How to develop IT corporate codes of conduct


One of the common controls in this area is the implementation of a Corporate Code of Conduct. Such codes are directive controls and do not enforce “ethical” behavior. Where they are combined with detective controls designed to identify breaches of the code and corrective controls designed to take effective action where such breaches are identified, they may serve as a means of expelling non-conforming members of a population.

Codes of Conduct should be in place for all companies (recommended in 1987 by the Treadway Commission and confirmed by King II4) and should be enforced. They assist in setting an ethical tone at the top of the organization and must apply to all levels from the top down. They open channels of communications between management and employees and assist in the prevention of, for example, fraudulent reporting.

Codes of Conduct are based upon a shared understanding of the values including but not limited to:
- Honesty. No intentional deception
- Integrity. One standard of conduct for all involved
- Morality. Acting in terms of accepted social norms
- Equity. Acting in a fair manner with equal treatment for all
- Equality. Provision of equal opportunities to compete and collaborate in business activities
- Accountability. To accurately record an individualfs actions and to account to the stakeholders responsibly for those actions
- Loyalty. Trustworthy commitment to all those with whom an individual has dealings
- Respect. Recognition of the worth of superiors, subordinates, suppliers, and customers

These values are normally aligned to the values statement to form the basis for the agreed code of conduct.
Codes of Conduct may typically take two forms:
1. Positive statement of honest intentions (all embracing but impossible to control)
2. Lists of improper behavior (easier to audit but difficult to keep comprehensive)

Codes which have been observed to be most effective contain a combination of positive generalizations and specific prohibitions. They include the basic rules of acceptable and unacceptable behavior and cover corporate positions and rules concerning:
- Acceptance of gifts
- Confidentiality
- Conflicts of interest
- Standards of corporate practice

Source: Auditor’s guide to information systems auditing, Richard E. Cascarino 2007


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Technorati

Trackback URL for this post:

http://www.itservicestrategy.com/trackback/41

User login

Who's new

  • alemOmixedses
  • Stolenfinche
  • kinommanka
  • Pebabaza
  • taibly

Who's online

There are currently 0 users and 6 guests online.