Professional Documents
Culture Documents
Insights For Writing A Code of Ethics
Insights For Writing A Code of Ethics
Insights For Writing A Code of Ethics
code of ethics/conduct
As Deloitte consults with clients across the globe and Recommended elements
gains increasing ethics and compliance insights, it is clear The elements or sections within a code can vary, but here
to us that the heart of an organization is often expressed are some standard recommendations:
in its code of ethics/conduct. It tells the world what really
• An introductory letter from the senior leadership team
matters to your organization. It's who you are. And we
or CEO that sets the tone at the top and defines the
have found that companies that follow both the letter and
importance of ethics and compliance to each employee
the spirit of the law by taking a “value-based” approach
and the organization.
to ethics and compliance may have a distinct advantage
• The organization’s mission statement, vision, values,
in the marketplace. Give the average employee a legalistic
and guiding principles that reflect the organization’s
“thou shall not….” code, and a negative response is almost
commitment to ethics, integrity, and quality.
guaranteed. Give employees a document that states clearly
• An ethical decision framework to assist employees
and concisely the organization's expectations, outlines
in making choices. For example, a code might ask
acceptable behaviors, and presents viable options for
employees to answer some questions to guide them
asking questions and voicing concerns, and the likelihood
in making an ethical decision about a possible course
is much greater that they will meet those expectations and
of action. The goal is for employees to think before
exhibit the desired behaviors. Make the contents of the
acting and to seek guidance when unsure. They should
code equally applicable to, and understood by, everyone in
be encouraged to think about this type of question
the organization—at all levels, across all business units, and
in the context of an ethical dilemma “Would you be
spanning the geographies—and you have a key ingredient
unwilling or embarrassed to tell your family, friends, or
for a code that becomes cultural, with all of the benefits.
co-workers?”
• A listing of available resources for obtaining guidance
Code basics
and for good faith reporting of suspected misconduct.
There is no standard wording for a code of ethics/conduct.
For example:
Each organization should develop one to suit the needs
–– A means to report issues anonymously, such as a
of its personnel in defining expected behaviors and in
helpline or postal address
addressing the risks, challenges, and customs in the
–– How to contact the ethics and compliance officer or
countries in which it operates, as well as to fit their specific
office
industry and regulatory environment. However, there
–– A definition of the reporting chain of command
are some basic points to keep in mind when creating or
(e.g., supervisor, department head, etc.)
modifying a code:
–– A listing of any internal ethics and compliance
• The code language should be simple, concise, and easily websites
understood by all employees. • A listing of any additional ethics and compliance
• The code should be user friendly, and written with the resources and/or the identification of supplementary
employee in mind. policies and procedures and their location.
• The code should not be legalistic—written as “thou • Enforcement and implementation mechanisms that
shall not”— but rather state expected behaviors. address the notion of accountability and discipline for
• The code should apply to all employees and be global unethical behavior. For example, unethical behavior will
in scope. If the code addresses financial risk and applies be subject to disciplinary action up to and including
to all personnel, there may be no need for a separate termination.
financial code of ethics. • Generic examples of what constitutes acceptable and
• The code should be written, reviewed, and edited unacceptable behavior could be included to further
by a multidisciplinary team in order to be reasonably explain risk areas. Examples could be based on relevant
confident that it is consistent with other corporate organization or industry experiences.
communications and policies, addresses relevant
risk areas, has buy-in across the organization, and
represents the organization’s culture. Consider inclusion
of representatives from the following areas: Risk
As used in this document,
Management, Human Resources, Communications,
“Deloitte” means Deloitte &
Touche LLP, a subsidiary of Office of General Counsel, Internal Audit, Security, and
Deloitte LLP. Please see www. relevant business units.
deloitte.com/us/about for a
• The code should be revised and updated as appropriate
detailed description of the legal
structure of Deloitte LLP and its to reflect business and regulatory changes.
subsidiaries. Certain services may
not be available to attest clients
under the rules and regulations
of public accounting.
2
Areas of risk • Environment
It is important that a code cover relevant and important • Expense reimbursement and time reporting
issues or risk areas. For example, a manufacturing • External inquiries/public disclosure and reporting
organization would place greater emphasis on • Family and personal relationships
environmental responsibilities than a professional services • Family Medical Leave Act
firm. Code content and depth of coverage on a specific • Fraud
topic may vary by industry objectives, or past organization • Gifts, entertainment, gratuities, favors, and other
history, i.e., an organization operating under a corporate items of value to/from customers, suppliers, vendors,
integrity agreement or with a history of ethical violations contractors, government employees
or infractions. Content also may vary because of the • Government contracting, transactions, and relations
regulatory environment, as well as the questions and needs • Government reporting, inquiries, investigations, and
of intended audience, local laws, customs, and culture. litigation
• Harassment (sexual and otherwise)
Code topics can be organized alphabetically or organized • Health and safety
to reflect groupings that make sense to the organization. • Honesty and trust
Topics also can be grouped according to the organization’s • International and global business practices:
objectives, risk matrix, or related topics such as –– Anti-boycott laws
employment practices, use of corporate assets, or –– Embargoes
third-party relationships. –– Export/import laws
–– Export licensing
Potential code topics –– Foreign Corrupt Practices Act
The following is a list of issues, topics, and risk areas that –– Foreign economic boycotts
could be addressed in a organization’s code, either under • Marketing, sales, advertising, and promotions
their own subject heading or as part of a broader topic: • Money laundering
• Outside employment and other activities:
• Accurate records, reporting, and financial
–– Outside businesses
recordkeeping/management
–– Outside employment
• Fraud/antitrust/competitive information/fair competition
–– Professional organizations
• Billing for services
–– Charities and community service
• Customer service/relations
–– Fundraising
• Customer, supplier, and third-party vendor relationships
• Personal conduct
• Customer/supplier/vendor/contractor confidentiality
• Political contributions and activity: lobbying, holding
• Communications on behalf of organization
office, and finance
(public relations (PR), media, speeches, articles)
• Privacy
• Communications systems
• Procurement/purchasing
• Community activities – civic activity
• Professional competence and due care
• Compliance with professional standards and rules:
• Quality
–– Conflicts of interest
• Securities trading and insider information
–– Independence
• Security
–– Licensure and professional certifications
• Social responsibility
• Confidential and proprietary information
• Supplier, vendor, and contractor relationships
• Consultation
• Use of organization resources:
• Contracting (approvals)
–– Computer and network security
• Conflicts of interest (including independence
(information security)
and objectivity)
–– Computer software and hardware
• Copyrights
–– Cyber risk
• Corporate governance
–– Email and voicemail (communications systems)
• Discrimination
–– Internet and intranet
• Diversity and inclusion
–– Industrial espionage and sabotage
• Document retention
–– Property
• Electronic professional conduct
• Work/life balance
• Employment practices (Equal Employment Opportunity)
• Workplace violence
and affirmative action
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business,
financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice
or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or
taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible
for any loss sustained by any person who relies on this publication.