Anda di halaman 1dari 5

http://www.corporatecomplianceinsights.

com/2011/auditing-an-ethics-policy-adds-
credibility-avoids-window-dressing/
Home Audit Compliance Ethics Featured Article
Auditing an Ethics Policy Adds Credibility, Avoids
Window Dressing
ShareThis
by William D. Brown @ 2011-06-15

Category: Audit, Compliance, Ethics, Featured Article
An organizations ethics policy is the cornerstone of its commitment to being a good corporate
citizen. Although ethical conduct is a worthwhile goal for purely altruistic reasons, there are
important statutory, regulatory disclosure, governmental enforcement and prudent business
considerations as well.
More than ever, ethics policies are carefully scrutinized for substance and organizational
commitment. There are a wide variety of interested parties that are relying on representations
regarding an organizations ethics policy. They need to know the commitment to the ethics
policy is sincere, which includes the careful setting of ethical goals and standards and a
continuing assessment (audit) of same in order to meet constantly changing circumstance.
Lack of an organizations commitment to its ethics policy reduces the ethics policy to mere
window dressing, which can have disastrous consequences. The three motivations for auditing
an organizations ethics policy set forth here are public disclosures, maintaining internal controls
and mitigating enforcement actions.
Public Disclosures
In the wake of the Enron and other corporate scandals Congress passed the Sarbanes-Oxley Act
of 2002 (SOX) in an effort to combat fraud among publicly traded companies.
Section 406 of SOX directed the U.S. Securities and Exchange Commission (SEC) to require
issuers (under the Securities Exchange Act of 1934) to disclose the details of its ethics policies
in annual and other certain reports filed with the SEC. SOX defines code of ethics to mean
standards reasonably necessary to promote honest and ethical conduct, accurate and timely
disclosure in periodic reports and compliance with applicable governmental rules and
regulations.
Compliance by its very nature involves an audit function or assessment whereby performance is
verified against established standards. SOX requires compliance with government rules and
regulations that are obviously in a constant state of flux.
SOX mandated the SEC to implement a reporting regimen that subjects an organizations ethics
policy to intense public scrutiny. Along with these reporting requirements goes the potential for
civil fines and/or penalties for any false or misleading statements.
It is very likely that an organizations commitment to its ethics policy will be challenged. It is
imperative that an organization can defend its ethics policy and demonstrate it is being followed.
In order for the organization to defend its ethics policy it must be certain it is effective and being
followed within the organization. The determination that the ethics policy is effective and
accurately reported in public filings requires the performance information obtained through an
audit process.
Ethics Policy as an Internal Control
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides a
different but equally compelling rationale for auditing an entitys ethic policy.
COSO was formed in 1985 in response to the growing problem of fraud committed by
corporations and other entities. The committee created a framework and guidance to deal with
issues of enterprise risk management, internal controls and fraud deterrence. COSO recognized
the importance of internal controls in creating an environment of fraud deterrence and that
unmonitored controls tend to deteriorate.
Monitoring within the COSO framework functions to ensure internal controls operate effectively
and improve the likelihood that deficiencies are identified in a timely manner and appropriate
corrective action is taken. If you assume, as COSO does, that internal controls are designed to
help organizations achieve their objectives, then clearly, the ethics policy is an internal control.
The COSO framework supports the audit of the ethics policy from the standpoint that, like any
other internal control, the ethics policy will deteriorate without monitoring (auditing). Internal
controls are routinely audited to ensure their effectiveness and the ethics policy should be no
exception.
Mitigating Criminal Fines and Penalties
A third, and probably the most compelling, reason stems from the criminal justice system. It is a
basic premise that organizations commit criminal acts through their officers, employees and
agents. Although organizations cannot be incarcerated, they can be subjected to very draconian
criminal fines and penalties, including debarment from participating in federal programs. An
ethics policy, if designed, implemented and maintained through a continuous auditing or
assessment procedure can provide an important mitigating circumstance to protect an
organizations interests.
In a perfect world, an organizations commitment to ethical conduct would be driven by its
desire to do the right thing. Unfortunately, this was not the case in the early 1980s motivating
Congress to step in. As often is the case, public policy (and behavior) is molded by deterrents
provided by the federal criminal justice system. In the early 1980s, Congress became concerned
about wide discrepancies in the sentencing meted out by the U.S. District Courts around the
country. To address this issue, Congress passed the Sentencing Reform Act of 1984 which
created the United States Sentencing Commission (Commission). The Commission submitted
the first set Federal Sentencing Guidelines (Guidelines) to Congress April 13, 1987, which
became effective November 1, 1987. These first Guidelines dealt primarily with individuals.
In the late 1980s the country experienced a marked increase in criminal acts being perpetrated on
behalf of organizations. In response, the Commission amended the guidelines in November 1991
to include corporations, partnerships, associations and trusts. The amended Guidelines
substantially increased the financial penalties for corporations whose employees engaged in
unlawful conduct intended for the corporations benefit. In response to SOX, the Commission
was directed in 2004 to further amend the Guidelines to ensure they are sufficient to deter and
punish organizational criminal misconduct.
Chapter Eight-Sentencing of Organizations contained in Guidelines Manual (Chapter 8 ) defines
the import of an ethics policy as part of an effective compliance program. By way of
background, the introduction to Chapter 8 states: The two factors that mitigate the ultimate
punishment of an organization are: (i) the existence of an effective compliance and ethics
program; and (ii) self-reporting, cooperation, or acceptance of responsibility. The introduction
further notes the prevention and detection of criminal conduct, as facilitated by an effective
compliance and ethics program, will assist and organization in encouraging ethical conduct and
in complying fully with all applicable laws.
Mitigation is important for two reasons. First, mitigating circumstances can potentially lessen
any criminal fines and penalties which can be catastrophic to an organization. Second, and more
important, mitigating circumstances may avoid prosecution all together, which is the best-case
scenario. The existence of a demonstrable, effective compliance program is critical to
establishing, to the government, the organization is a good corporate citizen which can result
in a downward departure in the sentencing guideline score (possibly reducing criminal fines
and penalties) or avoiding prosecution altogether.
Section 8.B2.1(b) of Chapter 8 defines an effective compliance and ethics program by setting
forth seven minimum requirements, three of which are relevant to this discussion. First, the
organization shall establish standards and procedures to prevent and detect criminal conduct. The
commentary to Chapter 8 defines standard and procedures to include standards of conduct
which clearly encompasses the ethics policy. The ethics policy is clearly one of the cornerstones
of an effective compliance and ethics program.
Second, the organizations governing authority must be knowledgeable about the content and
operation of the compliance and ethics program and exercise reasonable oversight with respect to
the implementation of the compliance and ethics program. Furthermore, individuals with
operational responsibility must periodically report to the governing authority on the effectiveness
of the compliance and ethics program.
Third, the organization must take reasonable steps to ensure that the organizations compliance
and ethics program is followed, including monitoring and auditing to detect criminal conduct.
Furthermore, the organization must periodically evaluate the effectiveness of the organizations
compliance and ethics program. The commentary to Chapter Eight further states organization
should act appropriately to prevent further similar criminal conduct, including assessing the
compliance and ethics program and making necessary modifications to ensure the program is
effective.
Chapter 8 makes it clear that that any effective compliance and ethics program must be
monitored to ensure it is effective, that it is meeting its objectives of deterring fraudulent
conduct. Making a determination regarding the effectiveness of the program requires auditing the
ethics policy by comparing performance with the standards set for the in the program. In order to
qualify as a mitigating circumstance, the organization must demonstrate its effective compliance
and ethics program is in fact effective. The proof of effectiveness will be derived from
auditing performance against standards. Without this proof of effectiveness, the organization
cannot demonstrate its commitment to ethical conduct and its ethics policy thus becomes
meaningless window dressing.
The importance of an organizations ethics policy has increased dramatically as a result of the
high profile corporate scandals of the last decade. An organizations commitment to ethical
conduct is being carefully scrutinized by the public, government regulators and law enforcement
agencies. In the unfortunate circumstance that an organization is investigated for alleged
fraudulent conduct, it is imperative it can demonstrate its commitment to ethical conduct. By
auditing its ethics policy on a regular basis, the organization can ensure the effectiveness of its
commitment to ethical conduct and provide important mitigating evidence in response to any
enforcement actions. An ethics policy for which there is no demonstrative evidence of its
effectiveness creates the appearance of window dressing which will do more harm than good.
**********
About the Author
William D. Brown, CPA, JD, CFF is a partner in Forensic Accounting Services at Weaver, the
largest independent certified public accounting firm in the Southwest with offices throughout
Texas. He can be reached at 972.448.6966 or bill.brown@weaverllp.com.



Tags: compliance program, corproate ethics policy, internal controls, sarbanes-oxley, william d
brown

Anda mungkin juga menyukai