Академический Документы
Профессиональный Документы
Культура Документы
20 Questions
Directors Should Ask about
Codes of Conduct
Second Edition
Written by
Michael A. Gunns, FCA
Mark N. Wexler, PhD
How to use this
publication
Each “20 Questions” publication is designed to be
a concise, easy-to-read introduction to an issue
of importance to directors. The question format
reflects the oversight role of directors, which
includes asking management — and themselves —
tough questions.
Written by
Michael A. Gunns, FCA
Mark N. Wexler, PhD
Project direction
Gigi Dawe
Principal, Risk Management and Governance
CICA
All rights reserved. This publication is protected by copyright and written permission
is required to reproduce, store in a retrieval system or transmit in any form or by any
means (electronic, mechanical, photocopying, recording, or otherwise).
Printed in Canada
Disponible en français
December 2010
Gunns, Michael
ISBN 978-1-55385-538-5
Preface
To help members of boards fulfill their respon-
sibility for the oversight of an organization’s eth-
ical climate, the Risk Oversight and Governance
Board (ROGB) of the Canadian Institute of
Chartered Accountants (CICA) has commissioned
this re-issue of its publication 20 Questions
Directors Should Ask about Codes of Conduct.
This edition has been updated to reflect changes
in the business and regulatory environments.
CICA Staff
Gigi Dawe
Principal, Risk Oversight and Governance
Beth Deazeley, LL.B.
Principal, Risk Oversight and Governance
1
Table of Contents SECTION B — Code Implementation
and Execution
11. What information should the board receive?
Introduction: Why directors
12. How is the Code communicated and how are
should ask questions about people educated in it?
Codes of Conduct 13. How is criticism of the Code handled?
14. How is compliance with the Code measured
SECTION A — Code Context, and monitored?
Development and Revision 15. What measures does management take to
reaffirm commitment to the Code?
1. What are the objectives of a Code of Conduct?
16. What procedures are in place regarding
2. What is the Code’s relationship to the advice, issue resolution, or waivers of the
organization’s mission, vision, values and Code’s application?
culture?
17. How does the Code relate to the rewards
3. Who are the champions of the Code? system and how are violations handled?
4. Who develops, administers and maintains the 18. How does the Code deal with whistle blowing?
Code?
19. What additional steps can directors take to
5. What is the process for developing the Code? satisfy themselves as to the implementation
6. What is the process for the periodic review of the Code?
and revision of the Code? 20. How does an organization’s Code contribute
7. Is the Code at the right level for the to its long-term sustainability?
organization?
8. Is the content and tone of the Code Appendix 1: Regulations Relating
appropriate for the organization? to Codes of Conduct for
9. How has the organization determined its Canadian public companies
actual ethical risks?
10. How does the Code apply to foreign operations?
Appendix 2: Topics that may be
included in Codes of Conduct
2
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
ask questions about of citizens to the laws, the other part is the
goodness of the laws which they obey...”
3
Section A 1. What are the objectives of a Code
of Conduct?
— Code Context, A Code of Conduct is a key vehicle for:
Development • reducing the risk and associated costs of fraud,
conflicts of interest and other ethical lapses;
and Revision • helping introduce new employees to the
organization’s standards;
When an organization is adopting a Code of • attracting and retaining high-calibre employ-
Conduct for the first time or when a revised Code ees and business partners;
is being introduced, the board of directors has an • setting the boundaries of acceptable
important role to play. While the initial respon- behaviour;
sibility for designing and articulating the Code
rests with management, the board is responsible • providing employees and others subject
for reviewing the Code to ensure that it is suitable to the Code with comfort that they will not
in its tone and content, that it meshes well with inadvertently stray offside;
the culture and objectives of the organization, • informing contractors, suppliers and others
and that it is capable of being implemented. doing business with the organization of its
expectations regarding acceptable behaviour;
Some boards of directors may delegate the
detailed review of the Code to one of the board • providing the basis for sanctions against
committees (generally the governance commit- those that deviate from the Code; and
tee, although some elements of the Code may • fulfilling the regulatory obligations of public
be of particular interest to the audit committee), companies (Appendix 1).
while in other organizations this may be under-
taken by the full board. Regardless of how the Organizations which walk the talk with regard
board organizes itself, the final approval of the to their Code develop a reputation for honesty,
Code must come from the full board. The board integrity and principled business behaviour.
should expect to receive information as the Code This can be a key element of a company’s brand
is developed, including drafts of proposed new and can enhance its reputation. An effective
or reissued Codes, along with information on how Code also reinforces an organization’s culture
they were developed and plans for distribution by emphasizing each individual’s responsibility
and training. This culminates in the final Code to observe its principles and requirements.
being submitted to the board for its approval. Ultimately, it is this culture of shared responsibil-
ity that affords the greatest protection against
This section contains questions which boards of the risks of unethical behaviour.
directors should consider when reviewing a new
or substantially revised Code. The initial ques- On the other hand, merely issuing a Code
tions are more general and will assist directors in does not assure an organization that it will be
understanding the importance of Codes and the observed. Organizations that issue Codes simply
role they play. More specific questions follow, to to fulfill legal requirements or in response to
help directors assess the particular Code which stakeholder concerns, yet do little or nothing to
management has presented to them. embed the principles, invariably sow the seeds of
cynicism.
4
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
2. What is the Code’s relationship to the 3. Who are the champions of the Code?
organization’s mission, vision, values
and culture? The role of the board of directors
Codes of Conduct are an integral part of organ- Directors themselves should be subject to the
izational culture. In most organizations, Codes are Code and their obligations go further. The board
introduced or revised within an existing context of has a key leadership and governance role in
explicit directional and behavioural expectations. ensuring that the Code is appropriate to the
organization and in overseeing its consistent
Whereas statements of mission, vision and values application. This commitment is reinforced when
may be expected to inspire employees and other directors individually sign off on the Code.
stakeholders in achieving organizational object-
ives, a Code has a different purpose. A Code sets A board should study any new Code or revision
boundaries of acceptable behavior. Positioned cor- before approving it to ensure that it is suitable and
rectly, an appropriate Code completes the picture capable of being implemented. The board can
of an organization’s aspirations and expectations. also act as an invaluable resource and guide to
the CEO. The varied perspectives and experiences
of individual board members can generate wise
counsel to the CEO as to the suitability of the
MISSION Code to the organization and the potential risks in
introducing or monitoring compliance with it.
5
The senior executive team also has a responsibility 5. What is the process for developing the
to ensure that the Code is embraced and fol- Code?
lowed by the rest of the organization. This team
represents the first potential for a schism within Stakeholder participation
the organization between espoused practices (the
Code) and actual behaviour. An apparent lack of Although the initiative for a new or revised Code
interest or cynicism on the part of the CEO’s direct usually emanates from the top of the organization,
reports will immediately send a message to the the timing and manner of inclusion of the repre-
rest of the organization that the Code is not to be sentative views of other constituencies is a key
taken seriously. factor in the Code being widely adopted and
followed.
4. Who develops, administers and maintains There can be no true agreement without the
the Code? opportunity for discussion and negotiation.
Although the CEO and the board of directors Giles Meikle — Corporate Director
champion the Code, its development, periodic
revision, administration and maintenance is usu- Principal stakeholders
ally delegated to another individual.
Those having a strong ties to or in-depth involve-
In large organizations, the individual assigned ment with an organization typically include the
these responsibilities may be termed a “chief board of directors, employees, major suppliers
ethics officer” or the role may be assigned to an and contractors. One best practice is to establish
existing chief compliance officer. In somewhat representative teams from each group subject
smaller organizations, the responsibility may be to the Code and engage them in a participatory
assumed by the head of the Law Department, process of discussing alignment of business
the Human Resources department, or by the practices and behaviours. In the case of directors
Corporate Secretary. As noted above, it is and employees, the organization will likely seek
extremely important that those assigned to input on both content and wording.
develop, revise and administer the Code be
viewed as credible and impartial. Other stakeholders
Other stakeholder groups such as environmental-
In all organizations, the CEO is the ultimate ists, union representatives, regulators, or other
“chief ethics officer”. special interest groups will legitimately have an
interest in the content and application of the
Code. Increasingly, institutional investors and
Organizations may also engage an external other shareholder groups are also sensitive to the
consultant on an as-needed basis to draft and ethical practices of investee companies. Seeking
revise Codes. External advisors can contribute input from these groups is not obligatory, how-
valuable advice and perspective to organizations ever including them in the development process
seeking to ensure that their Code represents best can help to build stronger relationships and trust
practice. with them.
Expert input
It is essential that those developing or revising
the Code consult frequently with the organiza-
tion’s legal expert, whether an internal lawyer
or outside counsel. Other technical specialists
in areas covered by the Code (e.g., investment
traders, environmental specialists, etc.) should
also be consulted.
6
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
7
too little and frequently too late. However, Codes Time Frame
that establish unrealistically high standards of
behaviour can result in the organization being Finally, the time frame over which the Code is
offside from the outset. Unrealistically high expected to influence the organization’s culture
standards could also reduce competitiveness and should be considered. Successfully introducing
productivity. and embedding a Code within an organization is
itself an important change initiative. Most suc-
Codes which cannot be complied with also cessful change initiatives take time and many are
expose the organization to vulnerability in terms best approached as continuing processes, rather
of unwanted disclosure for public companies (see than quick fixes. On occasion, however, there is a
Appendix 1). If non-compliance is accepted or not need to make major changes in behaviour quickly
addressed in some areas, the Code as a whole to avoid exposure to legal or reputational risks.
may lose credibility and management will find it
harder to enforce compliance in other areas. The use of a longer time horizon demonstrates
recognition that cultural change and building
shared commitments are long-term processes.
Establishing a Code of Conduct in an organ- This can provide a better fit with the time
ization offers significant potential benefits. horizons of companion mission, vision and
It also exposes the organization to risks. values. However, a long time horizon can prolong
organizational vulnerability if there are significant
gaps between Code expectations and present
performance. It may also encourage indefinite
Exercise of Individual Discretion postponement of tough issues.
Some organizational activities are closely While a shorter time horizon can contribute to
supervised and easily monitored. In other areas, a quick revitalization of an organization, and
expected behaviour is not self-evident and is may be necessary if there are significant gaps
capable of a wide range of reasonable interpreta- between actual and required performance, care
tion. Where individual discretion is inherent in should be taken as unrealistic expectations can
the conduct of the organization’s business, it undermine people’s commitment to the Code and
will be necessary to decide how this should be lead to widespread cynicism.
considered and reflected in its Code.
Principles-based Codes allow for the use of 8. Is the content and tone of the Code
individual discretion and articulate the principles appropriate for the organization?
which should guide the use of that discretion.
Such Codes can support peak performance When reviewing a Code, the board should con-
through appropriate empowerment, encourage sider whether it is appropriately balanced in its
organizational learning through discussion and tone. There are three types of content in a Code:
assessment of alternatives, and can reinforce
personal and organizational accountability. • aspirational content;
However, if principles are vague or their applica- • descriptive content; and
tion is unclear, such Codes can also encourage
• proscriptive content.
ambiguity which limits their effectiveness.
The aspirational content of a Code is idealistic
A more rules-based Code which limits individual
and can be related most clearly to the organiza-
discretion may be easier to monitor and enforce,
tion’s mission, vision, values and long-term goals.
but it may also be seen as unduly detailed and
restrictive — more an operational policy than a The descriptive content of a Code outlines the
Code. In addition, a focus on following strict rules specific behaviour sought by the organization
rather than internalizing and applying principles in areas such as conflicts of interest, the accept-
may be less effective in creating an ethical culture ability of gifts from customers and suppliers, and
throughout the organization. other similar areas where the organization seeks
to establish its particular position. The descriptive
content is largely silent with regard to sanctions
for specific Code violations.
8
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
The proscriptive content of a Code sets out 9. How has the organization determined its
what the organization prohibits. This “thou shall actual ethical risks?
not” material increases the clarity of the Code
and lends itself to forbidding behaviours that, There is an important link between an organiza-
although legally permissible, are unacceptable to tion’s Code of Conduct and its identification,
the organization. If this content is dominant within assessment and management of risk. Although
a Code, it may impede proper risk-taking and limit many of the topics that will typically be covered
innovation. in a Code are common across organizations,
the practical exposure to ethical risk may vary
The overriding objective is to create a Code that considerably. Exposure to specific ethical risks
appropriately balances aspirational, descriptive may also vary widely across the different parts
and proscriptive content. This will be different of an individual organization. Certain types of
for each organization and will be affected by the ethical risks (e.g., insider trading, corruption of
organizational culture. Most organizations will foreign officials, etc.) will warrant enhanced focus
be best served by a Code that is largely descrip- in some companies or parts of companies. A list
tive in nature and includes only the proscriptive of topics which may be addressed in Codes of
content that is essential to its particular circum- Conduct can be found in Appendix 2.
stances. The board should review the Code to
determine whether the appropriate balance has When reviewing a new or revised Code, boards
been found and whether the Code is consistent should receive information on management’s
with the culture of the organization. assessment of the organization’s ethical risk
exposure. Directors should consider whether they
are comfortable with the assessment, and, if so,
Simple language ensure that the Code is reflective of it.
Each organization, industry, and region tends to A key input to the assessment will be the organ-
have its own particular style of communicating. ization’s awareness of previous breakdowns in
In reviewing the Code, directors should consider ethical behaviour. Wider industry history or the
whether the language is appropriate to the experience of others with similar exposures may
organization and is sufficiently clear and specific also prove to be invaluable in assessing risks.
to allow those subject to the Code to understand
what conduct is expected of them. As organizations adopt formal risk management
processes, it is important to integrate the results
To increase the probability of satisfying varied of an ethics audit into the overall risk assessment
readers, the Code should: process. Sometimes, it might seem that ethical
• state general principles or policies as briefly lapses would typically have less impact than, say,
as possible, followed by more explanatory overlooked strategic risks. However, there are
text; numerous examples of high-profile corporate
failures which demonstrate the very real conse-
• use practical examples; quences and costs of poor ethical behaviour.
• use pictures and graphics to emphasize key
points; and We can afford to lose money, even a lot of
money. We cannot afford to lose our reputa-
• make reference to appendices or additional tion, not even a shred of it.
sources in technical areas (e.g., detailed
insider trading policies). Warren Buffett
9
10. How does the Code apply to foreign as a result of media attention to local child labour
operations? practices, weak environmental controls and the
like in overseas operations. The arguments that
Operations in countries other than an organiza- “it’s necessary to meet the local competition” or
tion’s home base can present many complica- “it’s expected locally” may be technically correct
tions, not the least being the application of the but are unlikely to convince today’s public.
organization’s Code in other jurisdictions and
cultures. Foreign operations may present chal- “Plausible deniability” is also unlikely to save a
lenges in terms of: CEO or a board of directors if weaknesses or poor
practices are highlighted, particularly if an organ-
• additional or different exposures to ethical ization is blamed for observing lower standards
risk, and away from home.
• difficulties in implementation and monitoring
compliance. When reviewing a new or revised Code of
Conduct, directors should ensure that the Code
Directors of organizations with foreign operations takes into account the particular risks related to
should ensure that the assessment of ethical risks foreign operations and that management’s plan
is undertaken as part of strategy development for implementation and monitoring of compliance
for those operations — both before entering the addresses the challenges involved.
environment and regularly thereafter. These risks
not only include exposures to loss or censure Where organizations operate in different coun-
abroad but also the impact in the organization’s tries, it is vital to make sure that not only are the
home country of real or perceived ethical short- translations of the Code into different languages
comings in overseas operations. accurate but that they convey the intent and not
just the actual written word. Different cultures
Simply following a policy of “When in Rome, do as place differing weights and interpretations on
the Romans do” is unlikely to serve an organization moral and ethical principles. It is essential to
well when it comes to ethics. Many organizations ensure that the Code’s readership receives and
have paid dearly in terms of damaged reputations understands the intended message.
10
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
11
Education 13. How is criticism of the Code handled?
Without appropriate educational programs, Regardless of the effort devoted to design and
the Code will not significantly influence organ- development, any Code will have its critics. Some
izational behaviour. Although management will see the Code as unnecessary (believing
will determine the exact methods to educate appropriate behaviour is self-evident), others
employees (and others subject to the Code) in may feel the Code goes too far or fails to be
its principles and requirements, directors should completely precise.
assure themselves that educational support is
robust and appropriate. Some criticism is to be expected. How the organiza-
tion handles that criticism, however, demonstrates
Leading organizations use many approaches, and its true commitment to its principles and beliefs.
often a combination of them. These include:
Statements in Codes of ethics are most likely
• presentations by the organization’s lead- to have an impact when they address new
ers and their availability for questions and situations or when they take positions with
dialogue; which one mildly disagrees.
• discussions between supervisors and their
employees; Bruce Gamatz and John Lere
— Certified Planning Journal, 2003
• videos and web-based educational materials;
and Acknowledging and listening respectfully to critical
• briefings for suppliers and contractors. feedback regarding the Code is of paramount
importance. Undertaking to consider these opinions
To truly add value, ethics codes must extend in subsequent revisions of the Code is also appro-
beyond a compliance focus and strive to priate. However, bending to the expectations of
cultivate and maintain a collective spirit and vigorous critics, at the expense of the organization’s
culture throughout the organization that well-thought out and purposefully developed prin-
focuses on promoting positive moral behav- ciples, will quickly weaken everyone’s commitment
iour while simultaneously striving to prevent to the Code and can lead to widespread cynicism.
ethical lapses.
The board should be satisfied that management
K. M. Gilley and others — “The bottom-line has established an explicit process for handling
benefits of ethics code commitment.” criticism of the Code. The board may receive a
Business Horizons, 2010 summary of this information on an annual basis. As
well, there may be some types of criticism which,
Although some of these communication vehicles due to its nature or the credibility of the critic
will be necessarily one way, interactive sessions (e.g. a regulator), the board will wish to be made
are what really bring a Code to life. Participating aware of immediately. Directors should ensure that
in discussions gives those subject to the Code management has a clear understanding of what
the opportunity to raise and discuss its practical types of criticism should be brought to the board.
application. It also (if an appropriate system is
established) provides invaluable input to those
responsible for Code revisions. 14. How is compliance with the Code
measured and monitored?
Education also has an important role with regard
to new employees or other business partners. As part of the board’s responsibility for oversee-
Many organizations provide orientation sessions ing the implementation of the Code, directors
for new hires and this is an appropriate vehicle should receive information from management
for initial education in the organization’s Code. that satisfies them that compliance is being
Leading organizations, however, will cover this appropriately measured and monitored.
orientation before an offer is extended to a
prospective employee, supplier or contractor. Actively monitoring the Code can enhance the
This provides far greater assurance that both the culture of the organization by encouraging
organization and those it engages are willingly compliance as well as by reassuring those who
committed to its Code from the outset. are following the Code that their actions will be
supported.
12
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
A further reason for monitoring compliance is Legal requirements or the detailed proscriptive
to develop an ongoing understanding of where elements of a Code may require more detailed
breakdowns in expected behaviour may be and specific sign-offs from those in senior
occurring in order to discern patterns of weak- positions or holding specific roles. Such detailed
ness — either in organizational culture or Code sign-offs should be tailored to the circumstances,
design. This information can serve as input to as should sign-offs from contractors, suppliers or
the established revision process, or, in the case other parties subject to the Code.
of significant breakdowns, may lead to timely
supplements to the Code or the introduction of Asking people to regularly sign off on a Code
measures to mitigate risks associated with non- can keep the Code front of mind. It may also
adherence. Where monitoring reveals significant encourage individuals to come forward with
or pervasive weaknesses, this information can real or perceived difficulties arising from past or
also influence the organization’s overall risk anticipated actions or circumstances.
management process.
In measuring and monitoring compliance, there 16. What procedures are in place regarding
is an important distinction to be drawn between advice, issue resolution, or waivers of the
investigating infractions and seeking assurance Code’s application?
that the systems and processes surrounding the
Code are effective.
A Code of Conduct is not “law” — at its best it
Both of these types of review have their place. represents a common agreement on behav-
Almost all organizations realize the need to iour between people working together.
investigate infractions. Fewer organizations dedi-
If someone has a problem with the Code, it’s
cate themselves to systemic learning from these
better to hear about it and try to resolve it,
investigations (rather than merely dealing with
than to ignore or suppress it.
transgressors and plugging gaps). Boards should
consider adopting a formal and comprehensive
program of ongoing systemic review involving a
Despite using best efforts to develop a clear
variety of methods.
Code, circumstances will invariably arise which
were not contemplated by the Code, or in which
15. What measures does management take the application of the Code is unclear. Directors
to reaffirm commitment to the Code? should ensure that management has put in place
mechanisms to allow individuals to seek advice
The board should expect to receive information and/or issue resolution.
from management on steps taken to reaffirm
commitment to the Code as part of the process of An individual seeking guidance about the applica-
implementation and monitoring. Many organiza- tion of the Code would normally raise such issues
tions ask those subject to the Code to confirm in with his or her immediate supervisor. Where this
writing that they: does not lead to satisfactory resolution, the issue
may proceed higher up the reporting line.
• received a copy of the Code,
• understand its contents, and The Code should offer explicit guidance to be fol-
lowed in circumstances in which employees may
• commit to applying it. be reluctant to raise concerns with their immedi-
ate supervisor. Typically the channels for such
Additionally, many organizations ask direc- enquiries will include the chief ethics officer, the
tors and employees (and others subject to chief compliance officer or the head of the Law,
the Code) to complete such a sign-off annu- Human Resources or Internal Audit functions.
ally — reconfirming their continuing commitment
and explicitly stating that they have followed Although it is usually most appropriate to seek
the requirements of the Code throughout the advice on interpretation or application of the Code
previous year. Sign-off forms should make provi- within the company, there may be circumstances
sion for disclosure of incidences of known or in which an employee wishes to maintain anonym-
suspected non-compliance. ity. In such cases, the employee may wish to make
use of any ethics “hotline” that the company may
have established with an outside provider.
13
External stakeholders such as customers, sup- occurred. These procedures should be impartial
pliers and investors should also have an explicit and should take into consideration the privacy of
point person within the organization to contact the parties involved.
with questions regarding the organization’s Code.
This may be the chief ethics or compliance officer, Often, the exact circumstances surrounding the
if the organization has appointed one. Otherwise, need for and nature of disciplinary measures
questions might be directed to the Public cannot be made public. It is essential, however,
Relations department or the Corporate Secretary. that the organization is seen as having followed a
fair and established process in examining all sides
On occasions where employees or others subject to of a matter before imposing sanctions.
the Code seek to have its provisions waived there
should be an explicit process for people to seek such While the board of directors will not need to be
waivers. To discourage people from seeking relief advised immediately regarding every breach of
from what they perceive as inequitable treatment the organization’s Code, breaches committed by
from the strict application of the Code ultimately members of the management team, or others
acts as an incentive to cover up. However, such with the potential to seriously affect the com-
requests require deliberation at senior executive pany’s reputation should be brought immediately
levels and, usually, at the board level. All waivers to the attention of the board.
granted, regardless of significance, should be
reported to the board of directors.
For more information, see the
CICA publication 20 Questions
17. How does the Code relate to the rewards Directors Should Ask about
system and how are violations handled?
Responding to Allegations
Perhaps the most difficult aspect of implementing of Corporate Wrongdoing.
a Code is linking it to rewards and sanctions.
Some organizations specifically claim that sound
ethical behaviour is a component of their rewards
18. How does the Code deal with whistle
structure but, understandably, there is little
publicly-available evidence in this regard. blowing?
In most organizations, however, there are oppor- The board of directors should also expect to
tunities to identify instances where difficult choices receive information from management regarding
were made that respected the intent of the Code. whistle blowing. Effective Codes accomplish two
Directors may wish to seek assurances from goals with regards to whistle blowing:
management that such choices are appropriately • Firstly, they help to create an organizational
recognized and that the organization’s operational culture in which whistleblowers find it easier
policies facilitate such recognition. For example, to raise actual or perceived wrongdoing
employees who come forward with information within the organization, rather than turning to
regarding errors rather than attempting to cover the media or other outsiders.
them up should receive appropriate recognition
• Secondly, effective Codes provide explicit
for making the right decision.
protection to the whistleblower from retalia-
The question of sanctions is more straightforward. tion by those adversely impacted by the
That is not to say that the necessary actions will be whistleblower’s actions.
easy or comfortable to take. However, an organiza-
In most instances, whistleblowers go to outsiders
tion committed to its Code has no choice but to
because they feel that:
take seriously all alleged transgressions. To do
otherwise is the fastest and most certain course to • their views have not been, or will not be,
undermining all the efforts put into developing and taken seriously;
implementing the Code. • their concerns relate to someone to whom
they report, or who has other significant
There should be clear procedures in place to
influence over them; or
investigate alleged Code violations in order to
make a determination as to the veracity of the • the actual or perceived wrongdoing is harm-
allegation and the appropriate sanctions, should ful to others or to the public.
a breach of the Code be determined to have
14
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
Effective Codes provide people who choose to 19. What additional steps can directors take
blow the whistle with several options to speak to satisfy themselves of the effective
candidly and confidentially about their concerns in implementation of the Code?
order to improve the likelihood that individuals will
first seek to resolve issues and concerns internally. In addition to reviewing written documents and ask-
ing intelligent questions, directors should consider
Wise organizations go out of their way to taking some additional, practical steps to help ascer-
provide several internal avenues for raising tain whether the principles of the Code are actually
concerns. They also provide an external whistle being practiced throughout the organization.
blowing hotline and encourage employees to
use it when all other avenues have failed. The
fairness and respect with which an organization You’re on ethical thin ice when you hear these
treats whistleblowers is an acid test of its com- warning signs…
mitment to openness and transparency. –– Well, maybe just this once
–– No one will ever know
Increasingly, organizations are making use
of specialist external “hotline” providers who –– It doesn’t matter how it gets done, as long
operate under strict confidentiality and ethical as it gets done
guidelines. The Audit Committee of a Canadian –– It sounds too good to be true
public company is obliged by regulation (see –– Everyone does it
Appendix 1) to establish procedures to safe-
–– What’s in it for me?
guard complaints received regarding account-
ing, internal accounting controls, or auditing –– We didn’t have this conversation.
matters. That committee must also provide
Mark Wexler — Confronting Moral Worlds
an avenue for the confidential, anonymous
submission by employees of concerns regarding
questionable accounting or auditing matters. In Directors should use their instincts and experi-
practical terms, in the absence of robust internal ence to assess the behaviour of the CEO and
mechanisms, this may necessitate the use of an other members of the senior management team
external hotline provider. and should be prepared to discuss it openly
amongst themselves and, if necessary, directly
One of the most difficult situations that an organ- with the CEO. If this feels too uncomfortable,
ization has to face is how to deal with anonymous either within the board or with the CEO, it’s prob-
complaints concerning ethical behaviour. Whether ably an indication that something is wrong.
from employees or other sources, they cannot be
ignored. Each instance must be weighed on its Directors should also take advantage of opportun-
own merits, while carefully protecting the rights as ities to observe what is actually happening in the
well as the privacy of all those involved. organization and to listen to what others say about it.
15
20. How does an organization’s Code
contribute to its long-term sustainability?
Over time, organizations — all organizations — are
tested. They are tested by whistle-blowing
incidents, product recalls, indiscretions by lead-
ers, accidents that injure innocent third parties
and the like. Codes cannot prevent all such events
from occurring.
16
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
Appendix 1:
Regulations relating to Codes of Conduct for
Canadian public companies
The Canadian Securities Administrators are responsible for the securities regulations of all Canadian
provinces and territories. CSA members work closely in the development of new policy initiatives and
the continuous improvement of the regulatory framework for securities. Investigation and enforcement
are also core CSA activities.
There are three pieces of regulation that address the need for Codes of Conduct and sound ethical practi-
ces of Canadian public companies. The relevant excerpts from these regulations are reproduced hereunder.
Board Mandate
3.4 The board should adopt a written mandate in which it explicitly acknowledges responsibility for the
stewardship of the issuer, including responsibility for:
(a) to the extent feasible, satisfying itself as to the integrity of the chief executive officer (the CEO)
and other executive officers and that the CEO and other executive officers create a culture of
integrity throughout the organization;
3.9 The board should be responsible for monitoring compliance with the code. Any waivers from the
code that are granted for the benefit of the issuer’s directors or executive officers should be granted
by the board (or a board committee) only.
Although issuers must exercise their own judgement in making materiality determinations, the
Canadian securities regulatory authorities consider that conduct by a director or executive officer
which constitutes a material departure from the code will likely constitute a “material change” within
the meaning of National Instrument 51-102 Continuous Disclosure Obligations. National Instrument
17
51-102 requires every material change report to include a full description of the material change. Where
a material departure from the code constitutes a material change to the issuer, we expect that the
material change report will disclose, among other things:
• the date of the departure(s),
• the party(ies) involved in the departure(s),
• the reason why the board has or has not sanctioned the departure(s), and
• any measures the board has taken to address or remedy the departure(s).
(2) An issuer, other than a venture issuer, that does not send a management information circular to its
security holders must provide the disclosure required by Form 58-101F1 in its AIF.
(2) A venture issuer that does not send a management information circular to its security holders must
provide the disclosure required by Form 58-101F2 in its AIF or annual MD&A.
18
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
FORM 58-101F1
CORPORATE GOVERNANCE DISCLOSURE
FORM 58-101F2
CORPORATE GOVERNANCE DISCLOSURE
(VENTURE ISSUERS )
19
Appendix 2:
Topics that may be included in Codes of Conduct
The following topics (listed in alphabetical order) are typical of those found in Codes of Conduct. This
is not intended to be an exhaustive list but may be helpful when reviewing the content of a Code. Except
in the largest organizations, Codes will rarely cover such an extensive number of topics.
20
20 Questions Directors Should Ask about Codes of Conduct, Second Edition
Director Briefings
Climate Change Briefing — Questions for Directors to Ask
Controlled Companies Briefing — Questions for Directors to Ask
Diversity Briefing — Questions for Directors to Ask
Long-term Performance Briefing — Questions for Directors to Ask
Director Alerts
New Canadian Audit Standards — questions for directors to ask (Dec 2010)
Fraud Risk in Difficult Economic Times — questions for directors to ask (July 2009)
Human Resource and Compensation Issues during the Financial Crisis — questions for directors to ask
(July 2009)
The Global Financial Meltdown — questions for directors to ask (Oct 2008)
Executive Compensation Disclosure — questions directors should ask (Feb 2008)
The ABCP Liquidity Crunch — questions directors should ask (Oct 2007)
*Available at www.rogb.ca.
21
The Not-for-Profit Directors Series
NPO 20 Questions Series
20 Questions Directors of Not-for-profit Organizations Should Ask about Board Recruitment,
Development and Assessment
20 Questions Directors of Not-for-profit Organizations Should Ask about Fiduciary Duty
20 Questions Directors of Not-for-profit Organizations Should Ask about Governance
20 Questions Directors of Not-for-profit Organizations Should Ask about Risk
20 Questions Directors of Not-for-profit Organizations Should Ask about Strategy and Planning
Liability Indemnification and Insurance for Directors of Not-for-Profit Organizations
*Available at www.rogb.ca.
22
About the Authors
Michael Gunns is Managing Principal of the Gunns Mark N. Wexler is University Professor of Business
Group, which provides consulting services in corporate Ethics and Management in the Segal Graduate School
governance, strategy and risk management to a of Business, Simon Fraser University. Professor Wexler’s
wide range of clients. He is a former Chair of the Risk research, consulting and teaching focus upon the
Oversight and Governance Board of the Canadian humane use of human beings in competitive contexts.
Institute of Chartered Accountants and also chaired Mark’s published work has appeared in six books and
a CICA task force of prominent Canadian CFOs in over 110 periodicals. He sits on the editorial board of
advancing the role of CFOs in Risk Management five academic journals, the board of directors of three
and Corporate Governance. He was a judge for the not-for-profit organizations and serves on the Premier
Canadian Institute of Chartered Accountants’ 2002 of British Columbia’s Multicultural Advisory Board. He
and 2006 Corporate Governance Awards and was is the President and Senior Executive Coach at the
elected a Fellow of the Ontario Institute of Chartered Perimeter Group.
Accountants in 2006. He regularly presents one-day
public courses for the Ontario Institute in each of
Corporate Governance and Risk Management. Michael
is a graduate of Harvard Business School’s Advanced
Management Program and has previously held
executive positions at Zurich Canada and Sun Life.
20 Questions
ISBN-13: 978-1-55385-538-5
Directors Should Ask about
Codes of Conduct
Second Edition
M5V 3H2
04000067 416.204.3400
www.cica.ca