Insights for writing a

code of ethics/conduct
 As Deloitte consults with clients across the globe and Recommended elements
gains increasing ethics and compliance insights, it is clear The elements or sections within a code can vary, but here
to us that the heart of an organization is often expressed are some standard recommendations:
in its code of ethics/conduct. It tells the world what really
• An introductory letter from the senior leadership team
matters to your organization. It's who you are. And we
or CEO that sets the tone at the top and defines the
have found that companies that follow both the letter and
importance of ethics and compliance to each employee
the spirit of the law by taking a “value-based” approach
and the organization.
to ethics and compliance may have a distinct advantage
• The organization’s mission statement, vision, values,
in the marketplace. Give the average employee a legalistic
and guiding principles that reflect the organization’s
“thou shall not….” code, and a negative response is almost
commitment to ethics, integrity, and quality.
guaranteed. Give employees a document that states clearly
• An ethical decision framework to assist employees
and concisely the organization's expectations, outlines
in making choices. For example, a code might ask
acceptable behaviors, and presents viable options for
employees to answer some questions to guide them
asking questions and voicing concerns, and the likelihood
in making an ethical decision about a possible course
is much greater that they will meet those expectations and
of action. The goal is for employees to think before
exhibit the desired behaviors. Make the contents of the
acting and to seek guidance when unsure. They should
code equally applicable to, and understood by, everyone in
be encouraged to think about this type of question
the organization—at all levels, across all business units, and
in the context of an ethical dilemma “Would you be
spanning the geographies—and you have a key ingredient
unwilling or embarrassed to tell your family, friends, or
for a code that becomes cultural, with all of the benefits.
co-workers?”
• A listing of available resources for obtaining guidance
Code basics
and for good faith reporting of suspected misconduct.
There is no standard wording for a code of ethics/conduct.
For example:
Each organization should develop one to suit the needs
–– A means to report issues anonymously, such as a
of its personnel in defining expected behaviors and in
helpline or postal address
addressing the risks, challenges, and customs in the
–– How to contact the ethics and compliance officer or
countries in which it operates, as well as to fit their specific
office
industry and regulatory environment. However, there
–– A definition of the reporting chain of command
are some basic points to keep in mind when creating or
(e.g., supervisor, department head, etc.)
modifying a code:
–– A listing of any internal ethics and compliance
• The code language should be simple, concise, and easily websites
understood by all employees. • A listing of any additional ethics and compliance
• The code should be user friendly, and written with the resources and/or the identification of supplementary
employee in mind. policies and procedures and their location.
• The code should not be legalistic—written as “thou • Enforcement and implementation mechanisms that
shall not”— but rather state expected behaviors. address the notion of accountability and discipline for
• The code should apply to all employees and be global unethical behavior. For example, unethical behavior will
in scope. If the code addresses financial risk and applies be subject to disciplinary action up to and including
to all personnel, there may be no need for a separate termination.
financial code of ethics. • Generic examples of what constitutes acceptable and
• The code should be written, reviewed, and edited unacceptable behavior could be included to further
by a multidisciplinary team in order to be reasonably explain risk areas. Examples could be based on relevant
confident that it is consistent with other corporate organization or industry experiences.
communications and policies, addresses relevant
risk areas, has buy-in across the organization, and
represents the organization’s culture. Consider inclusion
of representatives from the following areas: Risk
As used in this document,
Management, Human Resources, Communications,
“Deloitte” means Deloitte &
Touche LLP, a subsidiary of Office of General Counsel, Internal Audit, Security, and
Deloitte LLP. Please see www. relevant business units.
deloitte.com/us/about for a
• The code should be revised and updated as appropriate
detailed description of the legal
structure of Deloitte LLP and its to reflect business and regulatory changes.
subsidiaries. Certain services may
not be available to attest clients
under the rules and regulations
of public accounting.

2
Areas of risk • Environment
It is important that a code cover relevant and important • Expense reimbursement and time reporting
issues or risk areas. For example, a manufacturing • External inquiries/public disclosure and reporting
organization would place greater emphasis on • Family and personal relationships
environmental responsibilities than a professional services • Family Medical Leave Act
firm. Code content and depth of coverage on a specific • Fraud
topic may vary by industry objectives, or past organization • Gifts, entertainment, gratuities, favors, and other
history, i.e., an organization operating under a corporate items of value to/from customers, suppliers, vendors,
integrity agreement or with a history of ethical violations contractors, government employees
or infractions. Content also may vary because of the • Government contracting, transactions, and relations
regulatory environment, as well as the questions and needs • Government reporting, inquiries, investigations, and
of intended audience, local laws, customs, and culture. litigation
• Harassment (sexual and otherwise)
Code topics can be organized alphabetically or organized • Health and safety
to reflect groupings that make sense to the organization. • Honesty and trust
Topics also can be grouped according to the organization’s • International and global business practices:
objectives, risk matrix, or related topics such as –– Anti-boycott laws
employment practices, use of corporate assets, or –– Embargoes
third-party relationships. –– Export/import laws
–– Export licensing
Potential code topics –– Foreign Corrupt Practices Act
The following is a list of issues, topics, and risk areas that –– Foreign economic boycotts
could be addressed in a organization’s code, either under • Marketing, sales, advertising, and promotions
their own subject heading or as part of a broader topic: • Money laundering
• Outside employment and other activities:
• Accurate records, reporting, and financial
–– Outside businesses
recordkeeping/management
–– Outside employment
• Fraud/antitrust/competitive information/fair competition
–– Professional organizations
• Billing for services
–– Charities and community service
• Customer service/relations
–– Fundraising
• Customer, supplier, and third-party vendor relationships
• Personal conduct
• Customer/supplier/vendor/contractor confidentiality
• Political contributions and activity: lobbying, holding
• Communications on behalf of organization
office, and finance
(public relations (PR), media, speeches, articles)
• Privacy
• Communications systems
• Procurement/purchasing
• Community activities – civic activity
• Professional competence and due care
• Compliance with professional standards and rules:
• Quality
–– Conflicts of interest
• Securities trading and insider information
–– Independence
• Security
–– Licensure and professional certifications
• Social responsibility
• Confidential and proprietary information
• Supplier, vendor, and contractor relationships
• Consultation
• Use of organization resources:
• Contracting (approvals)
–– Computer and network security
• Conflicts of interest (including independence
(information security)
and objectivity)
–– Computer software and hardware
• Copyrights
–– Cyber risk
• Corporate governance
–– Email and voicemail (communications systems)
• Discrimination
–– Internet and intranet
• Diversity and inclusion
–– Industrial espionage and sabotage
• Document retention
–– Property
• Electronic professional conduct
• Work/life balance
• Employment practices (Equal Employment Opportunity)
• Workplace violence
and affirmative action

Writing a code of ethics/conduct 3

 Implementation considerations Implementation can also include use of external
Assign a core team, reporting to the Chief Ethics and consultants to assist in writing the code, reviewing
Compliance Officer, with the task of drafting the code. the draft code, and, as an example of continuous
The code development or enhancement will require the improvement, assessing the code on a periodic basis to
successful completion of the following steps: recommend opportunities for improvement and emerging
risk areas for consideration.
• Appoint a multidisciplinary advisory team
• Draft an outline of the proposed code and circulate
An organization's code of conduct/ethics can only be
amongst the multidisciplinary team for review and
effective if it is properly disseminated to employees of the
comment
organization. Although many organizations continue to use
• Draft code based on approved code outline
hard and soft copies of their codes of conduct, a number
• Consider whether the code is aligned with the
of other organizations are embracing new technologies
organization’s policies, procedures, values, and industry
in order to share their codes with their employees. For
standards
instance, an organization may feature an interactive code
• Circulate draft code amongst the multidisciplinary team
on its internal website, allowing employees to easily
for review and comment
search topics, perform deeper dives in certain areas, etc.,
• Update code to reflect input of advisory team
while also still allowing them to use the same "standard"
• Use focus groups and other methods to get feedback
code. No matter which format is used, and it can depend
from all levels of personnel on the code update based
widely on the type of organization, the method used to
on their feedback
communicate the code to all employees is crucial in order
• Present “final” version of code to management and
to make the code effective.
board for approval
• Circulate final versions to offices of Communications
and General Counsel
• Communicate the code to all employees

For more information, please contact:

Nicole Sandford Keith Darcy

Partner | Deloitte Advisory Independent Senior Advisor to
National Practice Leader Deloitte & Touche LLP
Enterprise Compliance Services +1 203 905 2856
Deloitte & Touche LLP kdarcy@deloitte.com
+1 203 708 4845 Stamford, CT
nsandford@deloitte.com
Stamford, CT

Maureen Mohlenkamp Nolan Haskovec

Principal | Deloitte Advisory Senior Manager | Deloitte Advisory
Deloitte & Touche LLP Deloitte & Touche LLP
+1 212 436 2199 +1 212 436 2973
mmohlenkamp@deloitte.com nhaskovec@deloitte.com
Stamford, CT New York, NY

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business,
financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice
or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or
taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible
for any loss sustained by any person who relies on this publication.

Copyright © 2015 Deloitte Development LLC. All rights reserved.

Member of Deloitte Touche Tohmatsu Limited