We exercise judgment with respect to the clients and third parties we engage with and the types of work we do. We will not work with clients or contractors who do not share our commitment to high ethical standards; we have turned down project opportunities because of concerns involving human rights violations and other ethical issues.
We scrutinize opportunities and projects carefully before proceeding and reserve the right to withdraw from a project if business conduct and ethics concerns arise.
We apply similar rigor to the activities of the ERM Foundation and are careful to avoid any potential ethical or compliance concerns associated with those organizations that we support.
For a number of years now, we also have improved our due diligence process for business relationships using our Project Liability ANalysis (PLAN) approach. This includes a wide range of business risks including embedding a global compliance tool into our opportunities tracking system to search for trade sanctions, bank watch lists, international criminal watch lists and adverse media evaluations. As a result, ERM employees can confirm quickly that third parties are not on government watch lists for corruption, bribery or human rights violations. We have committed to following the trade sanctions established by the European Union and the United States, as well as the United Nations.
Our newly launched project management development framework, known as PM@ERM, incorporates PLAN and many other invaluable tools to ensure every consultant makes a positive difference in our clients’ and ERM’s success.
In FY16, ERM conducted systems analysis and investigations covering key areas, such as financial controls, business conduct and ethics. The investigations were conducted by teams comprising finance, legal and compliance specialists within ERM. As a result, we have strengthened corporate governance and improved systems to meet the requirements of the many jurisdictions in which we do business around the globe.
ERM's global Contractor Management Program (CMP) provides a robust platform for contractor risk management. The CMP helps us evaluate and pre-qualify contractors to ensure that they adhere to the key elements of our Code of Conduct, including those pertaining to human rights, labor practices, anti-bribery and corruption, child and forced labor, as well as a wide range of other important issues such as ERM's health and safety and insurance requirements. Where key contractors do not meet our criteria, we can work with them to improve their processes and performance.
To date, the program has been implemented in the following ERM Business Units:
- Australia and New Zealand;
- Hong Kong;
- Sub-Saharan Africa;
- United Kingdom and Ireland;
- United States; and
- Western Europe and North Africa.
We take the protection and proper use of information very seriously. Data stored on ERM computers and systems are secured by multiple methods to protect servers and computers and ensure data are protected in transit. In addition, data stored on ERM network servers are backed up regularly to ensure that they can be recovered in the event of a disaster. Redundancy through multiple components, locations and network connections help ensure high availability. Technology provides our employees with additional secured and authenticated access to ERM’s data when out of ERM offices.
During FY16, ERM developed a security awareness training program to complement the existing controls. We are in the process of strengthening our Information Technology (IT) policies and controls across the company in response to increasing demands for assurances around IT physical and data security.