KnowledgeLeader Blog

How to Develop an Effective Code of Conduct

Posted by Protiviti KnowledgeLeader on Thu, May 30, 2019 @ 05:14 PM

""

Executives often cite an ability to adapt to change as the most important factor for success in today’s dynamic business environment; however, there is another equally important factor: an unwavering commitment to ethical and responsible business behavior. As many organizations already understand, a formal, written code of conduct is critical in order to transform ethical behavior into something more tangible for employees. Such a code is now a requirement for public companies, as mandated by the Sarbanes-Oxley Act and by the listing requirements of major stock exchanges.

Executing a successful code of conduct depends on three key elements: proper definition, effective communication and appropriate warning signals as monitoring tools. For years, companies have implemented corporate compliance programs that generally are based on a published code of conduct and follow the infrastructure outlined under the Federal Sentencing Guidelines for Organizations. To be effective, each program’s underlying elements should reflect the unique aspects of the organization’s culture and management’s operating style.

Typically, a code of conduct includes:

  • A statement by the CEO that the organization is committed to conducting business with integrity, in accordance with the highest ethical standards, and in compliance with all applicable laws, rules and regulations. This establishes the required "tone at the top."
  • Practical examples of situations an individual might encounter, and guidance to help clarify how the code should be applied in each case.
  • A discussion of the roles the organization’s policies, structure, risk management and internal controls play in ensuring compliance with the company’s ethical standards, including the role of personal accountability for adhering to the code.
  • Recognition of the company's responsibilities to shareholders, employees, customers and other stakeholders.
  • Prohibitions on and/or required disclosures related to conflicts of interest.
  • Prohibitions and/or restrictions on the use of confidential and proprietary information.
  • Corporate guidelines, including policies on expenses, asset usage, vacations, insider trading, etc.

Communication, Disclosure and Enforcement

Disclosure of the code of conduct has not been consistent among companies. These are suggestions based on today’s best practices:

  • Write the code in a way that all employees can understand.
  • Circulate the code internally to all employees on a regular basis (annually, at a minimum). Require everyone to acknowledge that he or she has read it, understands his or her responsibility to comply with it, and will report through appropriate channels any observed violations.
  • Circulate the code externally to institutional investors and other constituents.
  • Publish the code in the company’s annual report and on its website.
  • Conduct periodic employee training on the code and audits of the staff’s understanding of it.
  • Require periodic compliance self-assessments of selected employees using appropriate code provisions.

A code without discipline lacks substance. Management must take disciplinary action for violations on a timely basis, and lessons learned from violations should be communicated to employees and reinforced through training. An internal reporting mechanism should be put in place for employees to ask questions about ethics issues and report ethical violations or breaches of company policy without fear of retribution.

Often, these reporting mechanisms take the form of an "integrity hotline," although some companies are establishing websites to receive reports and give reporting employees or outside parties the option of remaining anonymous. Management should have protocols in place to handle reported violations consistently, including use of legal counsel, coordination with law enforcement, and timely reporting to senior management and the board, consistent with the Sarbanes-Oxley requirements for reporting fraud.

Watching for Ethics Warning Signs

The company’s board of directors has three responsibilities with respect to the code of conduct. First, it must determine that the code is consistent with values that most stakeholders hold in the highest esteem. Second, it must comply with the code. Third, it must provide appropriate oversight to ensure management is operating the business in a manner consistent with the code.

Directors should watch for the following key warning signs. If these and other red flags are noted, the board should investigate to determine whether there are integrity issues requiring attention at the highest levels of the organization. Where there is smoke, there may be fire:

  1. The extent to which the code of conduct is emphasized and reinforced by management in operating the company. There is little value to a code that is published but not consistently reinforced by management.
  2. The manner in which management engages the board. Management’s relationship with the board could be a sign of how it engages its people. For example:
    • Management brings only good news and highly structured presentations to board meetings, and the board rarely hears bad news until it is too late.
    • Management only presents the board with plans for approval and rarely seeks input as plans are being developed. Insufficient time is devoted to forward-looking issues.
    • The CEO controls the board’s agenda, board meetings are highly regimented and orchestrated, and directors have little opportunity to discuss issues and concerns.

If these signs exist, are they an indicator of how management works with subordinates? Does the CEO really listen to his or her people? If not, does that behavior permeate the organization?

  1. Circumstances within the organization or aspects of its culture could lead to unethical or dysfunctional behavior. Unless effectively managed and checked, past successes and growth – along with sustained pressures to perform – can breed a "warrior culture." This can lead to a cavalier attitude that spawns reckless initiatives, unhealthy internal competition, institutional resistance to bad news, a general lack of change readiness, unrealistic stretch sales and profit goals, variable compensation plans linked to those goals, and insufficient attention to protecting the company’s brand image.
  2. The existence of direct or anecdotal evidence that the CEO and senior management lack credibility with employees. Such evidence might surface in employee surveys conducted by an independent consultant, or in other ways. Management may consistently make excuses for poor results and be unwilling to acknowledge its own errors. If the board notes that the CEO and executive management are unable to discern or are unwilling to admit when a strategy or its execution is not working, it can safely bet that employees have noted it as well.
  3. Direct or anecdotal evidence that certain business activities might be on the verge of running out of control. For example, is there evidence of a pattern of high-pressure sales practices, bullying negotiation tactics, disregard of regulatory authority, or similar activities? If these conditions persist, could they lead to problems, even illegal acts or brand erosion?
  4. Identification of problem areas or process failures that may be a symptom of a potential ethics issue. When a significant problem or process failure occurs, is it a symptom of an ethical breakdown? If not, does it indicate a lack of clarity that, if addressed, might have helped mitigate the problem or even have avoided it?
  5. Requests to waive conflicts of interest or other significant ethics requirements. The board should pay close attention to requests from management to waive significant provisions of the code, including the immediate and long-term effects if a waiver is granted.
  6. The effectiveness of management’s follow-up on instances of code violations and noncompliance issues reported by whistleblowers and third parties. The board should be informed of financial reporting issues raised by whistleblowers, as well as any lack of adherence to policies and procedures demanded by regulators and auditors. Any subsequent investigation, findings and the remedies taken should be disclosed to the board.

Ultimately, the best test of a code of conduct’s effectiveness is whether it is practiced. When management’s preferences, value judgments and operating styles are consistent with the highest standards of ethical behavior, the organization is better positioned to sustain a quality reputation that attracts and retains the customers, talent and capital required to grow the business and create enterprise value. In every industry, strong corporate ethics breed positive business results.

Please visit these related resources on KnowledgeLeader:

The Code of Conduct: Laying a Cornerstone for Effective Governance Questionnaire
Finance Code of Conduct Policy
Code of Business Conduct and Ethical Guidelines Policy
Code of Business Conduct and Ethics Policy: Sample 2

Topics: ethics, KL Tools, communication

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Tour the Site

Recent Posts

Posts by Topic

see all