While smaller entities don’t normally have a written code of conduct, larger organizations are establishing these codes. Publically-held companies, issuers under the Sarbanes-Oxley Act, are required to establish and communicate codes of conduct. Other privately-held companies, non-issuers, are also creating codes of conduct as part of their control environment.
Whether written or communicated informally, a code of conduct defines behavior expectations for both management and other employees. While such codes do not prevent inappropriate behavior or fraud, they do provide employees with legal and ethical standards that will influence their performance and commitment to the entity’s system of internal control.
An entity’s code of conduct will ordinarily include these sections: • Use of company assets and resources for business and not personal use • Use of telephones, email and the internet • Avoiding actual and potential conflicts of interest • Protecting the company’s confidential information • Maintaining complete and accurate accounting records • Investigating and reporting any accounting, auditing and disclosure concerns • Retaining and disposing of records and documents • Prohibiting discrimination and harassment • Prohibiting use of alcohol and illegal drugs • Complying with laws, rules and regulations • Protecting intellectual property and using copyrighted materials • Giving and receiving gifts, meals, services and entertainment • Understanding disciplinary actions for code violations • Reporting concerns and code violations