A Code of Conduct may serve many purposes. For some, it is a legal document and “meta-policy” that summarizes key policies of the business. Leading firms, however, see the Code as an opportunity to codify in a single document the mission, vision, and values of the organization—as well as the expectations of the entire workforce and extended enterprise. In this sense, the Code serves as a guidepost for business conducted on behalf of the organization. This guidepost is especially important when “hard” controls are weak, confusing, or non-existent.
It is important to recognize that developing and managing a Code is less about legal issues and more about people and change management issues. The Code can be a powerful tool to set the overall tone of the organization and, in its best form, inspire the workforce to exemplify its core values. The Code should serve as the cornerstone of an effective GRC capability and a primary tool to realize a strong control environment.
