Corporate Governance: Insights for Writing a Code of Ethics or Conduct

The heart of an organization is often expressed in its code of ethics or code of conduct. It tells the world what really matters to an organization and what it is all about. And companies that follow both the letter and the spirit of the law by taking a value-based approach to ethics and compliance may have a distinct advantage in the marketplace.

Give the average employee a legalistic “thou shall not . . .” code, and a negative response is almost guaranteed.

Give employees a document that states clearly and concisely the organization’s expectations, outlines acceptable behaviors and presents viable options for asking questions and voicing concerns – and the likelihood is much greater that they will meet those expectations and exhibit the desired behaviors.

Make the contents of the code equally applicable to, and understood by, everyone in the organization—at all levels, across all business units and spanning the geographies—and you have a key ingredient for a code that becomes ingrained in the corporate culture, with all of the benefits.

The code should apply to all employees and be global in scope. If the code addresses financial risk and applies to all personnel, there may be no need for a separate financial code of ethics

Code Basics

There is no standard wording for a code of ethics or a code of conduct. Each organization should develop a code to suit the needs of its personnel in defining expected behaviors and in addressing the risks, challenges and customs in the countries in which it operates, as well as to fit their specific industry and regulatory environment.

However, there are some basic points to keep in mind when creating or modifying a code:

  • The code language should be simple, concise and easily understood by all employees. It should be user friendly and written with the employee in mind.
  • The code should not be legalistic—written as “thou shall not”—but rather should state the expected behaviors.
  • The code should apply to all employees and be global in scope. If the code addresses financial risk and applies to all personnel, there may be no need for a separate financial code of ethics.
  • The code should be written, reviewed and edited by a multidisciplinary team in order to make it reasonably consistent with other corporate communications and policies and make sure it addresses relevant risk areas, has buy-in across the organization, and represents the organization’s culture.
  • The code should be revised and updated as appropriate to reflect business and regulatory changes.

Recommended Elements

The elements or sections within a code can vary, but here are some standard recommendations:

An introductory letter from the senior leadership team or CEO that sets the tone at the top and defines the importance of ethics and compliance to each employee and the organization.

The organization’s mission statement, vision, values and guiding principles. These should reflect the organization’s commitment to ethics, integrity and quality.

An ethical decision framework to assist employees in making choices. For example, a code might ask employees to answer some questions to guide them in making an ethical decision about a possible course of action. The goal is for employees to think before acting and to seek guidance when unsure.

They should be encouraged to think about this type of question in the context of an ethical dilemma. “Would you be unwilling or embarrassed to tell your family, friends, or co-workers?”

A listing of available resources for obtaining guidance and for good faith reporting of suspected misconduct. For example:

  • A means to report issues anonymously, such as a helpline or postal address
  • Information on how to contact the ethics and compliance officer or office
  • A definition of the reporting chain of command (e.g., supervisor, department head, etc.)
  • A listing of any internal ethics and compliance websites
  • A listing of any additional ethics and compliance resources and/or the identification of supplementary policies and procedures and their location.

Enforcement and implementation mechanisms that address the notion of accountability and discipline for unethical behavior. For example, unethical behavior will be subject to disciplinary action up to and including termination.

Generic examples of what constitutes acceptable and unacceptable behavior could be included to further explain risk areas. Examples could be based on relevant organization or industry experiences.

Areas of Risk

It is important that a code covers relevant and important issues or risk areas. For example, a manufacturing organization would place greater emphasis on environmental responsibilities than a professional services firm.

Code content and depth of coverage on a specific topic may vary by industry objectives, or past organization history, i.e., an organization operating under a corporate integrity agreement or with a history of ethical violations or infractions.

Content also may vary because of the regulatory environment, as well as the questions and needs of intended audience, local laws, customs and culture.

Code topics can be organized alphabetically or organized to reflect groupings that make sense to the organization. Topics also can be grouped according to the organization’s objectives, risk matrix, or related topics such as employment practices, use of corporate assets, or third-party relationships.

The following is a list of selected issues, topics and risk areas that could be addressed in a company’s code, either under their own subject heading or as part of a broader topic:

  • Antitrust/competitive information/fair competition
  • Customer, supplier, and vendor relationships
  • Community activities/civic activity
  • Compliance with professional standards and rules
  • Confidential and proprietary information
  • Contracting (approvals)
  • Conflicts of Interest
  • Copyrights
  • Discrimination, diversity and inclusion
  • Electronic professional conduct
  • Expense reimbursement and time reporting
  • External inquiries/public disclosure and reporting
  • Fraud
  • Gifts, entertainment, gratuities, favors and other items of value to/from customers, suppliers, vendors, contractors, government employees
  • Government contracting, transactions, and relations
  • Harassment (sexual and otherwise)
  • Health and safety
  • Money laundering
  • Outside employment and other activities
    Outside businesses

    Outside employment
    Professional organizations

    Charities and community service
  • Personal conduct
  • Procurement/purchasing
  • Professional competence and due care
  • Reporting and financial recordkeeping/management
  • Use of company resources
    Computer and network security (information security)
    Computer software and hardware

    Email and voicemail (communications systems)
    Internet and intranet

    Industrial espionage and sabotage

Implementation Considerations

Assign a core team, reporting to the Chief Ethics and Compliance Officer, with the task of drafting the code. The code development or enhancement will require the successful completion of the following steps:

  • Appoint a multidisciplinary advisory team
  • Draft an outline of the proposed code and circulate amongst the multidisciplinary team for review and comment
  • Draft code based on approved code outline
  • Consider whether the code is aligned with the organization’s policies, procedures, values and industry standards
  • Circulate draft code amongst the multidisciplinary team for review and comment
  • Update code to reflect input of advisory team
  • Use focus groups and other methods to get feedback from all levels of personnel on the code update based on their feedback
  • Present “final” version of code to management and board for approval
  • Circulate final versions to offices of Communications and General Counsel

Communicating the Code

An organization’s code of ethics or conduct can only be effective if it is properly disseminated to employees of the organization. Although many organizations continue to use hard and soft copies of their codes of conduct, a number of other organizations are embracing new technologies in order to share their codes with their employees.

For instance, an organization may feature an interactive code on its internal website, allowing employees to easily search topics, perform deeper dives in certain areas, etc., while also still allowing them to use the same “standard” code.

No matter which format is used, and it can depend widely on the type of organization, the method used to communicate the code to all employees is crucial in order to make the code effective.

About the Authors

This guide was produced by Nicole Sandford, partner and national practice leader, enterprise compliance services, Maureen Mohlenkamp, principal, Keith Darcy, independent senior advisor, and Nolan Haskovec, senior manager, all at Deloitte & Touche LLP.

Copyright © 2016 Deloitte Development LLC. All rights reserved.

Photo credit: Shutterstock


Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern