and the Aerospace and CORPORATION example.” Defence Industries Association of RAYTHEON COMPANY Europe (AIA-ASD) on the Global ROCKWELL COLLINS Principles of Ethical Business Conduct THALES S.A. Lockheed Martin for the Aerospace & Defense Industry THYSSENKRUPP AG PUBLIC Initiative, and have made EADS http://www.dii.org/our-companies/dii- presentations on a variety of topics at LOCKHEED MARTIN steering-committee/ AIA-ASD “best practice” forums in Berlin, Germany and Washington, D.C. http://uk.reuters.com/article/2011/09/ 09/us-aero-arms-summit-bribery- idUKTRE78876G20110909 Thales PUBLIC Lockheed Martin's CEO Robert Corporate Social Responsibility Report BASED ON PUBLIC + INTERNAL Stevens is on the DII steering 2011, p.3 INFORMATION: committee. "Is that why you were directly involved ‘Robert Stevens, chief executive of in the G20 Summit? BECHTEL CORPORATION Lockheed Martin Corp (LMT.N), said LV: Yes it is. I was invited by the DAY & ZIMMERMANN each of the company's 126,000 FLUOR CORPORATION French employers’ confederation employees, and every member of the (Medef) to be the spokesperson for the MEGGITT company's board of directors, RAYTHEON COMPANY Anti-Corruption prevention working received in-depth ethics training once group and to speak on behalf of ROCKWELL COLLINS a year. SAAB AB entrepreneurs throughout the world. THYSSENKRUPP AG "We can afford to lose a program ... I accepted because I believe the G20 LOCKHEED MARTIN we can't afford to lose our reputation," countries need to put pressure on the Stevens said, underscoring the long- other countries to speed up the lasting impact or "half-life of an ethical process of ratifying the OECD violation." Convention, and also because I believe "We make it clear ... (that) one responsible companies should get the employee can destroy for years the recognition they deserve, particularly through explicit provisions in public reputations of 100,000-plus employees," he said.’ procurement policies."

International anti-corruption conference, Dominique Lamoureux is Raytheon a repeated panellist and Vice PUBLIC President Ethics & Corporate

Corporate Responsibility Report 2010 Responsibility. 5th Annual European Forum on Anti-Corruption, Dominique “Our ethics program also reaches Lamoureux, Munich, January 25th, beyond the company in promoting 2012: Preventing Corruption and ethical business conduct. We are Extortion Pitfalls - slides 6-7 onwards active participants in the Defense presenting the company's stance and Industry Initiative on Business Ethics engagement to anti-corruption and Conduct and also provide financial measures. and professional support to the Ethics Resource Center. In 2010, we

6 LOGIN, the Magazine for Thales employees worldwide, Q1, 2012, p. 12

Enabling the Future: At the G20 Leaders' Summit in Cannes in November 2012, Luc Vigneron, Chairman & CEO, and Dominique Lamoureux, VP, Ethics and Corporate Responsibility, reaffirmed the Group's commitment to establishing a level playing field in international trade. p. 14: For Luc Vigneron, this is one of the most effective ways to combat corruption today. "The G20 governments have to support innovative approaches adopted proactively by individual sectors of industry. [...] Only this type of approach can ensure a level playing field for competing economic actors who have implemented strict compliance processes and authentic integrity programmes.”

A4 COMPANY STATEMENT OF VALUES OR PRINCIPLES

REPRESENTING HIGH STANDARDS OF BUSINESS CONDUCT TRANSPARENCY, OPENNESS, INTEGRITY SELECT GOOD PRACTICE EXAMPLES Based on public information: 22% (29 out of 129) companies scored 2 out of 2 INDRA Based on public and internal information: 56% (19 out of 34) companies scored 2 out of 2 PUBLIC

Indra’s Work Principles (see annex) QUESTION: Does the company publish a statement of values or principles L3 Communications representing high standards of business conduct, including honesty, trust, transparency, openness, integrity? PUBLIC Code of Conduct p.2, Our Values GUIDANCE NOTES: “INTEGRITY The assessor is looking for evidence of the company’s commitment to high We demonstrate integrity by operating standards of business conduct through the publication of a clear statement of honestly and fairly. We apply our such values, beyond that of compliance-based legal statements. values and principles to our daily business activities and make sure our actions always reflect the highest level SCORING CRITERIA: of ethical conduct. We each take 2: The company publishes a statement of values representing high responsibility for knowing the laws and business standards and demonstrates that these are translated into regulations governing L-3 and company policies and codes. meeting the Company’s ethical standards" 1: The company publishes such a statement, but it does not go into sufficient depth by explaining what they mean by such values and why ACCOUNTABILITY they matter to the organisation. Accountability signals our ability to 0: No such statement has been found, or the company frames it using make and keep commitments. Our legal jargon for the purpose of compliance. reputation depends on our ability to reliably and consistently deliver on our promises and to earn and keep the trust of our customers, shareholders, fellow employees, and the community at large. RESPECT Acting with respect is fundamental to our strength as an organization. We treat customers, suppliers, outside parties, and one another with dignity, fairness and courtesy. We support an inclusive culture where diversity in people and perspective is valued. We cooperate across organizational boundaries, focusing on adding value and earning the trust of our teammates.

'The Group operates predominantly within the defence, offshore oil and gas and maritime segments. Parts of the international market for defence materiel and oil and gas equipment are alleged to be among the worst in the world as regards corruption. 11 COMPANIES WHICH SCORED 2: This is a fact that we acknowledge, our business. They are the basis for and it requires even more of us, our The Oshkosh Way, our code of ethics, regulatory framework, our compliance and for our Corporate Governance BASED ON PUBLIC INFORMATION: and our conduct. In 2010, we revised Guidelines. our corporate Code of Ethics and Honesty – We are always true to ACCENTURE worked systematically on our anti- others. We are truthful in all our ALION SCIENCE & TECHNOLOGY corruption programme. This takes first endeavors. We are honest and BABCOCK INTERNATIONAL GROUP priority in our compliance programme, forthright with everyone. We say what BAE SYSTEMS and we invest considerable resources we mean, and do what we say. BECHTEL CORPORATION in training, attitude-shaping efforts and preventative procedures.'” Integrity – We are true to ourselves, BOEING our own moral principles, and our CSC corporate values. We do the right FLUOR CORPORATION Oshkosh: thing even when nobody is watching. FUJITSU PUBLIC We make genuine promises, and our GENERAL ELECTRIC AVIATION actions to fulfill them are honorable. GORKY AUTOMOBILE PLANT The Oshkosh Way, p. 3/ p. 7 We stand for what is right. HEWLETT-PACKARD COMPANY “We build trust doing business The HINDUSTAN AERONAUTICS Accountability – We honor our Oshkosh Way – the kind that comes obligations and keep the commitments INDRA SISTEMAS S.A. only after decades of proven results. ITT EXELIS we make. We speak up and report That trust is hard-earned and easily concerns in the workplace without fear JACOBS ENGINEERING lost. We will keep it so long as we L3 COMMUNICATIONS HOLDINGS of retribution. We seek clarification continue to do the right thing, because and guidance whenever we have MEGGITT that is The Oshkosh Way. NORTHROP GRUMMAN questions. We don’t seek to blame,

CORPORATION but seek the truth to be able to OSHKOSH CORPORATION Along the way, we make choices every improve all that we do. QINETIQ GROUP day; choices that affect the reputation Respect – We treat others with RAYTHEON COMPANY of Oshkosh Corporation and reflect dignity and fairness. We are polite and ROCKWELL COLLINS upon all of us as individuals. And let’s courteous to one another under all SAIC face it, sometimes we find ourselves circumstances. We appreciate the SERCO GROUP in situations that make us a little diversity of our workforce and our TEXTRON uncomfortable – that make us stop world. We celebrate the uniqueness of THALES S.A. and think for a second. When you find each person. THYSSENKRUPP AG yourself in one of those gray areas of Citizenship – We obey the letter and VSE CORPORATION laws or ethics, just think of The spirit of all laws of all the countries Oshkosh Way. where we do business. We do our part In the end, it’s up to each of us to to make our communities, and our make sure we follow our policies and world, better places to live. We BASED ON PUBLIC + INTERNAL hold to our core values: Honesty, respect our environment.” INFORMATION: Integrity, Accountability, Respect and Citizenship. Thales BAE SYSTEMS Company's website: BECHTEL CORPORATION http://www.oshkoshcorporation.com/a PUBLIC BOEING bout/corporategovernance~auditdescr Code of Ethics: CSC iption.cfm DAY & ZIMMERMANN "continue to build Thales’s reputation DYNCORP INTERNATIONAL Oshkosh Corporation takes nothing for as a responsible, trustworthy FLUOR CORPORATION granted. Like the vehicles we produce, company" FUJITSU we hold our organization to the Corporate responsibility report: "It is GENERAL ELECTRIC AVIATION highest standards of performance. absolutely crucial for Thales to HEWLETT-PACKARD COMPANY That includes the comprehensive conduct every aspect of its business INDRA SISTEMAS S.A. policies and procedures that govern with complete integrity and JACOBS ENGINEERING the people of this company and how transparency and in accordance with MEGGITT we choose to conduct business. strict principles of ethical conduct. QINETIQ GROUP Oshkosh Corporation's values are clearly understood and internalized by The report confirms that the Group is RAYTHEON COMPANY resolutely engaged in an authentic ROCKWELL COLLINS all employees. Our five compass points of honesty, integrity, process of continuous improvement SAIC aimed at consolidating its relationships SERCO GROUP accountability, respect and citizenship have remained as the foundation of of trust and transparency with all its THYSSENKRUPP AG stakeholders." 12 "We can afford to lose a program ... LV: Yes it is. I was invited by the we can't afford to lose our reputation," French employers’ confederation Stevens said, underscoring the long- (Medef) to be the spokesperson for the lasting impact or "half-life of an ethical Anti-Corruption prevention working violation." group and to speak on behalf of entrepreneurs throughout the world. I accepted because I believe the G20 "We make it clear ... (that) one countries need to put pressure on the employee can destroy for years the other countries to speed up the reputations of 100,000-plus process of ratifying the OECD employees," he said.’ Convention, and also because I believe http://www.dii.org/our-companies/dii- responsible companies should get the steering-committee/ recognition they deserve, particularly http://uk.reuters.com/article/2011/09/ through explicit provisions in public procurement policies." 09/us-aero-arms-summit-bribery- idUKTRE78876G20110909 International anti-corruption

conference, Dominique Lamoreaux is a repeated panellist and Vice Raytheon President Ethics & Corporate PUBLIC Responsibility. 5th Annual European

Corporate Responsibility Report 2010 Forum on Anti-Corruption, Dominique Lamoureux, Munich, January 25th, “Our ethics program also reaches 2012: Preventing Corruption and beyond the company in promoting Extortion Pitfalls - slides 6-7 onwards ethical business conduct. We are presenting the company's stance and active participants in the Defense engagement to anti-corruption Industry Initiative on Business Ethics measures. and Conduct and also provide financial and professional support to the Ethics Resource Center. In 2010, we LOGIN, the Magazine for Thales sponsored the Intercollegiate Business employees worldwide , Q1, 2012, p. Ethics Case Competition, held in 12 connection with the Ethics & Enabling the Future: At the G20 Compliance Officer Association’s Leaders' Summit in Cannes in annual conference. We continue to November 20122, Luc Vigneron, sponsor the Raytheon Lecture on Chairman & CEO, and Dominque Business Ethics series at Bentley Lamoureux, VP, Ethics and Corporate University, which provides a forum for Responsibility, reaffirmed the Group's respected CEOs and other leaders to commitment to establishing a level share insights on ethical business playing field in international trade. practices. In the international arena, we continue our active involvement p. 14: For Luc Vigneron, this is one of the most effective ways to combat with the Aerospace Industries of America and the Aerospace and corruption today. "The G20 Defence Industries Association of governments have to support Europe (AIA-ASD) on the Global innovative approaches adopted proactively by individual sectors of Principles of Ethical Business Conduct for the Aerospace & Defense Industry industry. [...] Only this type of Initiative, and have made approach can ensure a level playing presentations on a variety of topics at field for competing economic actors who have implemented strict AIA-ASD “best practice” forums in Berlin, Germany and Washington, D.C. compliance processes and authentic integrity programmes.”

Thales

PUBLIC

Corporate Social Responsibility Report 2011, p.3 "Is that why you were directly involved in the G20 Summit? 13

ANNEX: INDRA’S WORK PRINCIPLES

A5 MEMBERSHIP OF INITIATIVES THAT PROMOTE

ANTI-CORRUPTION OR BUSINESS ETHICS

Based on public information: 43% (56 out of 129) companies scored 2 out SELECT GOOD PRACTICE of 2 EXAMPLES

Based on public and internal information: 91% (31 out of 34) companies scored 2 out of 2 TI-DSP found that nearly 45% of companies scored full marks. Amongst the various current anti- QUESTION: corruption initiatives, we point out membership of the IFBEC Does the company belong to a national or international initiative that (International Forum on Business promotes anti-corruption or business ethics with a significant focus on Ethical Conduct) initiative as a current anti-corruption? example of good practice.

GUIDANCE NOTES: The assessor is looking for evidence of involvement in national and international initiatives, examples of which include: Defense Industry Initiative (DII), International Forum on Business Ethical Conduct (IFBEC), World Economic Forum Partnering Against Corruption (PACI), International Chamber of Commerce (ICC), ASD Common Industry Standards (CIS), UN Global Compact, etc.

SCORING CRITERIA: 2: The company is a member of national or international initiative(s). 0: There is no evidence of membership of an anti-corruption or business ethics initiative.

A6 BOARD COMMITTEE OR INDIVIDUAL RESPONSIBLE FOR

ANTI-CORRUPTION PROGRAMME

SELECT GOOD PRACTICE Based on public information: 50% (65 out of 129) companies scored 2 out EXAMPLES

of 2

Based on public and internal information: 100% (34 out of 34) companies Good practice examples in response scored 2 out of 2 to this question have been aggregated with the answers to question A7 (next page).

QUESTION:

Has the company appointed a Board committee or individual Board member with overall corporate responsibility for its Integrity Building and Anti-Corruption (IBAC) policy and programme?

GUIDANCE NOTES: The assessor is looking for evidence of the Board’s direct responsibility to its ethics and compliance (IBAC) programme rather than delegation to lower management levels of the company.

SCORING CRITERIA:

2: The company has appointed a Board committee or a top level executive committee with overall corporate responsibility for its ethics and compliance (IBAC) policy and programme. In some companies, this may be the main Board. Alternatively, a Board level individual has been nominated to this role.

0: There is no evidence that the company has appointed such a Board committee or individual member.

A7 SENIOR INDIVIDUAL RESPONSIBLE FOR

IMPLEMENTING ANTI-CORRUPTION PROGRAMME SELECT GOOD PRACTICE Based on public information: 47% (60 out of 129) companies scored 2 out EXAMPLES of 2

Based on public and internal information: 97% (33 out of 34) companies Many companies had a clear scored 2 out of 2 responsible senior individual. The practices that TI-DSP views as a good example are observed across various companies that entrust the oversight responsibility over their ethics and QUESTION: compliance policies to the Board Has the company appointed a Board committee or individual Board (Individual Board member, Board level member with overall corporate responsibility for its Integrity Building and committee or an Ethics Council Anti-Corruption (IBAC) policy and programme? subordinate to the Board) with delegated operational responsibility to senior level, such as a General GUIDANCE NOTES: Counsel or a Chief Ethics/Compliance The assessor is looking for evidence of the Board’s direct responsibility to its officer who has a direct link to the ethics and compliance (IBAC) programme rather than delegation to lower CEO and the Board, and who has the management levels of the company. day-to-day responsibility of implementation the company’s anti-

corruption policy throughout the SCORING CRITERIA: company. Such organisational 2: The company has appointed a Board committee or a top level structure is envisaged to provide executive committee with overall corporate responsibility for its ethics transparency, good resources, sound and compliance (IBAC) policy and programme. In some companies, management and channels of this may be the main Board. Alternatively, a Board level individual has communication between the been nominated to this role. strategic/management level and the implementation level. 0: There is no evidence that the company has appointed such a Board committee or individual member.

COMPANIES WHICH SCORED 2:

BASED ON PUBLIC + INTERNAL BASED ON PUBLIC INFORMATION: INFORMATION:

AAR CORPORATION ITT EXELIS BAE SYSTEMS ACCENTURE KONGSBERG GRUPPEN ASA BECHTEL CORPORATION ALLIANT TECHSYSTEMS (ATK) L3 COMMUNICATIONS BOEING ALION SCIENCE & TECHNOLOGY HOLDINGS CHEMRING GROUP BABCOCK INTERNATIONAL GROUP LOCKHEED MARTIN CSC BAE SYSTEMS MANTECH INTERNATIONAL CUBIC CORPORATION BECHTEL CORPORATION MEGGITT DAEWOO SHIPBUILDING & MARINE BOEING MITSUBISHI HEAVY ENGINEERING BOOZ ALLEN HAMILTON INDUSTRIES DAY & ZIMMERMANN CACI INTERNATIONAL MTU AERO ENGINES GMBH DIEHL STIFTUNG & CO. K CAE NAMMO AS DYNCORP INTERNATIONAL CHEMRING GROUP NAVISTAR INTERNATIONAL FLIR SYSTEMS COBHAM CORPORATION FLUOR CORPORATION CSC NORTHROP GRUMMAN FUJITSU CUBIC CORPORATION CORPORATION GENERAL ELECTRIC AVIATION DASSAULT AVIATION OSHKOSH CORPORATION HARRIS CORPORATION DCNS S.A. QINETIQ GROUP HEWLETT-PACKARD COMPANY DENEL SOC RAFAEL ADVANCED HONEYWELL INTERNATIONAL DIEHL STIFTUNG & CO. KG DEFENSE SYSTEMS INDRA SISTEMAS S.A. DYNCORP INTERNATIONAL RAYTHEON COMPANY JACOBS ENGINEERING EADS RHEINMETALL AG KBR INC. EMBRAER S.A. ROLLS ROYCE KONGSBERG GRUPPEN ASA FINMECCANICA S.P.A. SAAB AB LOCKHEED MARTIN FLIR SYSTEMS SAIC MEGGITT FLUOR CORPORATION SAPURA GROUP MITSUBISHI HEAVY INDUSTRIES FUJITSU SERCO GROUP MTU AERO ENGINES GMBH GENERAL DYNAMICS CORPORATION TELEDYNE TECHNOLOGIES NEC CORPORATION GENERAL ELECTRIC AVIATION TEXTRON QINETIQ GROUP GKN THALES S.A. RAYTHEON COMPANY GOODRICH CORPORATION THYSSENKRUPP AG ROCKWELL COLLINS HARRIS CORPORATION TOGNUM SAAB AB HEWLETT-PACKARD COMPANY ULTRA ELECTRONICS SAIC HONEYWELL INTERNATIONAL HOLDINGS SERCO GROUP IHI MARINE UNITED TECHNOLOGIES THYSSENKRUPP AG INDRA SISTEMAS S.A. CORPORATION URS CORPORATION TOGNUM

A8 REGULAR MONITORING AND EVALUATION OF

THE ANTI-CORRUPTION PROGRAMME SELECT GOOD PRACTICE EXAMPLES Based on public information: 12% (16 out of 129) companies scored 2 out of 2 Accenture Based on public and internal information: 38% (13 out of 34) companies scored 2 out of 2 PUBLIC

UNGC COP Supplement: “We routinely monitor and audit our QUESTION: program to identify risks and potential Is there regular senior management monitoring and review of the violations and to assess compliance performance of the company’s Integrity Building and Anti-Corruption with our policies and procedures." (IBAC) programme?

"Our associate general counsel, GUIDANCE NOTES: compliance and regulatory matters The assessor is looking for evidence of a formal senior review process which meets monthly with Internal Audit addressed the full ethics and compliance (IBAC) programme and its associated leadership to review cases being processes, including evidence that such reviews are scheduled to occur investigated, to discuss audits regularly (ideally annually). conducted on behalf of the Ethics & Compliance organization and to

identify areas for collaboration. Our SCORING CRITERIA: Internal Audit group regularly audits 2: There is either a formal senior management review of the entire ethics not only our checks and balances and compliance (IBAC) programme, or the company commissions an referenced above, but also compliance external review of the same. This may be by the responsible Board with our anti-corruption policies and sub-committee, e.g. the Audit Committee, but if so it has to be clearly procedures through an annual global specified as a major review rather than continuous monitoring. audit and also through cyclical 1: There is regular review of some aspects of the programme, for geographic audits conducted on a example the Code of Conduct, but not the whole ethics and two-to-five-year cycle, depending on compliance (IBAC) programme. Alternatively there is review by the the risks in a specific country. In Audit Committee, but the scope for the review is more of a continuous 2010, we intend to update our internal monitoring than a major periodic review. Alternatively still, there is a audit plan to incorporate lessons major review but this is less often than once per annum. learned and recommendations from third party consultants related to 0: There is no evidence of a major review and only weak evidence of anticorruption compliance." regular monitoring.

http://www.accenture.com/Microsites/ corporate-citizenship-report- 2012/corporategovernance/Pages/zero- tolerance.aspx

“Monitoring and enforcement are integral to our corporate governance program. We have a publicly stated formal policy of zero tolerance for corruption or serious violations of our Code of Business Ethics.

COMPANIES WHICH SCORED 2:

This policy supports our commitment Audit Committee Charter to work against corruption in all its BASED ON PUBLIC INFORMATION: http://www.accenture.com/us- forms, including bribery and extortion. en/company/governance/committees/ We actively encourage reporting of ACCENTURE Pages/corporate-governance-audit- suspected Code violations through ALLIANT TECHSYSTEMS (ATK) committee.aspx multiple channels, including through BABCOCK INTERNATIONAL GROUP management, Human Resources, “Risk Management BAE SYSTEMS Legal and our 24/7 confidential DAY & ZIMMERMANN Business Ethics Line, all without fear DYNCORP INTERNATIONAL i. Discuss with management of retaliation. FINMECCANICA S.P.A. and the independent auditors the FLUOR CORPORATION As a global company, we Company’s guidelines and policies GENERAL DYNAMICS acknowledge that we have a higher with respect to risk assessment and CORPORATION risk in doing business in certain risk management. The Committee L3 COMMUNICATIONS HOLDINGS industries and locations. Therefore, should discuss the Company’s major LOCKHEED MARTIN we focus on having a robust financial risk exposures and the steps NORTHROP GRUMMAN compliance program to enable management has taken to monitor CORPORATION corporate-wide compliance with both and control such exposures. Such QINETIQ GROUP the spirit and letter of all antibribery reviews shall include the following: SAPURA GROUP and anticorruption laws everywhere SERCO GROUP we conduct business. Our internal a. A quarterly review with the THYSSENKRUPP AG compliance, training and awareness programs are designed to prevent, Chief Operating Officer (or such other detect and remedy policy and Code executive or executives with primary violations worldwide. responsibility for risk oversight) of the Company’s enterprise risks and risk management; Our senior management is responsible BASED ON PUBLIC + INTERNAL and accountable for implementing our b. An annual review (or more INFORMATION: policy. Our director of Anticorruption frequently as appropriate) with such Law reports to an associate general person or persons of the process by BAE SYSTEMS counsel, and ultimate program which the Company manages its BECHTEL CORPORATION oversight resides with our general enterprise risks; and DAY & ZIMMERMANN counsel and compliance officer. Our DYNCORP INTERNATIONAL Global Management Committee FLUOR CORPORATION provides management oversight to the c. An annual review with the GENERAL ELECTRIC AVIATION anticorruption program and the Audit chair of each of the Compensation HONEYWELL INTERNATIONAL Committee of our board of directors Committee and the Finance JACOBS ENGINEERING oversees the Ethics & Compliance Committee of the risk assessment LOCKHEED MARTIN program as a whole. process undertaken by those QINETIQ GROUP To ensure that our anticorruption committees with respect to the risks RAYTHEON COMPANY compliance program and our business overseen by those committees.” SERCO GROUP practices are up to date, we review THYSSENKRUPP AG them annually, both at the geography level and, for high-risk countries, at LEGAL/COMPLIANCE/GENERAL the global level. We are also involved in a number of i. Review, with the Company’s industry initiatives designed to combat counsel, any legal matter that could corruption, including the World have a significant impact on the Economic Forum's Partnering Against Company’s financial statements or Corruption Initiative, which brings operations; together companies through a universal commitment to having a ii. Oversee the Company’s zero-tolerance policy toward bribery compliance program and adherence to and to developing, implementing and its Code of Business Ethics. This shall maintaining broad-based include a review and investigation of anticorruption programs.” 20 any matters pertaining to the integrity BAE Systems of management, including conflicts of PUBLIC interest; Corporate Governance Report iii. Establish procedures for: (i) the receipt, retention and treatment of http://ara2011.baesystems.com/gover complaints received by the Company nance/corporate_governance_report/c orporate_governance_repo regarding accounting, internal accounting controls, or auditing rt.html matters; and (ii) the confidential anonymous submission by employees OPERATIONAL ASSURANCE of the Company of concerns regarding questionable accounting or auditing STATEMENT (OAS) – KEY matters; and CHARACTERISTICS iv. Ensure that the Company A half-yearly review process to provide maintains (either as an internal assurance that mandated policies and processes are being complied with, function or as an outsourced service) an internal audit function. and a formal assessment of business risk.

Line Leaders of all businesses and REPORTS relevant functional directors are required to complete and sign off an i. Prepare all reports required OAS recording their formal review of of it to be included in the Company’s compliance against the Company’s proxy statement, pursuant to and in Operational Framework covering, amongst other things...ethical accordance with applicable rules and regulations of the Securities and business conduct'.

Exchange Commission;

Managing Corporate Responsibility ii. Report regularly to the Board: http://www.baesystems.com/Corporat

eResponsibility/OurApproachtoCR/Man agingCR/index.htm a. with respect to any issues that arise regarding the quality or A cross-functional CR Forum, led by the MD CR, supports our Operating integrity of the Company’s financial statements, the Company’s Groups in delivering the Company’s compliance with legal and regulatory CR agenda. The CR Forum helps to requirements, the performance and develop awareness and understanding of CR among our employees, independence of the Company’s exchange best practice across our independent auditors or the performance of the internal audit Company and drive sustainable function; improvements across our CR focus areas.

CR key performance indicators, b. with respect to the including business conduct, safety, Committee’s oversight of risk and diversity and inclusion, were management as outlined above; reviewed by the Executive Committee alongside financial and operational performance. The CR Committee, c. following all meetings of the Committee; chaired by non-executive director Paul Anderson, provides independent

oversight, advice and strategic d. with respect to such other direction on CR issues, and reviews matters that are relevant to the progress against our CR objectives Committee’s discharge of its quarterly. responsibilities; and e. with respect to such recommendations as the Committee may deem appropriate; and” 21 Selected CR performance information, number of senior leaders in each is also subject to external assurance home market and more than 60 by Deloitte LLP. employee focus groups across our

Business Conduct Review businesses have been undertaken.” http://ar2010.baesystems.com/group _performance/business_conduct.jsp GE Aviation PUBLIC The Ethical Leadership Group, an http://www.ge.com/investor- ethics consultancy, has been relations/governance/ombudsperson- commissioned to carry out an process independent assessment of the Group’s Business Conduct programme GE Aviation states the number of investigations, the topic areas (e.g. and to review the work undertaken in response to the Woolf Committee conflicts of interest and improper recommendations. This is based on a payments) covered, the number of document review, interviews with the disciplinary actions taken (e.g. employee separations, warnings, job Chairman, the Chief Executive, the Chairman of the CR Committee and changes, and financial implication), senior managers in each home and the geographic location of the market, and over 60 employee focus disciplinary actions. They also mention whether they reviewed the programme groups across our businesses. This review covers the Group’s global for existing weaknesses and mention operations and is expected to be the actions they took to remedy any completed by April 2011. weaknesses. http://ar2010.baesystems.com/group _performance/performance_objective INTERNAL s.jsp GE Aviation’s ethics and compliance staff meet at least once a month to

Chief Executive's Review review the program, which includes http://ar2010.baesystems.com/strateg discussing current reports, why they y/index.jsp may have occurred, and any actions that need to be taken to prevent them

“BAE Systems is committed to from occurring again. achieving the highest standards of business conduct to give its customers, suppliers, regulators, employees and shareholders the confidence that it is a business which they can trust. During the year, a major focus has been on embedding a culture of Responsible Behaviour across the business. Mandated policies and processes within our Operational Framework have been comprehensively updated to ensure they reflect our Responsible Trading

Principles.

Employees in all markets are receiving refresher training to help them to continue to apply our global Code of Conduct in their work. This training is scheduled to be completed by May 2011. We are pleased at the progress made and have commissioned ethics consultancy, Ethical Leadership

Group, to review the work undertaken in response to the Woolf Committee recommendations. Interviews with a 22 DynCorp International (e) Periodically review with the General PUBLIC Counsel the status of all pending litigation and open regulatory issues. Compliance and Risk Committee Charter: 1. Compliance Functions (f) No less than annually, the Committee shall review and approve (a) The Committee shall review and the Code of Ethics and Business make recommendations to the Board Conduct (“Code”), and shall oversee addressing the Company’s compliance implementation by management of practices generally, and specifically procedures intended to ensure oversee and monitor the Company’s compliance with such Code. The conformance with good business Committee shall ensure that such practices, public image and Code is publicly available and shall Government and industry standards. consider any requests for waivers (b) The Committee shall meet regularly benefiting Company officers from such with management of the Company to Code. The Company shall make assess the Company’s compliance disclosure of such waivers as required policies and procedures. Without by applicable law and listing rules. The limiting the generality of the foregoing, Committee also shall review on an the Committee shall confer regularly annual basis a report from with the officer designated as the management regarding any other

Company’s General Counsel and Chief waivers from the Company’s Code of Compliance Officer regarding the Conduct granted to the Company’s Company’s compliance policies and other employees. procedures, and any specific material (g) Review compliance by the Board of compliance issues. It is the intention the Company’s Code of Ethics and of the Board and the Committee that Business Conduct which is applicable such consultations with the to members of the Board of Directors, Company’s General Counsel be when they are representing or acting deemed to constitute communications for the Company and its subsidiaries. for the purpose of obtaining legal advice and are therefore privileged (h) No less than annually, review the attorney-client communications. Company's Corporate Governance Guidelines and recommend revisions (c) Periodically review the Company's as necessary to ensure compliance ethics and compliance policies, with federal law and regulations. procedures and programs as established and administered by the General Counsel and Chief Compliance Officer.

(d) Receive and review periodic reports from the General Counsel and Chief Compliance Officer summarizing the receipt, retention and treatment of complaints received by the Company on its “hotline” regarding any matter (other than accounting, internal accounting controls or auditing matters) or submission by the employees of concerns regarding questionable practices (other than any accounting or auditing matters). The Committee shall establish procedures for the referral to the Audit Committee of any complaint regarding accounting, internal accounting controls or auditing matters received by the Committee or submission by employees of concerns regarding questionable accounting or auditing matters to the Committee.

23 (iv) review as needed the proposed (i) Review and recommend to the contributions budget of the Corporation and make Board, as appropriate, action with respect to transactions with the recommendations to the Board of Company and a Related Person, as Directors for adoption. defined in applicable regulations of The ES Committee shall, except when Related Party Transactions. such powers are by statute, the Charter or the Bylaws either reserved (j) At least annually, meet jointly with the Audit Committee to review all to the Board of Directors or delegated major compliance matters, financial to another committee of the Board of and non-financial. Directors, possess all of the powers of the Board of Directors in matters pertaining to ethics and business Lockheed Martin conduct and corporate responsibility. PUBLIC All action by the ES Committee shall be reported to the Board of Directors

Corporate Governance Guidelines at its meeting next succeeding such http://www.lockheedmartin.com/conte action and shall be subject to revision nt/dam/lockheed/data/corporate/docu and alteration by the Board of ments/Corporate- Directors."

Governance-Guidelines.pdf

"the Ethics and Corporate QinetiQ

Responsibility Committee, the PUBLIC Management Development and Annual report, 2011, p. 33 Compensation Committee, and the Strategic Affairs and Finance The Board nominates two senior

Committee, each meet at least three executives to act as Compliance times annually;" Implementation Director and Compliance Audit Director,. It receives a bi-annual report on the compliance

Ethics and Sustainability Committee areas that it monitors from the Internal Charter Audit function. In respect of the http://www.lockheedmartin.com/us/w Compliance Regime, the Committee ho-we-are/corporate- receives a report from the Company’s governance/board/board- Compliance Implementation Director committees/ethicscorp- which describes the permissions charter.html which have been sought and granted ‘The ES Committee shall: since the last meeting of the Committee, and the status of projects (i) monitor compliance with the Code where the potential conflicts of of Ethics and Business Conduct, and interest are being managed. The review and resolve all matters of Committee also receives, from the concern presented to it by the Compliance Audit Director, a report on Corporate Steering Committee on the effectiveness of the controls that Ethics and Business conduct or the are in place to ensure that the Regime Corporate Ethics Office; is operated correctly. (ii) review and monitor the adequacy of the Corporation’s policies and procedures with respect to corporate responsibility, including human rights, environmental, health and safety, diversity and equal opportunity, and the Corporation's record of compliance with laws and regulations related thereto;

(iii) oversee matters pertaining to community and public relations, including governmental relations; and

24 The Committee is the forum that • receiving a quarterly report from the would address any issues arising out Implementation Director on the of QinetiQ’s failure to comply with the application of the MOD Compliance requirements of the Regime. The Regime Committee reviews the systems that • receiving a quarterly report from the support the Compliance Regime and Compliance Audit Director those that may have an impact on it, summarising the outcome of audits directing changes, if appropriate. and any process review where Compliance Committee necessary requiring the production of http://www.qinetiq.com/responsibility/ a more detailed report on any actual corporate- or potential breaches of the governance/Pages/compliancecommit compliance system where necessary, tee.aspx requiring specific actions to be taken The function of the Compliance by the Compliance Implementation Committee is to monitor QinetiQ’s Director to remedy breaches or resolve issues identified by either the compliance with the Compliance Regime agreed with the MOD, the MOD, the Compliance Audit Director purpose of which is to ensure that or by the Committee on an ongoing QinetiQ is able to maintain its position basis, keeping under review the systems that support the compliance as a supplier of independent and impartial advice to the MOD. regime and

The Committee is authorised by the • recommending any necessary

Board to require the investigation of changes any activity falling within its terms of • receiving an annual report from the reference. It is authorised to seek any internal audit team on the effective information it requires from any application of the compliance employee and all employees are principles directed to co-operate with any • making recommendations to the request made by the Committee. Board on any changes necessary to DUTIES improve the effectiveness of the The primary duties of the Committee systems of internal control for the compliance system. shall be to oversee and ensure the effective application of the Compliance • reporting annually to the systems within the Group, as defined shareholders on the working of the in the Memorandum and Articles of compliance system the Group and in the Principal • reviewing at the end of the first year Agreement, and as set out in more of the Company's operation and every detail in the QinetiQ Business three years thereafter on the Management System and to review effectiveness of the compliance the operation of the Compliance regime and its impact on QinetiQ's Regime. business In addition, the Committee shall in relation to all businesses within the Group, wherever situated: • monitor the effective application of the QinetiQ Group’s business ethics principles

• monitor the effective application of the Proxy Regime’s meetings, visits and communications requirements • monitor the activities of the QinetiQ Ethics Committee; and • monitor any other internal functions which the Committee may, from time to time, determine falls within the scope of its responsibilities. The Committee will do this by: 25 devoted to circumstantial Compliance • receiving a quarterly report from the audits, fundamental issues and investigations in case of suspicion, Company Secretary summarising relevant activities, including the while the other...focuses on payment of agents’ commissions, and consultancy and training...The the results of any audits and Compliance Officers and Compliance investigations Executives hold regular meetings, at least once a quarter and additionally • receiving a quarterly report from the when needed." Director of HSE & Assurance summarising the activities taking Appendix 1/17 and 1/18 place under the Proxy Regime "Compliance monitoring and • reviewing the operations of the improvement QinetiQ Ethics Committee and any Compliance monitoring among Group other internal function which the Companies is based on the Committee may, from time to time, aforementioned Compliance audits, determine falls within the scope of its the inspection of other audit reports, responsibilities, on a quarterly basis the regular sharing of experiences with Compliance Executives, and The Compliance Committee is required to provide a written report to training events and interviews at be included in QinetiQ's Annual Report which the Compliance Officers not only give presentations, but also that sets out the Group’s performance receive information on problematic record in relation to the Compliance Regime developments and suspicious cases. In recent years the Compliance program has been subjected to

ThyssenKrupp AG regular external reviews from a

PUBLIC AND INTERNAL number of aspects."

Noted from the Corporate Governance Declaration 2010/2011 Internal conversation http://www.thyssenkrupp.com/en/inve The company commissions a regular stor/unternehmensfuehrung.html review of the Compliance programme by external sources. This is rotated The Executive Board regularly agrees on(?) the strategy of the Company with between organisations that have the Supervisory Board, ensures it is different specialities, and approach implemented and discusses the the topic from differing points of view. For instance in the recent past, the progress of implementation with the Supervisory Board at regular intervals. review has been conducted by an

The Executive Board provides the auditing firm last year and a law firm Supervisory Board with regular the year before. detailed updates on all issues of relevance to the Company related to business performance, financial position, planning and target achievement, the risk situation and risk management. Variances between actual performance and defined plans and targets are discussed and explained. The Executive Board's regular reports also include the subject of compliance, i.e. measures to ensure adherence to statutory requirements and Company policies. KPMG Audit Report Appendix 1/7 and 1/8

"The Corporate Center Legal & Compliance, headed by the Chief

Compliance Officer Dr Kremer, has two departments...one of which...is 26 Constant and regular reviews are also 2.2 LEGAL ENTITY BOARD conducted internally. The company The Legal Entity Board representing a states that 'internally, auditing and Division or territory within a Division advice functions are kept separate’ to will: rule out a potential conflict of interest. S30. Retain legal, compliance and TI-DSP sees this is a good practice example. other responsibilities applicable to the business encompassed within the The company has further stated that legal entity. ‘a compliance program was introduced directly after the merger of S31. Define and agree a process for the appointment and removal of its predecessor companies Thyssen and Krupp in 1999. It has been regularly members. reviewed and enhanced ever since, S32. Comply with the entity’s most recently in connection with the constitution, legal and other reorganization of the Group in October requirements relating to the 2009.' jurisdiction within which it is registered

and operates; and be consistent with the additional requirements placed on Serco Group Serco Group plc by the Companies PUBLIC Act, the Financial Services Authority,

Internal Boards and Governance: UK Listing Authority and HMRC.

January 2011 S33. Define matters that are reserved http://www.serco.com/Images/SMS_G for the Board and delegated to S- management, within those delegated to the Regional Chief Executive from G3_Jan11_Internal%20Boards%20an d%20Governance_Serco%20Public_t the Serco Group plc Board. These are cm3-36705.pdf set in the Group Delegated Authorities Matrix. Delegated Authorities will be in “Responsibilities are clearly defined at writing. each level of the company including: S34. Meet sufficiently regularly to

• Committees and Boards discharge its duties effectively.

• Executive committee Serco Holdings Limited will define the • Group Risk Management Committee governance structure and process to • Investment committee manage its subsidiary companies, subject to any legal and compliance • Ethics Committee – to determine the requirements applicable to such Company’s position in relation to entities. The Group’s objective is to markets, opportunities and activities have legal entities only when required that have been identified as and to keep them at a minimum. The presenting an ethical dilemma which: Regional Chief Executive in whose has implications across the Group; Division the subsidiary operates from represents a significant reputational will: risk to the Group; and/or a Divisional Board or Group Function wishes to seek clarification on the Company’s position • Nominations Committee • Remuneration Committee • Divisional Boards and Committees • Divisional Board (non legal) • Legal Entity Board (see below) • Divisional Executive and Management Oversight

• Divisional Company Secretarial

Management

27 3.8 INTERNAL AUDIT Raytheon Group S84. An internal audit programme will INTERNAL be implemented that: “The policy revisions are the result of –clearly links significant business risks a collective effort to streamline the with the key controlling processes that process for the engagement of manage them International Representatives and –audits these key controlling Consultants. The policy is designed to processes to determine whether they decentralize the process of engagement and empower the are being effectively managed within both Group and Divisions Operating Companies. The revisions were made following a Price –focuses on compliance with Waterhouse Coopers study of Company Policy and Standards Raytheon’s process of engagement defined within the Serco Management and a Six Sigma review of the policy. System that are applicable to the Representatives from each of the management of the business Operating Companies, as well as – provides an appropriate balance Corporate Contracts, RII and Office of between independence, provided the General Counsel provided input in through Group Audit delivery by an connection with the policy revision.” independent internal audit function; and a strong platform of key controls that are operating effectively and audited through the Group and Divisional assurance programmes.

3.11 GROUP REPORTING S102. A regular update on claims and material litigation will be provided to the Serco Group plc Board, Divisional Boards and other trading Boards. S103. Divisions will complete a quarterly report, in January, April, July and October of each year, on litigation involving Serco using form FG6: Litigation Report. Such information will be handled in a manner as to preserve all legal and other privileges available to Serco and/or the Divisional business. These reports may be reviewed by the Serco Group plc Audit and Divisional Audit and Compliance Committees, subject to the retention of such privileges and other rights. Divisional Board ToR: has an explicit agenda item listed for ethics issues that the Board must review. Meets at least 4 times a year (each quarter).

A9 REGULAR REVIEW AND UPDATE OF THE ANTI- CORRUPTION PROGRAMME IN RESPONSE TO EVIDENT

VULNERABILITIES SELECT GOOD PRACTICE EXAMPLES Based on public information: 12% (15 out of 129) companies scored 2 out of 2 KBR Based on public and internal information: 38% (13 out of 34) companies PUBLIC scored 2 out of 2 Codes of conduct, p.3 'The General Counsel shall, periodically, in light of the experience of the Company, review the Code of QUESTION: Business Conduct, and when Does the company review and where appropriate update its policies and necessary or desirable, make practices in response to actual or alleged instances of corruption? recommendations to the Board of Directors: (i) to ensure its continued conformance to applicable Laws; (ii) to GUIDANCE NOTES: ensure that it meets or exceeds The assessor is looking for evidence that the company has a formal process for industry standards; and (iii) to ensure the review and update of its ethics and compliance (IBAC) policies and that any weaknesses revealed through processes in the light of actual or alleged instances of corruption. The assessor monitoring, auditing and reporting will look for any examples that can be provided of such review and its outcome. systems are eliminated or corrected'

SCORING CRITERIA: Meggitt 2: The company has a formal process for review and update of company PUBLIC policies as a direct result of actual or alleged instances of corruption. Terms of Reference for Ethics and 1: The company undertakes review and update but it occurs on an Trade Compliance Committee informal basis. 0: There is no evidence of such review and update. '4.5 have oversight of any significant ethics or trade compliance violations which occur and the actions taken in response to these; 4.6 receive reports from and respond to issues raised by the Chairman of the Group’s Trade Compliance Councils; 4.7

receive reports from and respond to issues raised by the Vice President, Group Trade Compliance and the Vice President, Ethics and Business Conduct; 4.8 receive reports from

and respond to issues raised by the Group’s external and internal legal advisers and from its trade compliance consultants; 4.9 ensure there is a programme of external

assessment and audit of trade

compliance processes in the business; 4.10 oversee the implementation of any required remedial measures and government compliance initiatives;

4.11 ensure allegations or notice of

potential or actual non-compliance are investigated.'

29 COMPANIES WHICH SCORED 2: Safran letters provided by subsidiaries to help PUBLIC Thales to coordinate their internal control processes. The audit plan is Registration Document 2011, p.191 approved by the Board of Directors’ "The Audit and Internal Control Audit and Accounts Committee and BASED ON PUBLIC INFORMATION: Department performs frequent audits presented to the Executive

of Group companies to obtain Committee." GENERAL DYNAMICS evidence that the compliance standard CORPORATION "Strict compliance with all applicable is being applied. In certain crucial NORTHROP GRUMMAN laws, regulations and international cases, Safran calls on independent CORPORATION treaties is critical to Thales’s ability to firms to carry out additional audits. All QINETIQ GROUP conduct its business today and in the of the Group’s main companies were SERCO GROUP future. Non-compliance with audited in late 2010 and improvement GENERAL ELECTRIC AVIATION regulations could expose Thales and plans are currently being put in place. IHI MARINE its officers to large fines, criminal or MEGGITT In complex cases, Safran also ensures civil sanctions, sales and legal RAFAEL ADVANCED DEFENSE that its companies detect, assess and restrictions and reputational damage. SYSTEMS account for any cases of non- The Group established a Compliance SAIC compliance and that they take all the Programme in 2007 to incorporate TEXTRON necessary precautions to prevent compliance risk management within THALES S.A. similar cases arising in the future. its business processes. URS CORPORATION The Group’s companies or Safran The objective of the Compliance HINDUSTAN AERONAUTICS informs the related authorities in each Programme is to decrease the risk of KBR INC. case of non-conformity. non-compliance by helping to prevent SAFRAN S.A. occurrences, detect issues and limit the consequences of any conduct that Up until present, none of the cases may violate the company’s brought to the attention of the commitments and internal policies or authorities have been subject to could lead to civil or criminal liability or penalties, which demonstrates their reputational damage. faith in the control system put in place BASED ON PUBLIC + INTERNAL by Safran." Thales operates within a far-reaching INFORMATION: legal and regulatory framework. The Compliance Programme pays special BOEING Textron attention to areas relating to: FLUOR CORPORATION PUBLIC • company law and delegation of GENERAL ELECTRIC AVIATION responsibilities HONEYWELL INTERNATIONAL Business Conduct Guidelines, p. 34 KBR INC. ‘Suspected issues will be investigated • anti-trust and competition MEGGITT by appropriate Corporate and/or • labour legislation MITSUBISHI HEAVY INDUSTRIES Business Unit personnel. Where an • export control MTU AERO ENGINES GMBH investigation reveals the need to take QINETIQ GROUP corrective action, we will implement • prevention of the corruption RAYTHEON COMPANY changes to systems, practices and ROCKWELL COLLINS procedures’ Website section: Prevention of SAIC Corruption SERCO GROUP THYSSENKRUPP AG Thales "Thales is currently updating the Best PUBLIC Practices Handbook, the primary process document on the company’s Corporate Social Responsibility Report worldwide policy on selection, 2010, p.24 evaluation, monitoring and payment of "In 2010, the Audit and Internal third parties. The new version of the Control Department assumed the handbook will provide guidelines on additional mission of auditing working not only with external operational performance by assessing business advisors such as experts, risks relating to contracts, projects lobbyists and consultants, but with all and bids. The department’s scope of key industrial partners such as responsibility now also includes risk subcontractors, co-contractors, mapping and management of the 20 distributors, prime contractors and unified risks in the COSO method, and joint ventures. the review of the yearly attestation 30

As part of the risk-based approach of KPMG Audit Report Appendix 1/7-10 this policy, only designated, http://www.thyssenkrupp.com/docum empowered and experienced Thales’s ents/investor/TK-PS-980-Short- entities have prerogatives over the version-30-09-2011.pdf selection and payment of third parties. "The structural and procedural These entities are required to apply a strict, multi-layer compliance and organisation is regularly reviewed and approval process. amended where necessary." They are also in charge of negotiating reasonable fees linked to the services MTU Aero Engines provided by these parties. For PUBLIC and INTERNAL example, business advisors that have successfully completed the Thales Task description for the Compliance vetting process are paid on a retainer Board fee basis and only after documentary Tasks include reviewing potential evidence of their work has been corruption violations and making provided. As Thales has expanded its recommendations to the Board on geographical presence over the years, internal control revisions or other it has developed long term industrial measures (e.g. extra training) to stop partnerships with local companies. the issues from occurring again.

The Best Practices Handbook details the strict due diligence process that all Annual report, 2011, p. 42 potential partners must undergo." MTU has set up a Compliance Board, which reports to the Board of ThyssenKrupp AG Management. This board meets once PUBLIC and INTERNAL a quarters. Its duties include identifying and evaluating legal and http://www.thyssenkrupp.com/financia l-reports/09_10/en/governance.html reputational risks. Where necessary, it recommends additional compliance Conversation: after an alleged rules to the Board of Management. corruption allegation, the compliance Above and beyond this, the department investigates the matter, Compliance Board is charged with often assisted by a team of external dealing appropriately with specific lawyers and/or auditors. The results of cases of non-compliance. In the investigation are included in the agreement with the Works Council, quarterly and/or annual Compliance the company has set up an internal reports. Investigation results and the compliance office that staff, lessons learned from these cases may customers and suppliers may contact lead to further improvements of the if they suspect unethical conduct. ThyssenKrupp Compliance program. The Supervisory Board's Audit Additionally, the company´s Committee oversees the Board of compliance program is reviewed Management compliance activities. regularly by external sources. This includes proposing new rules for The company has further stated that incorporation in the compliance ‘a compliance program was guidelines and monitoring the introduced directly after the merger of measures and training programs predecessor companies Thyssen and implemented by the Compliance Krupp in 1999. It has been regularly Board. reviewed and enhanced ever since, most recently in connection with the reorganization of the Group in October 2009.'

31 II. Risk management

A10 CORRUPTION RISK ASSESSMENT

SELECT GOOD PRACTICE EXAMPLES Based on public information: 9% (11 out of 129) companies scored 2 out of

2 Textron Based on public and internal information: 76% (26 out of 34) companies scored 2 out of 2 PUBLIC

Corporate Responsibility Report, 2010, p. 17 QUESTION: Our adherence to a strict standard of ethical behavior is not only the right Does the company have a formal anti-corruption risk assessment thing to do but also helps us earn the procedure for assessing business decisions, with clear requirements on trust and respect of our customers, the circumstances under which such a procedure should be applied? shareholders, employees and the communities where we live and work. GUIDANCE NOTES: We want to ensure that our businesses are always on the right The assessor is looking for evidence that such a procedure exists and is legal and ethical course. Our values documented, and that the company follows this procedure. Not all business — integrity, respect, trust and pursuit decisions will require such an assessment, hence the need to specify the of excellence — underscore our circumstances under which the procedure will be applied. commitment to ethical behavior in our business and community interactions. SCORING CRITERIA: Our strategy is to prevent, detect and, if necessary, correct unethical or 2: The company has such a formal procedure. noncompliant behavior. 1: The company has such a procedure but this falls short of the score 2 One essential way to stay on that path benchmark in some regard, in particular with respect to uncertainty as is by structuring an ethics and to how it should be applied or who authorises a business decision to compliance program that reinforces be assessed against corruption risk. the expectation of ethical and legally 0: There is no evidence that the company has such a procedure, or the compliant behavior. procedure is so weak as to be ineffective. Textron’s Ethics & Compliance (E&C) steering committees focus on prevention through risk assessment and risk mitigation, as well as monitoring and education. Our program has been active for more than 30 years, and has evolved to reflect changes in the business world and regulatory environment. E&C plans and initiatives follow a rigorous process. Each operation prepares an annual risk-based E&C Action Plan, which sets goals for training and related compliance activities. We use careful auditing systems and compliance reviews, and monitor E&C Helpline

activity. These performance checks help ensure that we are on the right course. Our values and culture support an E&C program that is based

on self-reporting and acceptance of

personal responsibility for ethical behavior.

33 COMPANIES WHICH SCORED 2: Textron provides and publicizes incurred are communicated directly to multiple channels for employees to the risk management officers outside ask questions, raise concerns or the normal reporting channels. report violations without fear of To ensure the efficient monitoring of retribution. the risk management system, In 2010, Textron Ethics & Compliance Corporate Center Internal Auditing BASED ON PUBLIC INFORMATION: analyzed all of Textron’s eight carries out regular audits worldwide. business units for risks related to Their findings help us further improve SERCO GROUP corruption, specifically anti-corruption the way risks are managed throughout TEXTRON laws prohibiting bribery. During the the Group. In addition we continuously THALES S.A. reporting period, there were no optimize the tools and methods for ACCENTURE lawsuits pending against Textron registering and managing risks so as BAE SYSTEMS alleging violation of the antitrust laws to enhance the quality of the FINMECCANICA S.P.A. or monopoly practices. Textron has a information generated and further FLUOR CORPORATION Global Anti-Corruption Compliance strengthen the interlinking of internal MTU AERO ENGINES GMBH Policy to which each of the business processes.” SAAB AB units is subject. Each business unit’s ULTRA ELECTRONICS HOLDINGS risk-based E&C Action Plan addresses Boeing CHEMRING GROUP compliance with the Policy. INTERNAL Thyssen Krupp “The Boeing compliance risk management process is an enterprise- PUBLIC wide system overseen by the Office of http://www.thyssenkrupp.com/fi Internal Governance and implemented nancial‐ through the company’s compliance risk management board (CRMB). The BASED ON PUBLIC + INTERNAL reports/10_11/en/expected_dev elopments.html CRMB is comprised of senior INFORMATION: executives representing all business “Risk maps for all Group entities are units and functions who are FLUOR CORPORATION prepared with the help of a web-based responsible for determining GENERAL ELECTRIC AVIATION reporting tool in which Group compliance risk areas and, HONEYWELL INTERNATIONAL companies report on the status of implementing compliance risk QINETIQ GROUP their risk situation using tiered monitoring and mitigation plans. The RAYTHEON COMPANY threshold values, identify risk CRMB process complements SERCO GROUP management measures and update compliance processes and controls THYSSENKRUPP AG the early warning indicators for embedded throughout the enterprise. BOEING assessing risks. CRMB executives participate in and KBR INC. Each business area updates its assure adequacy of ongoing MEGGITT assessment of the opportunities and compliance risk management MTU AERO ENGINES GMBH risks in the current fiscal year on a activities in their respective business SAIC, MITSUBISHI HEAVY monthly basis and provides units or functions. These leaders INDUSTRIES information on any changes to formally come together as a board six BAE SYSTEMS material risks in the risk map. The times a year to discuss and review BECHTEL CORPORATION material risks – clearly defined at existing internal controls, report on DAY & ZIMMERMANN Group level on the basis of probability areas of improvement and to share JACOBS ENGINEERING of occurrence and loss amounts - are best practices. Company policies and CHEMRING GROUP discussed in the Risk Committee and procedures are updated to reflect CSC then communicated in a systematic findings and any changes in laws and CUBIC CORPORATION and transparent report to the regulations. The CRMB monitors more FLIR SYSTEMS Executive Board and the Supervisory than 35 compliance risks and uses FUJITSU Board Audit Committee. COSO standards as a guide to assess HARRIS CORPORATION and prioritize risks. The senior vice HEWLETT-PACKARD COMPANY This standardized and transparent risk management system was introduced president of the Boeing Office of SAAB AB Internal Governance annually reports NEC CORPORATION by the Executive Board of ThyssenKrupp AG for the entire Group on the company-wide status to the and has proven itself to be efficient. In Boeing board of directors with more addition, ad hoc risks and losses frequent updates to the company’s Executive Council.

Boeing compliance and anti-corruption FLUOR procedures define the enterprise-wide PUBLIC process Boeing uses to ensure that effective controls exist to prevent and Sustainability report detect violations of law, consistent "We utilize a formalized and with the U.S. Federal Sentencing systematic process for assessing and Guidelines and other external monitoring the company's business guidance and best practices. risks, including the potential for corruption associated with execution of capital projects around the world. Compliance risk areas, including anti- Our approach is designed to identify corruption, are assessed annually and what can go wrong and develop mitigation plans for key risk areas are mitigation strategies for eliminating reviewed and monitored by the Boeing such risks." Compliance Risk Management Board, as well as compliance functions "Before any project is pursued or begins, risk identification and embedded in business units and functions. Aggregated information, management are our top priorities." conclusions and agreed-upon actions are elevated to the company’s Fujitsu Executive Council and Boeing board of directors as appropriate. INTERNAL

In addition to Boeing’s internal control Fujitsu has a risk management oversight and management activities, structure which the CEO for each Boeing takes many actions with business unit oversees. Each business unit has a dedicated Chief Risk regard to anti-corruption. Boeing ensures employee awareness of the Management Officer who is requirements of the anti-corruption responsible for organising the principles and defines roles and assessment of the corruption risk (along with other metrics) and the responsibilities for creation, respective actions to be taken. implementation and assessment of controls to ensure compliance with global anti-corruption principles. Jacobs Engineering Boeing develops and deploys INTERNAL integrated anti-corruption training How do we manage the risk arising which is assigned based on the from violations of laws potential risk presented in each (see annex). employee’s job responsibilities. Training is rigorously tracked to ensure understanding and compliance. Boeing performs annual assessments to test the adequacy of internal anti-corruption program controls, metrics, due diligence, and training. The company also monitors the anti-corruption program to identify risk trends. All of these measures are components of Boeing’s formal anti- corruption risk assessment procedures which ensure that business decisions do not compromise the Boeing values.“

35 ANNEX: JACOB’S “HOW DO WE MANAGE THE RISK ARISING FROM VIOLATIONS OF LAWS”

•

III. Company policies & codes

•

• •

•

≤

•

≤

•

≤

•

• • • •

IV. Training •

•

• •

- - - • • • •

• - - - - •

•

• •

• - - -

• - - •

• • • •

•

• • •

•

V. Personnel & helplines ı ı

•

• •

• • • •

•

Raising the bar

Study authors: Tiffany Clarke, Mark Pyman Reproduction in whole or in parts is permitted, providing that full credit is Editors: Saad Mustafa, Maria Gili, Zachary given to Transparency International UK Mehan (TI UK) and provided that any such reproduction, whether in whole or in parts, is not sold Design: SVIDesign Ltd., Maria Gili unless incorporated in other works.

This report has been printed on FSC certified Effort has been made to verify the accuracy of paper. the information contained in this report. Nevertheless, Transparency International UK ISBN number: 978-0-9574970-7-8 cannot accept responsibility for the consequences of its use for other purposes or in other Transparency International UK contexts. 32-36 Loman Street London SE1 OEH This publication was made possible thanks to United Kingdom generous support from the UK Department for International Development (DFID). © Transparency International UK. All rights reserved. First published in June 2013.

103 Other reports from Transparency International

Defence Offsets: Addressing the Risks Military-Owned Businesses: Corruption of Corruption and Raising Transparency and Risk Reform (2012), http://www. (2010), http://www.ti-defence.org/ ti-defence.org/publications/997-military- publications/153-defence-offsets--address- owned-businesses--corruption-and-risk- ing-the-risks-of-corruption-&-raising-trans- reform parency Due Diligence and Corruption Risk in Building Integrity and Reducing Defence Industry Offsets Programmes Corruption in Defence and Security: 20 (2012), http://www.ti-defence.org/ Practical Reforms (2011), http://www. publications/1019-due-diligence-and-cor- ti-defence.org/publications/88-building- ruption-risk-in-defence-industry-offsets- integrity-and-reducing-corruption-in-de- programmes fence-and-security--20-practical-reforms [Also available in Russian and Ukrainian] The 3rd Line of Defence: How Audits Can Help Address Defence Corruption Codes of Conduct in Defence Ministries (2012), http://www.ti-defence.org/ and Armed Forces (2011), http://www. publications/1121-the-3rd-line-of-defence- ti-defence.org/publications/90-codes-of- -how-audits-can-help-address-defence- conduct-in-defence-ministries-and-armed- corruption forces [Also available in Arabic] Defence Companies Anti-Corruption A Review of Anti-Corruption Reform Index (2012), http://companies.defencein- Measures in the Defence Sector in dex.org/report Colombia (2011), http://www.ti-defence. org/publications/102-a-review-of-anti- Arresting Corruption in the Police corruption-reform-measures-in-the-defence- (2012), http://www.ti-defence.org/ sector-in-colombia publications/1431-arresting-corruption-in- the-police Organised Crime, Corruption, and the Vulnerability of the Defence and Government Defence Anti-Corruption Security Forces (2011), http://www. Index - main + Middle East & North ti-defence.org/publications/858-organised- Africa reports (2013), http://government. crime,-corruption,-and-the-vulnerability-of- defenceindex.org/report defence-and-security-forces Transparency International Assurance The Transparency of Defence Budgets Framework for Corporate Anti-Bribery (2011), http://www.ti-defence.org/ Programmes (2012), http://www. publications/893-the-transparency-of- transparency.org/whatwedo/pub/assur- defence-budgets ance_framework_for_corporate_anti_brib- ery_programmes Counter Corruption Reforms in Post- Conflict Countries (2011), http://www. UN Global Compact - TI Reporting ti-defence.org/publications/907-counter- Guidance On The 10th Principle Against corruption-reforms-in-post-conflict-countries Corruption (2009), http://www.transparency.org/whatwedo/pub/un_global_com- pact_ti_reporting_guidance_on_the_10th_ principle_against_corru Transparency International UK’S Defence and Security Programme works to reduce corruption in defence and security worldwide.

We engage with governments, armed forces, security forces, defence companies, international organisations, civil society and others to advance this goal.

We provide new tools, practical reforms, benchmarks and research to enable change. www.defenceindex.org www.ti-defence.org