IT Departments Deal with SEC Code of Conduct Requirements
Page 1 of 1
Shortly after Congress passed the Sarbanes-Oxley Act of 2002, mandating companies hold senior financial officers to a code of conduct, the Securities and Exchange Commission (SEC) revised its listing standards to require public companies to create and distribute a code of conduct to all employees — including people on the technology staff.
For the CIO, having to abide by and enforce such a code of conduct could seem like a daunting task. But to comply with the SEC, all a company really needs is a policy and a means of distribution. Whether codes of conduct actually result in more ethical staff behavior, however, is a matter of debate among academics and business thinkers.
Codes of Conduct: A Good Idea
Despite the new SEC standard, many privately held companies don't have codes of conduct, according to David Simon, president of Mount Kisco, N.Y.-based WeComply.
Companies that don't create and distribute a code of conduct have legal exposure if one of their employees gets caught breaking the law. To avoid legal risk and to comply with the SEC, company such as Simon's as well as LRN.com and Integrity Interactive sell educational tools so companies can educate their staff on the legal basics of doing business. Such tools can support written booklets or policies posted to a company's intranet.
According to information posted on New York Stock Exchange's Web site, the code of conduct must cover the following seven areas:
- Actual or perceived conflict of interest
- Outside business interests
- The confidentiality of corporate and non-public client information
- Fair dealings with privileged information so as not to conceal or misrepresent material fact or coerce others
- The proper use of company assets for legitimate business purposes
- The compliance with laws, rules, and regulations, including insider trading
- The protection of whistle blowers against corporate retaliation
WeComply's Web-based training covers these topics and more. NASDAQ designated WeComply as an approved trainer for NASDAQ-listed companies.
Benefits of Web-based Code of Conduct Training
One of the companies to select WeComply was Irving, Texas-based AdvancePCS, which manages prescription benefits for Blue Cross and Blue Shield organizations, insurance companies, HMOs, third-party administrators, state and local governments, and self-insured employers. Charlene Surber, director of Business Practices and Compliance for the company's Ethics and Compliance for a Healthy Organization program, said AdvancePCS has had its code of conduct and training program in place since 1998.
"It wasn't something that we suddenly had to come up with," she said. "It was part of our culture, part of our business."
WeComply allowed Surber to cut travel costs associated with training AdvancePCS's distributed workforce. "Prior to working with WeComply, I had to travel to all the locations and personally deliver the training to all of the employees, so I was sure of what everyone was hearing and I could collect the attendance sheets," Surber said.
Replacing this legwork with an electronic solution, WeComply delivers an invitation to employees to complete a 30-minute online educational unit and then test them on what they've learned. The system automatically logs who has completed successfully completed the training, providing a handy paper trail to Surber. It also sends e-mail reminders to those who have yet to complete the unit. The training costs $15 per user license with volume discounts at 1,000 users.
Codes of Conduct Insufficient?
While electronically delivered educational programs ooze convenience, experts on ethics and corporate responsibility question whether such programs are truly sufficient at creating an ethically responsible workplace.
Even Simon admitted that online code of conduct training wouldn't go far in transforming a company that acts against the community interests. "Presumably if we all act in accordance with predictable ethical guidelines it would all be for greater good," Simon said. "I'm not sure that our online training is really going to address that." Nor is NASDAQ really asking companies to act in the great good, he pointed out.
What's needed, more than just informing employees about the laws and adhering to them, is something more encompassing. "I think one of the most important things that leadership can do in a company is to define the ethical context," said ethics scholar Lynn Paine, a professor at Harvard Business School. "It's not just giving people knowledge of what the standards of behavior are, but creating the right kind of environment where those things are reinforced."
Paine said what's needed is an open platform for discussing ethical decision making, augmented with an incentive systems that rewards people for how they meet their targets, not just the fact that they met them.
"I think ethics get taught every single day by not discussing it," Paine said. "People learn it implicitly or explicitly." The goal should be to teach people explicitly.
Such an unambiguous approach to ethics has been shown to have a payoff well beyond the protectionist stance of avoiding lawsuits. Companies with an explicit commitment to doing business ethically have been shown to "produced profit/turnover ratios at 18 percent than those without a similar commitment," said Paine, quoting from the book Does Business Ethics Pay?, by Simon Webley and Elise More (Institute of Business Ethics, April 2003).
Understanding this, the best form of ethical training for technology workers may be a multi-pronged approach, similar to what Surber does at AdvancePCS. Even with an employee manual on ethical conduct, a certificate that documents employees have read it, and WeComply training in place, Surber said she still encourages leaders at AdvancePCS to work ethical dilemmas with their teams. "Ethics still needs a personal touch," she said.