Management must convey the message that integrity and ethical values cannot be compromised, and employees must receive and understand that message. Management must continually demonstrate, through words and actions, a commitment to high ethical standards.
The control objectives for this attribute are:
Existence and implementation of codes of conduct and other policies regarding acceptable business practice, conflicts of interest, or expected standards of ethical and moral behavior.
Establishment of the “tone at the top” – including explicit moral guidance about what is right and wrong – and extent of its communication throughout the organization.
Dealings with employees, suppliers, customers, investors, creditors, insurers, competitors, and auditors, etc. (e.g., whether management conducts business on a high ethical plane, and insist that others do so, or pay little attention to ethical issues).
Appropriateness of remedial action taken in response to departures from approved policies and procedures or violations of the code of conduct. Extent to which remedial action is communicated or otherwise becomes known throughout the entity.
Management’s attitude towards intervention or overriding established controls.
Pressure to meet unrealistic performance targets – particularly for short-term results – and extent to which compensation is based on achieving those performance targets.
