Auditing an Ethics Policy Adds Credibility, Avoids Window Dressing

8/11/2019 Auditing an Ethics Policy Adds Credibility, Avoids Window Dressing

1/5

http://www.corporatecomplianceinsights.com/2011/auditing-an-ethics-policy-adds-credibility-avoids-window-dressing/

Home Audit Compliance Ethics Featured Article

Auditing an Ethics Policy Adds Credibility, AvoidsWindow DressingShareThis

by William D. Brown @ 2011-06-15

Category: Audit, Compliance, Ethics, Featured Article

An organizations ethics policy is the cornerstone of its commitment to being a good corporatecitizen. Although ethical conduct is a worthwhile goal for purely altruistic reasons, there areimportant statutory, regulatory disclosure, governmental enforcement and prudent businessconsiderations as well.

More than ever, ethics policies are carefully scrutinized for substance and organizationalcommitment. There are a wide variety of interested parties that are relying on representationsregarding an organizations ethics policy. They need to know the commitment to the ethics

policy is sincere, which includes the careful setting of ethical goals and standards and acontinuing assessment (audit) of same in order to meet constantly changing circumstance.

Lack of an organizations commitment to its ethics policy reduces the ethics policy to merewindow dressing, which can have disastrou s consequences. The three motivations for auditingan organizations ethics policy set forth here are public disclosures, maintaining internal controlsand mitigating enforcement actions.

Public Disclosures

In the wake of the Enron and other corporate scandals Congress passed the Sarbanes-Oxley Actof 2002 (SOX) in an effort to combat fraud among publicly traded companies.

Section 406 of SOX directed the U.S. Securities and Exchange Commission (SEC) to requireissuers (under the Securities Exchange Act of 1934) to disclose the details of its ethics policiesin annual and other certain reports filed with the SEC. SOX defines code of ethics to meanstandards reasonably necessary to promote honest and ethical conduct, accurate and timelydisclosure in periodic reports and compliance with applicable governmental rules andregulations.

Compliance by its very nature involves an audit function or assessment whereby performance isverified against established standards. SOX requires compliance with government rules andregulations that are obviously in a constant state of flux.
http://www.corporatecomplianceinsights.com/http://www.corporatecomplianceinsights.com/category/audit/http://www.corporatecomplianceinsights.com/category/compliance/http://www.corporatecomplianceinsights.com/category/ethics/http://www.corporatecomplianceinsights.com/category/featured-article/http://www.corporatecomplianceinsights.com/category/audit/http://www.corporatecomplianceinsights.com/category/compliance/http://www.corporatecomplianceinsights.com/category/ethics/http://www.corporatecomplianceinsights.com/category/featured-article/http://www.corporatecomplianceinsights.com/category/featured-article/http://www.corporatecomplianceinsights.com/category/ethics/http://www.corporatecomplianceinsights.com/category/compliance/http://www.corporatecomplianceinsights.com/category/audit/http://www.corporatecomplianceinsights.com/category/featured-article/http://www.corporatecomplianceinsights.com/category/ethics/http://www.corporatecomplianceinsights.com/category/compliance/http://www.corporatecomplianceinsights.com/category/audit/http://www.corporatecomplianceinsights.com/


2/5

SOX mandated the SEC to implement a reporting regimen that subjects an organizations ethics policy to intense public scrutiny. Along with these reporting requirements goes the potential forcivil fines and/or penalties for any false or misleading statements.

It is very likely that an organizations commitment to its ethics policy will be challenged. It is

imperative that an organization can defend its ethics policy and demonstrate it is being followed.In order for the organization to defend its ethics policy it must be certain it is effective and beingfollowed within the organization. The determination that the ethics policy is effective andaccurately reported in public filings requires the performance information obtained through anaudit process.

Ethics Policy as an Internal Control

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides adifferent but equally compelling rationale for auditing an entitys ethic policy.

COSO was formed in 1985 in response to the growing problem of fraud committed bycorporations and other entities. The committee created a framework and guidance to deal withissues of enterprise risk management, internal controls and fraud deterrence. COSO recognizedthe importance of internal controls in creating an environment of fraud deterrence and thatunmonitored controls tend to deteriorate.

Monitoring within the COSO framework functions to ensure internal controls operate effectivelyand improve the likelihood that deficiencies are identified in a timely manner and appropriatecorrective action is taken. If you assume, as COSO does, that internal controls are designed tohelp organizations achieve their objectives, then clearly, the ethics policy is an internal control.The COSO framework supports the audit of the ethics policy from the standpoint that, like any

other internal control, the ethics policy will deteriorate without monitoring (auditing). Internalcontrols are routinely audited to ensure their effectiveness and the ethics policy should be noexception.

Mitigating Criminal Fines and Penalties

A third, and probably the most compelling, reason stems from the criminal justice system. It is a basic premise that organizations commit criminal acts through their officers, employees andagents. Although organizations cannot be incarcerated, they can be subjected to very draconiancriminal fines and penalties, including debarment from participating in federal programs. Anethics policy, if designed, implemented and maintained through a continuous auditing or

assessment procedure can provide an important mitigating circumstance to protect anorganizations interests.

In a perfect world, an organizations commitment to ethical conduct wou ld be driven by itsdesire to do the right thing. Unfortunately, this was not the case in the early 1980s motivatingCongress to step in. As often is the case, public policy (and behavior) is molded by deterrents

provided by the federal criminal justice system. In the early 1980s, Congress became concernedabout wide discrepancies in the sentencing meted out by the U.S. District Courts around the


3/5

country. To address this issue, Congress passed the Sentencing Reform Act of 1984 whichcreated the United State s Sentencing Commission (Commission). The Commission submittedthe first set Federal Sentencing Guidelines (Guidelines) to Congress April 13, 1987, which

became effective November 1, 1987. These first Guidelines dealt primarily with individuals.

In the late 1980s the country experienced a marked increase in criminal acts being perpetrated on behalf of organizations. In response, the Commission amended the guidelines in November 1991to include corporations, partnerships, associations and trusts. The amended Guidelinessubstantially increased the financial penalties for corporations whose employees engaged inunlawful conduct intended for the corporations benefit. In response to SOX, the Commissionwas directed in 2004 to further amend the Guidelines to e nsure they are sufficient to deter and

punish organizational criminal misconduct.

Chapter Eight-Sentencing of Organizations contained in Guidelines Manual (Chapter 8 ) definesthe import of an ethics policy as part of an effective compliance program. B y way of

background, the introduction to Chapter 8 states: The two factors that mitigate the ultimate

punishment of an organization are: (i) the existence of an effective compliance and ethics program; and (ii) self-reporting, cooperation, or acceptance o f responsibility. The introductionfurther notes the prevention and detection of criminal conduct, as facilitated by an effectivecompliance and ethics program, will assist and organization in encouraging ethical conduct andin complying fully with all a pplicable laws.

Mitigation is important for two reasons. First, mitigating circumstances can potentially lessenany criminal fines and penalties which can be catastrophic to an organization. Second, and moreimportant, mitigating circumstances may avoid prosecution all together, which is the best-casescenario. The existence of a demonstrable, effective compliance program is critical toestablishing, to the government, the organization is a good corporate citizen which can result

in a downward departure in the sentencing guideline score (possibly reducing criminal finesand penalties) or avoiding prosecution altogether.

Section 8.B2.1(b) of Chapter 8 defines an effective compliance and ethics program by settingforth seven minimum requirements, three of which are relevant to this discussion. First, theorganization shall establish standards and procedures to prevent and detect criminal conduct. Thecommentary to Chapter 8 defines standard and procedures to include standards of conductwhich clearly encompasses the ethics policy. The ethics policy is clearly one of the cornerstonesof an effective compliance and ethics program.

Second, the organizations governing authority must be knowledgeable about the content andoperation of the compliance and ethics program and exercise reasonable oversight with respect tothe implementation of the compliance and ethics program. Furthermore, individuals withoperational responsibility must periodically report to the governing authority on the effectivenessof the compliance and ethics program.

Third, the organization must take reasonable steps to ensure that the organizations complianceand ethics program is followed, including monitoring and auditing to detect criminal conduct.Furthermore, the organization must periodically evaluate the effectiveness of the organizations


4/5

compliance and ethics program. The commentary to Chapter Eight further states organizationshould act appropriately to prevent further similar criminal conduct, including assessing thecompliance and ethics program and making necessary modifications to ensure the program iseffective.

Chapter 8 makes it clear that that any effective compliance and ethics program must bemonitored to ensure it is effective, that it is meeting its objectives of d eterring fraudulentconduct. Making a determination regarding the effectiveness of the program requires auditing theethics policy by comparing performance with the standards set for the in the program. In order toqualify as a mitigating circumstance, the organization must demonstrate its effective complianceand ethics program is in fact effective. The proof of effectiveness will be derived fromauditing performance against standards. Without this proof of effectiveness, the organizationcannot demonstrate its commitment to ethical conduct and its ethics policy thus becomesmeaningless window dressing.

The importance of an organizations ethics policy has increased dramatically as a result of the

high profile corporate scandals of the last decade. An organizations commitment to ethicalconduct is being carefully scrutinized by the public, government regulators and law enforcementagencies. In the unfortunate circumstance that an organization is investigated for allegedfraudulent conduct, it is imperative it can demonstrate its commitment to ethical conduct. Byauditing its ethics policy on a regular basis, the organization can ensure the effectiveness of itscommitment to ethical conduct and provide important mitigating evidence in response to anyenforcement actions. An ethics policy for which there is no demonstrative evidence of itseffectiveness creates the appearance of window dressing which will do more harm than good.

**********

About the Author

William D. Brown, CPA, JD, CFF is a partner in Forensic Accounting Services at Weaver, thelargest independent certified public accounting firm in the Southwest with offices throughoutTexas. He can be reached at 972.448.6966 or [email protected] .

Tags: compliance program , corproate ethics policy , internal controls , sarbanes-oxley , william dbrown
mailto:[email protected]:[email protected]:[email protected]://www.corporatecomplianceinsights.com/tag/compliance-program/http://www.corporatecomplianceinsights.com/tag/compliance-program/http://www.corporatecomplianceinsights.com/tag/compliance-program/http://www.corporatecomplianceinsights.com/tag/corproate-ethics-policy/http://www.corporatecomplianceinsights.com/tag/corproate-ethics-policy/http://www.corporatecomplianceinsights.com/tag/corproate-ethics-policy/http://www.corporatecomplianceinsights.com/tag/internal-controls/http://www.corporatecomplianceinsights.com/tag/internal-controls/http://www.corporatecomplianceinsights.com/tag/internal-controls/http://www.corporatecomplianceinsights.com/tag/sarbanes-oxley/http://www.corporatecomplianceinsights.com/tag/sarbanes-oxley/http://www.corporatecomplianceinsights.com/tag/sarbanes-oxley/http://www.corporatecomplianceinsights.com/tag/william-d-brown/http://www.corporatecomplianceinsights.com/tag/william-d-brown/http://www.corporatecomplianceinsights.com/tag/william-d-brown/http://www.corporatecomplianceinsights.com/tag/william-d-brown/http://window.print%28%29/http://window.print%28%29/http://www.corporatecomplianceinsights.com/tag/william-d-brown/http://www.corporatecomplianceinsights.com/tag/william-d-brown/http://www.corporatecomplianceinsights.com/tag/sarbanes-oxley/http://www.corporatecomplianceinsights.com/tag/internal-controls/http://www.corporatecomplianceinsights.com/tag/corproate-ethics-policy/http://www.corporatecomplianceinsights.com/tag/compliance-program/mailto:[email protected]


5/5

Auditing an Ethics Policy Adds Credibility, Avoids Window Dressing

Documents

Transcript of Auditing an Ethics Policy Adds Credibility, Avoids Window Dressing