Senior management, with guidance from the board of directors, defines and communicates expected standards of conduct for the organization, including any specific to those responsible for preparing external financial reporting. Such standards contain key provisions reflecting legal, ethical, and other expectations in the conduct of business and financial reporting, and articulate management's philosophy and guidance for avoiding moral hazards in the pursuit of objectives. They also leverage established professional codes of conduct, such as those associated with financial and managerial accounting, legal, information technology, or other professional organizations. To instill a common understanding of the company's standards, management develops various means for:

The senior management of Zanzibar Co., a publicly traded company, has created, maintains, and distributes the company's code of business conduct and ethical standards to all employees and external parties acting on behalf of the company, and has posted it on the company website. The code of conduct is available in all relevant languages for ease of access and understanding by all within the global organization. The company requires all employees to complete periodic interactive web-based training sessions on various aspects of the code and ethical standards.

Furthermore, Zanzibar Co. provides a supplier code of conduct to its vendors as part of its service-level agreements, which provide a basis for evaluation alongside product/service delivery evaluation.

These documents emphasize that every individual is responsible for maintaining an ethical environment and reporting any ethical breaches. Service-level agreements and contracts with external parties include the relevant language to specify the company's expected standards of conduct and serve as a basis for evaluating adherence. The code also specifically sets out the expectation of reporting and resolving issues by providing clear information on how to ask a policy question or report a violation through an independent third party.

Senior management and the board of directors annually review and discuss any changes needed to the code or how it is administered, considering external and internal factors, including the coverage of the company's key risk areas, any known compliance issues, and results of monitoring activities. For instance, over time, Zanzibar Co. has added provisions to address new, applicable laws and has provided more guidance on what constitutes an appropriate gift or entertainment.

The CEO and key members of management at various levels in the organization articulate and demonstrate the importance of integrity and ethical values across the organization. The various forms and mechanisms used to do this may include:

While this approach can be synonymous with that of establishing standards of conduct when both operate effectively, history has shown instances where organizations define and communicate honorable standards of conduct, yet management does not internalize or exhibit these standards in its conduct, and therefore sets a different tone than what is expected.

Aerospacial S.A., a small supplier to the aerospace industry, uses its monthly newsletter to employees, outsourced service providers, business partners, and other external parties to emphasize the importance of exercising sound integrity and ethical values. Each edition of the newsletter contains a section related to ethical decision making and consequences of violations of the code. The newsletter draws attention to the multitude of resources available to discuss and resolve ethical issues; it also reports what actions are taken by senior management when the code is violated at any level of the organization. The newsletter illustrates the open dialogue and resolution of issues that is actively promoted by senior management.

Examples of ethical dilemmas are provided, along with suggested resolutions. The newsletter points out that reports of violations originate from a variety of sources, including employees, managers, the company's anonymous hotline, and external parties. Responses range from no action (in cases where the violation is shown not to have occurred) to various levels of discipline, including dismissal.

Finally, the newsletter reminds all Aerospacial S.A. employees—from senior management to entry-level—that as part of their annual performance review they must certify that they have read the company's mission statement and code of conduct and that they comply with policies at all times.

The board of directors and senior management evaluate adherence to the company's standards of conduct. This is accomplished in a variety of ways, which may include:

The not-for-profit organization Partners for Development conducts scheduled audits to determine whether employees are receiving, understanding, and applying the boardapproved standards of conduct. A completeness check is performed to verify that every employee has received and attested to these standards or otherwise provided a specific explanation that is then reviewed and addressed by senior management and the board. The audits also include non-employees and consultants from the organization's IT service provider. The standards consist of three documents: the code of ethics and standards of personal conduct, the compliance policy statement, and the expected standards of conduct.

Partners for Development's purpose in conducting these audits is to determine if there are any shortcomings in understanding or instances of non-compliance and to use those findings to assess and correct any deficiencies in the organization's new-hire orientation, communications, training, and employee review processes. Upholding the organization's standards of conduct is intended to help safeguard against or escalate any instances of fraud, management override, or other illicit transactions and support complete, accurate, and reliable financial reporting to the organization's government sponsors.

All-World Food Distributors provides an anonymous hotline for employees to report potential fraud and other ethical concerns. The entity engages a third-party service provider to administer the hotline to provide the comfort of anonymity for its employees. This service immediately reports any potentially illegal acts or financial reporting improprieties directly to the company's legal department and audit committee. Issues and trends are analyzed and conclusions are reported to the audit committee of the board.

Senior management develops and consistently follows a prescribed process and standard to promptly investigate, report, and take action to correct any violations to the standards of conduct occurring at any level of the organization, including outsourced service providers and business partners. The process may include:

Remediation may address accounting corrections needed, process control enhancements, systems development or enhancements, accountability reinforcement, training, revisions to the standards of conduct, providing management, personnel or third parties with increased awareness of the importance of applying the standards, and other actions. The board reviews and approves the adequacy of remediation measures and progress reports.

Best Fit Shoes has established policies and procedures to address serious improprieties or illegal acts by employees, such as theft or bribing a new supplier to secure a contract. The policy empowers the legal department to initiate the investigation together with the internal audit department or an external third party in order to understand, document, and report the facts of the alleged matter for evaluation and assessment.

Best Fit's policy clearly states that if such an illegal act or impropriety is confirmed, the company will terminate the employee, revoke all access privileges, and file formal charges with appropriate authorities. The policy also requires the human resources manager to document the situation and its resolution, analyze the root cause of the breach, and implement any additional remedial steps to avoid similar occurrences in the future. Progress reports are regularly provided to the audit committee.

During one instance, facilitation payments were made to obtain certain contracts, the policy was immediately applied, and an investigation was launched. The audit committee was notified and regularly presented with progress updates and the proposed corrective actions for approval.