Manage Learn to apply best practices and optimize your operations.

Ethics Policy Can Help Organizations Steer Clear of Vendor Bribes

Ethical CIOs must fend off a range of gifts and goodies from overeager vendors. Having a company ethics policy helps.

In his first week on the job as CIO of Compass Health, a behavioral health nonprofit based in Everett, Wash., Rich De Brino got a crash course in the seamier side of vendor relations.

First came the phone company representative, bearing free tickets to his company's suite at Safeco Field, home of the Seattle Mariners. The rep knew Compass was mulling a major Voice over Internet Protocol project. De Brino politely declined -- several times. Even after he bluntly explained the potential conflict of interest, the rep persisted, saying his predecessors at Compass had always accepted such gifts. "That was before me," De Brino told him.

Next up: a computer reseller representative who had done a lot of business with Compass. The rep ambushed De Brino in his office, tossed his catalog on the CIO's desk and said, "Pick anything you want. We'll have it delivered to your house." One flick of the forefinger, and De Brino could have landed a computer system worth several thousand dollars, complete with a flat-panel monitor. No one would have known.

"Let me make this really simple. Get out. Don't come back," De Brino recalls saying. Then he called the vendor's president and told him the company was off his vendor list for good. With $40 million a year in revenue, Compass would spend its money elsewhere.

"That was my first week. I got two different vendors trying to bribe me to make sure they continued the relationship," De Brino says.

Although IT spending is growing (however moderately), CIOs still have a lot of money to spend. This year, U.S. CIOs are expected to dole out $824.8 billion on IT projects, according to Stamford, Conn.-based research firm Gartner Inc. -- up 4% from last year. Multiple analyst firms peg the midmarket portion at anywhere between $250 billion and $350 billion. By 2009, Gartner expects overall U.S. IT spending to top $955 billion.

Vendors still try to win IT contracts with dinners, drinks, sports tickets or a few rounds of golf. But over the years, as government and shareholder scrutiny of expense accounts has increased, the volume of gift giving has declined. So too has tolerance on the part of the CIOs. "A lot of CIOs won't even let you buy them a cup of coffee these days," says Steve Hurley, vice president of learning and performance excellence for the Information Technology Services Marketing Association (ITSMA) in Lexington, Mass.

As the volume of offers has abated, however, the offers themselves have become more creative. Today, many vendors are offering gifts that CIOs can take home: computer equipment, golf clubs and Apple iPods, just to name a few. Some vendors offer what some CIOs consider an ethically questionable rewards program: discounts or other goodies in exchange for each instance in which the CIO acts as a customer reference.

And then, of course, there are outright bribes. Obviously, people who take bribes tend not to talk about them. But several CIOs we interviewed for this story confirm that they know of peers who collected perks ranging from $1,000 bottles of wine to a free swimming pool in their backyard. For every CIO like De Brino who turns away the offer of a free computer, there are many more who don't -- especially if the computer is offered on, say, "indefinite loan" for the CIO to review for possible use in his business.

The bottom line is that many vendors are giving gifts in hopes of getting a leg up on the next IT contract, whether it's for $25,000 or $25 million. Some companies try to prevent such influence by capping the value of acceptable gifts at $25 to $75. But ethics experts say that these rules are largely ineffective because clever people can get around them.

For this story, we interviewed several midmarket CIOs, from the West Coast to the East Coast and from a law firm to a purveyor of gas masks; none had a written ethics policy for CIOs -- or at least not one they could find.


Zero-Tolerance Policy

To avoid even the appearance of impropriety, CIOs should not accept any gifts or meals, argues Jack Marshall, president of ProEthics Ltd., an ethics consulting firm in Alexandria, Va. "The right amount is zero" for the value of acceptable gifts, he says. "These guys aren't giving you gifts because they like the look of your face." They want influence. They want some payback from their investment.

Even when gifts are of nominal value, they can look bad if someone later questions the way the CIO handled the contract. Consider the case of Wandzia Grycz, technology chief of the city of San José, Calif. She resigned after critics claimed that she and other city officials unfairly favored Cisco Systems on an $8-million contract. If anyone can show she accepted a $10 lunch from Cisco, that wouldn't look so bad to most people. But if a CIO in similar straits had accepted repeated meals or perks of nominal value, he could be accused of having accepted a bribe, says Marshall. (No such accusations have been made in Grycz's case.)

Since most midmarket companies have not had the time or resources to invest in developing a well-thought-out set of ethics guidelines, midmarket CIOs are often left to use their own judgment on what is or isn't an acceptable part of vendor relations (see Establishing an Ethics Policy).

Without policies to guide them, midmarket CIOs tend to trust their instincts, which vary widely. Some were determined to avoid even the appearance of impropriety, which is the gold standard of ethical behavior. These CIOs would take only a cup of coffee. Others were willing to accept more, and even maintain friendships with their vendors, saying it did not affect their judgment. Here are their rationales for how they deal with vendors on the issues of gifts, references, customer councils and friendships.

Rolling in the Trojan Horse

Although many gifts are really of just nominal value, Marshall of ProEthics points out that they make the recipient feel better about the giver, potentially clouding the CIO's judgment when it comes to choosing the best vendor.

None of the CIOs we interviewed had ever accepted take-home gifts, but their policies varied widely on meals and sports tickets. Most would not accept meals from potential vendors, especially during bidding periods. Aldo Moreno, CIO of Herbalife International, a $1.2-billion-a-year meal replacement and vitamin wholesaler in Los Angeles, says his vendors have offered to take him out to any restaurant he names. One even offered dinner on a sailboat. Moreno always turns them down. "Typically when we're going to negotiations, I don't go out to dinner. I don't go out to lunch. We meet in my office. That's it," he says.

Once the vendors have been given a contract, CIOs are much more willing to deal with them socially. De Brino of Compass says he'll let current vendors buy him meals, even though he knows they may be bidding on new projects in the future. But he always picks up the next one, and he keeps notes so he doesn't forget whose turn it is.

Mandi Turner, information services director for $60-million Louisville, Ky., law firm Greenebaum Doll & McDonald, says she doesn't accept expensive meals but doesn't mind accepting inexpensive lunches. She also accepts tickets from current vendors to parties related to the Kentucky Derby, mostly because it gives her access to her vendors' engineers. Turner says she works at the events, although not everyone does. "You see people there that are having their mint juleps and that's all, but you also see the serious people," she says. She isn't interested in parties without the engineers. "Whatever money you would have spent on that lovely little party, just put it into a discount," she advises vendors.


Establishing an Ethics Policy
Drafting a code of ethics can help protect you if you are later accused of favoring a vendor. Whether you hire an ethics consultant or work from a boilerplate, it's best to get input from your company's legal counsel. For best results, keep your code of ethics short and hire the kind of people who are inclined to follow it. And you can add even more oomph to the policy by making parts of it apply to spouses, immediate family members and other relations of the CIO and his staff.


A Sample Boilerplate
To ensure that the CIO always acts in the best interests of this company, the CIO and any member of the CIO's staff who has significant input into purchasing decisions should do the following:

  1. Always make purchasing decisions based on the best business interests of the company and no other factors.

  2. Not solicit or accept, directly or indirectly, any gifts of any value/more than $x value from current or prospective vendors or their affiliates, either before, during or after the bidding process. This includes food, liquor, discounts, upgrades, favors, preferential treatment and loans of any kind.

  3. Not hold financial interests that conflict with the conscientious performance of duty. This includes conducting side business with current or prospective vendors or their affiliates and holding "significant" investments, such as individual stock positions in current or prospective vendors.
  4. Significant is defined as more than x% of the portfolio's value. However, such stocks may be held through mutual funds or blind trusts.

  5. Not engage in personal, nonprofessional relations with current or prospective vendors or their affiliates. If such relationships exist, the person involved shall recuse himself from any purchasing decisions involving those vendors.

  6. Not give product references in exchange for remuneration of any type, whether for personal or corporate benefit.

  7. Allow for the following exceptions: _____________________
Source: Drawn from the recommendations of Jack Marshall of ProEthics Ltd. and "Principles of Ethical Conduct for Government Officers and Employees"

Friendly Faces in the Crowd
Although many vendors' sales representatives switch jobs every few years, a CIO sometimes deals with the same rep over a long period and gets to know him well. The question is, if you're friends with your rep and go to his barbecue party every summer, can you make the tough decision and give the contract to his competitor if that's the best thing for the business?

Marshall says it's extremely difficult to know where to draw the line. On the one hand, "having ethical relationships doesn't mean that you have to make business total drudgery," he says. "Getting to know people and trust people is part of business. The fact that someone has delivered over a period of time has to count." But, he adds, "It is inherently dangerous to build any kind of personal relationship with anyone that you may have to make a tough decision about in the future."

Turner has inherited that difficulty; one of her vendors used to be her boss. "I'm incredibly close to him personally," she says, adding that her business relationship is strictly professional. So every time she gives him business, she does a mental check. If she can truthfully say, "This is definitely based on service and quality and not relationship," she gives him the contract. Once she turned him down for a major contract because his company wasn't strong enough in that area. "He said he didn't agree. But he said he understood," Turner says.

De Brino encourages his staff to build up a good working relationship with vendors. On one big project, for instance, he and the vendor had their staffs collaborate on go-carts. "But the reality is, it has to stop there," De Brino says. He never has vendors over to his house. "You have to maintain a professional distance."

Steve Plut, CIO at Mine Safety Appliances (MSA), an $852-million Pittsburgh maker of gas masks, says he doesn't mind maintaining friendly relationships with longtime vendors. He allows one vendor to take him and his staff out for a few rounds of golf once a year. He also used to go to one Steelers game a year with another vendor.

He says this doesn't impair his ability to make tough decisions. Last year, for instance, right before football season, he told the rep with the Steelers tickets that MSA was cutting back on its business with the vendor. "We have to do what's right for MSA," Plut says. The vendor took it well at the time. But Plut says he didn't get invited to a Steelers game last season. He figures that's because the vendor knows that Plut bought his own season tickets last year.

Customer Councils
Hurley, training vice president at ITSMA, says the vendors in his council want access to CIOs but are finding that it's difficult to get them interested in social situations. One strategy they've come up with is the customer council, where a vendor gathers CIOs to provide input on what they want out of the vendor's future products. This way, the vendor gets useful information, and CIOs get to network with each other.

De Brino says he goes to two or three such meetings a year at a local conference center. He and the other CIOs fill out surveys--which he calls "blatant marketing"--but he doesn't begrudge the vendors this task because he gets plenty in return. "As long as the vendors keep in the back of the room and let us work things out, it's a sponsored opportunity for us CIOs to talk about things," he says. "We would never do that on our own."

At the end of these meetings, one CIO will win a prize, such as an iPod Shuffle. De Brino figures it's not bribery as long as it's random. But just to be safe, if he wins (which he hasn't), he plans to give the prize away to his staff in a random drawing. That's what he does with unsolicited tchotchkes that arrive in the mail. (Plut actually mailed one back at his own expense when it seemed too extravagant.)

Turner, of Greenebaum Doll & McDonald, says she participates in customer councils, but only by phone. She doesn't have time to travel to such events. @pb

Customer Reference "Rebates"
Vendors have long asked their happier customers to serve as customer references, but now there's a twist: Some vendors are offering compensation for these references. ITSMA's Hurley says the council advises its vendors to keep the remuneration low enough "so it wouldn't be seen as a bribe" and yet high enough so customers have the incentive to help sell the product. He advises vendors not to offer anything that's personally beneficial, like a set of golf clubs; instead, he suggests something that benefits the CIO's company, like a small discount on the company's next purchase.

One company, EMC Corp., has institutionalized a rewards program for Documentum customers who give references for the company's enterprise content management products. The program is called Studio D and invites customers on its Web site to "Score some high-quality goods!" According to the site, Documentum customers who serve as marketing references win points that can be used for discounts, training credits or "gift certificates at the e-store of your choice." (The points can also be donated to a charity.)

Marshall is critical of such programs because the vendor is, in essence, buying those customer references. He says the program should highlight that fact when it gives out lists of references. The CIOs interviewed for this story were appalled at the idea of trading their references for any sort of compensation, even when the benefit accrues to their company. "If you do a good job, we'll be happy to give you a reference," De Brino says, noting that "I think that would be unethical, selling your reference."

Turner says that if vendors want to offer a discount, they shouldn't tie it to references. "I wouldn't trade my reference for money," she says. "That doesn't sit well with me personally, professionally or ethically." Knowing that such programs now exist, several CIOs said they will make a point of asking future references if they have received any compensation.

Responding via e-mail to the idea that it was buying references, Documentum said that the Studio D program "is not so lucrative (for the individual) that customers would take time to give a reference purely for the points." The company added that many of its references never join the program. And Documentum is up front about giving points in return for references; the practice is outlined on Studio D's Web site.

Bribe or "Perk"?
Rather than fending off bribes, some purchasing officers have been known to solicit them. Moreno of Herbalife has heard of this happening where large contracts are involved. "You know if you ask for something, most vendors will cough up. You hear it from your peers," he says. "They think it's part of the perks of the job."

De Brino's company, Compass Health, owns a technology vendor called Advances in Technology, which De Brino also oversees. That means he sometimes wears the vendor's hat. He says that in two instances to date, potential customers have hinted that "a little extra something" would sweeten the deal and make them more likely to sign.

He's afraid to confront them because he would hate to insult a potential customer if he's wrong. Instead, he plays dumb. When they say they want extras, he offers more train-ing. When they say they'd like a little more, he offers even more training. "That's the best way to handle that. If I'm wrong, there's no harm done. They just think I'm stupid," De Brino says. In both cases, De Brino's company didn't get the contract, he notes.

Ethics experts like Marshall say companies are better off with such policies than without them. But in the end, policies don't keep deals ethical, people do. "It's almost like SOX," says MSA's Plut, referring to Sarbanes-Oxley Act regulations. "You can have a bottom line; but at the end of the day, people can circumvent it. You just have to have ethical people who work for you. Actions speak louder than words."

Joan Indiana Rigdon was a contributing writer for CIO Decisions. To comment on this story, email [email protected].

Dig Deeper on Small-business IT strategy